CN114257589A - IoT cloud-based lightweight data communication method and device and readable medium - Google Patents

IoT cloud-based lightweight data communication method and device and readable medium Download PDF

Info

Publication number
CN114257589A
CN114257589A CN202111439357.6A CN202111439357A CN114257589A CN 114257589 A CN114257589 A CN 114257589A CN 202111439357 A CN202111439357 A CN 202111439357A CN 114257589 A CN114257589 A CN 114257589A
Authority
CN
China
Prior art keywords
sender
image
receiver
mac
stego
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111439357.6A
Other languages
Chinese (zh)
Other versions
CN114257589B (en
Inventor
西巴希·穆斯塔法·阿卜杜拉齐兹·穆特拉克
马军超
扎伊德·阿明·阿卜杜勒贾巴尔
文森特·奥莫洛·尼加雷西
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Technology University
Original Assignee
Shenzhen Technology University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Technology University filed Critical Shenzhen Technology University
Priority to CN202111439357.6A priority Critical patent/CN114257589B/en
Priority to PCT/CN2021/143901 priority patent/WO2023097865A1/en
Publication of CN114257589A publication Critical patent/CN114257589A/en
Application granted granted Critical
Publication of CN114257589B publication Critical patent/CN114257589B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention relates to a technical scheme of a lightweight data communication method, a device and a readable medium based on IoT cloud, comprising the following steps: the method comprises the following steps that a configuration stage and a verification stage are sequentially realized between a sender S and a receiver R through a Cloud Service Provider (CSP), and the configuration stage is only executed once; the verification stage is executed when the sender/receiver transmits the message through the intelligent device; in the configuration stage, both a sender S and a receiver R register identities in a cloud service provider CSP; the cloud service provider CSP sends a key Sk and an overlay Image Im to intelligent devices of a sender S and a receiver R through a secure channel, and the sender S generates an overlay Image Stego-MAC and a quick response Image QR _ Image; the receiver R recaptures corresponding numerical values from the quick response Image QR _ Image and the coverage Image Stego-MAC sent by the sender S and performs corresponding logic matching to verify the integrity and authority of the message of the sender S.

Description

IoT cloud-based lightweight data communication method and device and readable medium
Technical Field
The invention relates to the field of computers, in particular to a lightweight data communication method and device based on IoT cloud and a readable medium.
Background
The contribution of intelligent mobile devices to the internet of things (IoT) has transformed daily life, providing the ability to access and manage large amounts of data, which revolutionized the world. However, this incredible advancement presents new challenges. The most important of which is the constant need for up-to-date security measures. Conventional solutions tend to require newer hardware, but are still vulnerable to new administration strategies, and therefore, the above approach is not suitable for internet of things cloud (IoT-cloud) end-to-end (E2E) smart devices.
In addition, although the processing power of smart devices is increasing, they still cannot be compared with personal computers. On one hand, with the increase of the dependence of the internet of things on communication between intelligent devices, a plurality of defects exist in the technical scheme, such as replay attack and reflection attack, and guessing of the key of a sender and a receiver; thus, none of them provide an adequate or truly simple and practical way to maintain the security of the security and privacy of the E2E message. On the other hand, there is a need to provide better and more effective security measures to address security threats.
Disclosure of Invention
The present invention is directed to solve at least one of the technical problems in the prior art, and provides a lightweight data communication method, device and readable medium based on an IoT cloud, which solve the disadvantages in the prior art.
The technical scheme of the invention comprises an IoT cloud-based lightweight data communication method, which is characterized by comprising the following steps: a configuration stage and a verification stage are sequentially executed between a sender S and a receiver R through a cloud service provider CSP; in the configuration stage, both a sender S and a receiver R register identities in a cloud service provider CSP; the cloud service provider CSP sends a key Sk and an overlay image Im to the intelligent devices of the sender S and the receiver R through a secure channel, and the overlay image Ims received by the sender S is consistent with the overlay image Imr received by the receiver R; a sender S generates an covered Image Stego-MAC and calculates a quick response Image QR _ Image at the same time; the sender S submits the quick response Image QR _ Image and the coverage Image Stego-MAC to the receiver R; and the receiver R acquires the data transmitted by the sender S, acquires the details of the transmitted data, receives the quick response Image QR _ Image and the covering Image Stego-MAC sent from the sender S to recapture corresponding numerical values, and performs corresponding logic matching to verify the integrity and authority of the message of the sender S.
According to the IoT cloud-based lightweight data communication method, the configuration phase is only executed once, and the verification phase is executed when the sender S or the receiver R transmits a message through the intelligent device.
According to the IoT cloud-based lightweight data communication method, the key Sk adopts symmetric encryption, and an encryption algorithm of the symmetric encryption adopts a hash function h ().
According to the IoT cloud-based lightweight data communication method, the generation flow of the covered image Stego-MAC is as follows: the information of the sender S is assumed to be M, and a disposable anonymous MAC M' is generated and obtained, wherein the random number ri belongs to an index of Ims, the sender S calculates the position Pi of ri from the image of the sender, and the Ims is the index; a sender S generates a disposable distributed key SSk for the authentication and integrity login request of each user, wherein the SSk is ri multiplied by Sk; the sender S uses the scattering function scssk (M) → M1 once and randomly scatters the character of M using SSk,
Figure BDA0003382398440000023
for all N e N, the sender S reserves a scattered M position RP; the sender S hides M and RP in Ims using the LSB algorithm to generate an overlaid image Stego-MAC.
According to the IoT cloud-based lightweight data communication method, the calculation step of the quick response Image QR _ Image comprises the following steps: generating a two-dimensional code based on M1, Pi' and Ims, and acquiring a two-dimensional code Image QR _ Image: QR _ Image — QR (M1, Pi', Ims).
According to the lightweight data communication method based on the IoT cloud, the steps of acquiring data transmitted by the sender S by the receiver R to quickly respond to the Image QR _ Image and recapture corresponding numerical values in the overlay Image Stego-MAC are as follows: retrieving Pi' and M1 from QR _ Image; retrieving RP and M' from the Stego-MAC by the LSB algorithm; from the sequence generated by RP ═ Pn (1), Pn (2), Pn (3), …, the receiver R rearranges the message M1 using a reordering function: ReRP (M1) ═ M; calculating Pi':
Figure BDA0003382398440000021
Figure BDA0003382398440000022
extracting ri': ri ═ Imr (Pi "); receiver R generates M ″: m ″ ═ h (M | | | Sk | | | ri'); if M "matches M', receiver R verifies the integrity and authority of the sender message, otherwise, receiver R will terminate the verification phase.
7. The IoT cloud based lightweight data communication method according to claim 6, wherein the retrieving Pi' and M1 from QR _ Image comprises:
pi' and M1 were obtained by QR-Reader.
8. An IoT cloud-based lightweight data communication apparatus comprising a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor when executing the computer program implements the method steps of any of claims 1-8.
9. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the method steps of any one of claims 1 to 8. The technical scheme of the invention also comprises a heat supply network intelligent inspection device which comprises a memory, a processor and a computer program which is stored in the memory and can run on the processor, and is characterized in that any one of the method steps is realized when the processor executes the computer program.
The present invention also includes a computer-readable storage medium, in which a computer program is stored, wherein the computer program, when executed by a processor, implements any of the method steps.
The invention has the following beneficial effects:
one is as follows: the technical scheme of the invention can effectively prevent replay attack, and an adversary can finish replay attack by eavesdropping the login message sent to a receiver by a legal sender. The adversary then reuses this message to simulate a legitimate sender or receiver when logging onto the system in the next session. According to our proposed scheme, each new request initiated by the sender/receiver should be identical to the CSP's key (Sk, ri, Pi', Ims). Thus, the adversary cannot pass any replay messages to R for verification. The results show that this scheme is resistant to such attacks without a synchronized clock. Thus. In the proposed secure E2E message, an attacker cannot tamper with the message because they do not know the symmetric keys Sk held by S and R, and the different random ri used instead of the timestamp (timestamp). Further, the sender/receiver uses the hidden variables (ri, Pi') once per login message request. This results in S and R requiring the respective smart device to run the authentication phase as described above, with the result that this type of attack will be detected by R, which will fail;
the second step is as follows: the solution of the invention enables to prevent forgery and simulation of session attacks, which would require access to valid session messages (M, Stego-MAC, Pi ') through secret parameters (Sk, ri, Ims/Imr, and Pi') if an adversary tries to impersonate a sender/receiver. This type of attack is to be avoided given that the attacker does not have the ability to compute Sk or Ims/Imr as required by Stego-MACM and P.
And thirdly: the technical scheme of the invention can prevent insider attack, and any user who wants to register the CSP with the remote access service must provide identity information. Since the key Sk is used, it is not feasible for the CSP to obtain the user's MAC from the cover image Stego-MAC, the authenticated session key (ri, Pi) and the one-way hash function h (). In addition, the master values (Stego-MAC, M', ri and Pi) for each login of the user are generated only once. This means that even the service provider does not know the main values of the user (Stego-MAC, M', ri and Pi). The proposed scheme can avoid both internal attacks and CSP simulation attacks.
Fourthly, the method comprises the following steps: the technical scheme of the invention can prevent the reflection attack, and the attack in the form occurs after a legal user submits the login information to the CSP. An adversary attempts to obtain a user's login message and send it (or an updated version of the message) to the same user. In the proposed solution, the adversary will not be able to fool the service provider since the master values (Stego-MAC and Pi) from sender → receiver are not available. The adversary will not be able to use these values again because they are only generated once for each login request of the sender/receiver. Thus, the proposed scheme can avoid reflection attacks.
And fifthly: the technical scheme of the invention can prevent the MITM attack, and the attack in the form relates to an opponent which can intercept information between a sender and a receiver (the attack in the form relates to an attacker which can intercept information between the sender and the receiver). This message will then be used when the entity signs out of the CSP. When the variable is securely encrypted, it is sent from the sender to the receiver and vice versa. A random value ri is generated by the sender to create sensitive data (Stego-MAC, M ', Ims/Imr, RP, and Pi') as a session request to the receiver. These sensitive variables become useless. The sender/receiver has the CSP deployed so that while an attacker who identifies messages between the sender and receiver can learn r, this variable is used only once. An attacker cannot derive M, which is generated for one-time use and hidden in a cover image named Stego-MAC. Thus, this scheme can avoid MITM attacks.
And the sixth step: the technical solution of the present invention enables to prevent off-line guessing attacks, which requires systematically checking all possible surrogate values until the correct value is identified. According to this scheme, the eavesdropper does not have the main authentication parameters (Sk and Ims/Imr) generated by the CSP through the secure channel in the configuration phase, thereby generating a valid MACM. Therefore, the authentication parameters used by the sender and the receiver are difficult to guess. Furthermore, the initial configuration phase is used only once before being discarded. This limits the time before expiration. Furthermore, during the verification phase, an attacker cannot guess the MACM parameters because it takes one time for the random number ri ∈ Ims (index) to recombine the secret information. Therefore, it is not possible to reuse the random number because it is no longer valid after the first use. Therefore, the receiving side does not respond unless it is to transmit the correct information. Therefore, the scheme can avoid information leakage by establishing a strict communication protocol between the sender and the receiver, and therefore, the scheme can avoid offline attack.
And the seventh step: the solution of the invention enables to prevent DOS attacks, which attack forms usually try to block or suppress the service of all communication facilities and resources. In this case, the authentication system allows a legitimate user to change the password or key. The process is vulnerable to DOS attacks. In this scheme, Pi in the primary position ri of R is generated by S and R independently from the images of the sender and receiver without any interaction. Furthermore, the scheme does not use a hub component in the verification phase, or alternatively, the CSP is used only once in the configuration phase and then discarded. Therefore, our scheme is not suitable for DOS attacks.
Eight of them: the technical scheme of the invention can prevent online key guessing attack, and the attack in the form of online key guessing attack comprises the step of attempting to destroy the communication process by using the online key guessing attack to obtain Sk. Such an attack would be unsuccessful because Sk is shared between the S and R corresponding smart devices over a secure channel by the CSP during the configuration phase. Thus, to predict the corresponding Sk of the two smart devices, the attacker needs to go through the configuration phase. Given that the corresponding Sk is retained only by the respective S and R smart devices, online key guessing attacks can be accurately combated and avoided.
Nine steps are as follows: according to the technical scheme, message privacy attack can be prevented, previous researches show that the short messages are not protected, and when the short messages are transmitted between the intelligent devices corresponding to the S and the R, an attacker can utilize malicious intelligent devices in the cloud of the Internet of things to pick up any communication transmitted between the S and the R. In this scheme, the message is protected by the scattering function scssk (M) → M1, resulting in a one-time random scattering of the M characters by the use of the primary scattering key SSk and also RC 4. Furthermore, M is hidden in the QR image, which means that an attacker can only see one meaningless QR image. Therefore, the scheme can easily avoid the information privacy from being attacked.
It comprises the following steps: the technical scheme of the invention supports the anonymity of the user message, and if a sender/receiver tries to resend the previously sent message when an attacker eavesdrops the login request of the sender, the attacker cannot use the same MAC M' as the sender. This MAC M 'is hidden in the sender's image Ims to create a cover image named Stego-MAC. At the same time, the sender generates ri once for each request made by the sender. Therefore, ri is extracted from the sender' S image, ri ∈ Ims, which exists only in R and S. Furthermore, the attacker will not have access to the master key (Ims, Imr, Sk, and ri) and be used to generate the cryptographic hash function M' ═ h (M | | Sk | | | ri). An attacker cannot easily acquire the MAC of the sender, so the scheme obviously supports the message anonymity of the user in the communication process.
Eleven steps of: the solution of the invention enables to facilitate the known key security and key agreement, in the proposed solution the key Sk is used to generate M' ═ h (M | | Sk | | | ri) when the sender sends a message to the receiver or vice versa, the same key also being used to encrypt the position Pi of ri in the sender image Ims. An attacker will not have access to the session key and therefore obtain a new Sk value that is only generated by the CSP over the secure channel during the configuration phase. Therefore, the attacker cannot obtain the secret parameters, and the effect of maintaining the security of the key can be achieved.
Twelve: the technical scheme of the invention can protect the two-dimension code of the sender/receiver, and the function of the QR code is crucial in the proposed scheme, because the QR code is helpful for protecting the message of the sender/receiver, and no other information is leaked in the entity of the Internet of things in the communication channel. Therefore, the sender sends QR _ Image with hidden Stego-MAC to the receiver. QR _ Image is also generated once on P for each authentication phase, thus avoiding an attacker to get any information by sniffing or activating the MITM attack through QR _ Image and Steo-MAC, and furthermore, this solution does not incur the extra cost of reading and generating the two-dimensional code, since the mobile application reading the two-dimensional code is free, in apple app store and google Play. Therefore, we plan to use an inexpensive method to retrieve Pi 'and M, which is then used to authenticate the user's message. The mobile application program can be installed in any internet of things device, such as a smart phone, a tablet computer or a notebook computer. Thus, this approach may preserve the message transport and privacy of E2E without additional hardware requirements.
Thirteen of them: the technical scheme of the invention can keep the integrity of the message, and under the condition that an attacker tries to extract or change the message M embedded in the image QRImage and then sends the message M to the receiver, the receiver verifies M ' of the message of the sender by generating M and then compares the M ' with M '. If the result does not match the adversary will not be able to implement its attack, the receiver will confirm that the message is not complete. The scheme can clearly maintain and support the integrity of the message.
Fourteen of them: the technical scheme of the invention can support the anonymity of the user, and if an attacker tries to eavesdrop the authentication and integrity request of the user, the login request and the identity of the user cannot be obtained from M, because the login request and the identity of the user are protected by a scattering function ScSSK (M) based on a one-time scattering key SSk. Hidden from the attacker and generated only once for each user's login request. Thus, it would be difficult for an attacker to determine the user's authentication request and identify or reassemble the message M. The proposed scheme clearly supports the anonymity of the authentication request of the user.
Drawings
The invention is further described below with reference to the accompanying drawings and examples;
fig. 1 is a flow diagram illustrating IoT cloud-based lightweight data communication according to an embodiment of the present invention.
Fig. 2 is a flowchart illustrating an authentication phase of IoT cloud-based lightweight data communication according to an embodiment of the present invention.
Fig. 3 is a process diagram for generating Pi according to an embodiment of the present invention.
Fig. 4 is a diagram illustrating the generation of anonymous information according to an embodiment of the present invention.
FIG. 5 is a diagram illustrating processing times during a verification phase according to an embodiment of the invention.
Fig. 6 is a timing diagram illustrating a related art authentication process.
Detailed Description
Reference will now be made in detail to the present preferred embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like reference numerals refer to like elements throughout.
In the description of the present invention, the meaning of a plurality of means is one or more, the meaning of a plurality of means is two or more, and larger, smaller, larger, etc. are understood as excluding the number, and larger, smaller, inner, etc. are understood as including the number.
In the description of the present invention, the consecutive reference numbers of the method steps are for convenience of examination and understanding, and the implementation order between the steps is adjusted without affecting the technical effect achieved by the technical solution of the present invention by combining the whole technical solution of the present invention and the logical relationship between the steps.
In the description of the present invention, unless otherwise explicitly defined, terms such as set, etc. should be broadly construed, and those skilled in the art can reasonably determine the specific meanings of the above terms in the present invention in combination with the detailed contents of the technical solutions.
Interpretation of terms: the term expression in the present invention is defined herein,
a cryptographic hash function: h ();
a cloud service provider CSP;
n, p, q are large prime numbers for calculating the shared secret key;
a sender: s;
the receiving side: r;
the secret key is Sk; the images of the sender and the receiver are respectively sent by the cloud service provider, and the image is Ims ═ Imr;
the message authentication code is MAC;
the sender sends MAC to the receiver: m';
the receiver calculates the MAC M';
ri and ri' are random numbers used to generate one-time anonymous messages; pi and Pi' are the positions of random numbers extracted from the sender and receiver images, respectively;
ScSSk ();
the position array of M after scattering is RP;
overlay image Stego-MAC; fast response image:
QR _ Image; the adjacent function |;
one-time scattering key: SSk;
least significant byte algorithm (least significant byte bit): the LSB algorithm.
Referring to fig. 1, the present embodiment provides a flow chart of intelligent inspection of a heat supply network, including:
in the embodiment, a configuration stage and a verification stage are sequentially executed between a sender S and a receiver R through a cloud service provider CSP;
in the configuration stage, both a sender S and a receiver R register identities in a cloud service provider CSP;
the cloud service provider CSP sends a key Sk and an overlay image Im to the intelligent devices of the sender S and the receiver R through a secure channel, and the overlay image Ims received by the sender S is consistent with the overlay image Imr received by the receiver R;
a sender S generates an covered Image Stego-MAC and calculates a quick response Image QR _ Image at the same time;
the sender S submits the quick response Image QR _ Image and the coverage Image Stego-MAC to the receiver R;
and the receiver R acquires the data transmitted by the sender S, acquires the details of the transmitted data, receives the quick response Image QR _ Image and the coverage Image Stego-MAC sent from the sender S to recapture corresponding numerical values, and performs corresponding logic matching to verify the integrity and authority of the message of the sender S.
As shown in fig. 2 to 4, the sender (S) and the receiver (R) sequentially implement a configuration stage and a verification stage through a Cloud Service Provider (CSP), and the initial configuration stage is only performed once; the verification stage is executed when the sender/receiver transmits the message through the intelligent device; the method comprises the following steps:
1): in the configuration phase, both the sender (S) and the receiver (R) register identities in a Cloud Service Provider (CSP);
2): a Cloud Service Provider (CSP) sends a key Sk and an overlay image (Im) to intelligent devices of a sender (S) and a receiver (R) through a secure channel, and the overlay image (Ims) received by the sender (S) is consistent with the overlay image (Imr) received by the receiver (R);
3): the sender (S) utilizes an LSB algorithm to generate an covered Image Stego-MAC and simultaneously calculates a quick response Image QR _ Image;
4): the sender (S) submits the quick response Image QR _ Image and the coverage Image Stego-MAC to the receiver (R);
5): the receiver (R) obtains the data transmitted by the sender (S), and obtains the details through a QR-Reader application program, obtains corresponding numerical values from the quick response Image QR _ Image and the coverage Image Stego-MAC sent by the sender (S), and performs corresponding logic matching to verify the integrity and authority of the message of the sender (S).
Specifically, the key Sk adopts symmetric encryption, and the encryption algorithm is a hash function h ().
Specifically, the covered image Stego-MAC generating process is as follows:
1): the information of the sender (S) is assumed to be M, and a disposable anonymous MAC M' is generated and obtained, wherein the random number ri belongs to Ims (index), so as to prevent the sender from sending a previous verification message to a receiver, and vice versa; the sender (S) calculates the position Pi of ri from the sender' S image;
2): the sender (S) generates a one-time distributed key for each user' S authentication and integrity logon request: SSk-ri × Sk;
3): the sender (S) uses the scattering function ScSSk (.) once, and obtains M1 by using characters of the SSk randomly scattering M: scssk (M) → M1; generating a Pi':
Figure BDA0003382398440000101
for all N ∈ N, S holds an array of positions (array of locations) RP of the scatter M; RP ═ (Pn (1), Pn (2), Pn (3), …), where N is the set of all permutation spaces;
4): the sender (S) hides M and RP in Ims using the LSB algorithm to generate the covered image Stego-MAC.
Specifically, the quick response Image QR _ Image calculating step includes: a two-dimensional code is generated based on M1, Pi ', and images, and a two-dimensional code Image named QR _ Image — QR (M1, Pi', and images) is acquired.
Specifically, the step of acquiring the data transmitted by the sender (S) by the receiver (R) to quickly respond to the Image QR _ Image and recapture the corresponding numerical value in the overlay Image Stego-MAC is as follows:
1): retrieving Pi' and M1 from QR _ Image according to the details obtained by the QR-Reader application;
2): retrieving RP and M' from the Stego-MAC by the LSB algorithm;
3): according to the sequence produced by RP ═ Pn (1), Pn (2), Pn (3), …, R rearranges the messages M1 using a rearrangement function: ReRP (M1) ═ M; rearrangement of M1 is the inverse of the scattering process;
4): calculating Pi':
Figure BDA0003382398440000102
extracting ri': ri ═ Imr (Pi "). Then, R generates M ″: m ″, h (M | | | Sk | | | ri'). Finally, if M "matches M ', the recipient verifies the integrity and authority of the sender's message. Otherwise, R will terminate the verification phase.
The working principle is as follows: in an initial configuration phase, both the sender (S) and the receiver (R) register their identities in a Cloud Service Provider (CSP) which provides the smart devices of the sender and receiver with the key Sk and the overlay image (Im) over a secure channel, as shown in fig. 2. The principal components (CSP, S and R) also use the symmetric key Sk for the cryptographic hash function h (.). CSP sets n as p × q, where p and q are two large prime numbers, and the key Sk belongs to Zn;
subsequently, the Cloud Service Provider (CSP) sends the key hidden information (Sk, Ims, Imr; wherein Ims ═ Imr) to the sender (S) and the receiver (R) through the secure channel. This operation is only necessary for the configuration phase and not for the subsequent verification phase. Cloud Service Providers (CSPs) do not need to be used at runtime. After the configuration phase is completed, the sender/receiver may use the keys Sk and (Ims, Imr) to complete the subsequent authentication phase.
Referring to fig. 2-4, the verification phase is as follows:
1. s sends Stego-MAC and QR _ Image like R. The following steps are performed by the sender S:
(1) the sender's information is assumed to be M.
(2) And generating and obtaining a one-time anonymous MAC M ═ h (M | | Sk | | | ri), wherein the random number ri belongs to Ims (index) so as to prevent the sender from sending a previous authentication message to a receiver, and vice versa. Then S calculates the position Pi of ri from the image of the sender, see fig. 3.
(3) S, generating a disposable scattered key for the identity authentication and the integrity login request of each user: SSk is ri × Sk.
(4) S randomly scatters the characters of M with SSk (.) using a first order scattering function: scssk (M) → M1. Notably, Sc relates to a function that obtains the one-time permuted sequence bytes of M using Rivest Cipher 4(RC 4). Specifically, the one-time permutation sequence is obtained by RC4, and RC4 is initialized with SSk as a one-time-use distributed key. RC4 is a well-known cryptographic algorithm that generates a sequence with a repetition period of 10100. The security of this property is that it prevents an attacker from retrieving and reassembling M correctly. It is assumed that if the adversary detects the old key SSk or M' authentication code, then replay attacks cannot be made on subsequent authentication and integrity sessions.
(5) Generating a Pi':
Figure BDA0003382398440000111
(6) for all N ∈ N, S holds an array of positions (array of locations) RP of the scatter M; RP ═ (Pn (1), Pn (2), Pn (3), …), where N is the set of all permutation spaces.
(7) The sender hides M' and RP in Ims using the LSB algorithm, and the resulting covered image is called Stego-MAC. Therefore, only the Stego-MAC transmitted between the sender and the receiver needs to process the integrity request, thereby minimizing transmission consumption.
(8) A two-dimensional code is generated based on M1, Pi ', and images, and a two-dimensional code Image QR _ Image is acquired, where QR _ Image is QR (M1, Pi', images). The generating and reading functions of the two-dimensional code are well suited for this strategy. Furthermore, an attacker cannot use the QR application provided by the apple app/google app to retrieve the correct information from the QR image because the sender's message M is an anonymous message. This attribute provides the advantage of privacy protection for E2E messages transmitted over internet of things clouds (IoT-cloud).
(9) QR _ Image and Stego-MAC are submitted to R.
2. The receiver (R) confirms the integrity and authentication of the receiver message as follows:
(1) pi' and M1 are retrieved from QR _ Image according to the details obtained by the QR-Reader application.
(2) RP and M' are retrieved from Stego-MAC by the LSB algorithm.
(3) According to the sequence produced by RP ═ Pn (1), Pn (2), Pn (3), …, R rearranges the messages M1 using a rearrangement function: ReRP (M1) ═ M. Rearrangement of M1 is the inverse of the scattering process.
(4) Calculating Pi':
Figure BDA0003382398440000121
extracting ri': ri ═ Imr (Pi "). Then, R generates M ″: m ″, h (M | | | Sk | | | ri'). Finally, if M "matches M ', the recipient verifies the integrity and authority of the sender's message. Otherwise, R will terminate the verification phase.
Basically, the proposed policy can be applied on devices with limited processing power, such as mobile smart devices, since it utilizes efficient cryptographic primitives and simple basic operations. This low complexity of E2E is mainly due to two important factors, one, the efficiency of the cryptographic primitives and LSBs used, and second, the functionality of QR carrying secure messages and MAC between smart devices. Furthermore, the strategy presented in this application can be applied to a wide variety of scenarios without modification.
In order to verify the actual performance of the proposed solution, several experiments were designed to evaluate the efficiency and effectiveness of the strategy solution. A trial message with a small size image of 512 x 512 pixels was selected to verify the performance of the proposed lightweight data communication method. The experiments were all performed on a PC equipped with a 2.40GHz Intel Pentium 4CPU, a 64-bit Windows 7 operating system, a 2GB RAM, and Matlab R2008 a.
Referring to fig. 5 and 6, the parameters Time (Sec.), Sender Side, Receiver Side, Total and No. of User are Time (Sec), Sender, Receiver, Total number of transmission and reception, and User, respectively.
Referring to fig. 5, fig. 5 illustrates the proposed solution with an average time of the authentication phase of 0.0682 seconds per user, indicating fast and lightweight. Fig. 6 shows the time of the verification process of the proposed solution of the prior art, and the comparison shows that the solution of the present application has a significant advantage in processing time. Meanwhile, the authentication accuracy of the scheme provided by the application is tested, and the experimental results of 3000 intelligent device users show that the technical scheme provided by the invention has 100% accuracy.
It should be recognized that the method steps in embodiments of the present invention may be embodied or carried out by computer hardware, a combination of hardware and software, or by computer instructions stored in a non-transitory computer readable memory. The method may use standard programming techniques. Each program may be implemented in a high level procedural or object oriented programming language to communicate with a computer system. However, the program(s) can be implemented in assembly or machine language, if desired. In any case, the language may be a compiled or interpreted language. Furthermore, the program can be run on a programmed application specific integrated circuit for this purpose.
Further, the operations of processes described herein can be performed in any suitable order unless otherwise indicated herein or otherwise clearly contradicted by context. The processes described herein (or variations and/or combinations thereof) may be performed under the control of one or more computer systems configured with executable instructions, and may be implemented as code (e.g., executable instructions, one or more computer programs, or one or more applications) collectively executed on one or more processors, by hardware, or combinations thereof. The computer program includes a plurality of instructions executable by one or more processors.
Further, the method may be implemented in any type of computing platform operatively connected to a suitable interface, including but not limited to a personal computer, mini computer, mainframe, workstation, networked or distributed computing environment, separate or integrated computer platform, or in communication with a charged particle tool or other imaging device, and the like. Aspects of the invention may be embodied in machine-readable code stored on a non-transitory storage medium or device, whether removable or integrated into a computing platform, such as a hard disk, optically read and/or write storage medium, RAM, ROM, or the like, such that it may be read by a programmable computer, which when read by the storage medium or device, is operative to configure and operate the computer to perform the procedures described herein. Further, the machine-readable code, or portions thereof, may be transmitted over a wired or wireless network. The invention described herein includes these and other different types of non-transitory computer-readable storage media when such media include instructions or programs that implement the steps described above in conjunction with a microprocessor or other data processor. The invention also includes the computer itself when programmed according to the methods and techniques described herein.
A computer program can be applied to input data to perform the functions described herein to transform the input data to generate output data that is stored to non-volatile memory. The output information may also be applied to one or more output devices, such as consumers. In a preferred embodiment of the present invention, the transformed data represents physical and tangible objects, including particular visual depictions of physical and tangible objects produced on the consumer.
The embodiments of the present invention have been described in detail with reference to the accompanying drawings, but the present invention is not limited to the above embodiments, and various changes can be made within the knowledge of those skilled in the art without departing from the gist of the present invention.

Claims (9)

1. An IoT cloud-based lightweight data communication method, the method comprising:
a configuration stage and a verification stage are sequentially executed between a sender S and a receiver R through a cloud service provider CSP;
in the configuration stage, both a sender S and a receiver R register identities in a cloud service provider CSP;
the cloud service provider CSP sends a key Sk and an overlay image Im to the intelligent devices of the sender S and the receiver R through a secure channel, and the overlay image Ims received by the sender S is consistent with the overlay image Imr received by the receiver R;
a sender S generates an covered Image Stego-MAC and calculates a quick response Image QR _ Image at the same time;
the sender S submits the quick response Image QR _ Image and the coverage Image Stego-MAC to the receiver R;
and the receiver R acquires the data transmitted by the sender S, acquires the details of the transmitted data, receives the quick response Image QR _ Image and the coverage Image Stego-MAC sent from the sender S to recapture corresponding numerical values, and performs corresponding logic matching to verify the integrity and authority of the message of the sender S.
2. The IoT cloud based lightweight data communication method in accordance with claim 1, wherein the configuration phase is performed only once and the authentication phase is performed when a sender S or a receiver R transmits a message through a smart device.
3. The IoT cloud based lightweight data communication method in accordance with claim 1, wherein the key Sk employs symmetric encryption, and wherein an encryption algorithm of symmetric encryption employs a hash function h ().
4. The IoT cloud based lightweight data communication method according to claim 1, wherein the covered image Stego-MAC generation flow is:
the information of the sender S is assumed to be M, and a disposable anonymous MAC M' is generated and obtained, wherein the random number ri belongs to an index of Ims, the sender S calculates the position Pi of ri from the image of the sender, and the Ims is the index;
a sender S generates a disposable distributed key SSk for the authentication and integrity login request of each user, wherein the SSk is ri multiplied by Sk;
the sender S uses a scattering function scssk (M) → M1 once and randomly scatters characters of M using SSk, Pi ≦ Sk, and retains a scattered M position RP for all N ∈ N;
the sender S hides M and RP in Ims using the LSB algorithm to generate an overlaid image Stego-MAC.
5. The IoT cloud based lightweight data communication method in accordance with claim 4, wherein: the quick response Image QR _ Image calculating step comprises the following steps:
generating a two-dimensional code based on M1, Pi' and Ims, and acquiring a two-dimensional code Image QR _ Image: QR _ Image — QR (M1, Pi', Ims).
6. The IoT cloud-based lightweight data communication method according to claim 5, wherein the step of the receiver R obtaining the data delivered by the sender S to quickly respond to the QR _ Image and recapture the corresponding values in the Stego-MAC Image is as follows:
retrieving Pi' and M1 from QR _ Image;
retrieving RP and M' from the Stego-MAC by the LSB algorithm;
from the sequence generated by RP ═ Pn (1), Pn (2), Pn (3), …, the receiver R rearranges the message M1 using a reordering function: ReRP (M1) ═ M;
calculating Pi': pi ═ Pi'. gtoreq Sk;
extracting ri': ri ═ Imr (Pi ");
receiver R generates M ″: m ″ ═ h (M | | | Sk | | | ri');
if M "matches M', receiver R verifies the integrity and authority of the sender message, otherwise, receiver R will terminate the verification phase.
7. The IoT cloud based lightweight data communication method according to claim 6, wherein the retrieving Pi' and M1 from QR _ Image comprises:
pi' and M1 were obtained by QR-Reader.
8. An IoT cloud-based lightweight data communication apparatus comprising a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor when executing the computer program implements the method steps of any of claims 1-8.
9. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the method steps of any one of claims 1 to 8.
CN202111439357.6A 2021-11-30 2021-11-30 IoT cloud-based lightweight data communication method and device and readable medium Active CN114257589B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202111439357.6A CN114257589B (en) 2021-11-30 2021-11-30 IoT cloud-based lightweight data communication method and device and readable medium
PCT/CN2021/143901 WO2023097865A1 (en) 2021-11-30 2021-12-31 Iot cloud-based lightweight data communication method and apparatus, and readable medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111439357.6A CN114257589B (en) 2021-11-30 2021-11-30 IoT cloud-based lightweight data communication method and device and readable medium

Publications (2)

Publication Number Publication Date
CN114257589A true CN114257589A (en) 2022-03-29
CN114257589B CN114257589B (en) 2023-02-17

Family

ID=80793589

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111439357.6A Active CN114257589B (en) 2021-11-30 2021-11-30 IoT cloud-based lightweight data communication method and device and readable medium

Country Status (2)

Country Link
CN (1) CN114257589B (en)
WO (1) WO2023097865A1 (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110107105A1 (en) * 2009-10-30 2011-05-05 International Business Machines Corporation Message sending/receiving method
US20120066501A1 (en) * 2009-03-17 2012-03-15 Chuyu Xiong Multi-factor and multi-channel id authentication and transaction control
US20190096073A1 (en) * 2018-06-13 2019-03-28 Intel Corporation Histogram and entropy-based texture detection
US20190349190A1 (en) * 2016-12-30 2019-11-14 Intel Corporation BLOCKCHAINS FOR SECURING IoT DEVICES
CN111885058A (en) * 2020-07-23 2020-11-03 伊拉克巴士拉大学 Lightweight message transmission method for end-to-end intelligent device communication in Internet of things cloud
CN113507436A (en) * 2021-06-02 2021-10-15 中国人民解放军63880部队 Power grid embedded terminal fuzzy test method aiming at GOOSE protocol

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2581315A (en) * 2018-10-30 2020-08-19 Barclays Execution Services Ltd Secure data communication
CN111132155B (en) * 2019-12-30 2023-11-17 江苏全链通信息科技有限公司 5G secure communication method, device and storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120066501A1 (en) * 2009-03-17 2012-03-15 Chuyu Xiong Multi-factor and multi-channel id authentication and transaction control
US20110107105A1 (en) * 2009-10-30 2011-05-05 International Business Machines Corporation Message sending/receiving method
US20190349190A1 (en) * 2016-12-30 2019-11-14 Intel Corporation BLOCKCHAINS FOR SECURING IoT DEVICES
US20190096073A1 (en) * 2018-06-13 2019-03-28 Intel Corporation Histogram and entropy-based texture detection
CN111885058A (en) * 2020-07-23 2020-11-03 伊拉克巴士拉大学 Lightweight message transmission method for end-to-end intelligent device communication in Internet of things cloud
CN113507436A (en) * 2021-06-02 2021-10-15 中国人民解放军63880部队 Power grid embedded terminal fuzzy test method aiming at GOOSE protocol

Non-Patent Citations (6)

* Cited by examiner, † Cited by third party
Title
MOHAMMED AMINE BOURAS , QINGHUA LU , SAHRAOUI DHELIM,HUANSHENG: "《A Lightweight Blockchain-Based IoT Identity Management Approach》", 《MDPI》 *
MS. D BETTEENA SHERYL FERNANDO, PARTHIBAN, RAJESH, VINITHRA: "《Steganography of Messages Encrypted With QR Code》", 《ISSN》 *
MUHAMMAD_ARIF_MUGHAL(阿力夫): "《用于物联网智能设备之间安全通信的轻量级数字签名方法研究》", 《中国博士学位论文全文数据库 信息技术辑》 *
YINQIU LIU, KUN WANG, YUN LIN, WENYAO XU: "《LightChain A Lightweight Blockchain System for Industrial Internet of Things》", 《IEEE》 *
何金栋等: "智能变电站嵌入式终端的网络攻击类型研究及验证", 《中国电力》 *
王春琦; 孔祥琦,丁晓欢,卢忠青,陈常婷: "《基于无迹卡尔曼滤波的IMU和UWB融合定位算法研究》", 《南昌航空大学学报(自然科学版)》 *

Also Published As

Publication number Publication date
WO2023097865A1 (en) 2023-06-08
CN114257589B (en) 2023-02-17

Similar Documents

Publication Publication Date Title
AU2018352026B2 (en) System and method for generating and depositing keys for multi-point authentication
US11463435B2 (en) Identity authentication method and system based on wearable device
CN109495250B (en) Quantum-computation-resistant intelligent home communication method and system based on key fob
CN110059458B (en) User password encryption authentication method, device and system
US10594479B2 (en) Method for managing smart home environment, method for joining smart home environment and method for connecting communication session with smart device
CN108418691A (en) Dynamic network identity identifying method based on SGX
CN113691502B (en) Communication method, device, gateway server, client and storage medium
US20200195446A1 (en) System and method for ensuring forward & backward secrecy using physically unclonable functions
CN110932870A (en) Secret sharing and timestamp based quantum communication service station key negotiation system and method
CN111695152B (en) MySQL database protection method based on security agent
Srinivas et al. Provably secure biometric based authentication and key agreement protocol for wireless sensor networks
CN110505055B (en) External network access identity authentication method and system based on asymmetric key pool pair and key fob
Sethia et al. NFC secure element-based mutual authentication and attestation for IoT access
CN110855667B (en) Block chain encryption method, device and system
Nimmy et al. A novel multi-factor authentication protocol for smart home environments
CN111740995A (en) Authorization authentication method and related device
CN101090321B (en) Device and method for discovering emulated clients
Huang et al. A secure communication over wireless environments by using a data connection core
Castiglione et al. An efficient and transparent one-time authentication protocol with non-interactive key scheduling and update
Lin et al. UFace: Your universal password that no one can see
Chean et al. Authentication scheme using unique identification method with homomorphic encryption in Mobile Cloud Computing
KR102539418B1 (en) Apparatus and method for mutual authentication based on physical unclonable function
CN114257589B (en) IoT cloud-based lightweight data communication method and device and readable medium
Varshney et al. A new secure authentication scheme for web login using BLE smart devices
Agal et al. Non-interactive zero-knowledge proof based authentication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant