CN114257589B - IoT cloud-based lightweight data communication method and device and readable medium - Google Patents

IoT cloud-based lightweight data communication method and device and readable medium Download PDF

Info

Publication number
CN114257589B
CN114257589B CN202111439357.6A CN202111439357A CN114257589B CN 114257589 B CN114257589 B CN 114257589B CN 202111439357 A CN202111439357 A CN 202111439357A CN 114257589 B CN114257589 B CN 114257589B
Authority
CN
China
Prior art keywords
power distribution
distribution terminal
sender
image
goose
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111439357.6A
Other languages
Chinese (zh)
Other versions
CN114257589A (en
Inventor
西巴希·穆斯塔法·阿卜杜拉齐兹·穆特拉克
马军超
扎伊德·阿明·阿卜杜勒贾巴尔
文森特·奥莫洛·尼加雷西
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Technology University
Original Assignee
Shenzhen Technology University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Technology University filed Critical Shenzhen Technology University
Priority to CN202111439357.6A priority Critical patent/CN114257589B/en
Priority to PCT/CN2021/143901 priority patent/WO2023097865A1/en
Publication of CN114257589A publication Critical patent/CN114257589A/en
Application granted granted Critical
Publication of CN114257589B publication Critical patent/CN114257589B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Abstract

The invention relates to a technical scheme of a lightweight data communication method, a device and a readable medium based on IoT cloud, comprising the following steps: the method comprises the following steps that a configuration stage and a verification stage are sequentially realized between a sender S and a receiver R through a Cloud Service Provider (CSP), and the configuration stage is only executed once; the verification stage is executed when the sender/receiver transmits the message through the intelligent device; in the configuration stage, both a sender S and a receiver R register identities in a cloud service provider CSP; the cloud service provider CSP sends a key Sk and an overlay Image Im to intelligent devices of a sender S and a receiver R through a secure channel, and the sender S generates an overlay Image Stego-MAC and a quick response Image QR _ Image; the receiving party R recaptures corresponding numerical values from the quick response Image QR _ Image and the coverage Image Stego-MAC sent by the sending party S and performs corresponding logic matching to verify the integrity and authority of the message of the sending party S.

