CN114364062B - Method for safely accessing gateway of Internet of vehicles - Google Patents
Method for safely accessing gateway of Internet of vehicles Download PDFInfo
- Publication number
- CN114364062B CN114364062B CN202111522723.4A CN202111522723A CN114364062B CN 114364062 B CN114364062 B CN 114364062B CN 202111522723 A CN202111522723 A CN 202111522723A CN 114364062 B CN114364062 B CN 114364062B
- Authority
- CN
- China
- Prior art keywords
- data
- data signal
- key
- interface
- node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 61
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 43
- 230000006854 communication Effects 0.000 claims abstract description 34
- 238000004891 communication Methods 0.000 claims abstract description 33
- 230000008569 process Effects 0.000 claims description 18
- 235000014510 cooky Nutrition 0.000 claims description 16
- 230000005540 biological transmission Effects 0.000 claims description 15
- 238000001514 detection method Methods 0.000 claims description 6
- 238000004659 sterilization and disinfection Methods 0.000 claims description 6
- 238000012795 verification Methods 0.000 claims description 6
- 238000002955 isolation Methods 0.000 claims description 5
- 238000012544 monitoring process Methods 0.000 claims description 4
- 230000002159 abnormal effect Effects 0.000 claims description 3
- QVFWZNCVPCJQOP-UHFFFAOYSA-N chloralodol Chemical compound CC(O)(C)CC(C)OC(O)C(Cl)(Cl)Cl QVFWZNCVPCJQOP-UHFFFAOYSA-N 0.000 claims description 3
- 230000006855 networking Effects 0.000 claims description 3
- 238000012545 processing Methods 0.000 claims description 3
- 238000004364 calculation method Methods 0.000 claims description 2
- 230000006835 compression Effects 0.000 claims description 2
- 238000007906 compression Methods 0.000 claims description 2
- 230000004069 differentiation Effects 0.000 claims description 2
- 239000011159 matrix material Substances 0.000 description 7
- 238000004590 computer program Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 230000009466 transformation Effects 0.000 description 5
- 230000002441 reversible effect Effects 0.000 description 4
- 230000000694 effects Effects 0.000 description 3
- 238000013507 mapping Methods 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 2
- 238000006243 chemical reaction Methods 0.000 description 2
- 125000004122 cyclic group Chemical group 0.000 description 2
- 238000007405 data analysis Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000009792 diffusion process Methods 0.000 description 2
- 239000000284 extract Substances 0.000 description 2
- 239000000203 mixture Substances 0.000 description 2
- 239000013307 optical fiber Substances 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000015556 catabolic process Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000007796 conventional method Methods 0.000 description 1
- 238000006731 degradation reaction Methods 0.000 description 1
- 230000000249 desinfective effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000006073 displacement reaction Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000003384 imaging method Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000009191 jumping Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000002245 particle Substances 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application discloses a method for a safety access gateway of the Internet of vehicles, which comprises the steps of scanning data signals through a processor; the processor is used for calling the data of the potential safety hazard case database and comparing the data signals with case characteristics in the potential safety hazard case database; if the same case characteristics exist, intercepting the data signals; if the case characteristics are not the same, converting the data signal into an encrypted data signal; and transmitting the encrypted data signal. By selecting different encryption algorithms, the access safety of the internet of vehicles multi-scene data can be realized, the data safety needs to be ensured, the user information is prevented from being stolen, the real-time performance of the data is improved, the speed of information communication is improved, and the communication is more convenient.
Description
Technical Field
The application relates to the technical field of Internet of vehicles, in particular to a method for safely accessing an Internet of vehicles to a gateway.
Background
The gateway is also called gateway connector and protocol converter. The gateway realizes network interconnection above the network layer, is a complex network interconnection device, and is only used for network interconnection with two different higher-layer protocols. The gateway can be used for wide area network interconnection and local area network interconnection, and the gateway of the Internet of things realizes the functions of wide area interconnection, local area interconnection and management equipment through a communication network.
At present, the basic functions of the gateway of the internet of things comprise data acquisition, transparent transmission, monitoring and equipment control, along with the development of electric automobiles, the concept of the internet of vehicles is also accompanied, and the communication of the internet of vehicles and shared data become mainstream, however, the communication in the internet of vehicles is mainly wireless communication, the data analysis is generally a wired communication mode such as carrier communication, optical fiber communication and the like, and the data security needs to be ensured in the process of converting different protocols into the gateway, so that the user information is prevented from being stolen.
Disclosure of Invention
This section is intended to outline some aspects of embodiments of the application and to briefly introduce some preferred embodiments. Some simplifications or omissions may be made in this section as well as in the description of the application and in the title of the application, which may not be used to limit the scope of the application.
The present application has been made in view of the above-described problems occurring in the prior art.
Therefore, the technical problems solved by the application are as follows: the communication in the Internet of vehicles is mainly wireless communication, but the data analysis is generally a wired communication mode such as carrier communication, optical fiber communication and the like, and the data security needs to be ensured in the process of converting different protocols into a gateway so as to prevent the user information from being stolen.
In order to solve the technical problems, the application provides the following technical scheme: a method of a car networking security access gateway comprises the steps of scanning data signals through a processor; the processor is used for calling the data of the potential safety hazard case database and comparing the data signals with case characteristics in the potential safety hazard case database; if the same case characteristics exist, intercepting the data signals; if the case characteristics are not the same, converting the data signal into an encrypted data signal; and transmitting the encrypted data signal.
As a preferred scheme of the method for the internet of vehicles security access gateway of the present application, the method comprises: the gateway receives the data signal and stores the data signal into the isolation memory; scanning the data signal by a processor; an external detection interface is arranged on the gateway, and an external disinfection module is connected to the external detection interface.
As a preferred scheme of the method for the internet of vehicles security access gateway of the present application, the method comprises: the gateway is provided with a plurality of interfaces, and the interface types comprise a WLAN interface, a Bluetooth interface, a WIFI interface, a BT interface, a LoRa interface, an Ethernet interface, a Serial interface and a carrier communication interface.
As a preferred scheme of the method for the internet of vehicles security access gateway of the present application, the method comprises: encrypting the data signal according to the ipsec protocol, and converting the data signal into an encrypted data signal; monitoring the ipsec protocol process, stopping converting the data signal when the data signal is abnormal, and storing the data signal as a data case into a potential safety hazard case database.
As a preferred scheme of the method for the internet of vehicles security access gateway of the present application, the method comprises: encrypting and decrypting the data signal through a DES data encryption algorithm to obtain an original plaintext, wherein the computing expression of encryption and decryption is as follows:
M=m 1 m 2 …m t …m 64 (1≤t≤64)
K=k 1 k 2 …k t …k 64 (1≤t≤64)
DES(M)=IP -1 (M)T 16 T 15 …T 1 IP(M)
wherein M represents plaintext or ciphertext, K represents a key, IP represents initial replacement operation, IP-1 represents inverse initial replacement operation, and T represents loop iteration operation; DES packets M operate on the plaintext of 64b, M being M through the initial transposed IP 1 Will m 1 The plain text is divided into m 1 =(L 0 ,R 0 ) The length of the left and right 2 parts of the block is 32b, and then the block is subjected to 16 rounds of same iteration and combined with the corresponding iterated key in each round of iteration to generate encrypted and decrypted plaintext or ciphertext.
As a preferred scheme of the method for the internet of vehicles security access gateway of the present application, the method comprises: re-entering the encrypted data signal into an isolation memory; scanning the encrypted data signal by a processor for security verification; the processor invokes the data of the potential safety hazard case database, and compares the encrypted data signals with case characteristics in the potential safety hazard case database; if the same case characteristics exist, intercepting the encrypted data signal, and storing the encrypted data signal as a data case into a potential safety hazard case database; and if the case characteristics are not the same, outputting the encrypted data signal through a gateway interface.
As a preferred scheme of the method for the internet of vehicles security access gateway of the present application, the method comprises: the public key information of the block chain node is used as the identity of the node to replace the certificate of the node; the encrypted data signal is verified by querying the blockchain network for public key information of the node.
As a preferred scheme of the method for the internet of vehicles security access gateway of the present application, the method comprises: the parameters which are pre-negotiated and encrypted asymmetrically among the nodes of the Internet of vehicles are saved through cookies; when the data transmission is carried out between the same nodes again, the PreMasterKey is extracted from the cookie files corresponding to the local nodes, and the key negotiation process is simplified.
The application has the beneficial effects that: by selecting different encryption algorithms, the access safety of the internet of vehicles multi-scene data can be realized, the data safety needs to be ensured, the user information is prevented from being stolen, the real-time performance of the data is improved, the speed of information communication is improved, and the communication is more convenient.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the description of the embodiments will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art. Wherein:
fig. 1 is a basic flow diagram of a method for providing a secure access gateway for internet of vehicles according to an embodiment of the present application.
Fig. 2 is a schematic flow chart of DES data encryption algorithm of a method for a secure access gateway of internet of vehicles according to an embodiment of the present application.
Fig. 3 is a flowchart of an AES data encryption algorithm of a method for a secure access gateway of internet of vehicles according to an embodiment of the present application.
Fig. 4 is a schematic diagram of a security verification process performed by encrypting a data signal by using a method of a security access gateway of internet of vehicles according to an embodiment of the present application.
Fig. 5 is a specific flowchart of a method for transmitting internet of vehicles data security according to the ipsec protocol, which is an improvement of the method for providing an internet of vehicles security access gateway according to an embodiment of the present application
Detailed Description
So that the manner in which the above recited objects, features and advantages of the present application can be understood in detail, a more particular description of the application, briefly summarized above, may be had by reference to the embodiments, some of which are illustrated in the appended drawings. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments of the present application without making any inventive effort, shall fall within the scope of the present application.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present application, but the present application may be practiced in other ways other than those described herein, and persons skilled in the art will readily appreciate that the present application is not limited to the specific embodiments disclosed below.
Further, reference herein to "one embodiment" or "an embodiment" means that a particular feature, structure, or characteristic can be included in at least one implementation of the application. The appearances of the phrase "in one embodiment" in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments.
While the embodiments of the present application have been illustrated and described in detail in the drawings, the cross-sectional view of the device structure is not to scale in the general sense for ease of illustration, and the drawings are merely exemplary and should not be construed as limiting the scope of the application. In addition, the three-dimensional dimensions of length, width and depth should be included in actual fabrication.
Also in the description of the present application, it should be noted that the orientation or positional relationship indicated by the terms "upper, lower, inner and outer", etc. are based on the orientation or positional relationship shown in the drawings, are merely for convenience of describing the present application and simplifying the description, and do not indicate or imply that the apparatus or elements referred to must have a specific orientation, be constructed and operated in a specific orientation, and thus should not be construed as limiting the present application. Furthermore, the terms "first, second, or third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
The terms "mounted, connected, and coupled" should be construed broadly in this disclosure unless otherwise specifically indicated and defined, such as: can be fixed connection, detachable connection or integral connection; it may also be a mechanical connection, an electrical connection, or a direct connection, or may be indirectly connected through an intermediate medium, or may be a communication between two elements. The specific meaning of the above terms in the present application will be understood in specific cases by those of ordinary skill in the art.
Example 1
Referring to fig. 1-3, for one embodiment of the present application, there is provided a method comprising:
and S1, an external detection interface is arranged on the gateway, and the interface types comprise a WLAN interface, a Bluetooth interface, a WIFI, a BT interface, a LoRa interface, an Ethernet interface, a Serial interface and a carrier communication interface. The external detection interface is connected with an external disinfection module; the external disinfection module is a hard disk of a driver, a disinfection program is arranged in the external disinfection module, and the external disinfection equipment is used for disinfecting the physical examination of the case database and adding a novel case update database.
The gateway receives the data signal and stores the data signal in the isolated memory.
The data signal is scanned by a processor.
And S2, the processor invokes the data of the potential safety hazard case database, and compares the data signals with case characteristics in the potential safety hazard case database.
If the same case characteristics exist, the data signal is intercepted.
If the same case signature does not exist, the data signal is converted into an encrypted data signal.
The encrypted data signal is transmitted.
And S3, carrying out encryption processing on the data signal according to the ipsec protocol, and converting the data signal into an encrypted data signal.
According to the different business data transmission safety and real-time differentiation requirements of the Internet of vehicles, selecting different encryption algorithms to encrypt the Internet of vehicles data; the DES data encryption algorithm is one of block encryption algorithms, the plaintext length, the key length and the ciphertext length are all 64b, the original key 56b is used as an initial key (8, 16, 24, 32, 40, 48, 56, 64b are check bits) to participate in DES operation, and the ciphertext is decrypted by using the original key to obtain an original plaintext; the DES packet M operates on the plaintext of 64b, M is changed to left and right 2 parts, each of which is 32b in length, by the initial transpose IP, and then goes through 16 identical iterations, and is combined with the corresponding iterated key in each iteration, and finally permuted to form the final data.
The AES data encryption algorithm is a symmetric block cipher algorithm, iterative operation is carried out through a Rijnda-el structure, the block length is 128b, keys with 128b,192b and 256b lengths can be supported, the key length and the block length jointly determine the number of turns converted by the encryption algorithm, the encryption step of the AES algorithm mainly comprises byte transformation, row displacement, column confusion and round key addition, and the main function of byte transformation (SubByte) is to complete byte mapping by using an S box; the row shift (ShiftRows) is an operation of performing left cyclic shift on the state matrix on a SubByte basis; column aliasing (MixColumn) is to transform the columns of the state matrix to ensure that high diffusion characteristics are obtained after multiple rounds of operations of the AES algorithm; round key addition (AddRoundKey) is to bitwise exclusive-or the round key to the intermediate data.
Before data transmission, the two communication parties firstly carry out key negotiation through asymmetric encryption to ensure the safe sharing of session keys, and then the nodes carry out encrypted transmission of communication data through the negotiated session keys and a symmetric encryption algorithm, thereby reducing communication delay and loss of calculation resources under the condition of ensuring confidentiality and integrity of data transmission.
Encrypting and decrypting the data signal by a DES data encryption algorithm to obtain an original plaintext, wherein the computing expression of encryption and decryption is as follows:
M=m 1 m 2 …m t …m 64 (1≤t≤64)
K=k 1 k 2 …k t …k 64 (1≤t≤64)
DES(M)=IP -1 (M)T 16 T 15 …T 1 IP(M)
wherein M represents plaintext or ciphertext, K represents a key, IP represents initial replacement operation, IP-1 represents inverse initial replacement operation, and T represents loop iteration operation; DES packets M operate on the plaintext of 64b, M being M through the initial transposed IP 1 Will m 1 The plain text is divided into m 1 =(L 0 ,R 0 ) The length of the left and right 2 parts of the block is 32b, and then the block is subjected to 16 rounds of same iteration and combined with the corresponding iterated key in each round of iteration to generate encrypted and decrypted plaintext or ciphertext.
The key bits are shifted during each round of encryption and decryption, and 48b is selected from the keys of 56 b. The right half of the data is expanded to 48b by expansion permutation, then the exclusive-or operation is replaced with new 48b data, which is then compression permuted to 32b. The other exclusive or operation is combined with the left half to become a new right half, and the original right half becomes a new left half. This operation was repeated 16 rounds with the left and right halves combined through final permutation to form the final data.
The AES algorithm is a symmetric block cipher algorithm, and performs iterative operation through the Rijnda-el structure, where the block length is fixed 128b, and can support 128b,192b, and 256 b-length keys, and the key length and the block length jointly determine the number of rounds of conversion. Fig. 2 shows the AES algorithm encryption flow of 128b, after the 1 st round of key addition transformation, 10 rounds of iterations are entered, the first 9 rounds are identical, the line shift, the column mix, the round key addition are performed once, the last round is different, and the column mix operation is skipped. The reverse operation of the corresponding encryption flow is a decryption flow, each operation is reversible, the decryption flow is completed in the reverse order, and the order of the round keys is just opposite.
The main function of byte conversion (SubByte) is to complete the mapping of bytes by using an S-box. The S box is a matrix with the size of 16 multiplied by 16, the mapping from the 8b input to the 8b output is completed, the input low 4b value is a column label, the input high 4b value is a bit row label, and the essence is a table look-up process.
The row shift (ShiftRows) is an operation of circularly shifting the state matrix to the left on a SubByte basis. After 128B of the AES algorithm is subjected to the transformation, the 1 st row of the state matrix is not shifted, and the 2 nd to 4 th rows are respectively shifted to the left by 1 to 3B in a cyclic manner, and the expression is:
sta'[i][j]=sta[i][(j+i)%4],i,j∈[0,3]
reverse row shift is the opposite operation, expressed as:
sta'[i][j]=sta[i][(4+j-i)%4],i,j∈[0,3]
column aliasing (MixColumn) is the transformation of columns of a state matrix, each column of which can be regarded as a coefficient from a finite field GF (2 5 ) And the degree of the polynomial a (x) is smaller than 4, and the polynomial a (x) is taken as a modulus x 4 The following is multiplied by a polynomial c (x), namely:
c(x)=03×x 3 +01×x 2 +01×x+02
b(x)=c(x)×a(x)mod(x 4 +1)
written in matrix form:
as with the effect of row shifting, column aliasing also ensures that a high degree of diffusion is obtained after multiple rounds of operation of the AES algorithm. Round key addition (AddRoundKey) is to bitwise exclusive-or the round key to the intermediate data. The round key is calculated and distributed by the initial key through a key arrangement algorithm, and the length of the round key is equal to the length of the packet.
The data encryption security and the real-time performance are important indexes of the selected encryption algorithm, the security of AES is higher than that of DES under the condition of the same number of keys from the perspective of the encryption algorithm security analysis; compared with the AES algorithm, the DES encryption and decryption operation speed is high from the perspective of encryption algorithm implementation analysis. Therefore, aiming at the requirements of differentiated safety and real-time performance of the internet of vehicles service, the access safety of the internet of vehicles multi-scene data can be realized by selecting different encryption algorithms, so that the data safety needs to be ensured, the user information is prevented from being stolen, the real-time performance of the data is improved, the speed of information communication is improved, and the communication is more convenient.
S4, using public key information of the blockchain node as an identity of the node to replace a certificate of the node; the encrypted data signal is verified by querying the blockchain network for public key information of the node.
The parameters which are pre-negotiated and encrypted asymmetrically among the nodes of the Internet of vehicles are saved through cookies; when the data transmission is carried out between the same nodes again, the PreMasterKey is extracted from the cookie files corresponding to the local nodes, and the key negotiation process is simplified.
Monitoring the ipsec protocol process, stopping converting the data signal when the data signal is abnormal, and storing the data signal as a data case into a potential safety hazard case database.
S5, the encrypted data signals enter an isolation memory again; scanning the encrypted data signal by the processor for security verification; the processor invokes the data of the potential safety hazard case database, and compares the encrypted data signals with case characteristics in the potential safety hazard case database; if the same case characteristics exist, intercepting the encrypted data signals, and storing the encrypted data signals as data cases into a potential safety hazard case database; if the same case characteristics are not found, the encrypted data signal is output through the gateway interface.
Example 2
Referring to fig. 4 and 5, in another embodiment of the present application, unlike the first embodiment, a method for providing a secure access gateway for internet of vehicles is provided, and in order to verify and explain the technical effects adopted in the method, the conventional technical scheme is adopted to perform a comparison test with the method of the present application, and the test results are compared by means of scientific demonstration to verify the true effects of the method.
The ipsec protocol is widely used in internet applications, such as online payment, email, and electronic commerce portal websites, etc., and is widely deployed in different terminal system platforms, such as Windows, linux, and Android, etc., and the ipsec protocol is adopted to protect node information privacy, and meanwhile, various attacks and security threats to communication data in a data transmission process can be prevented, and problems of confidentiality and integrity degradation of the communication data caused by sniffing and tampering of the communication data by an intermediate node exist in a communication process of the internet of vehicles node, so that confidentiality and integrity of the communication data are ensured.
Optimizing a public key verification process, wherein each public key is uniquely corresponding to a node in a blockchain network and is disclosed to the blockchain whole network; meanwhile, the public key information of the node of the Internet of vehicles is stored in the blockchain by utilizing the characteristics of non-falsification, traceability and the like of the stored data of the blockchain so as to ensure the integrity of the public key information of the node, so that the node can verify the authenticity and the validity of the public keys of other nodes by directly inquiring the public key information through the blockchain network.
Based on the principle of storing http login information by cookie and session, using cookie to store parameters (such as PreMasterKey) negotiated by asymmetric encryption among the nodes of the Internet of vehicles; when the session is carried out again between the same nodes, the PreMasterKey is directly extracted from the locally corresponding cookie file, and the secure sharing of the PreMasterKey is not completed by an asymmetric encryption technology, so that one-time asymmetric encryption and decryption are reduced, the key negotiation process is simplified, and the purpose of reducing the key negotiation time delay is achieved.
The specific flow of the internet of vehicles data security transmission method for improving the ipsec protocol is as follows:
s1: node a→node B: the node A sends an A Hello message to the node B, and a request for establishing a session is made. Wherein the a Hello message contains the following; the A ID is the code generated by the node A, the A Cipher Suit is the related encryption algorithm group selected by the node A for the session, and mainly comprises a symmetric encryption algorithm, an asymmetric encryption algorithm, a hash algorithm and other related contents; random A is a random number generated by a node A and is mainly used for generating a subsequent session key; a Count is used for node A access Count, the initial access is 0, and then 1 is added in sequence; the Public Key is a Public Key used by the node A for carrying out the transmission and is used for determining the authenticity of the node A.
S2: node b→node a: the node B sends a B Hello message to the node A, after receiving the A Hello message, the node B verifies the public key of the node A through the block chain network to ensure the authenticity of the A, checks whether the A is primary connection or whether cookie information is invalid, and transmits the public key information of the node B and a key set to the node A; the specific content contained in the B Hello message is similar to the A Hello message. And processing according to different conditions, if the initial session or cookie information is invalid, performing S3 and subsequent operations by the node A, otherwise, jumping to S5 and subsequent steps.
S3: node a→node B: the node A generates a premaster key and transmits the premaster key to the node B, the node A verifies the public key of the node B through a blockchain network, the public key is ensured to be truly the node B, if the public key passes verification, the premaster key is randomly generated, the premaster key is encrypted and transmitted to the node B by using an RSA encryption algorithm and the public key provided in a B Hello message, and information such as the premaster key and the like is generated and stored locally.
S4: node b→node a: the node B decrypts the information sent by the node A by using the private key and an RSA algorithm to obtain a premaster key, generates cookie files by the premaster key and other information, and locally stores the cookie files to inform the A that the premaster key is received.
S5: node a→node B: the node A generates a session key for the session connection, notifies the node B of the end of handshake, extracts a premaster key from a cookie, combines random A and random B to generate a master key for the communication and a session key SessionKey by a PRF algorithm, updates cookie information, replaces the premasterKey with the latest masterKey, and notifies the node B of the end of handshake. The key and encryption algorithm for subsequent communications will change while node a updates its own access count.
S6: node b→node a: the node B generates a session key for the session connection, sends a check value to the node A, informs the node A that handshake is finished, extracts a premaster key, a random number random and random B, generates a master key and a session key SessionKey by a PRF algorithm, updates cookie information, replaces the original premaster Key with the latest masterKey, generates a check value HMAC by a message digest algorithm, sends the check value HMAC to the node A, informs the node B that handshake is finished, changes the session key and encryption algorithm of subsequent communication, and updates own access count to indicate that a safe data transmission channel is established.
S7: and the node A and the node B carry out information encryption transmission by using a session key SessionKey and an AES symmetric encryption algorithm, so that the data transmission safety is ensured.
Table 1: comparison table of the present method with the conventional method.
It should be appreciated that embodiments of the application may be implemented or realized by computer hardware, a combination of hardware and software, or by computer instructions stored in a non-transitory computer readable memory. The methods may be implemented in a computer program using standard programming techniques, including a non-transitory computer readable storage medium configured with a computer program, where the storage medium so configured causes a computer to operate in a specific and predefined manner, in accordance with the methods and drawings described in the specific embodiments. Each program may be implemented in a high level procedural or object oriented programming language to communicate with a computer system. However, the program(s) can be implemented in assembly or machine language, if desired. In any case, the language may be a compiled or interpreted language. Furthermore, the program can be run on a programmed application specific integrated circuit for this purpose.
Furthermore, the operations of the processes described herein may be performed in any suitable order unless otherwise indicated herein or otherwise clearly contradicted by context. The processes (or variations and/or combinations thereof) described herein may be performed under control of one or more computer systems configured with executable instructions, and may be implemented as code (e.g., executable instructions, one or more computer programs, or one or more applications), by hardware, or combinations thereof, collectively executing on one or more processors. The computer program includes a plurality of instructions executable by one or more processors.
Further, the method may be implemented in any type of computing platform operatively connected to a suitable computing platform, including, but not limited to, a personal computer, mini-computer, mainframe, workstation, network or distributed computing environment, separate or integrated computer platform, or in communication with a charged particle tool or other imaging device, and so forth. Aspects of the application may be implemented in machine-readable code stored on a non-transitory storage medium or device, whether removable or integrated into a computing platform, such as a hard disk, optical read and/or write storage medium, RAM, ROM, etc., such that it is readable by a programmable computer, which when read by a computer, is operable to configure and operate the computer to perform the processes described herein. Further, the machine readable code, or portions thereof, may be transmitted over a wired or wireless network. When such media includes instructions or programs that, in conjunction with a microprocessor or other data processor, implement the steps described above, the application described herein includes these and other different types of non-transitory computer-readable storage media. The application also includes the computer itself when programmed according to the methods and techniques of the present application. The computer program can be applied to the input data to perform the functions described herein, thereby converting the input data to generate output data that is stored to the non-volatile memory. The output information may also be applied to one or more output devices such as a display. In a preferred embodiment of the application, the transformed data represents physical and tangible objects, including specific visual depictions of physical and tangible objects produced on a display.
As used in this disclosure, the terms "component," "module," "system," and the like are intended to refer to a computer-related entity, either hardware, firmware, a combination of hardware and software, or software in execution. For example, the components may be, but are not limited to: a process running on a processor, an object, an executable, a thread of execution, a program, and/or a computer. By way of example, both an application running on a computing device and the computing device can be a component. One or more components may reside within a process and/or thread of execution and a component may be localized on one computer and/or distributed between two or more computers. Furthermore, these components can execute from various computer readable media having various data structures thereon. The components may communicate by way of local and/or remote processes such as in accordance with a signal having one or more data packets (e.g., data from one component interacting with another component in a local system, distributed system, and/or across a network such as the internet with other systems by way of the signal).
It should be noted that the above embodiments are only for illustrating the technical solution of the present application and not for limiting the same, and although the present application has been described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that the technical solution of the present application may be modified or substituted without departing from the spirit and scope of the technical solution of the present application, which is intended to be covered in the scope of the claims of the present application.
Claims (3)
1. The method for the Internet of vehicles safety access gateway is characterized in that an external detection interface is arranged on the gateway, and an external disinfection module is connected to the external detection interface, and the method comprises the following steps:
the gateway receives the data signals, stores the data signals into the isolation memory, and scans the data signals through the processor;
the processor is used for calling the data of the potential safety hazard case database and comparing the data signals with case characteristics in the potential safety hazard case database; if the same case characteristics exist, intercepting the data signals; if the case characteristics are not the same, carrying out encryption processing on the data signals according to the ipsec protocol, and converting the data signals into encrypted data signals;
the step of converting the data signal into an encrypted data signal comprises the following steps:
according to the security and real-time differentiation requirements of different service data transmission of the Internet of vehicles, selecting different encryption algorithms to encrypt the Internet of vehicles data; the encryption algorithm comprises a DES data encryption algorithm and an AES algorithm;
encrypting the data signal through a DES data encryption algorithm to obtain an original plaintext, wherein the encrypted calculation expression is as follows:
M=m 1 m 2 …m t …m 64 (1≤t≤64);
K=k 1 k 2 …k t …k 64 (1≤t≤64);
DES(M)=IP -1 (M)T 16 T 15 …T 1 IP(M);
wherein M represents plaintext or ciphertext, K represents a key, IP represents initial replacement operation, IP-1 represents inverse initial replacement operation, and T represents loop iteration operation; DES packets M operate on the plaintext of 64b, M being M through the initial transposed IP 1 Will m 1 The plain text is divided into m 1 =(L 0 ,R 0 ) The length of each of the left and right 2 parts of (2), 32b, then goes through the same iteration of 16 rounds, and combines with the key of the corresponding iteration in each round of iteration to generate encryptionThe plaintext or ciphertext after;
shifting the key bit in each round of encryption, selecting 48b from the key of 56b, expanding the right half of the data to 48b through expansion permutation, then performing exclusive-or operation to replace the data with new 48b data, performing compression permutation to obtain 32b, combining with the left half through another exclusive-or operation to obtain a new right half, combining with the original right half to obtain a new left half, repeating the operation for 16 rounds, and finally performing permutation on the combination of the left half and the right half to obtain final data;
the method for transmitting the encrypted data signal specifically comprises the following steps:
the public key information of the block chain node is used as the identity of the node to replace the certificate of the node;
verifying the encrypted data signal by querying the blockchain network for public key information of the node;
the parameters which are pre-negotiated and encrypted asymmetrically among the nodes of the Internet of vehicles are saved through cookies;
when data transmission is carried out between the same nodes again, a premaster key is extracted from a locally corresponding cookie file, and a key negotiation process is simplified;
monitoring the ipsec protocol process, stopping converting the data signal when the data signal is abnormal, and storing the data signal as a data case into a potential safety hazard case database;
re-entering the encrypted data signal into an isolation memory; scanning by a processor to perform security verification on the encrypted data signal; the processor invokes the data of the potential safety hazard case database, and compares the encrypted data signals with case characteristics in the potential safety hazard case database; if the same case characteristics exist, intercepting the encrypted data signal, and storing the encrypted data signal as a data case into a potential safety hazard case database; and if the case characteristics are not the same, outputting the encrypted data signal through a gateway interface.
2. The method of a car networking security access gateway of claim 1, wherein: the gateway is provided with a plurality of interfaces, and the interface types comprise a WLAN interface, a Bluetooth interface, a WIFI interface, a BT interface, a LoRa interface, an Ethernet interface, a Serial interface and a carrier communication interface.
3. The method of a car networking security access gateway of claim 2, wherein: DES packets M operate on the plaintext of 64b, M being M through the initial transposed IP 1 Will m 1 The plain text is divided into m 1 =(L 0 ,R 0 ) The length of each of the left and right 2 parts of (2), 32b, is then subjected to 16 identical iterations, and is combined with the corresponding iterated key in each iteration to generate an encrypted plaintext or ciphertext.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111522723.4A CN114364062B (en) | 2021-12-13 | 2021-12-13 | Method for safely accessing gateway of Internet of vehicles |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111522723.4A CN114364062B (en) | 2021-12-13 | 2021-12-13 | Method for safely accessing gateway of Internet of vehicles |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114364062A CN114364062A (en) | 2022-04-15 |
| CN114364062B true CN114364062B (en) | 2023-12-01 |
Family
ID=81098875
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111522723.4A Active CN114364062B (en) | 2021-12-13 | 2021-12-13 | Method for safely accessing gateway of Internet of vehicles |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114364062B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114760056B (en) * | 2022-06-15 | 2022-10-18 | 广州万协通信息技术有限公司 | Secure communication method and device for dynamically updating key |
| CN115208694B (en) * | 2022-09-13 | 2023-01-13 | 智己汽车科技有限公司 | Vehicle-mounted network communication encryption system based on central computing platform and vehicle |
| CN116599774B (en) * | 2023-07-17 | 2023-09-15 | 交通运输部公路科学研究所 | Encryption chip for information security and data protection of Internet of vehicles |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104410569A (en) * | 2014-11-26 | 2015-03-11 | 公安部第三研究所 | Perception communication interconnecting gateway and method for processing data |
| CN107968774A (en) * | 2016-10-20 | 2018-04-27 | 深圳联友科技有限公司 | A kind of protecting information safety method of car networking terminal device |
| CN110048850A (en) * | 2019-03-26 | 2019-07-23 | 重庆邮电大学 | A kind of car networking data security transmission technology based on improvement SSL/TLS agreement |
| US10887348B1 (en) * | 2017-08-04 | 2021-01-05 | Amazon Technologies, Inc. | Detection of network traffic interception |
| CN113472817A (en) * | 2021-09-03 | 2021-10-01 | 杭州网银互联科技股份有限公司 | Gateway access method and device for large-scale IPSec and electronic equipment |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10375126B2 (en) * | 2013-11-22 | 2019-08-06 | At&T Mobility Ii Llc | Methods, devices and computer readable storage devices for intercepting VoIP traffic for analysis |
-
2021
- 2021-12-13 CN CN202111522723.4A patent/CN114364062B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104410569A (en) * | 2014-11-26 | 2015-03-11 | 公安部第三研究所 | Perception communication interconnecting gateway and method for processing data |
| CN107968774A (en) * | 2016-10-20 | 2018-04-27 | 深圳联友科技有限公司 | A kind of protecting information safety method of car networking terminal device |
| US10887348B1 (en) * | 2017-08-04 | 2021-01-05 | Amazon Technologies, Inc. | Detection of network traffic interception |
| CN110048850A (en) * | 2019-03-26 | 2019-07-23 | 重庆邮电大学 | A kind of car networking data security transmission technology based on improvement SSL/TLS agreement |
| CN113472817A (en) * | 2021-09-03 | 2021-10-01 | 杭州网银互联科技股份有限公司 | Gateway access method and device for large-scale IPSec and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114364062A (en) | 2022-04-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110073634B (en) | Data conversion system and method | |
| CN114364062B (en) | Method for safely accessing gateway of Internet of vehicles | |
| Kessler | An overview of cryptography | |
| CN111052672B (en) | Secure key transfer protocol without certificate or pre-shared symmetric key | |
| CN105049401B (en) | A kind of safety communicating method based on intelligent vehicle | |
| CN110995414B (en) | Method for establishing channel in TLS1_3 protocol based on cryptographic algorithm | |
| US20160119120A1 (en) | Method and apparatus for public-key encrypted communication | |
| CN113078997B (en) | Terminal protection method based on lightweight cryptographic algorithm | |
| KR102172181B1 (en) | Apparatus and Method for Patterned Cipher Block for Real-Time Data Communication | |
| EP2962420B1 (en) | Network device configured to derive a shared key | |
| Harkins et al. | Opportunistic wireless encryption | |
| EP3729716B1 (en) | Stream ciphering | |
| CN102916810B (en) | Method, system and apparatus for authenticating sensor | |
| AlJabri et al. | [Retracted] A Comprehensive Review of Lightweight Authenticated Encryption for IoT Devices | |
| CN110012467A (en) | The packet authentication method of narrowband Internet of Things | |
| Fazzat et al. | A comparative performance study of cryptographic algorithms for connected vehicles | |
| US11115187B2 (en) | Apparatus and method for block ciphers for real-time data transmission | |
| CN116614266A (en) | Data transmission method, device, equipment and storage medium | |
| Chen et al. | Cryptography in WSNs | |
| Arora et al. | Handling Secret Key Compromise by Deriving Multiple Asymmetric Keys based on Diffie-Hellman Algorithm | |
| Prakasha et al. | Enhanced authentication and key exchange for end to end security in mobile commerce using wireless public key infrastructure | |
| Kiratiwintakorn | Energy efficient security framework for wireless Local Area Networks | |
| Kessler | An Overview of Cryptography (Updated Version, 3 March 2016) | |
| Abdelgader et al. | Design of a secure file transfer system using hybrid encryption techniques | |
| Mohamed et al. | Cryptography concepts: Confidentiality |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |