CN114095229A - Method, device and system for constructing data transmission protocol of energy Internet - Google Patents
Method, device and system for constructing data transmission protocol of energy Internet Download PDFInfo
- Publication number
- CN114095229A CN114095229A CN202111349176.4A CN202111349176A CN114095229A CN 114095229 A CN114095229 A CN 114095229A CN 202111349176 A CN202111349176 A CN 202111349176A CN 114095229 A CN114095229 A CN 114095229A
- Authority
- CN
- China
- Prior art keywords
- key
- client
- public
- data
- private key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000005540 biological transmission Effects 0.000 title claims abstract description 42
- 238000000034 method Methods 0.000 title claims abstract description 27
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 24
- 238000010276 construction Methods 0.000 claims description 13
- 125000004122 cyclic group Chemical group 0.000 claims description 10
- 238000012795 verification Methods 0.000 claims description 9
- 238000004364 calculation method Methods 0.000 claims description 8
- 230000006854 communication Effects 0.000 abstract description 9
- 230000006870 function Effects 0.000 description 18
- 238000010586 diagram Methods 0.000 description 9
- 238000004590 computer program Methods 0.000 description 7
- 230000006872 improvement Effects 0.000 description 7
- 238000004891 communication Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 6
- 238000012545 processing Methods 0.000 description 4
- 238000001514 detection method Methods 0.000 description 2
- 238000005265 energy consumption Methods 0.000 description 2
- 230000009545 invasion Effects 0.000 description 2
- 238000005259 measurement Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
- H04L9/0841—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention provides a method, a device and a system for constructing a data transmission protocol of an energy Internet, wherein the method comprises the following steps: the identity authentication is carried out on a public key sender in the energy Internet user by utilizing an IBC system, a key of the public key sender is calculated after the authentication is finished, a public and private key pair of a client is sent to the client after the key is generated, and a public and private key pair of a server is generated; based on public and private key pair of client and public and private key pair of server, utilizing Diffie-Hellman cipher system to make key negotiation between client and server; and based on the key agreement between the client and the server, the power service data in the energy Internet is safely transmitted by adopting encrypted data constructed by a lightweight symmetric cryptographic algorithm and a hash function. The method integrates a lightweight symmetric encryption algorithm in the communication process to realize data confidentiality protection, and a hash function with an authentication function ensures data integrity and a time stamp ensures data freshness.
Description
Technical Field
The invention belongs to the field of data transmission of energy Internet equipment, and particularly relates to a method, a device and a system for constructing a data transmission protocol of an energy Internet.
Background
The trusted authentication of the energy internet device is the first gateway to ensure that the information resource is legitimately accessed. The security goals of the energy internet authentication mechanism are to authenticate the authenticity of the identity information of the data sender, ensure the validity and data integrity of specific data, ensure the freshness of received data and ensure that outdated data is not replayed. The reliable identity access authentication and management solution of the user and the equipment is provided, the safe connection of the equipment of the Internet of things can be ensured, and the safe authorized access is provided for the equipment user.
Because the devices in the energy internet have challenges in terms of protection of computing power, memory storage requirements, dynamic security update, physical variable capture and the like, and some limitations (limited computing power and storage space, resource limitation requirements, dynamic update support and the like) of the devices themselves, the conventional computer authentication protocol cannot be directly used in the energy internet devices, so that the energy internet faces some security problems and challenges. The energy Internet equipment is easy to be used by an attacker to acquire the identity authentication information of the user, so that the identity of the user or a communication node is forged, and invasion and attack are performed on other energy Internet of things terminal equipment, an access gateway and the like.
Intrusion protection includes two aspects: pre-and post-intrusion. The protection before the invasion belongs to network boundary protection, and the common technology is a network firewall; protection after intrusion is Intrusion Detection (IDS), which is a mature security protection technology for information systems. However, for the energy internet system with limited resources, intrusion detection has little capability, so the main technology will be in the aspect of security protection before intrusion. For many energy internet devices, it is not practical to use firewall technology, so the main technical means for protecting the boundary is identity authentication. Specifically, lightweight identity authentication is a key technology for improving resource-limited internet of things equipment.
Disclosure of Invention
In order to solve the problems in the prior art, the invention provides a method, a device and a system for constructing a data transmission protocol of an energy internet.
In order to achieve the purpose, the invention adopts the following technical scheme:
a data transmission protocol construction method of an energy Internet comprises the following steps:
the method comprises the steps that identity authentication is carried out on a public key issuer in the energy Internet by using an identity-based cryptosystem (namely an IBC system), a secret key of the public key issuer is calculated after the authentication is finished, a public and private key pair is issued to a client after the secret key is generated, and a public and private key pair of a server is generated;
based on public and private key pair of client and public and private key pair of server, utilizing Diffie-Hellman cipher system to make key negotiation between client and server;
and based on the key agreement between the client and the server, the power service data in the energy Internet is safely transmitted by adopting encrypted data constructed by a lightweight symmetric cryptographic algorithm and a hash function.
As a further improvement of the invention, the identity authentication is carried out on a public key issuer in the energy internet user by using the IBC system, a key of the public key issuer is calculated after the authentication is finished, and a public and private key pair is issued to the client after the key is generated and a public and private key pair of the server is generated; the method specifically comprises the following steps:
the IBC system generates a system parameter Params and a system master key s according to the security parameter K;
the private key generation center of the IBC system calculates the hash value of the identity information of the public key issuer according to the identity information ID of the public key issuer: pIDH (ID), the hash value is used as a public key, and the private key calculation method is SID=s*PIDGenerating a key by a public key and a private key, and enabling the IBC system to carry out public and private key pair of the client after the key is generatedSending the serial number i to the client, wherein the serial number i is determined according to the time sequence of accessing the system by the client; generating self public and private key pair of server at the same time
As a further improvement of the invention, the IBC system is established by a server side.
As a further improvement of the present invention, the implementing of key agreement between the client and the server by using the Diffie-Hellman cryptosystem specifically includes:
Using a private keyDecrypt y1Random selection ofComputingCalculating an encryption key K01=(ga)bmod q, and y0Sending the data to a client;
receiving second data sent by the client, wherein the second data is obtained by a private keyDecrypt y0To obtain gbAnd then calculating the obtained encryption key K01=(gb)a mod q;
Wherein the order of the cyclic group G is q.
As a further improvement of the present invention, the secure transmission of the power service data in the energy internet by using the encrypted data constructed by the lightweight symmetric cryptographic algorithm and the hash function specifically includes:
receiving third data sent by the client, wherein the third data is calculated by the sent message mFurther, encrypted data (c, H (m)) is obtained;
calculating from the received encrypted data (c, H (m)))H(m0) Verification of H (m)0) And H (m) is identical or not:
if so, continuing to verify the timestamp T0If the current time is within the valid period, receiving the message for subsequent operation;
otherwise, the receiving is refused.
A data transmission protocol construction device of an energy Internet comprises:
the key generation module is used for carrying out identity authentication on a public key issuer in the energy Internet user by utilizing the IBC system, calculating a key of the public key issuer after the authentication is finished, sending a public and private key pair of the client to the client after the key is generated, and generating a public and private key pair of the server;
the negotiation encryption key module is used for carrying out key negotiation between the client and the server by utilizing a Diffie-Hellman cipher system based on a public and private key pair of the client and a public and private key pair of the server;
and the data security transmission module is used for performing security transmission on the power service data in the energy Internet by adopting encrypted data constructed by a lightweight symmetric cryptographic algorithm and a hash function based on the key agreement between the client and the server.
Preferably, the key generation module is specifically configured to:
the identity authentication is carried out on a public key issuer in the energy Internet user by utilizing the IBC system, a key of the public key issuer is calculated after the authentication is finished, a public and private key pair is issued to the client after the key is generated, and a public and private key pair of the server is generated; the method specifically comprises the following steps:
the IBC system generates a system parameter Params and a system master key s according to the security parameter K;
the private key generation center of the IBC system calculates the hash value of the identity information of the public key issuer according to the identity information ID of the public key issuer: pIDH (ID), the hash value is used as a public key, and the private key calculation method is SID=s*PIDGenerating a key by a public key and a private key, and enabling the IBC system to carry out public and private key pair of the client after the key is generatedSending the serial number i to the client, wherein the serial number i is determined according to the time sequence of accessing the system by the client; generating self public and private key pair of server at the same time
Preferably, the negotiated encryption key module is specifically configured to:
Using a private keyDecrypt y1Random selection ofComputingCalculating an encryption key K01=(ga)bmod q, and y0Sending the data to a client;
receiving second data sent by the client, wherein the second data is obtained by a private keyDecrypt y0To obtain gbAnd then calculating the obtained encryption key K01=(gb)a mod q;
Wherein the order of the cyclic group G is q.
Preferably, the data security transmission module is specifically configured to:
receiving third data sent by the client, wherein the third data is calculated by the sent message mFurther, encrypted data (c, H (m)) is obtained;
calculating from the received encrypted data (c, H (m)))H(m0) Verification of H (m)0) And H (m) is identical or not:
if so, continuing to verify the timestamp T0If the current time is within the valid period, receiving the message for subsequent operation;
otherwise, the receiving is refused.
A data transmission protocol construction system of an energy Internet comprises:
the IBC system is used for performing identity authentication on a public key issuer in the energy Internet user, calculating a secret key of the public key issuer after the authentication is completed, and issuing a public and private key pair to the client after the secret key is generated and generating a public and private key pair of the server;
the client is used for realizing the key agreement between the client and the server by utilizing a Diffie-Hellman cryptosystem;
the server is used for realizing key agreement with the client; and the encrypted data constructed by adopting a lightweight symmetric cryptographic algorithm and a hash function is used for safely transmitting the power service data in the energy Internet.
As a further improvement of the present invention, the IBC system is specifically configured to:
the IBC system generates a system parameter Params and a system master key s according to the security parameter K;
the private key generation center of the IBC system calculates the hash value of the identity information of the public key issuer according to the identity information ID of the public key issuer: pIDH (ID), the hash value is used as a public key, and the private key calculation method is SID=s*PIDGenerating a key by a public key and a private key, and enabling the IBC system to carry out public and private key pair of the client after the key is generatedTo the clientWherein, the serial number i is determined according to the time sequence of the client accessing the system; generating self public and private key pair of server at the same time
As a further improvement of the present invention, the client is specifically configured to:
Receiving the return data of the server by using the private keyDecrypt y1Random selection ofComputingCalculating an encryption key K01=(ga)bmod q, and y0Sending the data to a client;
second data sent by the private keyDecrypt y0To obtain gbAnd then calculating the obtained encryption key K01=(gb)a mod q;
Wherein the order of the cyclic group G is q.
As a further improvement of the present invention, in the server, the secure transmission of the power service data in the energy internet by using the encrypted data constructed by the lightweight symmetric cryptographic algorithm and the hash function is specifically performed as follows:
receive the visitorThe third data sent by the user terminal is calculated by the sent message mFurther, encrypted data (c, H (m)) is obtained;
calculating from the received encrypted data (c, H (m)))H(m0) Verification of H (m)0) And H (m) is identical or not:
if so, continuing to verify the timestamp T0If the current time is within the valid period, receiving the message for subsequent operation;
otherwise, the receiving is refused.
Compared with the prior art, the invention has the beneficial effects that:
the invention relates to a method for constructing a data transmission protocol, which aims to establish a shared session key for identity authentication so as to carry out secret communication and selectively provide confidentiality and integrity of communication data. However, many data in the energy internet system are small data, and in this case, the invention can combine identity authentication and data protection together to provide an authenticatable data security lightweight protocol. Therefore, the invention is a lightweight data transmission protocol integrating safety protection such as identity authentication, data confidentiality, data integrity and data freshness, and is suitable for the safety protection technology of energy Internet equipment with resource limitation.
Drawings
FIG. 1 is a flow chart of a data security transport protocol construction method of the present invention;
FIG. 2 is a diagram of a data security transport protocol construction process of the present invention;
fig. 3 is a data security transmission protocol construction system according to the present invention.
Detailed Description
The present invention will be described in detail below with reference to the embodiments with reference to the attached drawings. It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict.
The following detailed description is exemplary in nature and is intended to provide further details of the invention. Unless otherwise defined, all technical terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of exemplary embodiments according to the invention.
The invention provides a lightweight data transmission protocol for an energy Internet, which integrates safety protection such as identity authentication, data confidentiality, data integrity, data freshness and the like. The identity authentication is carried out on a public key sender in an energy internet user by using an identity-based cryptosystem (IBC system for short), a Diffie-Hellman cryptosystem realizes key agreement between a client and a server, a lightweight symmetric encryption algorithm is merged in a communication process to realize data confidentiality protection, and a hash function with an authentication function ensures data integrity and a timestamp to ensure data freshness.
As shown in fig. 1, the present invention provides a method for constructing a data transmission protocol of an energy internet, comprising the following steps:
the method comprises the steps that identity authentication is carried out on a public key issuer in an energy internet user by using an identity-based cryptosystem, a secret key of the public key issuer is calculated after the authentication is completed, a public and private key pair of a client is issued to the client after the secret key is generated, and a public and private key pair of a server is generated;
based on public and private key pair of client and public and private key pair of server, utilizing Diffie-Hellman cipher system to make key negotiation between client and server;
and based on the key agreement between the client and the server, the power service data in the energy Internet is safely transmitted by adopting encrypted data constructed by a lightweight symmetric cryptographic algorithm and a hash function.
As shown in fig. 2, the method comprises the following specific steps:
the first step is to carry out identity authentication on a public key issuer in an energy internet user by utilizing an IBC system
(1) The server side establishes an IBC system:
generating a system parameter Params and a system master key s according to the security parameter K;
(2) parameter extraction:
the private key generation center calculates a hash value of the client identity information using the identity information ID of the client: pIDH (id), the hash value is used as the public key of the client, and the private key of the client is calculated by SID=s*PIDGenerating a key by a public key and a private key, and enabling the IBC system to carry out public and private key pair of the client after the key is generatedSending the serial number i to the client, wherein the serial number i is determined according to the time sequence of accessing the system by the client; generating self public and private key pair of server at the same time
The second step uses Diffie-Hellman cipher system to realize the key agreement between the client and the server
Assuming that both communication parties already know a large cyclic group G and its generator G, and the order of the cyclic group G is q, the encryption algorithm used is that of the IBC system. The method comprises the following specific steps:
(2) Server receives y1Using a private keyDecryption, random selectionComputingCalculating an encryption key K01=(ga)bmod q, and y0And is sent to the client 1.
(3) Client 1 receives y0Using a private keyDecrypting to obtain gbComputing an encryption key K01=(gb)a mod q。
Third step of data security transmission
The two communication parties agree on a lightweight symmetric cryptographic algorithm SEnc and a hash function H for data encryption transmission in advance.
(2) The server receives (c, H (m)), calculatesH(m0) Verification of H (m)0) If it is consistent with H (m), continuing to verify the time stamp T0If the message is in the valid period, the message is received for subsequent operation, otherwise, the message is refused to be received.
The invention provides a lightweight data transmission protocol for an energy Internet, which integrates safety protection such as identity authentication, data confidentiality, data integrity, data freshness and the like.
The IBC system is a public key cryptosystem which uses the identity information of the user as the public key of the user to realize the binding of the user identity information and the public key. The public and private key pair of the user is formed by a credible third party, namely a PKG, after receiving the identity information of the user, the PKG generates a corresponding public and private key pair for the user by using a system main key according to the identity information of the user, and transmits the private key of the user to the user through a security way. The identity information as the public key may be an arbitrary character string, and usually, a character string which is easy to remember and has a certain practical meaning is used, such as an IP of the client device, a mail address of the user, an identification number, a telephone number, and the like.
The invention uses IBC system to authenticate the identity of both communication parties, so it can resist man-in-the-middle attack effectively.
A lightweight symmetric encryption algorithm is integrated in a communication process to realize data confidentiality protection, and the performance measurement of the lightweight symmetric encryption algorithm is mainly considered from hardware measurement and software measurement and is divided into three dimensions of energy consumption, time delay and throughput rate. The performance requirement of a hardware platform is generally expressed by equivalent gates (gateequival), and the lightweight symmetric encryption algorithm used herein requires 2000 equivalent gates at most; while the performance requirements of the software application are expressed in terms of the number of registers, the number of bytes of RAM and ROM, etc. The requirement of international lightweight cryptographic algorithm is required to be met so as to ensure the application of the energy internet equipment with limited resources.
In addition, the hash function with the authentication function also needs to adopt a lightweight algorithm, so that the integrity of the data is ensured with the least energy consumption.
As shown in fig. 3, the present invention further provides a data transmission protocol constructing apparatus for an energy internet, including:
the key generation module is used for carrying out identity authentication on a public key issuer in the energy Internet user by utilizing the IBC system, calculating a key of the public key issuer after the authentication is finished, sending a public and private key pair of the client to the client after the key is generated, and generating a public and private key pair of the server;
the negotiation encryption key module is used for carrying out key negotiation between the client and the server by utilizing a Diffie-Hellman cipher system based on a public and private key pair of the client and a public and private key pair of the server;
and the data security transmission module is used for performing security transmission on the power service data in the energy Internet by adopting encrypted data constructed by a lightweight symmetric cryptographic algorithm and a hash function based on the key agreement between the client and the server.
Specifically, the key generation module is specifically configured to:
the identity authentication is carried out on a public key issuer in the energy Internet user by utilizing the IBC system, a key of the public key issuer is calculated after the authentication is finished, a public and private key pair is issued to the client after the key is generated, and a public and private key pair of the server is generated; the method specifically comprises the following steps:
the IBC system generates a system parameter Params and a system master key s according to the security parameter K;
the private key generation center of the IBC system calculates the hash value of the identity information of the public key issuer according to the identity information ID of the public key issuer: pIDH (ID), the hash value is used as a public key, and the private key calculation method is SID=s*PIDGenerating a key by a public key and a private key, and enabling the IBC system to carry out public and private key pair of the client after the key is generatedSending the serial number i to the client, wherein the serial number i is determined according to the time sequence of accessing the system by the client; generating self public and private key pair of server at the same time
Specifically, the negotiation encryption key module is specifically configured to:
Using a private keyDecrypt y1Random selection ofComputingCalculating an encryption key K01=(ga)bmod q, and y0Sending the data to a client;
receiving second data sent by the client, wherein the second data is obtained by a private keyDecrypt y0To obtain gbAnd then calculating the obtained encryption key K01=(gb)a mod q;
Wherein the order of the cyclic group G is q.
Specifically, the data security transmission module is specifically configured to:
receiving third data sent by the client, wherein the third data is calculated by the sent message mFurther, encrypted data (c, H (m)) is obtained;
calculating from the received encrypted data (c, H (m)))H(m0) Verification of H (m)0) And H (m) is identical or not:
if so, continuing to verify the timestamp T0If the current time is within the valid period, receiving the message for subsequent operation;
otherwise, the receiving is refused.
The invention provides a data transmission protocol construction system of an energy internet, which comprises the following steps:
the IBC system is used for performing identity authentication on a public key issuer in the energy Internet user, calculating a secret key of the public key issuer after the authentication is completed, and issuing a public and private key pair to the client after the secret key is generated and generating a public and private key pair of the server;
the client is used for realizing the key agreement between the client and the server by utilizing a Diffie-Hellman cryptosystem;
the server is used for realizing key agreement with the client; and the encrypted data constructed by adopting a lightweight symmetric cryptographic algorithm and a hash function is used for safely transmitting the power service data in the energy Internet.
The IBC system is specifically configured to:
the IBC system generates a system parameter Params and a system master key s according to the security parameter K;
the private key generation center of the IBC system calculates the hash value of the identity information of the public key issuer according to the identity information ID of the public key issuer: pIDH (ID), the hash value is used as a public key, and the private key calculation method is SID=s*PIDGenerating a key by a public key and a private key, and enabling the IBC system to carry out public and private key pair of the client after the key is generatedSending the serial number i to the client, wherein the serial number i is determined according to the time sequence of accessing the system by the client; generating self public and private key pair of server at the same time
The client is specifically configured to:
Receiving the return data of the server by using the private keyDecrypt y1Random selection ofComputingCalculating an encryption key K01=(ga)bmod q, and y0Sending the data to a client;
second data sent by the private keyDecrypt y0To obtain gbAnd then calculating the obtained encryption key K01=(gb)a mod q;
Wherein the order of the cyclic group G is q.
In the server, the secure transmission of the power service data in the energy internet by using the encrypted data constructed by the lightweight symmetric cryptographic algorithm and the hash function is specifically used for:
receiving third data sent by the client, wherein the third data is calculated by the sent message mFurther, encrypted data (c, H (m)) is obtained;
calculating from the received encrypted data (c, H (m)))H(m0) Verification of H (m)0) And H (m) is identical or not:
if so, continuing to verify the timestamp T0If the current time is within the valid period, receiving the message for subsequent operation;
otherwise, the receiving is refused.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting the same, and although the present invention is described in detail with reference to the above embodiments, those of ordinary skill in the art should understand that: modifications and equivalents may be made to the embodiments of the invention without departing from the spirit and scope of the invention, which is to be covered by the claims.
Claims (13)
1. A data transmission protocol construction method of an energy Internet is characterized by comprising the following steps:
the method comprises the steps that identity authentication is carried out on a public key issuer in an energy internet user by using an identity-based cryptosystem, a secret key of the public key issuer is calculated after the authentication is completed, a public and private key pair is issued to a client after the secret key is generated, and a public and private key pair of a server is generated;
based on public and private key pair of client and public and private key pair of server, utilizing Diffie-Hellman cipher system to make key negotiation between client and server;
and based on the key agreement between the client and the server, the power service data in the energy Internet is safely transmitted by adopting encrypted data constructed by a lightweight symmetric cryptographic algorithm and a hash function.
2. The method of claim 1,
the identity-based cryptosystem is used for authenticating the identity of a public key issuer in the energy Internet user, a secret key of the public key issuer is calculated after authentication is completed, and a public and private key pair is issued to a client after the secret key is generated and a public and private key pair of a server is generated; the method specifically comprises the following steps:
the identity-based cryptosystem generates a system parameter Params and a system master key s according to the security parameter K;
the private key generation center of the identity-based cryptosystem calculates the hash value of the identity information of the public key issuer according to the identity information ID of the public key issuer: pIDH (ID), the hash value is used as a public key, and the private key calculation method is SID=s*PIDGenerating a key by a public key and a private key, and after the key is generated, carrying out public and private key pair of a client by the identity-based cryptosystemSending the serial number i to the client, wherein the serial number i is determined according to the time sequence of accessing the system by the client; generating self public and private key pair of server at the same time
3. The method according to claim 1 or 2,
the identity-based cryptosystem is established by the server side.
4. The method of claim 2,
the key agreement between the client and the server is realized by using a Diffie-Hellman cryptosystem, which specifically comprises the following steps:
Using a private keyDecrypt y1Random selection ofComputingCalculating an encryption key K01=(ga)bmod q, and y0Sending the data to a client;
receiving second data sent by the client, wherein the second data is obtained by a private keyDecrypt y0To obtain gbAnd then calculating the obtained encryption key K01=(gb)amod q;
Wherein the order of the cyclic group G is q.
5. The method of claim 4,
the secure transmission of the power service data in the energy internet by using the encrypted data constructed by the lightweight symmetric cryptographic algorithm and the hash function specifically comprises the following steps:
receiving third data sent by the client, wherein the third data is calculated by the sent message mFurther, encrypted data (c, H (m)) is obtained;
calculating from the received encrypted data (c, H (m)))H(m0) Verification of H (m)0) And H (m) is identical or not:
if so, continuing to verify the timestamp T0If the current time is within the valid period, receiving the message for subsequent operation;
otherwise, the receiving is refused.
6. A data transmission protocol construction device of an energy Internet is characterized by comprising:
the system comprises a key generation module, a server and a server, wherein the key generation module is used for carrying out identity authentication on a public key issuer in an energy Internet user by using an identity-based cryptosystem, calculating a key of the public key issuer after the authentication is finished, and generating a public and private key pair of the client and a public and private key pair of the server after the key is generated;
the negotiation encryption key module is used for carrying out key negotiation between the client and the server by utilizing a Diffie-Hellman cipher system based on a public and private key pair of the client and a public and private key pair of the server;
and the data security transmission module is used for performing security transmission on the power service data in the energy Internet by adopting encrypted data constructed by a lightweight symmetric cryptographic algorithm and a hash function based on the key agreement between the client and the server.
7. The data transmission protocol construction apparatus of energy Internet according to claim 6,
the key generation module is specifically configured to:
the identity-based cryptosystem is used for authenticating the identity of a public key issuer in the energy Internet user, a secret key of the public key issuer is calculated after authentication is completed, and a public and private key pair is issued to a client after the secret key is generated and a public and private key pair of a server is generated; the method specifically comprises the following steps:
the identity-based cryptosystem generates a system parameter Params and a system master key s according to the security parameter K;
the private key generation center of the identity-based cryptosystem calculates the hash value of the identity information of the public key issuer according to the identity information ID of the public key issuer: pIDH (ID), the hash value is used as a public key, and the private key calculation method is SID=s*PIDGenerating a key by a public key and a private key, and after the key is generated, carrying out public and private key pair of a client by the identity-based cryptosystemSending the serial number i to the client, wherein the serial number i is determined according to the time sequence of accessing the system by the client; generating self public and private key pair of server at the same time
8. The data transmission protocol construction apparatus of energy Internet according to claim 6,
the negotiation encryption key module is specifically configured to:
Using a private keyDecrypt y1Random selection ofComputingCalculating an encryption key K01=(ga)bmod q, and y0Sending the data to a client;
receiving second data sent by the client, wherein the second data is obtained by a private keyDecrypt y0To obtain gbAnd then calculating the obtained encryption key K01=(gb)amod q;
Wherein the order of the cyclic group G is q.
9. The data transmission protocol construction apparatus of energy Internet according to claim 6,
the data security transmission module is specifically configured to:
receiving third data sent by the client, wherein the third data is calculated by the sent message mFurther, encrypted data (c, H (m)) is obtained;
according to received additionSecret data (c, H (m)), calculatingH(m0) Verification of H (m)0) And H (m) is identical or not:
if so, continuing to verify the timestamp T0If the current time is within the valid period, receiving the message for subsequent operation;
otherwise, the receiving is refused.
10. A data transmission protocol construction system of an energy Internet is characterized by comprising:
the identity-based cryptosystem is used for performing identity authentication on a public key issuer in the energy Internet user, calculating a secret key of the public key issuer after the authentication is completed, and issuing a public and private key pair to the client after the secret key is generated and generating a public and private key pair of the server;
the client is used for realizing the key agreement between the client and the server by utilizing a Diffie-Hellman cryptosystem;
the server is used for realizing key agreement with the client; and the encrypted data constructed by adopting a lightweight symmetric cryptographic algorithm and a hash function is used for safely transmitting the power service data in the energy Internet.
11. The system for constructing data transmission protocol of energy Internet as claimed in claim 10,
the identity-based cryptographic system is specifically configured to:
the identity-based cryptosystem generates a system parameter Params and a system master key s according to the security parameter K;
the private key generation center of the identity-based cryptosystem calculates the hash value of the identity information of the public key issuer according to the identity information ID of the public key issuer: pIDH (ID), the hash value is used as a public key, and the private key calculation method is SID=s*PIDGenerating a key by a public key and a private key, and after the key is generated, carrying out public and private key pair of a client by the identity-based cryptosystemSending the serial number i to the client, wherein the serial number i is determined according to the time sequence of accessing the system by the client; generating self public and private key pair of server at the same time
12. The system for constructing data transmission protocol of energy Internet as claimed in claim 10,
the client is specifically configured to:
Receiving the return data of the server by using the private keyDecrypt y1Random selection ofComputingCalculating an encryption key K01=(ga)bmod q, and y0Sending the data to a client;
second data sent by the private keyDecrypt y0To obtain gbAnd then calculating the obtained encryption key K01=(gb)amod q;
Wherein the order of the cyclic group G is q.
13. The system for constructing data transmission protocol of energy Internet as claimed in claim 10,
in the server, the secure transmission of the power service data in the energy internet by using the encrypted data constructed by the lightweight symmetric cryptographic algorithm and the hash function is specifically used for:
receiving third data sent by the client, wherein the third data is calculated by the sent message mFurther, encrypted data (c, H (m)) is obtained;
calculating from the received encrypted data (c, H (m)))H(m0) Verification of H (m)0) And H (m) is identical or not:
if so, continuing to verify the timestamp T0If the current time is within the valid period, receiving the message for subsequent operation;
otherwise, the receiving is refused.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111349176.4A CN114095229B (en) | 2021-11-15 | 2021-11-15 | Method, device and system for constructing data transmission protocol of energy internet |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111349176.4A CN114095229B (en) | 2021-11-15 | 2021-11-15 | Method, device and system for constructing data transmission protocol of energy internet |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114095229A true CN114095229A (en) | 2022-02-25 |
CN114095229B CN114095229B (en) | 2024-09-17 |
Family
ID=80300824
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111349176.4A Active CN114095229B (en) | 2021-11-15 | 2021-11-15 | Method, device and system for constructing data transmission protocol of energy internet |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114095229B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115118756A (en) * | 2022-05-19 | 2022-09-27 | 中国电力科学研究院有限公司 | Method and device for designing safety interaction protocol in energy internet scene |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104023085A (en) * | 2014-06-25 | 2014-09-03 | 武汉大学 | Security cloud storage system based on increment synchronization |
CN104506534A (en) * | 2014-12-25 | 2015-04-08 | 青岛微智慧信息有限公司 | Safety communication secret key negotiation interaction scheme |
CN105187205A (en) * | 2015-08-05 | 2015-12-23 | 北京航空航天大学 | Certificateless authentication key negotiation method and system based on hierarchical identities |
CN106209369A (en) * | 2016-07-01 | 2016-12-07 | 中国人民解放军国防科学技术大学 | Single interactive authentication key agreement protocol of ID-based cryptosystem system |
CN107493165A (en) * | 2017-10-09 | 2017-12-19 | 重庆邮电大学 | A kind of car networking certification and cryptographic key negotiation method with strong anonymity |
CN108111301A (en) * | 2017-12-13 | 2018-06-01 | 中国联合网络通信集团有限公司 | The method and its system for realizing SSH agreements are exchanged based on rear quantum key |
CN110120939A (en) * | 2019-04-08 | 2019-08-13 | 淮阴工学院 | A kind of encryption method and system of the deniable authentication based on heterogeneous system |
-
2021
- 2021-11-15 CN CN202111349176.4A patent/CN114095229B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104023085A (en) * | 2014-06-25 | 2014-09-03 | 武汉大学 | Security cloud storage system based on increment synchronization |
CN104506534A (en) * | 2014-12-25 | 2015-04-08 | 青岛微智慧信息有限公司 | Safety communication secret key negotiation interaction scheme |
CN105187205A (en) * | 2015-08-05 | 2015-12-23 | 北京航空航天大学 | Certificateless authentication key negotiation method and system based on hierarchical identities |
CN106209369A (en) * | 2016-07-01 | 2016-12-07 | 中国人民解放军国防科学技术大学 | Single interactive authentication key agreement protocol of ID-based cryptosystem system |
CN107493165A (en) * | 2017-10-09 | 2017-12-19 | 重庆邮电大学 | A kind of car networking certification and cryptographic key negotiation method with strong anonymity |
CN108111301A (en) * | 2017-12-13 | 2018-06-01 | 中国联合网络通信集团有限公司 | The method and its system for realizing SSH agreements are exchanged based on rear quantum key |
CN110120939A (en) * | 2019-04-08 | 2019-08-13 | 淮阴工学院 | A kind of encryption method and system of the deniable authentication based on heterogeneous system |
Non-Patent Citations (1)
Title |
---|
胡如会: "基于可信第三方的身份认证密钥协商协议", 《贵州工程应用技术学院学报》, vol. 38, no. 3, 15 June 2020 (2020-06-15), pages 29 - 34 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115118756A (en) * | 2022-05-19 | 2022-09-27 | 中国电力科学研究院有限公司 | Method and device for designing safety interaction protocol in energy internet scene |
Also Published As
Publication number | Publication date |
---|---|
CN114095229B (en) | 2024-09-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111083131B (en) | Lightweight identity authentication method for power Internet of things sensing terminal | |
CN111371730B (en) | Lightweight authentication method supporting anonymous access of heterogeneous terminal in edge computing scene | |
CN109309565B (en) | Security authentication method and device | |
CN103763631B (en) | Authentication method, server and television set | |
KR100811419B1 (en) | Countermeasure Against Denial-of-Service Attack in Authentication Protocols Using Public-Key Encryption | |
CN102547688B (en) | Virtual-dedicated-channel-based establishment method for high-credibility mobile security communication channel | |
Kaur et al. | A Secure Two‐Factor Authentication Framework in Cloud Computing | |
EP2984782A1 (en) | Method and system for accessing device by a user | |
CN112637136A (en) | Encrypted communication method and system | |
CN112351037B (en) | Information processing method and device for secure communication | |
CN102811224A (en) | Method, device and system for implementation of SSL (secure socket layer)/TLS (transport layer security) connection | |
Chen et al. | Security analysis and improvement of user authentication framework for cloud computing | |
CN110839240B (en) | Method and device for establishing connection | |
Mishra et al. | A pairing-free identity based authentication framework for cloud computing | |
CN111416712B (en) | Quantum secret communication identity authentication system and method based on multiple mobile devices | |
CN113055394A (en) | Multi-service double-factor authentication method and system suitable for V2G network | |
CN116074019A (en) | Identity authentication method, system and medium between mobile client and server | |
CN116388995A (en) | Lightweight smart grid authentication method based on PUF | |
CN106230840B (en) | A kind of command identifying method of high security | |
Hussain et al. | An improved authentication scheme for digital rights management system | |
Castiglione et al. | An efficient and transparent one-time authentication protocol with non-interactive key scheduling and update | |
CN114095229B (en) | Method, device and system for constructing data transmission protocol of energy internet | |
Gaharana et al. | A new approach for remote user authentication in a Multi-server environment based on DYNAMIC-ID using SMART-CARD | |
CN115955320A (en) | Video conference identity authentication method | |
AU2021101451A4 (en) | Biometric based authentication protocol for mobile cloud data security |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant |