CN113946852A - Vehicle-mounted intelligent data dynamic encryption method - Google Patents
Vehicle-mounted intelligent data dynamic encryption method Download PDFInfo
- Publication number
- CN113946852A CN113946852A CN202111254018.0A CN202111254018A CN113946852A CN 113946852 A CN113946852 A CN 113946852A CN 202111254018 A CN202111254018 A CN 202111254018A CN 113946852 A CN113946852 A CN 113946852A
- Authority
- CN
- China
- Prior art keywords
- key
- mod
- vehicle
- rsa
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to the technical field of data encryption, in particular to a dynamic encryption method for vehicle-mounted intelligent data. The RSA encryption algorithm is combined with the D-H key exchange algorithm, so that keys transmitted by each terminal for data transmission are different and dynamically generated, the whole system cannot be greatly damaged even if the keys are leaked, and the leaked keys can be quickly invalidated. The technical effects that the same information is encrypted by different secret keys to obtain the ciphertext are different, and the problem of cracking by using a brute force attack method is solved.
Description
Technical Field
The invention relates to the technical field of data encryption, in particular to a data dynamic encryption technology based on vehicle-mounted mobile equipment, and specifically relates to a vehicle-mounted intelligent data dynamic encryption method.
Background
Since the middle of the 20 th century, with the continuous development of various technologies in the information field such as computer technology and the like, the mobile internet of things technology is continuously improved from scratch, and a powerful comprehensive technology is added for vehicle safety and monitoring. For more than half a century, with the rapid development of the information technology field and the fundamental improvement of the information collection technology in the traffic field, the security in data transmission is also faced with serious challenges. The current data encryption methods AES, DES and RSA all need the secret keys agreed by the two transmission parties in advance, and the encryption mode has two problems:
(1) keys are easily cracked once they are revealed.
(2) The data after the encryption of the same protocol data is the same, so that the data is easy to crack violently.
In view of the above, based on the above encryption problem and the application scenario of vehicle security and monitoring, it is necessary to provide a method that the secret key does not cause too much damage to the entire system after being compromised, and can no longer be decrypted by using a brute force attack.
Disclosure of Invention
The invention aims to provide a vehicle-mounted intelligent data dynamic encryption method, which solves the problem that once a secret key is leaked, the data encrypted by the same protocol data is the same, the data is easily cracked violently by a data encryption technology based on internet big data.
In order to achieve the purpose, the invention adopts the following technical scheme: a dynamic encryption method for vehicle-mounted intelligent data is characterized in that an RSA encryption algorithm and a D-H key exchange algorithm are combined, and the method specifically comprises the following steps:
firstly, a server generates an RSA public key and a private key;
step two, RSA signature and signature verification: the client signs data through an RSA public key, and the server decrypts and verifies the data by using a private key so as to prevent the data from being forged;
thirdly, generating a data connection key: and acquiring public key data of the opposite party through a D-H key exchange algorithm, and generating respective session keys at the two nodes.
The principle and the advantages of the scheme are as follows: the key exchange algorithm is adopted to carry out dynamic key agreement on the key, so that the key transmitted by each terminal in each data transmission is different and dynamically generated, the whole system cannot be greatly damaged even if the key is leaked, and the leaked key can be quickly invalidated. The technical effects that the same information is encrypted by different secret keys to obtain the ciphertext are different, and the problem of cracking by using a brute force attack method is solved.
Even if the eavesdropper steals the ciphertext and violently operates by sending the repeated ciphertext, the eavesdropping can generate a new session, but a new session key is changed according to a protocol, so that effective access cannot be realized by using the old ciphertext, and the effects of encryption and cracking prevention are achieved.
Preferably, as an improvement, the RSA encryption algorithm discloses the product of two large prime numbers as the encryption key. According to number theory, it is relatively simple to find two large prime numbers, while factoring their product is extremely difficult, so that its product is disclosed as an encryption key.
Preferably, as an improvement, the RSA encryption algorithm is as follows:
(1) randomly selecting two different large prime numbers p and q to calculate a product;
(3) a determined decryption key d, satisfyNamely, it isk is an arbitrary integer not less than 1; therefore, if e andd is calculated.
Preferably, as an improvement, the D-H key exchange algorithm is used for transmission and distribution of keys.
Preferably, as an improvement, the D-H key exchange algorithm has one end a and the other end B to confirm the shared password used at this time; firstly, A and B agree a large prime number x and an original root y thereof, then A randomly generates a number a only known by A, calculates A1 as y a modx, and sends A1 to B; b randomly generating a number B known only by B, calculating B1 as y B modx, and sending B1 to A; then A calculates k ═ B1 a mod x; b, calculating k ═ A1B modx; the following equation is derived from the law of multiplication interchange and the law of multiplication combination, where k ═ A1B mod x ═ (y a mod x) B mod x ═ y ab mod x ═ (y B mod x) a mod x ═ B1 a mod x ═ k.
Preferably, as an improvement, during key exchange, the corresponding public key and private key are generated according to the obtained RSA key P.
Even if an eavesdropper obtains four data of x, y, A1 and B1 in the whole process, if the eavesdropper wants to obtain the key k, discrete logarithms a and B must be calculated firstly. The numerical values of a, b and x can be made larger during the call process, so that all the values of modx can be prevented from being obtained in an enumeration mode.
According to the D-H key exchange principle, if a party in communication wants to generate a session key of this time, public key data of the other party is acquired. For example, when the node a communicates with the node B, the node a obtains public key data of the node B by querying Authorization data stored in the Authorization server cluster, and finally generates a session key at the node a. The principle of the node B is the same as that of the node a. A symmetric key is determined in the system by rsdh _ computer _ key ().
Detailed Description
The following is further detailed by way of specific embodiments:
the invention discloses a dynamic encryption method for vehicle-mounted intelligent data, which is a data encryption technology based on vehicle-mounted equipment internet big data. The technical effects that the same information is encrypted by different secret keys to obtain the ciphertext are different, and the problem of cracking by using a brute force attack method is solved.
Even if the eavesdropper steals the ciphertext and violently operates by sending the repeated ciphertext, the eavesdropping can generate a new session, but a new session key is changed according to a protocol, so that effective access cannot be realized by using the old ciphertext, and the effects of encryption and cracking prevention are achieved.
The invention provides a dynamic encryption method for vehicle-mounted intelligent data, which is combined by an RSA encryption algorithm and a D-H secret key exchange algorithm and comprises the following specific steps:
firstly, generating an RSA public key and a private key by an Internet of vehicles server;
step two, RSA signature and signature verification: the vehicle-mounted client signs data through the RSA public key, and the vehicle-mounted server decrypts and verifies the data by using a private key so as to prevent the data from being forged;
thirdly, generating a data connection key: and acquiring public key data of the opposite party through a D-H key exchange algorithm, and generating respective session keys at the two nodes.
The principle and the advantages of the scheme are as follows: the key exchange algorithm is adopted to carry out dynamic key agreement on the key, so that the key transmitted by each vehicle-mounted terminal in each data transmission is different and dynamically generated, the whole vehicle networking system cannot be greatly damaged even if the key is leaked, and the leaked key can be quickly invalidated. The technical effects that the same information is encrypted by different secret keys to obtain the ciphertext are different, and the problem of cracking by using a brute force attack method is solved.
Even if the eavesdropper steals the ciphertext and violently operates by sending the repeated ciphertext, the eavesdropping can generate a new session, but a new session key is changed according to a protocol, so that effective access cannot be realized by using the old ciphertext, and the effects of encryption and cracking prevention are achieved.
The RSA encryption algorithm discloses the product of two large prime numbers as an encryption key. According to number theory, it is relatively simple to find two large prime numbers, while factoring their product is extremely difficult, so that its product is disclosed as an encryption key. The RSA encryption algorithm is as follows:
(1) randomly selecting two different large prime numbers p and q to calculate a product;
(2) randomly selecting a large integer e to satisfyThe integer e is used as a key (note: e is easily selected, e.g., the integer value of the approximate one-minute average speed of the e-source vehicle and the prime number greater than the product of p and q are both available);
(3) a determined decryption key d, satisfyNamely, it isk is an arbitrary integer not less than 1; therefore, if e andd is calculated.
The D-H key exchange algorithm is used for the transmission and distribution of the key. D-H key exchange algorithm, one end is A, another end is B, in order to confirm the shared cipher used this time; firstly, A and B agree a large prime number x and an original root y thereof, then A randomly generates a number a only known by A, calculates A1 as y a modx, and sends A1 to B; b randomly generates a number B known only to B, calculates B1 ═ y B modx, and sends B1 to a; then A calculates k ═ B1 a mod x; b, calculating k ═ A1B modx; the following equation is derived from the law of multiplication interchange and the law of multiplication combination, where k ═ A1B mod x ═ (y a mod x) B mod x ═ y ab mod x ═ (y B mod x) a mod x ═ B1 a mod x ═ k.
And during key exchange, generating a corresponding public key and a corresponding private key according to the obtained RSA key P.
Even if an eavesdropper obtains four data of x, y, A1 and B1 in the whole process, if the eavesdropper wants to obtain the key k, discrete logarithms a and B must be calculated firstly. The numerical values of a, b and x can be made larger during the call process, so that all the values of modx can be prevented from being obtained in an enumeration mode.
According to the D-H key exchange principle, if a party in communication wants to generate a session key of this time, public key data of the other party is acquired. For example, when the node a communicates with the node B, the node a obtains public key data of the node B by querying Authorization data stored in the Authorization server cluster, and finally generates a session key at the node a. The principle of the node B is the same as that of the node a. A symmetric key is determined in the system by rsdh _ computer _ key ().
In the embodiment of the present invention, during key exchange, generating a corresponding public key and a corresponding private key according to the obtained RSA key P specifically includes: A. b is two nodes in the network, the A node randomly generates Xa, and the B node randomly generates Xb; xa and Xb correspond to respective private keys of the two nodes, that is, Ya ═ Xa × P, Yb ═ Xb × P, and Ya and Yb correspond to respective public keys of the two nodes. When a sends Ya to B and B sends Yb to a, it is difficult for an eavesdropper to steal but want to solve it in the case of the ciphertext of RSA. The eavesdropper cannot calculate Xa, Xb. When a obtains Yb of B, H ═ Xa × Yb can be calculated, i.e., a symmetric key H is obtained by exchanging D-H keys between its own private key Xa and public key Yb of a, and similarly, Ya of B obtains a calculates H2 ═ Xb ═ Ya. The symmetric key H2 is then derived from its own private key Xb and B's public key Ya by D-H key exchange.
The use of the RSA encryption algorithm in combination with the D-H key exchange algorithm further enhances security. The exchanged secret key is a public key in a secret key pair generated by an asymmetric cryptographic algorithm such as RSA and the like, and each node of the private key is independently stored and is not exposed to anyone, so that the communication safety is ensured; and all data are signed and verified in the process of key exchange, so that the identity authenticity of the network access person is ensured.
The foregoing is merely an example of the present invention and common general knowledge in the art of designing and/or characterizing particular aspects and/or features is not described in any greater detail herein. It should be noted that, for those skilled in the art, variations and modifications can be made without departing from the technical solution of the present invention, and those skilled in the art can understand the specific meaning of the above terms in the present invention according to specific situations. These should also be construed as the scope of the present invention, and they should not be construed as affecting the effectiveness of the practice of the present invention or the applicability of the patent. The scope of the claims of the present application shall be determined by the contents of the claims, and the description of the embodiments and the like in the specification shall be used to explain the contents of the claims.
Claims (6)
1. A dynamic encryption method for vehicle-mounted intelligent data is characterized by comprising the following steps: the encryption method is combined by an RSA encryption algorithm and a D-H secret key exchange algorithm, and comprises the following specific steps:
firstly, a server generates an RSA public key and a private key;
step two, RSA signature and signature verification: the client signs data through an RSA public key, and the server decrypts and verifies the data by using a private key so as to prevent the data from being forged;
thirdly, generating a data connection key: and acquiring public key data of the opposite party through a D-H key exchange algorithm, and generating respective session keys at the two nodes.
2. The dynamic encryption method for the vehicle-mounted intelligent data according to claim 1, characterized in that: the RSA encryption algorithm discloses the product of two large prime numbers as an encryption key.
3. The dynamic encryption method for the vehicle-mounted intelligent data according to claim 2, characterized in that: the RSA encryption algorithm is as follows:
(1) randomly selecting two different large prime numbers p and q to calculate a product;
4. The dynamic encryption method for the vehicle-mounted intelligent data according to claim 1, characterized in that: the D-H key exchange algorithm is used for the transmission and distribution of the key.
5. The dynamic encryption method for the vehicle-mounted intelligent data according to claim 4, characterized in that: D-H key exchange algorithm, one end is A, another end is B, in order to confirm the shared cipher used this time; firstly, A and B agree a large prime number x and an original root y thereof, then A randomly generates a number a only known by A, calculates A1 as y a modx, and sends A1 to B; b randomly generating a number B known only by B, calculating B1 as y B modx, and sending B1 to A; then A calculates k ═ B1 a mod x; b, calculating k ═ A1B modx; the following equation is derived from the law of multiplication interchange and the law of multiplication combination, where k ═ A1B mod x ═ (y a mod x) B mod x ═ y ab mod x ═ (y B mod x) a mod x ═ B1 a mod x ═ k.
6. The dynamic encryption method for the vehicle-mounted intelligent data according to claim 5, characterized in that: and during key exchange, generating a corresponding public key and a corresponding private key according to the obtained RSA key P.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111254018.0A CN113946852A (en) | 2021-10-27 | 2021-10-27 | Vehicle-mounted intelligent data dynamic encryption method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111254018.0A CN113946852A (en) | 2021-10-27 | 2021-10-27 | Vehicle-mounted intelligent data dynamic encryption method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN113946852A true CN113946852A (en) | 2022-01-18 |
Family
ID=79332720
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111254018.0A Pending CN113946852A (en) | 2021-10-27 | 2021-10-27 | Vehicle-mounted intelligent data dynamic encryption method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113946852A (en) |
-
2021
- 2021-10-27 CN CN202111254018.0A patent/CN113946852A/en active Pending
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107947913B (en) | Anonymous authentication method and system based on identity | |
US8670563B2 (en) | System and method for designing secure client-server communication protocols based on certificateless public key infrastructure | |
US7716482B2 (en) | Conference session key distribution method in an ID-based cryptographic system | |
US6697488B1 (en) | Practical non-malleable public-key cryptosystem | |
CN111277412B (en) | Data security sharing system and method based on block chain key distribution | |
CN107733648A (en) | The RSA digital signature generation method and system of a kind of identity-based | |
CN110535626B (en) | Secret communication method and system for identity-based quantum communication service station | |
CN110278088A (en) | A kind of SM2 collaboration endorsement method | |
CN113285959A (en) | Mail encryption method, decryption method and encryption and decryption system | |
CN110999202A (en) | Computer-implemented system and method for highly secure, high-speed encryption and transmission of data | |
CN111416712B (en) | Quantum secret communication identity authentication system and method based on multiple mobile devices | |
CN111988299A (en) | Method for establishing trusted link between client and server | |
CN113852460A (en) | Implementation method and system for enhancing safety of working key based on quantum key | |
CN1472914A (en) | High performance and quick public pin encryption | |
CN109104278A (en) | A kind of encrypting and decrypting method | |
CN110519226B (en) | Quantum communication server secret communication method and system based on asymmetric key pool and implicit certificate | |
Gupta et al. | Enhancement of Security of Diffie-Hellman Key Exchange Protocol using RSA Cryptography. | |
CN113132104A (en) | Active and safe ECDSA (electronic signature SA) digital signature two-party generation method | |
CN113098681B (en) | Port order enhanced and updatable blinded key management method in cloud storage | |
CN111656728B (en) | Device, system and method for secure data communication | |
CN116599659B (en) | Certificate-free identity authentication and key negotiation method and system | |
CN110048852B (en) | Quantum communication service station digital signcryption method and system based on asymmetric key pool | |
CN111245609A (en) | Secret sharing and random number based quantum secret communication key distribution and negotiation system and method thereof | |
CN114189338B (en) | SM9 key secure distribution and management system and method based on homomorphic encryption technology | |
CN113946852A (en) | Vehicle-mounted intelligent data dynamic encryption method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |