CN114553553A - Mixed encryption communication method - Google Patents
Mixed encryption communication method Download PDFInfo
- Publication number
- CN114553553A CN114553553A CN202210173249.7A CN202210173249A CN114553553A CN 114553553 A CN114553553 A CN 114553553A CN 202210173249 A CN202210173249 A CN 202210173249A CN 114553553 A CN114553553 A CN 114553553A
- Authority
- CN
- China
- Prior art keywords
- message
- gateway
- child node
- key
- encrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 48
- 230000006854 communication Effects 0.000 title claims abstract description 34
- 238000004891 communication Methods 0.000 title claims abstract description 32
- 238000012795 verification Methods 0.000 claims abstract description 26
- 238000012545 processing Methods 0.000 claims abstract description 8
- 230000005540 biological transmission Effects 0.000 claims description 11
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/302—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a mixed encryption communication method, which relates to the technical field of communication encryption, and is characterized in that before a gateway and a child node communicate with each other, the message to be transmitted is subjected to mixed encryption processing; the gateway and the subnode receive the encrypted message, decrypt the encrypted message, complete message content analysis and verification, encrypt the message to be transmitted by adopting an RSA algorithm, generate a public key and a private key of the subnode and the gateway, then complete encryption and verification of a response signal of a receiving end by an AES key, shorten the verification process between the subnode and the gateway by utilizing the characteristic of the AES key, and improve the confidentiality of the message by utilizing the characteristic of the RSA algorithm, so that the communication method can combine the advantages of two different encryption modes, optimize the communication process, improve the communication efficiency and ensure the confidentiality of communication.
Description
Technical Field
The invention relates to the technical field of communication encryption, in particular to a hybrid encryption communication method.
Background
With the rapid development of the internet technology, more and more intelligent devices can be connected to the internet to help people to live, work and study, and on the other hand, network security is more and more emphasized.
According to the traditional AES, a single secret key is used, so that the data encryption and decryption speed is high, the security is poorer than that of an RSA algorithm, the RSA is based on large-number hard factorization, and a public and private secret key encryption mode is adopted, so that the security of the RSA algorithm is higher, and how to utilize a hybrid encryption mode to improve the security of communication is a problem to be solved.
Disclosure of Invention
The invention aims to provide a hybrid encryption communication method.
The purpose of the invention can be realized by the following technical scheme: a hybrid encryption communication method comprises the following steps:
the method comprises the following steps: constructing a communication local area network, and marking gateways and child nodes in the communication local area network;
step two: before the gateway and the child nodes communicate with each other, the messages to be transmitted are subjected to mixed encryption processing;
step three: and after receiving the encrypted message, the gateway and the child node decrypt the encrypted message to complete message content analysis and verify the analyzed message content.
Further, the process of the hybrid encryption processing of the message includes:
before a child node sends a message to a gateway, a pair of public keys and private keys are respectively generated in the child node and a target gateway to be sent, the generated public keys are mutually disclosed, and then the private keys are self-reserved; and after the public key and the private key of the child node are obtained, the obtained public key of the child node is sent to the gateway, the public key and the gateway are shared, the private key is reserved, and the message to be sent is encrypted through the private key self-reserved by the child node to obtain an encrypted transmission message.
Further, the process of generating the public key and the private key includes: according to the message to be sent by the child node, obtaining the character sequence and the message length of the message to be sent, and selecting two unequal prime numbers p and q according to the message length; multiplying p and q to obtain a numerical value n, calculating an Euler function m of n, randomly selecting a numerical value between 1 and m, marking the numerical value as e, obtaining a modular inverse element of the numerical value e according to the obtained numerical value e and the numerical value n, and marking the modular inverse element of the numerical value e as a numerical value d; the public key of the child node is obtained as [ n, e ] and the private key is obtained as [ n, d ].
Further, the value e and the value n are relatively prime.
Further, after the public key is sent to the gateway, the correlation between the child node and the gateway is completed, a response message is generated, and the response message is encrypted at the child node, where the process of encrypting the response message by the child node includes:
by negotiating AES keys of the child nodes and the gateway;
encrypting the response message through an AES key to obtain a first response ciphertext;
encrypting the AES key by using the public key, and converting the encrypted AES key into a second response ciphertext;
and the child node sends the obtained first response ciphertext and the second response ciphertext to the gateway.
Further, the gateway decrypts the received first response ciphertext and the second response ciphertext, and the process includes:
the gateway receives the first response ciphertext and the second response ciphertext from the child node, decrypts the received first response ciphertext and the second response ciphertext by using a public key reserved by the gateway to obtain an AES key, analyzes the encrypted response message by using the AES key, and generates a message receiving instruction after the encrypted response message is analyzed.
Further, after receiving the message to be transmitted, the gateway decrypts the received message, and the process includes:
decrypting the encrypted transmission message through a private key reserved by the gateway;
and marking the decrypted message, and acquiring basic information of the decrypted message, wherein the basic information of the decrypted message comprises a character sequence and a message length which form the message.
Further, after the gateway completes decryption of the encrypted transmission message, the integrity of the decrypted message is verified, and the verification process includes:
marking the decrypted message as a verification message, and marking the message to be sent as a reference message;
verifying that the message length of the message is K according to the message length of the message as L;
when L is not equal to K, the verification report received by the gateway is incomplete;
when L is equal to K, reading the character sequences of the reference message and the verification message respectively;
and matching the character sequences of the reference message and the verification message one by one according to the sequence, and judging the integrity of the verification message according to the matching result.
Compared with the prior art, the invention has the beneficial effects that: the message to be transmitted is encrypted by adopting an RSA algorithm, a public key and a private key of the child node and the gateway are generated, then the encryption and the verification of the response signal of the receiving end are completed through the AES key, the verification process between the child node and the gateway is shortened by utilizing the characteristic of the AES key, and the confidentiality of the message is improved by utilizing the characteristic of the RSA algorithm, so that the communication method can combine the advantages of two different encryption modes, optimize the communication process, improve the communication efficiency and ensure the confidentiality of the communication.
Drawings
Fig. 1 is a schematic diagram of the present invention.
Detailed Description
As shown in fig. 1, a hybrid encryption communication method includes the following steps:
the method comprises the following steps: constructing a communication local area network, and marking gateways and child nodes in the communication local area network;
step two: before the gateway and the child nodes communicate with each other, the messages to be transmitted are subjected to mixed encryption processing;
step three: and after receiving the encrypted message, the gateway and the child node decrypt the encrypted message to complete message content analysis and verify the analyzed message content.
In a specific implementation process, the child nodes and the gateways can perform communication transmission with each other, and the child nodes and the gateways that can perform communication transmission with each other are associated with each other, and it is further described that, in the specific implementation process, a process of transmitting from the child nodes to the gateways and a process of transmitting from the gateways to the child nodes are independent from each other;
it should be further explained that, in a specific implementation process, before the child node and the gateway communicate with each other, the message to be transmitted is subjected to hybrid encryption processing, where the specific process of the hybrid encryption processing of the message includes:
before a child node sends a message to a gateway, a pair of public keys and private keys are respectively generated in the child node and a target gateway to be sent, the generated public keys are mutually disclosed, and then the private keys are self-reserved;
it should be further noted that, in a specific implementation process, the generation process of the public key and the private key includes: obtaining basic information of a message to be sent according to the message to be sent by a child node, wherein the basic information of the message to be sent comprises a character sequence forming the message and the message length, and the message length is marked as L, and L is more than or equal to 3; selecting two unequal prime numbers p and q according to the length of the message, wherein in the specific implementation process, both p and q are less than or equal to L;
multiplying p and q to obtain a value n, calculating an Euler function m of n, randomly selecting a value between 1 and m, and marking the value as e, wherein the value e and the value n are relatively prime;
obtaining a modulo inverse element of the numerical value e according to the obtained numerical value e and the numerical value n, and marking the modulo inverse element of the numerical value e as a numerical value d;
then the public key of the child node is obtained as [ n, e ], and the private key is obtained as [ n, d ];
and after the public key and the private key of the child node are obtained, the obtained public key of the child node is sent to the gateway, the public key and the gateway are shared, and the private key is reserved.
Obtaining a public key and a private key of the gateway in the same way, sending the obtained public key of the gateway to the child node, and simultaneously reserving the obtained private key of the gateway;
and encrypting the message to be sent by a private key self-reserved by the child node to obtain an encrypted transmission message.
It should be further noted that, in the specific implementation process, after the public key is sent to the gateway, the correlation between the child node and the gateway is completed, a response packet is generated, and the child node encrypts the response packet, where the process of encrypting the response packet by the child node includes:
by negotiating AES keys of the child nodes and the gateway;
encrypting the response message through an AES key to obtain a first response ciphertext;
encrypting the AES key by using public keys [ n, e ] of the child nodes and the gateway, and converting the encrypted AES key into a second response ciphertext;
and the child node sends the obtained first response ciphertext and the second response ciphertext to the gateway.
It should be further noted that, in the specific implementation process, after the child node sends the obtained first response ciphertext and the second response ciphertext to the gateway, the gateway decrypts the received first response ciphertext and the second response ciphertext, and the specific decryption process includes:
the gateway receives a first response ciphertext and a second response ciphertext from the child node, decrypts the received first response ciphertext and the second response ciphertext by using a public key (n, d) reserved by the gateway to obtain an AES key, analyzes the encrypted response message by using the AES key, and generates a message receiving instruction after the encrypted response message is analyzed;
and receiving the message required to be transmitted by the child node according to the generated message receiving instruction.
It should be further explained that, in the specific implementation process, after receiving the message to be transmitted, the gateway decrypts the received message, where the specific decryption process includes:
marking the obtained encrypted transmission message, and obtaining a private key reserved in the gateway;
decrypting the encrypted transmission message through a private key reserved by the gateway;
and marking the decrypted message, acquiring basic information of the decrypted message, wherein the basic information of the decrypted message comprises a character sequence forming the message and the message length, and marking the message length as K.
It should be further noted that, in the specific implementation process, after the gateway completes decryption of the received message, the integrity of the decrypted message is verified, so as to ensure that the content of the received message is accurate, and the verification process of the integrity of the message by the gateway includes:
marking the decrypted message as a verification message, and marking the message to be sent as a reference message;
verifying that the message length of the message is K according to the message length of the message as L;
when L is not equal to K, the difference exists between the verification message received by the gateway and the reference message;
intercepting the verification message and receiving the message required to be sent by the child node again according to the original path;
when L is equal to K, reading the character sequences of the reference message and the verification message respectively;
matching the character sequences of the reference message and the verification message one by one according to the sequence, and obtaining a matching result;
outputting a matching result;
if the matching result shows that the character sequence matching result of the reference message is consistent with the character sequence matching result of the verification message, the message received by the gateway is complete;
if the matching result shows that the character sequence matching result of the reference message is inconsistent with the character sequence matching result of the verification message, the verification message is intercepted, and the message required to be sent by the child node is received again according to the original path.
Although the present invention has been described in detail with reference to the preferred embodiments, it will be understood by those skilled in the art that various changes may be made and equivalents may be substituted for elements thereof without departing from the spirit and scope of the present invention.
Claims (8)
1. A hybrid encrypted communication method, comprising the steps of:
the method comprises the following steps: constructing a communication local area network, and marking gateways and sub-nodes in the communication local area network;
step two: before the gateway and the child nodes communicate with each other, the messages to be transmitted are subjected to mixed encryption processing;
step three: and after receiving the encrypted message, the gateway and the child node decrypt the encrypted message to complete message content analysis and verify the analyzed message content.
2. The hybrid encryption communication method according to claim 1, wherein the hybrid encryption processing of the message comprises:
before a child node sends a message to a gateway, a pair of public keys and private keys are respectively generated in the child node and a target gateway to be sent, the generated public keys are mutually disclosed, and then the private keys are self-reserved; and after the public key and the private key of the child node are obtained, the obtained public key of the child node is sent to the gateway, the public key and the gateway are shared, the private key is reserved, and the message to be sent is encrypted through the private key self-reserved by the child node to obtain an encrypted transmission message.
3. The hybrid encrypted communication method according to claim 2, wherein the generating of the public key and the private key comprises: according to the message to be sent by the child node, obtaining the character sequence and the message length of the message to be sent, and selecting two unequal prime numbers p and q according to the message length; multiplying p and q to obtain a numerical value n, calculating an Euler function m of n, randomly selecting a numerical value between 1 and m, marking the numerical value as e, obtaining a modular inverse element of the numerical value e according to the obtained numerical value e and the numerical value n, and marking the modular inverse element of the numerical value e as a numerical value d; the public key of the child node is obtained as [ n, e ] and the private key is obtained as [ n, d ].
4. A hybrid encryption communication method according to claim 3, wherein the value e and the value n are relatively prime.
5. The hybrid encryption communication method according to claim 3, wherein after the public key is sent to the gateway, the correlation between the child node and the gateway is completed, a response packet is generated, and the response packet is encrypted at the child node, and the process of encrypting the response packet by the child node includes:
by negotiating the AES key of the child node and the gateway;
encrypting the response message through an AES key to obtain a first response ciphertext;
encrypting the AES key by using the public key, and converting the encrypted AES key into a second response ciphertext;
and the child node sends the obtained first response ciphertext and the second response ciphertext to the gateway.
6. The hybrid encryption communication method of claim 5, wherein the gateway decrypts the received first response ciphertext and the second response ciphertext, comprising:
the gateway receives a first response ciphertext and a second response ciphertext from the child node, decrypts the received first response ciphertext and the second response ciphertext by using a public key reserved by the gateway to obtain an AES (advanced encryption standard) key, analyzes the encrypted response message by using the AES key, and generates a message receiving instruction after the encrypted response message is analyzed.
7. The hybrid encryption communication method according to claim 6, wherein the gateway decrypts the received message after receiving the message to be transmitted, and the process comprises:
decrypting the encrypted transmission message through a private key reserved by the gateway;
and marking the decrypted message, and acquiring basic information of the decrypted message, wherein the basic information of the decrypted message comprises a character sequence and a message length which form the message.
8. The hybrid encryption communication method according to claim 6, wherein the gateway verifies the integrity of the decrypted message after completing the decryption of the encrypted transmission message, and the verification process comprises:
marking the decrypted message as a verification message, and marking the message to be sent as a reference message;
verifying that the message length of the message is K according to the message length of the message as L;
when L is not equal to K, the verification report received by the gateway is incomplete;
when L is equal to K, reading the character sequences of the reference message and the verification message respectively;
and matching the character sequences of the reference message and the verification message one by one according to the sequence, and judging the integrity of the verification message according to the matching result.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210173249.7A CN114553553A (en) | 2022-02-24 | 2022-02-24 | Mixed encryption communication method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210173249.7A CN114553553A (en) | 2022-02-24 | 2022-02-24 | Mixed encryption communication method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN114553553A true CN114553553A (en) | 2022-05-27 |
Family
ID=81677010
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210173249.7A Pending CN114553553A (en) | 2022-02-24 | 2022-02-24 | Mixed encryption communication method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114553553A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117062061A (en) * | 2023-10-11 | 2023-11-14 | 浙江卡巴尔电气有限公司 | Encryption transmission method for wireless communication |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105635039A (en) * | 2014-10-27 | 2016-06-01 | 阿里巴巴集团控股有限公司 | Network safety communication method and device |
CN106911663A (en) * | 2016-11-16 | 2017-06-30 | 上海艾融软件股份有限公司 | One kind sells bank's full message encryption system and method for mixed mode directly to households |
CN108900301A (en) * | 2018-05-31 | 2018-11-27 | 苏州浪潮智能软件有限公司 | The certification of restful interface security and message mixed encryption method based on .NET MVC |
CN110717188A (en) * | 2019-09-29 | 2020-01-21 | 武汉海昌信息技术有限公司 | Document reading and amending safety method based on asymmetric encryption technology |
CN113507372A (en) * | 2021-06-28 | 2021-10-15 | 上海浦东发展银行股份有限公司 | Bidirectional authentication method for interface request |
-
2022
- 2022-02-24 CN CN202210173249.7A patent/CN114553553A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105635039A (en) * | 2014-10-27 | 2016-06-01 | 阿里巴巴集团控股有限公司 | Network safety communication method and device |
CN106911663A (en) * | 2016-11-16 | 2017-06-30 | 上海艾融软件股份有限公司 | One kind sells bank's full message encryption system and method for mixed mode directly to households |
CN108900301A (en) * | 2018-05-31 | 2018-11-27 | 苏州浪潮智能软件有限公司 | The certification of restful interface security and message mixed encryption method based on .NET MVC |
CN110717188A (en) * | 2019-09-29 | 2020-01-21 | 武汉海昌信息技术有限公司 | Document reading and amending safety method based on asymmetric encryption technology |
CN113507372A (en) * | 2021-06-28 | 2021-10-15 | 上海浦东发展银行股份有限公司 | Bidirectional authentication method for interface request |
Non-Patent Citations (2)
Title |
---|
石志国,薛为民,尹浩: "《区块链技术基础教程》", vol. 2, 31 May 2020, 清华大学出版社、北京交通大学出版社, pages: 259 - 260 * |
石志国,薛为民,尹浩: "计算机网络安全教程", vol. 2, 清华大学出版社、北京交通大学出版社, pages: 259 - 260 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117062061A (en) * | 2023-10-11 | 2023-11-14 | 浙江卡巴尔电气有限公司 | Encryption transmission method for wireless communication |
CN117062061B (en) * | 2023-10-11 | 2024-01-12 | 浙江卡巴尔电气有限公司 | Encryption transmission method for wireless communication |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Canetti et al. | Universally composable notions of key exchange and secure channels | |
JP4981072B2 (en) | Method and system for decryptable and searchable encryption | |
US10511581B2 (en) | Parallelizable encryption using keyless random permutations and authentication using same | |
US20030084292A1 (en) | Using atomic messaging to increase the security of transferring data across a network | |
US20100211779A1 (en) | Identity Based Authenticated Key Agreement Protocol | |
WO2007011897A2 (en) | Cryptographic authentication, and/or establishment of shared cryptographic keys, using a signing key encrypted with a non-one-time-pad encryption, including (but not limited to) techniques with improved security against malleability attacks | |
EP3476078B1 (en) | Systems and methods for authenticating communications using a single message exchange and symmetric key | |
JP2007221204A (en) | Wireless lan transmission reception apparatus and key delivery method in wireless lan | |
US7894608B2 (en) | Secure approach to send data from one system to another | |
CN103118363A (en) | Method, system, terminal device and platform device of secret information transmission | |
CN102469173A (en) | IPv6 (Internet Protocol Version 6) network layer credible transmission method and system based on combined public key algorithm | |
Zhao et al. | Security analysis of a password-based authentication protocol proposed to IEEE 1363 | |
Huang et al. | A secure communication over wireless environments by using a data connection core | |
CN111224958A (en) | Data transmission method and system | |
CN114499857A (en) | Method for realizing data correctness and consistency in big data quantum encryption and decryption | |
CN114553553A (en) | Mixed encryption communication method | |
CN114928503B (en) | Method for realizing secure channel and data transmission method | |
CN114513361B (en) | Power distribution Internet of things based on block chain | |
CN115550007A (en) | Signcryption method and system with equivalence test function based on heterogeneous system | |
Stubblebine et al. | Formal characterization and automated analysis of known-pair and chosen-text attacks | |
Lv et al. | An efficient three-party authenticated key exchange protocol with one-time key | |
Kremer et al. | Analysing the vulnerability of protocols to produce known-pair and chosen-text attacks | |
CN114070549A (en) | Key generation method, device, equipment and storage medium | |
Anand et al. | Identity-based encryption algorithm using hybrid encryption and MAC address for key generation | |
CN215010302U (en) | Safety certification equipment of power distribution internet of things based on block chain |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |