CN113613205A - Network access mechanism suitable for wireless avionics internal communication network - Google Patents

Abstract

The invention relates to the field of communication networks, and discloses a network access mechanism suitable for a wireless avionic internal communication network, which is divided into four parts, namely network access initialization, agent router searching, safe network access and system network access, and the security and reliability of network access are ensured by technologies such as a handshake mechanism, safe encryption and decryption, information integrity verification and the like; in addition, the invention provides a node network access response probability model, which calculates whether to accept the network access node solicitation frame or not according to the node level and the network resource state of the node, and when the number of the existing sub-nodes of the equipment is more, the probability of receiving the network access solicitation frame is lower, so that the inclination of the sub-network topology can be effectively limited, the network access efficiency is improved, and the actual application scene requirement of the WAIC network node can be met.

Description

Network access mechanism suitable for wireless avionics internal communication network

Technical Field

The invention relates to the field of communication networks, in particular to a network access mechanism suitable for a wireless avionic internal communication network.

Background

With the rapid development of the internet of things, changes and innovations of wireless networks and related communication technologies thereof in modern society are continuously occurring. In aspects of network layout, wiring operation, network and equipment maintenance and the like, the traditional wired communication transmission has prominent defects, and usually needs to consume a large amount of time, manpower, financial resources and the like. Compared with wired communication, Wireless communication has the advantages of low cost, simple network layout, flexible use and the like, and in the field of aviation manufacturing, in an airborne communication system, it is imperative to use Wireless instead of wired to complete data transmission, so that a Wireless Avionics Internal Communication (WAIC) network is proposed by research units represented by international civil aviation organization, international telecommunication union, aerospace system institute and multiple enterprises such as airbus and Honeywell on the basis of fully researching structures and applications of civil aviation airliners.

The WAIC network is an onboard wireless communication system which can complete the functions of aircraft structure health detection, key position perception control, real-time transmission of aviation operation information and the like through short-distance wireless communication between two or more field devices installed in a single aircraft. The WAIC network can be structurally divided into two parts as shown in fig. 1, which are a WAIC subnet (also divided into a high-speed subnet and a low-speed subnet) and a backbone network (in the figure, AFDX is taken as an example), wherein the WAIC subnet is composed of field devices and gateways, and is deployed on each aircraft component (such as wing, cabin, cargo hold, etc.) to be monitored, and the WAIC subnet is responsible for transmitting real-time flight data and summarizing the data to the gateways; the backbone network adopts wired transmission, belongs to the upper network part of the WAIC network, consists of upper application and gateways, and is mainly responsible for transmitting data collected by the WAIC gateways to upper onboard application through the backbone network so as to realize monitoring effect, and meanwhile, the upper onboard application also transmits control instructions to a WAIC subnet through the backbone network so as to achieve centralized control and management of the whole network. However, in the wireless sensor network, after the wireless node is powered on, finding the network manager is generally divided into two methods, namely passive discovery and active discovery. Passive discovery refers to a joining device periodically listening on a series of channel sets (which are configured during initialization) for broadcast frames from neighbor discovery broadcast frames periodically transmitted by a networked node in a target subnet. Generally, a passive scanning node powered by a battery frequently listens after being powered on and started for the first time, and if a target subnet cannot be discovered quickly, a joining device reduces energy consumption by reducing discovery frequency and reducing discovery time each time, but the node cannot be rapidly accessed, and network access delay is greatly increased. The active discovery is that a network access node actively sends a network access request in a broadcast mode, and the network access node in the network responds, but when the number of nodes is increased suddenly, the network access request is excessive, the network processing capacity is reduced, and the network access efficiency is low. Through research on the isa100.11a network, it can be found that a system manager in the isa100.11a network is the most important core device of the whole network, and network access and network routing of nodes are related to the system manager, wherein the network access of the nodes needs to be completed by performing multiple handshakes with the system manager and a security manager, and the network routing is uniformly calculated and distributed by the system manager. In this mode, with the rapid increase of the number of subnets and the number of nodes in the network, the pressure of the system manager is very large, and a single point failure of the system manager is easily caused. Since the wireless environment is open, anyone can eavesdrop signals transmitted in a link by adopting a frequency-identical method, so that information is leaked, and also can manufacture interference destruction signals by adopting a frequency-identical method, so that the vulnerability that a normal communication channel is destroyed on the sensor network is caused. Compared with the traditional network, the nodes in the sensor network are limited in computing processing capacity, transmission bandwidth and storage capacity, so that many effective security measures adopted in the traditional network are not suitable for the wireless sensor network, and for different network application security requirements, reasonable design needs to be carried out from the aspects of data confidentiality, data integrity, data authentication and the like.

At present, domestic research on the WAIC network is performed on the representative of research institutions and universities such as the west ampere aviation industry computing institute and the northwest industrial university, the research institutions perform research on typical industrial wireless network standards (for example, isa100.11a), and the feasibility of the application of the industrial wireless network technology in the WAIC network is analyzed, so that key technology selection, node design and protocol standard formulation of the WAIC network are further performed. The technical research [ D ] of the high-precision time synchronization and scheduling technology of the wireless network in the literature [ Stroke ] of the northwest university of Industrial science 2017 ] researches the topological structure of the WAIC network subnet, designs a redundant tree-shaped subnet topology for networking and data communication of the WAIC subnet, and further provides a multi-stage time synchronization mode based on-demand synchronization, and the time synchronization of the whole network is completed step by adopting a method of synchronizing a child node to a parent node. The document 'Yang XUN, Wireless avionics internal communication system research and design [ D ]. northwest industry university, 2017.' proposes a set of complete physical layer design scheme for the WAIC network, and completes simulation experiments of the WAIC network physical layer by using software radio platforms such as GNURadio and USRP. In foreign, the document "Yahagi K, Shirafine M, Hikage T, et al.Large-scale FDTD analysis of 4.4GHz-band Propagation characteristics in aircraft cabin [ C ]//2016International Symposium on Antennas and Propagation (ISAP). IEEE,2016: 566-" full 3D-FDTD-based method models the cabin of an airbus A320-200 passenger aircraft and calculates its radio transmitter Propagation at the 4.4GHz band. In terms of WAIC network communication throughput, documents "Das S, Chakrabarti I.Hardware implementation of MIL-STD-1553 protocol over OFDMA-PHY based wireless high data rate availability Systems [ C ]//2016IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS). IEEE,2016: 1-6" build a communication prototype system of the WAIC network by using FPGA, and realize data transmission at a physical layer by using OFDM technology, and test results show that higher data transmission throughput can be realized at 2.4GHz and 4.5 GHz.

Based on the analysis of the current research situation of the WAIC network at home and abroad, the current research on the WAIC network is still in a starting stage, most of the research still stays on a bottom-layer communication layer, the research on the architecture, the device role and the protocol standard of the WAIC network is relatively less, and the provided key technology is lack of an integral network application environment. And the network access mechanism, namely the access protocol, is an important component of the WAIC network standard and is used for solving the problem that the WAIC node is efficiently and safely added into the network.

Disclosure of Invention

The invention aims to solve the problems that in the wireless avionic internal communication network (WAIC) node access network, the node access time is high, the access efficiency is low and how to ensure the network safety and reliability in the network access process due to the fact that the number of subnets and the number of nodes in the network are increased rapidly.

In order to achieve the above purpose, the invention provides a network access mechanism suitable for a wireless avionics internal communication network, which adopts the following technical scheme:

a networking mechanism suitable for a wireless avionics internal communication network, comprising the steps of:

the method comprises the following steps: network entry initialization

When WAIC joins in equipment and powers on again, reading initialization configuration information from Flash to an equipment initialization object DIO, when a new equipment DIO reads the information, respectively writing scheduling information and safety information into different objects, wherein the scheduling information of a target network is written into an equipment scheduling management object DLMO, the safety information of the target network is written into an equipment management service object DMSO, a protocol stack is restarted, and a network access state machine is driven to start a network access process;

step two: finding proxy router

A new node to be accessed to the network is used as an active discovery scanner to periodically send a network access request frame to the network in the radio range, the accessed node receiving the network access request information can select whether to serve as a proxy router according to the request of the node, if the accessed node is a gateway and receives the network access request of the node to be accessed to the network, the joining device can directly communicate with the gateway and complete the subsequent network access operation; if the node is other accessed nodes and the network access request of the joining device is accepted, the joining device takes the accessed node as a proxy router thereof to communicate with the gateway and complete the subsequent network access process;

step three: secure network access

The WAIC node security network access process refers to security information interaction of the WAIC node in the network access process, and the security problem is ensured by a symmetric encryption key join _ key obtained in the initialization stage of the WAIC node;

after receiving a network access security request sent by the joining device, the gateway encrypts the first three items in the network access request by using the same network access key join _ key, compares the encryption result with the MIC, if the encryption result is the same as the MIC, the gateway passes the identity authentication of the joining device and stores the nonce sent by the joining device, otherwise, the identity authentication fails, and the network access fails; when the gateway authenticates the identity of the added equipment, whether the currently received nonce is received before is needed to be judged, if the nonce is received, the gateway is shown to be under replay attack, and the network access request is immediately refused; after the identity authentication of the joining equipment is passed, the gateway generates a network access safety response;

after the gateway successfully receives the network access safety confirmation, the joining device decrypts the received nonce and verifies whether the received nonce is valid, and if the gateway successfully sends the confirmation response, the safety network access flow is finished;

step four: system networking

When receiving a system network access request from a joining device, the WAIC subnet gateway device will deliver the request to a network engine for processing, and in the network engine, the WAIC subnet gateway device will analyze the request and check whether the device initialization information is correct, and after the analysis is passed, will respond to the request according to the following steps:

41) checking whether the current joining equipment exceeds the maximum network access times specified by the system, and if so, rejecting the network access request;

42) judging whether the subnet ID carried in the request is the same as the target subnet, if not, rejecting the system network access request;

43) distributing DL16 bit address for the joining device and inserting into the node address mapping table;

44) the attribution of the added equipment is divided according to the type of the proxy router of the added equipment, and if the proxy router is a gateway, the added equipment is directly attributed to a child node of the gateway; if the proxy router is other nodes, judging whether the node meets the requirements of a father node, if so, directly attributing the equipment to a child node of the proxy router, and updating the topological structure;

45) assigning a device type to the device based on the device capabilities as entered in the request, any joining device may generally act as both an I/O device and a routing device in the WAIC network;

46) configuring other attributes for the joining device;

47) and generating an MIC check, generating a system network access response for the joining equipment, and then sending the system network access response to the joining equipment.

Further, in the first step, if the initialization information is failed to be read from the Flash, the Flash memory is initialized again.

Further, in the first step, after the initialization information is read into the new device DIO, it is determined whether the node state is initialized, and if not, the node state is initialized again.

Further, in the first step, the initialization configuration information includes security information, network information, and scheduling information written in the initialization process.

Further, in the second step, when the node in the target network receives the network access request frame, the following mechanism is adopted to determine whether to accept the joining device as a child node:

1) checking the level of the self in the target network, and if the level is 3, rejecting the current network access request;

2) judging whether the difference between the time of last receiving the network access Request and the current time exceeds DMO.proxy _ Join _ Request _ Rate, and if so, rejecting the network access Request;

3) the node calculates the acceptance probability P according to the following probability model_r

The probability model, N_cIndicates the number of the current subnodes of the device, N_lThe maximum number of nodes representing the number of hops the node is positioned in, and the value of the maximum number of nodes N which can be accommodated by the target WAIC subnet_tIn relation, level is the maximum number of network hops.

Further, in the third step, the security assurance in the network access process includes:

31) preventing replay attack caused by intercepting a network access key by an eavesdropper in the network access process;

32) ensuring that the network access request comes from equipment with valid identity information, namely, a gateway authenticates the identity of the equipment;

33) ensuring that the network access response comes from the gateway with effective identity information, namely, the joining equipment carries out identity authentication on the gateway;

34) encrypting and containing keys such as a master key and the like generated in the network access process to prevent an eavesdropper from acquiring a security key;

35) and generating an integrity constraint MIC for the network access request and the response, and performing integrity verification.

The invention divides the network access mechanism into four parts of network access initialization, agent router searching, safe network access and system network access, and ensures the safety and reliability of network access by the techniques of handshake mechanism, safe encryption and decryption, information integrity verification and the like; in addition, the invention provides a node network access response probability model, which calculates whether to accept the network access node solicitation frame or not according to the node level and the network resource state of the node, and when the number of the existing sub-nodes of the equipment is more, the probability of receiving the network access solicitation frame is lower, so that the inclination of the sub-network topology can be effectively limited, the network access efficiency is improved, and the actual application scene requirement of the WAIC network node can be met.

Compared with the prior art, the network access mechanism applicable to the wireless avionic internal communication network has the following advantages:

(1) the network access mechanism can successfully meet the security requirement and the system configuration requirement when the nodes access the network, and can enable all the joining devices to finally form a network topology with the highest level of 3;

(2) the network access time of all the added devices is less than 75.6ms, namely in the sequential network access process taking 0.2s as time interval, when the number ratio of the added devices to the agent routers is within 5:1, the network access time of the nodes cannot be influenced by the size of the network scale, and the network access time can well meet the requirement of the WAIC network on the node dynamic access time within 500 ms.

Drawings

Other features, objects and advantages of the invention will become more apparent upon reading of the detailed description of non-limiting embodiments with reference to the following drawings:

FIG. 1 is a diagram of a WAIC network topology;

FIG. 2 is a flow chart of network entry initialization;

FIG. 3 is a flow diagram of a find proxy router;

FIG. 4 is a timing diagram of a network access security procedure;

FIG. 5 is a secure network entry response flow diagram;

FIG. 6 is a flow chart of a system network entry response;

FIG. 7 is a topology diagram after a node is networked;

fig. 8 is a node log of network entries.

Detailed Description

The present invention will be described in detail with reference to specific examples. The following examples will assist those skilled in the art in further understanding the invention, but are not intended to limit the invention in any way. It should be noted that variations and modifications can be made by persons skilled in the art without departing from the spirit of the invention. All falling within the scope of the present invention.

Example 1

A networking mechanism suitable for a wireless avionics internal communication network, comprising the steps of:

the method comprises the following steps: network entry initialization

As shown in fig. 2, after the WAIC is added to the device and powered on again, the initialization configuration information (i.e. the security information, the network information, the scheduling information, etc. written in the initialization process) is read from the Flash into the device initialization object DIO, and after the new device DIO reads the information, the scheduling information and the security information are written into different objects respectively, wherein the scheduling information of the target network is written into the device scheduling management object DLMO, the security information of the target network is written into the device management service object DMSO, and the protocol stack is restarted and the network access state machine is driven to start the network access process; if the initialization information read from the Flash fails, the Flash is initialized again; and after the initialization information is read into the DIO of the new device, judging whether the node state is initialized or not, and if not, re-initializing.

Step two: finding proxy router

The WAIC network is used as a time-sharing self-organizing network, a gateway and other equipment in the network also need to regularly broadcast a broadcast frame containing self information and network information according to scheduling information, and then the network access of the WAIC joining equipment can contact with a node in a target subnet by monitoring the neighbor discovery broadcast frame, so that the node communicates with the gateway and joins the network; meanwhile, the joining device can also actively broadcast the network access solicitation frame to the target network to obtain the response of the node in the target network, so that the joining device communicates with the gateway through the node and joins the network.

The searching of the proxy router can adopt passive discovery and active discovery, because compared with passive discovery, an active discovery mode can realize quick network access by controlling the time of sending and receiving broadcast by a node by self and continuously supplying power, the embodiment adopts active network access, in the active discovery process, a new node to be accessed to the network is taken as an active discovery scanner to send a network access solicitation frame to the network in a radio range periodically, the accessed node receiving the network access solicitation information can select whether to be taken as the proxy router according to the request of the accessed node, the accessed node can be a gateway or other accessed field equipment, if the accessed node is the gateway and receives the network access solicitation of the node to be accessed, the added equipment can directly communicate with the gateway and complete the subsequent network access operation; if the node is other accessed nodes and the network access request of the joining device is accepted, the joining device takes the accessed node as a proxy router thereof to communicate with the gateway and complete the subsequent network access process; the entire proxy router discovery process is shown in figure 3 below.

Further, in the second step, when the node in the target network receives the network access request frame, the following mechanism is adopted to determine whether to accept the joining device as a child node:

1) checking the level of the self in the target network, and if the level is 3, rejecting the current network access request;

2) judging whether the difference between the time of last receiving the network access Request and the current time exceeds DMO.proxy _ Join _ Request _ Rate, and if so, rejecting the network access Request;

3) the node calculates the acceptance probability P according to the following probability model_r

The probability model, N_cIndicates the number of the current subnodes of the device, N_lThe maximum number of nodes representing the number of hops the node is positioned in, and the value of the maximum number of nodes N which can be accommodated by the target WAIC subnet_tIn relation, level is the maximum number of network hops. In general, in an actual aircraft scenario, the maximum number of nodes required by a WAIC subnet is 128, and the maximum number of hops is 3 hops (i.e. the maximum level is 3), that is, the requirement for communication is satisfiedThe coverage of the information range requires that the maximum number of child nodes per node in this case should not exceed 5, otherwise the topology of the sub-network will be tilted, and the overall data transmission and scheduling efficiency will be affected. From the probability model, it can be found that the probability of receiving the network-entry solicitation frame is lower when the number of the existing child nodes of the node is larger.

Step three: secure network access

The WAIC node security network access process refers to security information interaction of the WAIC node in the network access process, and comprises the processes of node identity authentication, a master key, a DL key and the like, and the specific process is shown in the following figure 4; the security problem is ensured by a symmetric encryption key join _ key obtained in the initialization stage of the WAIC node, and the security guarantee in the network access process comprises the following steps:

31) preventing replay attack caused by intercepting a network access key by an eavesdropper in the network access process;

32) ensuring that the network access request comes from equipment with valid identity information, namely, a gateway authenticates the identity of the equipment;

33) ensuring that the network access response comes from the gateway with effective identity information, namely, the joining equipment carries out identity authentication on the gateway;

34) encrypting and containing keys such as a master key and the like generated in the network access process to prevent an eavesdropper from acquiring a security key;

35) generating an integrity constraint MIC for the network access request and the response, and carrying out integrity verification;

after receiving a network access security request sent by the joining device, the gateway encrypts the first three items in the network access request by using the same network access key join _ key, compares the encryption result with the MIC, if the encryption result is the same as the MIC, the gateway passes the identity authentication of the joining device and stores the nonce sent by the joining device, otherwise, the identity authentication fails, and the network access fails; when the gateway authenticates the identity of the added equipment, whether the currently received nonce is received before is needed to be judged, if the nonce is received, the gateway is shown to be under replay attack, and the network access request is immediately refused; after the identity authentication of the added equipment is passed, the gateway generates a network access security response, and the specific flow is shown in fig. 5;

after the gateway successfully receives the network access safety confirmation, the joining device decrypts the received nonce and verifies whether the received nonce is valid, and if the gateway successfully sends the confirmation response, the safety network access flow is finished;

step four: system networking

The system network access is to distribute and manage network information (such as address distribution, topology management and the like) to the joining device by a system management part of the gateway.

When the WAIC subnet gateway device receives a system network access request from a joining device, the WAIC subnet gateway device will deliver the request to the network engine for processing, and in the network engine, the request will be analyzed, and it is checked whether the device initialization information is correct, and after the analysis is passed, the request will be responded according to the steps as shown in fig. 6.

41) Checking whether the current joining equipment exceeds the maximum network access times specified by the system, and if so, rejecting the network access request;

42) judging whether the subnet ID carried in the request is the same as the target subnet, if not, rejecting the system network access request;

43) distributing DL16 bit address for the joining device and inserting into the node address mapping table;

44) the attribution of the added equipment is divided according to the type of the proxy router of the added equipment, and if the proxy router is a gateway, the added equipment is directly attributed to a child node of the gateway; if the proxy router is other nodes, judging whether the node meets the requirements of a father node, if so, directly attributing the equipment to a child node of the proxy router, and updating the topological structure;

45) assigning a device type to the device based on the device capabilities as entered in the request, any joining device may generally act as both an I/O device and a routing device in the WAIC network;

46) configuring other attributes for the joining device, such as setting the maximum retransmission times, the maximum retransmission time and the like;

47) and generating an MIC check, generating a system network access response for the joining equipment, and then sending the system network access response to the joining equipment.

Based on a WIN10 operating system, C/C + + is used as a simulation programming language, and an OPNET simulation platform is combined to perform simulation tests on the key technologies under the network scale of 128 nodes. After the simulation experiment is completed, a subnet topology graph is obtained as shown in fig. 7, the obtained Node network access logs and the agent router logs are analyzed, and the three-hop Node network access time is maintained at about 0.0756s, the two-hop Node network access time is maintained at about 0.0483s, the single-hop Node network access time is maintained at about 0.0264s, and the Node126 network access log is shown in fig. 8, for example.

The foregoing description of specific embodiments of the present invention has been presented. It is to be understood that the present invention is not limited to the specific embodiments described above, and that various changes and modifications may be made by one skilled in the art within the scope of the appended claims without departing from the spirit of the invention.

Claims (6)

1. A networking mechanism suitable for a wireless avionics internal communication network, comprising the steps of:

the method comprises the following steps: network entry initialization

When WAIC joins in equipment and powers on again, reading initialization configuration information from Flash to an equipment initialization object DIO, when a new equipment DIO reads the information, respectively writing scheduling information and safety information into different objects, wherein the scheduling information of a target network is written into an equipment scheduling management object DLMO, the safety information of the target network is written into an equipment management service object DMSO, a protocol stack is restarted, and a network access state machine is driven to start a network access process;

step two: finding proxy router

A new node to be accessed to the network is used as an active discovery scanner to periodically send a network access request frame to the network in the radio range, the accessed node receiving the network access request information can select whether to serve as a proxy router according to the request of the node, if the accessed node is a gateway and receives the network access request of the node to be accessed to the network, the joining device can directly communicate with the gateway and complete the subsequent network access operation; if the node is other accessed nodes and the network access request of the joining device is accepted, the joining device takes the accessed node as a proxy router thereof to communicate with the gateway and complete the subsequent network access process;

step three: secure network access

The WAIC node security network access process refers to security information interaction of the WAIC node in the network access process, and the security problem is ensured by a symmetric encryption key join _ key obtained in the initialization stage of the WAIC node;

after receiving a network access security request sent by the joining device, the gateway encrypts the first three items in the network access request by using the same network access key join _ key, compares the encryption result with the MIC, if the encryption result is the same as the MIC, the gateway passes the identity authentication of the joining device and stores the nonce sent by the joining device, otherwise, the identity authentication fails, and the network access fails; when the gateway authenticates the identity of the added equipment, whether the currently received nonce is received before is needed to be judged, if the nonce is received, the gateway is shown to be under replay attack, and the network access request is immediately refused; after the identity authentication of the joining equipment is passed, the gateway generates a network access safety response;

after the gateway successfully receives the network access safety confirmation, the joining device decrypts the received nonce and verifies whether the received nonce is valid, and if the gateway successfully sends the confirmation response, the safety network access flow is finished;

step four: system networking

When receiving a system network access request from a joining device, the WAIC subnet gateway device will deliver the request to a network engine for processing, and in the network engine, the WAIC subnet gateway device will analyze the request and check whether the device initialization information is correct, and after the analysis is passed, will respond to the request according to the following steps:

41) checking whether the current joining equipment exceeds the maximum network access times specified by the system, and if so, rejecting the network access request;

42) judging whether the subnet ID carried in the request is the same as the target subnet, if not, rejecting the system network access request;

43) distributing DL16 bit address for the joining device and inserting into the node address mapping table;

44) the attribution of the added equipment is divided according to the type of the proxy router of the added equipment, and if the proxy router is a gateway, the added equipment is directly attributed to a child node of the gateway; if the proxy router is other nodes, judging whether the node meets the requirements of a father node, if so, directly attributing the equipment to a child node of the proxy router, and updating the topological structure;

45) assigning a device type to the device based on the device capabilities as entered in the request, any joining device may generally act as both an I/O device and a routing device in the WAIC network;

46) configuring other attributes for the joining device;

47) and generating an MIC check, generating a system network access response for the joining equipment, and then sending the system network access response to the joining equipment.

2. The network entry mechanism for the wireless avionics internal communication network according to claim 1, characterized in that in step one, if the initialization information read from Flash fails, the initialization is re-performed.

3. The network access mechanism applicable to the wireless avionic internal communication network according to claim 1, characterized in that in the first step, after the initialization information is read into a new device DIO, it is determined whether the node state is initialized, and if not, the node state is reinitialized.

4. The network entry mechanism applicable to the wireless avionics internal communication network according to claim 1, wherein in the first step, the initialization configuration information comprises security information, network information and scheduling information written in an initialization process.

5. The network access mechanism applicable to the wireless avionic internal communication network according to claim 1, wherein in the second step, when the target network internal node receives the network access request frame, the following mechanism is adopted to judge whether to accept the joining device as a child node:

1) checking the level of the self in the target network, and if the level is 3, rejecting the current network access request;

2) judging whether the difference between the time of last receiving the network access Request and the current time exceeds DMO.proxy _ Join _ Request _ Rate, and if so, rejecting the network access Request;

3) the node calculates the acceptance probability P according to the following probability model_r

The probability model, N_cIndicates the number of the current subnodes of the device, N_lThe maximum number of nodes representing the number of hops the node is positioned in, and the value of the maximum number of nodes N which can be accommodated by the target WAIC subnet_tIn relation, level is the maximum number of network hops.

6. The network entry mechanism applicable to the wireless avionics internal communication network according to claim 1, wherein in the third step, the security assurance during the network entry process comprises:

31) preventing replay attack caused by intercepting a network access key by an eavesdropper in the network access process;

32) ensuring that the network access request comes from equipment with valid identity information, namely, a gateway authenticates the identity of the equipment;

33) ensuring that the network access response comes from the gateway with effective identity information, namely, the joining equipment carries out identity authentication on the gateway;

34) encrypting and containing keys such as a master key and the like generated in the network access process to prevent an eavesdropper from acquiring a security key;

35) and generating an integrity constraint MIC for the network access request and the response, and performing integrity verification.

Images