Description

IoT cloud-based lightweight data communication method and device and readable medium
Technical Field
The invention relates to the field of computers, in particular to a lightweight data communication method and device based on IoT cloud and a readable medium.
Background
The contribution of intelligent mobile devices to the internet of things (IoT) has transformed everyday life, providing the ability to access and manage large amounts of data, which revolutionized the world. However, this incredible advancement presents new challenges. The most important of which is the continuous need for up-to-date security measures. Conventional solutions often require updated hardware, but are still vulnerable to new administrative policies, and thus, the above approach is not suitable for internet of things cloud (IoT-cloud) end-to-end (E2E) smart devices.
In addition, although the processing power of smart devices is increasing, they still cannot be compared with personal computers. On one hand, with the increase of the dependence of the internet of things on communication between intelligent devices, a plurality of defects exist in the technical scheme, such as replay attack and reflection attack, and guessing of the key of a sender and a receiver; thus, none of them provide an adequate or truly simple and practical way to maintain the security of E2E messages and privacy. On the other hand, there is a need to provide better and more effective security measures to address security threats.
Disclosure of Invention
The present invention is directed to solve at least one of the technical problems in the prior art, and provides a lightweight data communication method, device and readable medium based on an IoT cloud, which solve the disadvantages in the prior art.
The technical scheme of the invention comprises an IoT cloud-based lightweight data communication method, which is characterized by comprising the following steps: a configuration stage and a verification stage are sequentially executed between a sender S and a receiver R through a cloud service provider CSP; in the configuration stage, both a sender S and a receiver R register identities in a cloud service provider CSP; the cloud service provider CSP sends a key Sk and an overlay image Im to the intelligent devices of the sender S and the receiver R through a secure channel, and the overlay image Ims received by the sender S is consistent with the overlay image Imr received by the receiver R; a sender S generates an covered Image Stego-MAC and calculates a quick response Image QR _ Image at the same time; the sender S submits the quick response Image QR _ Image and the coverage Image Stego-MAC to the receiver R; and the receiver R acquires the data transmitted by the sender S, acquires the details of the transmitted data, receives the quick response Image QR _ Image and the covering Image Stego-MAC sent from the sender S to recapture corresponding numerical values, and performs corresponding logic matching to verify the integrity and authority of the message of the sender S.
According to the IoT cloud-based lightweight data communication method, the configuration phase is only executed once, and the verification phase is executed when the sender S or the receiver R transmits a message through the intelligent device.
According to the IoT cloud-based lightweight data communication method, the key Sk adopts symmetric encryption, and an encryption algorithm of the symmetric encryption adopts a hash function h ().
According to the IoT cloud-based lightweight data communication method, the generation flow of the covered image Stego-MAC is as follows: the information of a sender S is assumed to be M, and a disposable anonymous MAC M' = h (M | | Sk | | ri) is generated and obtained, wherein a random number ri belongs to an index of Ims, and the sender S calculates the position Pi of ri from an image of the sender, wherein Ims is the index; a sender S generates a one-time scattered key SSk for the authentication and integrity login request of each user, wherein SSk = ri × Sk; the sender S uses the scattering function ScSSk (M) → M1 once and randomly scatters the characters of M with SSk,
Figure BDA0003382398440000023
for all N e N, the sender S reserves a scattered M position RP; the sender S hides M and RP in Ims using the LSB algorithm to generate an overlaid image Stego-MAC.
According to the IoT cloud-based lightweight data communication method, the calculation step of the quick response Image QR _ Image comprises the following steps: generating a two-dimensional code based on M1, pi' and Ims, and acquiring a two-dimensional code Image QR _ Image: QR _ Image = QR (M1, pi', ims).
According to the IoT cloud-based lightweight data communication method, the receiver R obtains and sends dataThe steps of recapturing the corresponding value in the quick response Image QR _ Image and the overlay Image Stego-MAC of the data transmitted by the party S are as follows: retrieving Pi' and M1 from QR _ Image; retrieving RP and M' from the Stego-MAC by the LSB algorithm; from the sequence generated by RP = (Pn (1), pn (2), pn (3), …), the receiver R rearranges the messages M1 using a rearrangement function: reRP (M1) = M; calculating Pi':
Figure BDA0003382398440000021
Figure BDA0003382398440000022
extracting ri': ri' = Imr (Pi "); receiver R generates M ″: m "= h (M | | | Sk | | | ri'); if M "matches M', receiver R verifies the integrity and authority of the sender message, otherwise, receiver R will terminate the verification phase.
7. The IoT cloud based lightweight data communication method according to claim 6, wherein the retrieving Pi' and M1 from QR _ Image comprises:
pi' and M1 were obtained by QR-Reader.
8. An IoT cloud-based lightweight data communication apparatus comprising a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor when executing the computer program implements the method steps of any of claims 1-8.
9. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the method steps of any one of claims 1 to 8. The technical scheme of the invention also comprises a heat supply network intelligent inspection device which comprises a memory, a processor and a computer program which is stored in the memory and can run on the processor, and is characterized in that any one of the method steps is realized when the processor executes the computer program.
The present invention also includes a computer-readable storage medium, in which a computer program is stored, wherein the computer program, when executed by a processor, implements any of the method steps.
The invention has the following beneficial effects:
one is as follows: the technical scheme of the invention can effectively prevent replay attack, and an adversary can finish replay attack by eavesdropping the login message sent to a receiver by a legal sender. Subsequently, when logging into the system in the next session, the adversary reuses the message to simulate a legitimate sender or receiver. According to our proposed scheme, each new request initiated by the sender/receiver should be identical to the CSP's key (Sk, ri, pi', ims). Thus, the adversary cannot pass any replay messages to R for verification. The results show that this scheme is resistant to such attacks without a synchronized clock. Thus. In the proposed secure E2E message, the attacker cannot tamper with the message because they do not know the symmetric keys Sk maintained by S and R, and the different random ri used instead of the timestamp (timestamp). Further, the sender/receiver uses the hidden variables (ri, pi') once per login message request. This results in S and R requiring the respective smart device to run the authentication phase as described above, with the result that this type of attack will be detected by R, which will fail;
the second step is as follows: the solution of the invention enables to prevent forgery and simulation of session attacks, which would require access to valid session messages (M, stego-MAC, pi ') through secret parameters (Sk, ri, ims/Imr, and Pi') if an adversary tries to impersonate a sender/receiver. This type of attack is to be avoided given that the attacker does not have the ability to compute Sk or Ims/Imr as required by Stego-MACM and P.
And thirdly: the technical scheme of the invention can prevent insider attack, and any user who wants to register the CSP for the remote access service must provide identity information. Since the key Sk is used, it is not feasible for the CSP to obtain the user's MAC from the cover image Stego-MAC, the authenticated session key (ri, pi) and the one-way hash function h (). In addition, the master values (Stego-MAC, M', ri and Pi) for each login of the user are generated only once. This means that even the service provider does not know the main values of the user (Stego-MAC, M', ri and Pi). The proposed scheme can avoid both internal attacks and CSP simulation attacks.
And the fourth step: the technical scheme of the invention can prevent the reflection attack, and the attack in the form occurs after a legal user submits the login information to the CSP. An adversary attempts to obtain a user's login message and send it (or an updated version of the message) to the same user. In the proposed solution, the adversary will not be able to fool the service provider since the master values (Stego-MAC and Pi) from sender → receiver are not available. The adversary will not be able to use these values again because they are only generated once for each login request of the sender/receiver. Thus, the proposed scheme can avoid reflection attacks.
And fifthly: the technical scheme of the invention can prevent the MITM attack, and the attack in the form relates to an opponent which can intercept information between a sender and a receiver (the attack in the form relates to an attacker which can intercept information between the sender and the receiver). This message will then be used when the entity signs out of the CSP. When the variable is securely encrypted, it is sent from the sender to the receiver and vice versa. A random value ri is generated by the sender to create sensitive data (Stego-MAC, M ', ims/Imr, RP, and Pi') as a session request to the receiver. These sensitive variables become useless. The sender/receiver has the CSP deployed so that while an attacker who identifies messages between the sender and receiver can learn r, this variable is used only once. An attacker cannot derive M, which is generated for one-time use and hidden in the cover image named Stego-MAC. Thus, this scheme can avoid MITM attacks.
And the sixth step: the technical scheme of the invention can prevent off-line guess attack, and the attack in the form needs to systematically check all possible replacement record values until the correct value is identified. According to this scheme, the eavesdropper does not have the main authentication parameters (Sk and Ims/Imr) generated by the CSP through the secure channel in the configuration phase, thereby generating a valid MACM. Therefore, the authentication parameters used by the sender and the receiver are difficult to guess. Furthermore, the initial configuration phase is used only once before being discarded. This limits the time before expiration. Furthermore, during the verification phase, an attacker cannot guess the MACM parameters because it takes one time for the random number ri ∈ Ims (Index) to recombine the secret information. Therefore, it is not possible to reuse the random number because it is no longer valid after the first use. Therefore, the receiving side does not respond unless it is to transmit the correct information. Therefore, the scheme can avoid information leakage by establishing a strict communication protocol between the sender and the receiver, and therefore, the scheme can avoid offline attack.
And the seventh step: the solution of the invention enables to prevent DOS attacks, which attack forms usually try to block or suppress the service of all communication facilities and resources. In this case, the authentication system allows a legitimate user to change the password or key. The process is vulnerable to DOS attacks. In this scheme, pi in the primary position ri of R is generated by S and R independently from the images of the sender and receiver without any interaction. Furthermore, the scheme does not use a hub component in the verification phase, or alternatively, the CSP is used only once in the configuration phase and then discarded. Therefore, our scheme is not suitable for DOS attacks.
Eight of them: the technical scheme of the invention can prevent online key guessing attack, and the attack in the form of online key guessing attack comprises the step of attempting to destroy the communication process by using the online key guessing attack to obtain Sk. Such an attack would be unsuccessful because Sk is shared between the S and R corresponding smart devices over a secure channel by the CSP during the configuration phase. Thus, to predict the corresponding Sk of the two smart devices, the attacker needs to go through the configuration phase. Given that the corresponding Sk is retained only by the respective S and R smart devices, online key guessing attacks can be accurately combated and avoided.
Nine steps are as follows: according to the technical scheme, message privacy attack can be prevented, previous researches show that the short messages are not protected, and when the short messages are transmitted between the intelligent devices corresponding to the S and the R, an attacker can pick up any communication transmitted between the S and the R by using malicious intelligent devices in the cloud of the Internet of things. In this scheme, the message is protected by a scattering function ScSSk (M) → M1, resulting in a one-time random scattering of the M characters by using a one-time scattering key SSk and also RC 4. Furthermore, M is hidden in the QR image, which means that an attacker can only see one meaningless QR image. Therefore, the scheme can easily avoid the information privacy from being attacked.
It comprises the following steps: the technical scheme of the invention supports the anonymity of the user message, and if a sender/receiver tries to resend the previously sent message when an attacker eavesdrops the login request of the sender, the attacker cannot use the same MAC M' as the sender. This MAC M 'is hidden in the sender's image Ims to create a cover image named Stego-MAC. At the same time, the sender generates ri once for each request made by the sender. Therefore, ri is extracted from the sender' S image, ri ∈ Ims, which exists only in R and S. Furthermore, the attacker will not have access to the master key (Ims, imr, sk, and ri) and be used to generate the cryptographic hash function M' = h (M | | Sk | | ri). An attacker cannot easily acquire the MAC of the sender, so the scheme obviously supports the message anonymity of the user in the communication process.
Eleven steps of: the solution of the present invention enables to facilitate the security and key agreement of known keys, in the proposed solution, when the sender sends a message to the recipient or vice versa, the key Sk is used to generate M' = h (M | | Sk | | ri), the same key is also used to encrypt the position Pi of ri in the sender image Ims. An attacker will not have access to the session key and so will obtain a new Sk value that is only generated by the CSP through the secure channel during the configuration phase. Therefore, the attacker cannot obtain the secret parameters, and the effect of maintaining the security of the key can be achieved.
Twelve: the technical scheme of the invention can protect the two-dimension code of the sender/receiver, and the function of the QR code is crucial in the proposed scheme, because the QR code is helpful for protecting the message of the sender/receiver, and no other information is leaked in the entity of the Internet of things in the communication channel. Therefore, the sender sends QR _ Image with hidden Stego-MAC to the receiver. QR _ Image is also generated once on P for each authentication phase, thus avoiding an attacker to get any information by sniffing or activating the MITM attack through QR _ Image and Steo-MAC, and furthermore, this solution does not incur the extra cost of reading and generating the two-dimensional code, since the mobile application reading the two-dimensional code is free, in apple app store and google Play. Therefore, we plan to use an inexpensive method to retrieve Pi 'and M, which is then used to authenticate the user's message. The mobile application program can be installed in any internet of things device, such as a smart phone, a tablet computer or a notebook computer. Thus, the scheme may preserve E2E's message transmission and privacy without additional hardware requirements.
Thirteen of them: the technical scheme of the invention can keep the integrity of the message, and under the condition that an attacker tries to extract or change the message M embedded in the image QRImage and then sends the message M to the receiver, the receiver verifies M ' of the message of the sender by generating M and then compares the M ' with M '. If the result does not match the adversary will not be able to implement its attack, the receiver will confirm that the message is not complete. The scheme can clearly maintain and support the integrity of the message.
Fourteen of them: the technical scheme of the invention can support the anonymity of the user, and if an attacker tries to eavesdrop the authentication and integrity request of the user, the login request and the identity of the user cannot be obtained from M, because the login request and the identity of the user are protected by a scattering function ScSSK (M) based on a one-time scattering key SSk. Hidden from the attacker and only generated once for each user's login request. Thus, it would be difficult for an attacker to determine the user's authentication request and identify or reassemble the message M. The proposed scheme clearly supports the anonymity of the authentication request of the user.
Drawings
The invention is further described below with reference to the drawings and examples;
fig. 1 is a flow diagram illustrating IoT cloud-based lightweight data communication according to an embodiment of the present invention.
Fig. 2 is a flowchart illustrating an authentication phase of IoT cloud-based lightweight data communication according to an embodiment of the present invention.
Fig. 3 is a process diagram for generating Pi according to an embodiment of the present invention.
Fig. 4 is a diagram illustrating the generation of anonymous information according to an embodiment of the present invention.
FIG. 5 is a diagram illustrating processing times during a verification phase according to an embodiment of the invention.
Fig. 6 is a timing diagram illustrating a related art authentication process.
Detailed Description
Reference will now be made in detail to the present preferred embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like reference numerals refer to like elements throughout.
In the description of the present invention, the meaning of a plurality of means is one or more, the meaning of a plurality of means is two or more, and larger, smaller, larger, etc. are understood as excluding the number, and larger, smaller, inner, etc. are understood as including the number.
In the description of the present invention, the consecutive reference numbers of the method steps are for convenience of examination and understanding, and the implementation order between the steps is adjusted without affecting the technical effect achieved by the technical solution of the present invention by combining the whole technical solution of the present invention and the logical relationship between the steps.
In the description of the present invention, unless otherwise explicitly defined, terms such as set, etc. should be broadly construed, and those skilled in the art can reasonably determine the specific meanings of the above terms in the present invention in combination with the detailed contents of the technical solutions.
Interpretation of terms: the term expression in the present invention is defined herein,
a cryptographic hash function: h ();
a cloud service provider CSP;
n, p, q are large prime numbers for calculating the shared secret key;
a sender: s;
the receiving side: r;
the secret key is Sk; ims and Imr are the image of the sender and the image of the receiver, which are respectively sent by the cloud service provider, and Ims = Imr;
the message authentication code is MAC;
the sender sends MAC to the receiver: m';
the receiver calculates the MAC M';
ri and ri' are random numbers used to generate one-time anonymous messages; pi and Pi' are the positions of random numbers extracted from the sender and receiver images, respectively;
ScSSk ();
the position array of M after scattering is RP;
overlay image Stego-MAC; fast response image:
QR _ Image; the adjacent function |;
one-time scattering key: SSk;
least significant byte algorithm (least significant byte bit): the LSB algorithm.
Referring to fig. 1, the present embodiment provides a flow chart of intelligent inspection of a heat supply network, including:
in the embodiment, a configuration stage and a verification stage are sequentially executed between a sender S and a receiver R through a cloud service provider CSP;
in the configuration stage, both a sender S and a receiver R register identities in a cloud service provider CSP;
the cloud service provider CSP sends a key Sk and an overlay image Im to the intelligent devices of the sender S and the receiver R through a secure channel, and the overlay image Ims received by the sender S is consistent with the overlay image Imr received by the receiver R;
a sender S generates an covered Image Stego-MAC and calculates a quick response Image QR _ Image at the same time;
the sender S submits the quick response Image QR _ Image and the coverage Image Stego-MAC to the receiver R;
and the receiver R acquires the data transmitted by the sender S, acquires the details of the transmitted data, receives the quick response Image QR _ Image and the coverage Image Stego-MAC sent from the sender S to recapture corresponding numerical values, and performs corresponding logic matching to verify the integrity and authority of the message of the sender S.
As shown in fig. 2 to 4, the sender (S) and the receiver (R) sequentially implement a configuration stage and a verification stage through a Cloud Service Provider (CSP), and the initial configuration stage is only performed once; the verification stage is executed when the sender/receiver transmits the message through the intelligent device; the method comprises the following steps:
1): in the configuration phase, both the sender (S) and the receiver (R) register identities in a Cloud Service Provider (CSP);
2): a Cloud Service Provider (CSP) sends a key Sk and an overlay image (Im) to intelligent devices of a sender (S) and a receiver (R) through a secure channel, and the overlay image (Ims) received by the sender (S) is consistent with the overlay image (Imr) received by the receiver (R);
3): the sender (S) utilizes an LSB algorithm to generate an covered Image Stego-MAC and simultaneously calculates a quick response Image QR _ Image;
4): the sender (S) submits the quick response Image QR _ Image and the coverage Image Stego-MAC to the receiver (R);
5): the receiving party (R) acquires data transmitted by the sending party (S), and obtains details through a QR-Reader application program, retrieves corresponding numerical values from a quick response Image QR _ Image and an overlay Image Stego-MAC transmitted by the sending party (S), and performs corresponding logic matching to verify the integrity and authority of the message of the sending party (S).
Specifically, the key Sk adopts symmetric encryption, and the encryption algorithm is a hash function h ().
Specifically, the Stego-MAC generation process of the covered image is as follows:
1): the information of the sender (S) is assumed to be M, and a disposable anonymous MAC M' = h (M | | Sk | | | ri) is generated, wherein a random number ri belongs to Ims (index) to prevent the sender from sending a previous verification message to a receiver, and vice versa; the sender (S) calculates the position Pi of ri from the sender' S image;
2): the sender (S) generates a one-time distributed key for each user' S authentication and integrity logon request: SSk = ri × Sk;
3): the sender (S) uses a scattering function ScSSk (.) for one-time use, and characters of the SSk random scattering M are obtainedM1: scSSk (M) → M1; generating a Pi':
Figure BDA0003382398440000101
for all N ∈ N, S holds an array of positions (array of locations) RP of the scatter M; RP = (Pn (1), pn (2), pn (3), …), where N is the set of all arrangement spaces;
4): the sender (S) hides M and RP in Ims using the LSB algorithm to generate the covered image Stego-MAC.
Specifically, the quick response Image QR _ Image calculating step includes: a two-dimensional code is generated based on M1, pi ', and images, and a two-dimensional code Image named QR _ Image = QR (M1, pi', ims) is acquired.
Specifically, the step of acquiring the data transmitted by the sender (S) by the receiver (R) to quickly respond to the Image QR _ Image and recapture the corresponding numerical value in the overlay Image Stego-MAC is as follows:
1): retrieving Pi' and M1 from QR _ Image according to details obtained by the QR-Reader application;
2): retrieving RP and M' from the Stego-MAC by the LSB algorithm;
3): according to the sequence produced by RP = (Pn (1), pn (2), pn (3), …), R rearranges the messages M1 using a rearrangement function: reRP (M1) = M; rearrangement of M1 is the inverse of the scattering process;
4): calculating Pi':
Figure BDA0003382398440000102
extracting ri': ri' = Imr (Pi "). Then, R generates M ″: m "= h (M | | | Sk | | | ri'). Finally, if M "matches M ', the recipient verifies the integrity and authority of the sender's message. Otherwise, R will terminate the verification phase.
The working principle is as follows: in an initial configuration phase, both the sender (S) and the receiver (R) register their identities in a Cloud Service Provider (CSP) which provides the smart devices of the sender and receiver with the key Sk and the overlay image (Im) over a secure channel, as shown in fig. 2. The principal components (CSP, S and R) also use the symmetric key Sk for the cryptographic hash function h (.). CSP set n = p × q, where p and q are two large prime numbers, key Sk ∈ Zn;
subsequently, the Cloud Service Provider (CSP) sends the key hidden information (Sk, ims, imr; wherein Ims = Imr) to the sender (S) and the receiver (R) through the secure channel. This operation is only necessary for the configuration phase and not for the subsequent verification phase. Cloud Service Providers (CSPs) do not need to be used at runtime. After the configuration phase is completed, the sender/receiver may use the keys Sk and (Ims, imr) to complete the subsequent authentication phase.
Referring to fig. 2-4, the verification phase is as follows:
1. s sends Stego-MAC and QR _ Image like R. The following steps are performed by the sender S:
(1) The sender's information is assumed to be M.
(2) And generating a once anonymous MAC M' = h (M | | | Sk | | | ri), wherein the random number ri belongs to Ims (index) to prevent the sender from sending a previous authentication message to a receiver, and vice versa. Then S calculates the position Pi of ri from the image of the sender, see fig. 3.
(3) S, generating a disposable scattered key for the identity authentication and the integrity login request of each user: SSk = ri × Sk.
(4) S randomly scatters the characters of M with SSk (.) using a first order scattering function: scSSk (M) → M1. Notably, sc refers to a function that uses Rivest Cipher 4 (RC 4) to obtain the one-time permuted sequence bytes of M. Specifically, the one-time permutation sequence is obtained by RC4, and RC4 is initialized with SSk as a one-time-use decentralized key. RC4 is a well-known cryptographic algorithm that can generate sequences with a repetition period of 10100. The security of this property is that it prevents an attacker from retrieving and reassembling M correctly. It is assumed that if the adversary detects the old key SSk or M' authentication code, then replay attacks cannot be made on subsequent authentication and integrity sessions.
(5) Generating a Pi':
Figure BDA0003382398440000111
(6) For all N ∈ N, S holds an array of positions (array of locations) RP of the scatter M; RP = (Pn (1), pn (2), pn (3), …), where N is the set of all arrangement spaces.
(7) The sender hides M' and RP in Ims using the LSB algorithm, and the resulting covered image is called Stego-MAC. Therefore, only the Stego-MAC transmitted between the sender and the receiver needs to process the integrity request, thereby minimizing transmission consumption.
(8) A two-dimensional code is generated based on M1, pi ', and images, and a two-dimensional code Image QR _ Image, QR _ Image = QR (M1, pi', ims), is acquired. The generating and reading functions of the two-dimensional code are well suited for this strategy. Furthermore, an attacker cannot use the QR application provided by the apple app/google app to retrieve the correct information from the QR image because the sender's message M is an anonymous message. This attribute provides the advantage of privacy protection for E2E messages transmitted over internet of things clouds (IoT-cloud).
(9) QR _ Image and Stego-MAC are submitted to R.
2. The receiver (R) confirms the integrity and authentication of the receiver message as follows:
(1) Pi' and M1 are retrieved from QR _ Image according to the details obtained by the QR-Reader application.
(2) RP and M' are retrieved from Stego-MAC by the LSB algorithm.
(3) According to the sequence produced by RP = (Pn (1), pn (2), pn (3), …), R rearranges the messages M1 using a rearrangement function: reRP (M1) = M. Rearrangement of M1 is the inverse of the scattering process.
(4) Calculating Pi':
Figure BDA0003382398440000121
extracting ri': ri' = Imr (Pi "). Then, R generates M ″: m "= h (M | | | Sk | | | ri'). Finally, if M "matches M ', the recipient verifies the integrity and authority of the sender's message. Otherwise, R will terminate the verification phase.
Basically, the proposed policy can be applied on devices with limited processing power, such as mobile smart devices, since it utilizes efficient cryptographic primitives and simple basic operations. The low complexity of such E2E is mainly due to two important factors, one, the efficiency of the cryptographic primitives and LSBs used, and second, the functionality of QR carrying secure messages and MAC between smart devices. Furthermore, the strategy presented in this application can be applied to a wide variety of scenarios without modification.
In order to verify the actual performance of the proposed solution, several experiments were designed to evaluate the efficiency and effectiveness of the strategy solution. A trial message with a small size image of 512 x 512 pixels was selected to verify the performance of the proposed lightweight data communication method. The experiments were all performed on a PC configured with 2.40GHz Intel Pentium 4CPU, 64-bit Windows 7 operating system, 2GB RAM and Matlab R2008 a.
Referring to fig. 5 and 6, the parameters Time (sec.), sender Side, receiver Side, total and No. of User are Time (sec), sender, receiver, total number of transmission and reception, and User, respectively.
Referring to fig. 5, fig. 5 illustrates the proposed solution with an average time of the authentication phase of 0.0682 seconds per user, indicating fast and lightweight. Fig. 6 shows the time of the verification process of the proposed solution of the prior art, and the comparison shows that the solution of the present application has a significant advantage in processing time. Meanwhile, the authentication accuracy of the scheme provided by the application is tested, and the experimental results of 3000 intelligent device users show that the technical scheme provided by the invention has 100% accuracy.
It should be recognized that the method steps in embodiments of the present invention may be embodied or carried out by computer hardware, a combination of hardware and software, or by computer instructions stored in a non-transitory computer readable memory. The method may use standard programming techniques. Each program may be implemented in a high level procedural or object oriented programming language to communicate with a computer system. However, the program(s) can be implemented in assembly or machine language, if desired. In any case, the language may be a compiled or interpreted language. Furthermore, the program can be run on a programmed application specific integrated circuit for this purpose.
Further, the operations of processes described herein can be performed in any suitable order unless otherwise indicated herein or otherwise clearly contradicted by context. The processes described herein (or variations and/or combinations thereof) may be performed under the control of one or more computer systems configured with executable instructions, and may be implemented as code (e.g., executable instructions, one or more computer programs, or one or more applications) collectively executed on one or more processors, by hardware, or combinations thereof. The computer program includes a plurality of instructions executable by one or more processors.
Further, the method may be implemented in any type of computing platform operatively connected to a suitable interface, including but not limited to a personal computer, mini computer, mainframe, workstation, networked or distributed computing environment, separate or integrated computer platform, or in communication with a charged particle tool or other imaging device, and the like. Aspects of the invention may be implemented in machine-readable code stored on a non-transitory storage medium or device, whether removable or integrated onto a computing platform, such as a hard disk, optically read and/or write storage media, RAM, ROM, etc., so that it is readable by a programmable computer, which when read by the computer can be used to configure and operate the computer to perform the procedures described herein. Further, the machine-readable code, or portions thereof, may be transmitted over a wired or wireless network. The invention described herein includes these and other different types of non-transitory computer-readable storage media when such media include instructions or programs that implement the steps described above in conjunction with a microprocessor or other data processor. The invention also includes the computer itself when programmed according to the methods and techniques described herein.
A computer program can be applied to input data to perform the functions described herein to transform the input data to generate output data that is stored to non-volatile memory. The output information may also be applied to one or more output devices, such as consumers. In a preferred embodiment of the present invention, the transformed data represents physical and tangible objects, including particular visual depictions of physical and tangible objects produced on the consumer.
The embodiments of the present invention have been described in detail with reference to the accompanying drawings, but the present invention is not limited to the above embodiments, and various changes can be made within the knowledge of those skilled in the art without departing from the gist of the present invention.

Claims (7)

1. An intelligent distributed feeder automation terminal node configuration method is characterized by comprising the following steps:
s100, drawing a connection relation icon of a configuration terminal according to the connection relation of the actual power distribution terminal, and generating a corresponding graphic file;
s200, binding one or more CID templates to the power distribution terminal nodes in the connection relation icon;
s300, automatically generating a corresponding GOOSE configuration file for each power distribution terminal node according to the connection relation of the power distribution terminals;
s400, sending the GOOSE configuration file to a power distribution terminal corresponding to a power distribution terminal node;
the S300 specifically includes: s310, generating sending information of the current power distribution terminal node; s320, generating subscription information of the current power distribution terminal node;
the S310 specifically includes: s311, extracting the GOOSE name of the current power distribution terminal node from the ICD file; s312, extracting the GOOSE data set name of the current power distribution terminal node from the ICD file; s313, distributing or assigning data values during binding according to the power distribution terminal identifier of the current power distribution terminal node; s314, setting the values of communication parameter information and power distribution terminal addresses for the GOOSE of the current power distribution terminal node, and distributing or assigning data values during binding; s315, extracting other control information of the current power distribution terminal node from the ICD file; s316, extracting and generating GOOSE sending information of the current power distribution terminal node from the ICD file;
the S320 specifically includes: s321, extracting GOOSE names of the subscribed power distribution terminal nodes from the ICD files bound in the connected power distribution terminal nodes; s322, extracting the GOOSE data set name of the subscribed power distribution terminal node from the ICD file bound in the connected power distribution terminal nodes; s323, distributing or appointing a data value of a power distribution terminal address when the connected power distribution terminal nodes are bound; s324, distributing or appointing a data value of GOOSE communication parameter information of the subscribed power distribution terminal nodes when the connected power distribution terminal nodes are bound; s325, extracting other control information of the subscribed power distribution terminal nodes from the ICD files bound in the connected power distribution terminal nodes; s326, extracting and subscribing GOOSE receiving information of the power distribution terminal nodes from the ICD files bound in the connected power distribution terminal nodes; and S327, appointing the connected power distribution terminal node to be positioned at the M side or the N side of the current power distribution terminal node.
2. The intelligent distributed feeder automation terminal node configuration method according to claim 1, wherein the step S100 specifically includes: and constructing a connection relation icon of the power distribution terminal by using one or more graphic elements according to the connection relation of the configuration graphic tool to the power distribution terminal, wherein the connection relation comprises MN side description and the connection relation of different power distribution terminals.
3. The intelligent distributed feeder automation terminal node configuration method of claim 1, wherein the S200 further comprises a verification process, the verification process comprises a syntax verification for verifying whether the XML file format is correct and a semantic verification for verifying the integrity of each partial field or attribute according to ICD model rules.
4. The intelligent distributed feeder automation terminal node configuration method of claim 3 wherein the syntax checking specifically comprises:
checking whether the XML file format is correct;
checking the integrity of the file according to XML;
checking whether the file meets constraint conditions according to XML.schema;
and checking whether the field name is legal.
5. The intelligent distributed feeder automation terminal node configuration method of claim 3, wherein the semantic check specifically comprises:
checking whether each node meets the corresponding relation between the nodes;
checking whether the defined data type is correct;
it is checked whether the referenced data type is legitimate.
6. The intelligent distributed feeder automation terminal node configuration method of claim 1, wherein the S300 further comprises: setting a legal and unique name for the IED in the ICD, keeping the name of the power distribution terminal node in the connection relation icon consistent with the name of the IED, and finishing binding; and distributing relevant parameters necessary for GOOSE communication of the power distribution terminal nodes, wherein the parameters necessary for the communication comprise power distribution terminal identifications and power distribution terminal addresses, and the power distribution terminal identifications and the power distribution terminal addresses have uniqueness.
7. The method according to claim 1, wherein the S400 specifically includes:
and issuing the GOOSE configuration file of each power distribution terminal node to the power distribution terminal, executing the GOOSE configuration file, and storing the graphic file and the GOOSE configuration file to the power distribution terminal.
CN202111439357.6A 2021-11-30 2021-11-30 IoT cloud-based lightweight data communication method and device and readable medium Active CN114257589B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202111439357.6A CN114257589B (en) 2021-11-30 2021-11-30 IoT cloud-based lightweight data communication method and device and readable medium
PCT/CN2021/143901 WO2023097865A1 (en) 2021-11-30 2021-12-31 Iot cloud-based lightweight data communication method and apparatus, and readable medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111439357.6A CN114257589B (en) 2021-11-30 2021-11-30 IoT cloud-based lightweight data communication method and device and readable medium

Publications (2)

Publication Number Publication Date
CN114257589A CN114257589A (en) 2022-03-29
CN114257589B true CN114257589B (en) 2023-02-17

Family

ID=80793589

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111439357.6A Active CN114257589B (en) 2021-11-30 2021-11-30 IoT cloud-based lightweight data communication method and device and readable medium

Country Status (2)

Country Link
CN (1) CN114257589B (en)
WO (1) WO2023097865A1 (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111885058A (en) * 2020-07-23 2020-11-03 伊拉克巴士拉大学 Lightweight message transmission method for end-to-end intelligent device communication in Internet of things cloud

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120066501A1 (en) * 2009-03-17 2012-03-15 Chuyu Xiong Multi-factor and multi-channel id authentication and transaction control
JP4802274B2 (en) * 2009-10-30 2011-10-26 インターナショナル・ビジネス・マシーンズ・コーポレーション How to send and receive messages
WO2018125989A2 (en) * 2016-12-30 2018-07-05 Intel Corporation The internet of things
US20190096073A1 (en) * 2018-06-13 2019-03-28 Intel Corporation Histogram and entropy-based texture detection
GB2581315A (en) * 2018-10-30 2020-08-19 Barclays Execution Services Ltd Secure data communication
CN111132155B (en) * 2019-12-30 2023-11-17 江苏全链通信息科技有限公司 5G secure communication method, device and storage medium
CN113507436B (en) * 2021-06-02 2022-08-23 中国人民解放军63880部队 Power grid embedded terminal fuzzy test method aiming at GOOSE protocol

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111885058A (en) * 2020-07-23 2020-11-03 伊拉克巴士拉大学 Lightweight message transmission method for end-to-end intelligent device communication in Internet of things cloud

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
《A Lightweight Blockchain-Based IoT Identity Management Approach》;Mohammed Amine Bouras , Qinghua Lu , Sahraoui Dhelim,Huansheng;《MDPI》;20210122;全文 *
《LightChain A Lightweight Blockchain System for Industrial Internet of Things》;Yinqiu Liu, Kun Wang, Yun Lin, Wenyao Xu;《IEEE》;20211105;全文 *
《Steganography of Messages Encrypted With QR Code》;Ms. D Betteena Sheryl Fernando, Parthiban, Rajesh, Vinithra;《ISSN》;20210331;全文 *
《用于物联网智能设备之间安全通信的轻量级数字签名方法研究》;Muhammad_Arif_Mughal(阿力夫);《中国博士学位论文全文数据库 信息技术辑》;20191009;全文 *
王春琦 ; 孔祥琦,丁晓欢,卢忠青,陈常婷.《基于无迹卡尔曼滤波的IMU和UWB融合定位算法研究》.《南昌航空大学学报(自然科学版)》.2020, *

Also Published As

Publication number Publication date
CN114257589A (en) 2022-03-29
WO2023097865A1 (en) 2023-06-08

Similar Documents

Publication Publication Date Title
CN111429254B (en) Business data processing method and device and readable storage medium
EP2890073A1 (en) System and method for securing machine-to-machine communications
Tan et al. Comments on “dual authentication and key management techniques for secure data transmission in vehicular ad hoc networks”
CN113691502B (en) Communication method, device, gateway server, client and storage medium
EP3698514A1 (en) System and method for generating and depositing keys for multi-point authentication
US20200195446A1 (en) System and method for ensuring forward & backward secrecy using physically unclonable functions
Srinivas et al. Provably secure biometric based authentication and key agreement protocol for wireless sensor networks
CN112351037A (en) Information processing method and device for secure communication
CN113395406A (en) Encryption authentication method and system based on power equipment fingerprints
CN110855667B (en) Block chain encryption method, device and system
CN101090321B (en) Device and method for discovering emulated clients
Abdussami et al. LASSI: a lightweight authenticated key agreement protocol for fog-enabled IoT deployment
CN106657002A (en) Novel crash-proof base correlation time multi-password identity authentication method
Nimmy et al. A novel multi-factor authentication protocol for smart home environments
CN113411187A (en) Identity authentication method and system, storage medium and processor
Castiglione et al. An efficient and transparent one-time authentication protocol with non-interactive key scheduling and update
Gope Anonymous mutual authentication with location privacy support for secure communication in M2M home network services
CN110572392A (en) Identity authentication method based on HyperLegger network
CN115473655B (en) Terminal authentication method, device and storage medium for access network
CN111740995A (en) Authorization authentication method and related device
US20210067961A1 (en) Secure simultaneous authentication of equals anti-clogging mechanism
CN114257589B (en) IoT cloud-based lightweight data communication method and device and readable medium
CN114553566B (en) Data encryption method, device, equipment and storage medium
KR102539418B1 (en) Apparatus and method for mutual authentication based on physical unclonable function
CN114401514A (en) Multi-factor identity authentication method facing wireless body area network and related equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant