CN114584304A - Edge equipment intelligent authentication method, system and equipment based on artificial disturbance - Google Patents
Edge equipment intelligent authentication method, system and equipment based on artificial disturbance Download PDFInfo
- Publication number
- CN114584304A CN114584304A CN202210437372.5A CN202210437372A CN114584304A CN 114584304 A CN114584304 A CN 114584304A CN 202210437372 A CN202210437372 A CN 202210437372A CN 114584304 A CN114584304 A CN 114584304A
- Authority
- CN
- China
- Prior art keywords
- rss
- information
- pairing
- pairing signal
- rss information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
The application provides an edge device intelligent authentication method, system and device based on artificial disturbance. In the embodiment of the application, the main pairing device sends the pairing signal based on the influence of the artificial disturbance, and the pairing of the internet of things devices is realized through the pairing signal RSS which can be sensed by all the devices, so that the problem of the sensing capability of the internet of things devices is effectively solved, such as the problem that the resources of some internet of things devices are limited, and the intelligent authentication method of the edge device based on the artificial disturbance is finally realized.
Description
Technical Field
The application relates to the Internet of things, in particular to an edge device intelligent authentication method, system and device based on artificial disturbance.
Background
When the internet of things equipment is added into the internet of things for the first time, the internet of things equipment needs to be paired with network equipment such as a gateway and the like in the internet of things, which is responsible for access, so as to share security data.
However, the current internet of things equipment has the problem of resource limitation, such as interface shortage, no relevant input interface and output interface. This results in that the conventional internet pairing protocol (public key infrastructure (PKI) -based is not suitable for deployment in the resource-constrained internet of things scenario due to the large computing, storage and communication overhead of PKI.
Disclosure of Invention
The application provides an edge device intelligent authentication method, system and device based on artificial disturbance, and aims to achieve the purpose.
The technical scheme provided by the application comprises the following steps:
the embodiment of the application provides a first edge device intelligent authentication method based on artificial disturbance, which is applied to an internet of things device to be accessed into a target network, wherein the target network further comprises a main pairing device for managing access in the target network and an assistant device which is successfully accessed into the target network, and the method comprises the following steps:
collecting first Received Signal Strength (RSS) information within a set time period; the first RSS information at least comprises a corresponding relation between the RSS of the pairing signal and the sending time of the pairing signal; the pairing signal RSS is the RSS of the Internet of things device which receives the pairing signal sent by the main pairing device, and the pairing signal sending time is the time of the main pairing device sending the pairing signal; at least one pairing signal sent by the master pairing device is sent under manual disturbance;
if the first RSS information and second RSS information collected by the assistant device in the set time period are found to meet similar conditions, determining a first characteristic parameter for generating a session key from the first RSS information, wherein the first characteristic parameter is related to the sending time of a pairing signal in the first RSS information, and generating a first session key by using the first characteristic parameter;
and acquiring encrypted information, wherein the encrypted information is acquired by encrypting network access information for accessing the target network, the encrypted information is decrypted by using the first session key to acquire the network access information, and the network access information is used for accessing the target network.
The embodiment of the application provides a second intelligent edge device authentication method based on artificial disturbance, which is applied to helper devices which have successfully accessed to a target network, wherein the target network also has a main pairing device for managing access in the target network, and the method comprises the following steps:
collecting second Received Signal Strength (RSS) information within a set time period; the second RSS information at least includes a correspondence between the pairing signal RSS and the pairing signal transmission time; the pairing signal RSS is the RSS of the Internet of things device which receives the pairing signal sent by the main pairing device, and the pairing signal sending time is the time of the main pairing device sending the pairing signal; at least one pairing signal transmitted by the main pairing device is transmitted under artificial disturbance interference;
if the second RSS information and first RSS information collected by the Internet of things equipment to be accessed to the target network in the set time period are found to meet similar conditions, determining second characteristic parameters for generating a session key from the second RSS information, wherein the second characteristic parameters are related to the sending time of a pairing signal in the second RSS information, and generating a second session key by using the second characteristic parameters;
if the first session key generated by the IOT device is verified to be matched with the second session key,
and sending encryption information to the Internet of things equipment so that the Internet of things equipment decrypts the encryption information by using the first session key to obtain the network access information and accesses the target network by using the network access information, wherein the encryption information is obtained by encrypting the network access information for accessing the target network.
The embodiment of the application provides an edge device intelligent authentication system based on artificial disturbance, and the system comprises: the device comprises an Internet of things device to be accessed into a target network, a main pairing device used for managing access in the target network and an assistant device successfully accessed into the target network in the target network;
the main pairing device is used for sending pairing signals, the pairing signals carry sending time of the main pairing device for sending the pairing signals, and at least one pairing signal is sent under manual disturbance;
the Internet of things equipment is executed according to a first method step;
the helper device performs the second method step;
an embodiment of the present application provides an electronic device, which includes: a processor and a machine-readable storage medium;
the machine-readable storage medium stores machine-executable instructions executable by the processor;
the processor is configured to execute machine executable instructions to perform any of the method steps described above.
According to the technical scheme, in the embodiment, the main pairing device sends the pairing signal based on the influence of the artificial disturbance, and the pairing of the internet of things devices is realized through the pairing signal RSS which can be sensed by all the devices, so that the problems of the sensing capability of the internet of things devices, such as limited resources of some internet of things devices, abundant resources of some internet of things devices and the like, are effectively solved, and the intelligent authentication method of the edge device based on the artificial disturbance is finally realized.
Further, in this embodiment, the master pairing device is influenced by adding artificial disturbance to send the pairing signal, and the pairing signal can be perceived by multiple devices to be paired at the same time, which means that this embodiment can efficiently support multiple devices to be matched at the same time.
Further, in this embodiment, the session key is generated by using the pairing signal RSS of the pairing signal affected by the artificial disturbance, which is sensed by the internet of things device, instead of the preset key, so that the security of device pairing can be effectively improved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure.
FIG. 1 is a flow chart of a method provided by an embodiment of the present application;
fig. 2 is a schematic networking diagram provided in an embodiment of the present application;
FIG. 3 is a flowchart of a similar determination of step 102 provided in the present application;
FIG. 4 is another flow chart provided by an embodiment of the present application;
fig. 5 is a system configuration diagram provided in the embodiment of the present application;
FIG. 6 is a block diagram of an apparatus according to an embodiment of the present disclosure;
FIG. 7 is a block diagram of another apparatus according to an embodiment of the present disclosure;
fig. 8 is a hardware structure diagram of a device according to an embodiment of the present application.
Detailed Description
The embodiment of the application provides an edge device intelligent authentication method based on artificial disturbance, which is different from a traditional internet pairing protocol. In this embodiment, in order to improve the efficiency of pairing multiple pieces of internet of things equipment and ensure the safety of data interaction between the pieces of internet of things equipment, the received signal strength data added with the artificial disturbance information is used as the verification information of the pairing of the pieces of internet of things equipment and participates in the generation of the session key, so as to ensure the safety strength of the session key. In order to make the method provided by the present application easier to understand, the method provided by the present application is described in detail below with reference to the accompanying drawings and examples:
referring to fig. 1, fig. 1 is a flowchart of a method provided in an embodiment of the present application. The process can be applied to the Internet of things equipment to be accessed into the target network. The target network herein generally refers to any segment of the internet of things, and this embodiment is not particularly limited.
Optionally, in this embodiment, network devices in the target network may be distinguished, for example: at least one network device managing access within the target network is denoted as a master pairing device, and at least one network device having successfully accessed the target network is denoted as an assistant device. Fig. 2 shows, by way of example, a primary pairing device, an assistant device, and an internet of things device to be accessed to a target network.
For one embodiment, the at least one network device for managing access within the target network may include a gateway in the internet of things.
As an embodiment, the at least one network device that has successfully accessed the target network may include a resource-rich device, such as a mobile phone. Optionally, such devices are accessed according to existing mechanisms, such as a conventional internet pairing protocol, when accessing the target network.
Based on the above description, as shown in fig. 1, the process may include the following steps:
In this embodiment, the master pairing device broadcasts the pairing signal for a period of time. Optionally, in this embodiment, an artificial disturbance, such as an artificial disturbance of waving an object, opening or closing a door or window, or the like, may be added when the main pairing device broadcasts the pairing signal. In other words, in the present embodiment, the master pairing device transmits the pairing signal under manual disturbance.
Optionally, in this embodiment, the pairing signal broadcast by the master pairing device may carry the pairing signal sending time. When the internet of things equipment receives a pairing Signal, the internet of things equipment records the corresponding relation between the Received Signal Strength (RSS) of the pairing Signal and the sending time of the pairing Signal carried by the pairing Signal, and the specific recording format is as follows: { RSSi, Ti }. Where RSSi denotes RSS that receives a pairing signal transmitted by the master pairing device at time Ti.
Based on this, in this embodiment, the internet of things device collects the records { RSSi, Ti } in the set time period. For { RSSi, Ti } collected in the above-mentioned set time period, the time T is used as abscissa and RSS is used as ordinate to plot, and then the noise generated by recording error is removed by removing abnormal value such as RSS with abnormal change in the plotted graph, and the corresponding relationship between the RSS and the corresponding time retained in the graph is marked as RSS candidate information. And then, decomposing the candidate RSS information by adopting a DWT wavelet decomposition method to screen out data meeting set requirements, such as screening out RSS under 5-40 Hz. And finally, performing wavelet reconstruction on the screened data meeting the set requirement to restore the RSS information, wherein the restored RSS information can be determined as the first RSS information. Finally, the first RSS information at least includes a corresponding relationship between the RSS of the received pairing signal within the set time period and the transmission time of the pairing signal carried by the pairing signal. In this embodiment, the DWT wavelet decomposition method and the wavelet reconstruction method are similar to the existing methods, and this embodiment is not particularly limited.
It should be noted that this is merely an example of the first RSS information, and is not a limitation.
Similarly, in this embodiment, the assistant device also receives the pairing signal broadcast by the main pairing device, and when receiving the pairing signal, records the corresponding relationship between the RSS that receives the pairing signal and the sending time of the pairing signal carried by the pairing signal, where the specific recording format is as described above. Finally, the assistant device collects the second RSS information within the set time period according to the manner that the internet of things device obtains the first RSS information. The second RSS information at least includes a correspondence between RSS received in the set time period and a pairing signal transmission time carried by the pairing signal.
In application, RSS is the physical layer perception when data is received from the internet of things device, and all devices capable of communicating can obtain RSS. And RSS is generally affected by various aspects such as path fading, shadowing, multipath effects, etc. Based on this, in this application embodiment, influence thing networking device perception RSS through adding the mode of artificial disturbance and promote thing networking device perception RSS's degree of distinction, when pairing to thing networking device based on this degree of distinction, increase RSS's matching degree to reach and support many equipment perception high matching degree information simultaneously, reduce the purpose of pairing time, see the following description specifically.
And 102, if the first RSS information and second RSS information collected by the assistant device in a set time period are found to meet similar conditions, determining a first characteristic parameter for generating a session key from the first RSS information, wherein the first characteristic parameter is related to the sending time of a pairing signal in the first RSS information, and generating the first session key by using the first characteristic parameter.
In this embodiment, there are many methods for determining whether the first RSS information and the second RSS information satisfy the similar condition, and fig. 3 illustrates one implementation manner of the first RSS information and the second RSS information. This is not described in detail.
In the present embodiment, there are many ways to determine the first characteristic parameter for generating the session key from the first RSS information, for example, determining the pairing signal transmission frequency according to the pairing signal transmission time of the main pairing device broadcast pairing information recorded in the first RSS information, and using the pairing signal transmission frequency and the random number seed as the first characteristic parameter. Here, the random number seed includes at least a target pairing signal transmission time at which the master pairing device is interfered by manual disturbance when transmitting the pairing signal. Optionally, in this embodiment, the main pairing device is interfered by an artificial disturbance when the target pairing signal is sent at the target pairing signal sending time, which may characterize the RSS of the pairing signal received by the internet of things device. For example, when the internet of things device receives a pairing signal sent by the main pairing device at the target pairing signal sending time, the RSS changes suddenly. For example, when the internet of things device receives a pairing signal sent by a main pairing device at a target pairing signal sending time, the RSS is recorded as a target RSS, and when the internet of things device receives a pairing signal sent by the main pairing device at another time (recorded as a neighbor time) adjacent to the target pairing signal sending time, the RSS is recorded as a neighbor RSS.
After the first characteristic parameter is determined, as described in step 102, in this embodiment, the first session key may be generated by using the first characteristic parameter. Optionally, in this embodiment, a pseudo-random number generation algorithm may be employed to generate the first session key. The pseudo random number generation algorithm PRG is an algorithm capable of transforming a random number Seed (Seed) into a sequence of approximately [0,1] uniformly distributed random numbers, which, although not truly random, computes a sequence of random numbers with statistical characteristics similar to those of random numbers. When calculating the pseudo random numbers, the order of the pseudo random numbers will not change if the seed used is unchanged.
Optionally, in this embodiment, after the first session key is generated by using the first feature parameter, key matching may be further performed with the helper device. For example, the first session key is used to encrypt the setting data, such as hello, to obtain ciphertext data; and sending the ciphertext data to the assistant device, so that the assistant device sends the encrypted information to the internet of things device after successfully decrypting the ciphertext data by using the second session key. The encryption information is obtained by encrypting network access information for accessing the target network.
In this embodiment, the second session key is generated by the helper device using the second characteristic parameter determined from the second RSS information for generating the session key, which is similar to the generation manner of the first session key. In general, as described above, the first RSS information is similar to the second RSS information, and the second session key is matched with the first session key, and the ciphertext data obtained by encrypting the setting data, such as hello, using the first session key is decrypted by the second session key. The key agreement with the assistant device is performed to further confirm that the internet of things device is matched with the assistant device, so as to improve the security of the subsequent internet of things device accessing the network.
And 103, acquiring encrypted information, wherein the encrypted information is acquired by encrypting network access information for accessing the target network, decrypting the encrypted information by using the first session key to acquire the network access information, and accessing the target network by using the network access information.
As described above, the second session key and the first session key are matched. The encrypted information obtained by encrypting the network access information with the second session key is decrypted by the first session key. When the network access information is obtained through decryption, the internet of things equipment can access the target network by using the network access information, and finally pairing of the internet of things equipment is achieved.
Thus, the flow shown in fig. 1 is completed.
As can be seen from the flow shown in fig. 1, in this embodiment, the main pairing device sends the pairing signal based on the influence of the artificial disturbance, and pairing of the devices in the internet of things is realized through the pairing signal RSS that all the devices can sense, so that the problems of the sensing capability of the devices in the internet of things, such as limited resources of some devices in the internet of things, rich resources of some devices in the internet of things, and the like, are effectively solved, and finally, the intelligent authentication method for the edge device based on the artificial disturbance is realized.
Further, in this embodiment, the master pairing device is influenced to send the pairing signal by adding artificial disturbance, and the pairing signal can be perceived by multiple devices to be paired simultaneously, which means that this embodiment can efficiently support multiple devices to be matched simultaneously.
Further, in this embodiment, the session key is generated by using the pairing signal RSS of the pairing signal affected by the artificial disturbance, which is sensed by the internet of things device, instead of the preset key, so that the security of device pairing can be effectively improved.
How to determine whether the first RSS information and the second RSS information satisfy the similar condition in step 102 is described below:
referring to fig. 3, fig. 3 is a flow chart of RSS information similarity determination provided in the embodiment of the present application. As shown in fig. 3, the process may include the following steps:
In this embodiment, the master pairing device sends a broadcast stop pairing signal after the set time period. The stop broadcast pairing signal carries the point in time to stop. When the to-be-paired internet-of-things device and the assistant device receive the broadcast pairing stop signal, the to-be-paired internet-of-things device and the assistant device send a commitment value before the time point. For example, the to-be-paired internet of things device determines a corresponding first commitment value for the first RSS information according to the configured first commitment scheme, and sends the first commitment value. The helper device determines a second commitment value for the second RSS information according to the configured second commitment scheme. Here, the first commitment scheme and the second commitment scheme are only named for convenience of description and are not intended to be limiting. The first commitment scheme and the second commitment scheme can also be the same commitment scheme. Also, the first commitment value and the second commitment value are only named for convenience of description and are not used for limitation.
Optionally, in this embodiment, in order to prevent man-in-the-middle attack, the sent first commitment value may bind the communication network and the related identity information.
Optionally, in this embodiment, in order to prevent man-in-the-middle attacks, the second commitment value may bind the communication network and the related identity information.
In this embodiment, when the time point carried by the stop broadcast pairing signal arrives, the master pairing device broadcasts a "start check" signal. When the to-be-paired internet-of-things equipment receives the 'start check' signal, the first commitment content is published. Similarly, when the helper device receives the "start check" signal, it publishes the second commitment content.
When the to-be-paired internet-of-things device receives the second promised content, whether the first RSS information and the second RSS information meet similar conditions or not is determined.
Optionally, in this embodiment, there are many implementation manners for determining whether the first RSS information and the second RSS information satisfy the similar condition, for example, a first track is determined according to the first RSS information, and a track point on the first track is represented by the pairing signal RSS and the pairing signal sending time; and determining a second track according to the second RSS information, wherein track points on the second track are represented by a pairing signal RSS and a sending time of the pairing signal in the second RSS information, and whether the first RSS information and the second RSS information meet similar conditions or not is determined according to the distance between the first track and the second track.
In this embodiment, there are many implementation manners for determining whether the first RSS information and the second RSS information satisfy the similar condition according to the distance between the first track and the second track, for example: calculating a Jaccard distance between the first track and the second track; when the Jaccard distance is smaller than or equal to a corresponding distance threshold, determining that the first RSS information and the second RSS information meet similar conditions, otherwise, determining that the first RSS information and the second RSS information do not meet similar conditions; for another example: calculating the earth movement distance between the first track and the second track; when the earth movement distance is smaller than or equal to the corresponding distance threshold, determining that the first RSS information and the second RSS information meet similar conditions, otherwise, determining that the first RSS information and the second RSS information do not meet the similar conditions; for another example: calculating the Jaccard distance and the earth movement distance between the first track and the second track; and performing specified operation (such as multiplication operation and the like) on the Jaccard distance and the earth movement distance to obtain an operation result, when the operation result is smaller than or equal to a corresponding distance threshold, determining that the first RSS information and the second RSS information meet the similar condition, otherwise, determining that the first RSS information and the second RSS information do not meet the similar condition.
The above is described in terms of an internet of things device that is standing on a target network to be paired (to be accessed), and the following is described in terms of an assistant device that has successfully accessed the target network:
referring to fig. 4, fig. 4 is another flow chart provided by the embodiment of the present application. As shown in fig. 4, the process may include the following steps:
This step 401 is similar to the step 101 described above, and is not described here again.
This step 402 is similar to the step 102 described above and will not be described again.
As described above, in this embodiment, after the internet of things device to be accessed to the target network generates the first session key by using the first characteristic parameter, the internet of things device performs key matching with the helper device, for example, the internet of things device encrypts the setting data, such as hello, by using the first session key to obtain ciphertext data; and after receiving the ciphertext data, the assistant equipment decrypts the ciphertext data by using the second session key, and if the decryption is successful, the first session key is determined to be matched with the second session key. When the assistant device determines that the first session key generated by the internet of things device matches the second session key, the assistant device sends encrypted information to the internet of things device as described in step 403, so that the internet of things device decrypts the encrypted information by using the first session key to obtain network access information and accesses the target network by using the network access information. And finally, successful pairing of the Internet of things equipment is realized.
The flow shown in fig. 4 is completed.
Through the process shown in fig. 4, the main pairing device sends the pairing signal based on the influence of artificial disturbance, and the assistant device matches the internet of things device by using the pairing signal RSS which can be sensed by all devices, so that the problems of the sensing capability of the internet of things device such as limited internet of things device resources and rich internet of things device resources are effectively solved, and finally the intelligent authentication method for the edge device based on artificial disturbance is realized.
The method provided by the present application is described above, and the system and the device provided by the present application are described below:
referring to fig. 5, fig. 5 is a system structure diagram provided in the embodiment of the present application. The system comprises: the system comprises the Internet of things equipment to be accessed into a target network, main pairing equipment used for managing access in the target network and assistant equipment successfully accessed into the target network in the target network.
The main pairing equipment is used for sending pairing signals, the pairing signals carry sending time for the main pairing equipment to send the pairing signals, and at least one pairing signal is sent under manual disturbance;
the internet of things equipment executes the method steps as shown in fig. 1;
the helper device executes according to the method steps shown in fig. 4.
To this end, the description of the system configuration shown in fig. 5 is completed.
Optionally, the embodiment further provides a device structure diagram applied to the internet of things device shown in fig. 6. Referring to fig. 6, fig. 6 is a structural diagram of an apparatus according to an embodiment of the present disclosure. The device is applied to the Internet of things equipment to be accessed into a target network, the target network also comprises a main pairing device for managing access in the target network and an assistant device which is successfully accessed into the target network, and the device comprises:
a first collecting unit configured to collect first received signal strength RSS information within a set period of time; the first RSS information at least comprises a corresponding relation between the RSS of the pairing signal and the sending time of the pairing signal; the pairing signal RSS is the RSS of the Internet of things device which receives the pairing signal sent by the main pairing device, and the pairing signal sending time is the time of the main pairing device sending the pairing signal; at least one pairing signal transmitted by the main pairing device is transmitted under artificial disturbance interference;
a first processing unit, configured to determine, if the first RSS information and second RSS information collected by the helper device within the set time period are found to satisfy a similar condition, a first feature parameter used for generating a session key from the first RSS information, where the first feature parameter is related to a pairing signal sending time in the first RSS information, and generate a first session key using the first feature parameter;
and the access unit is used for acquiring encrypted information, the encrypted information is acquired by encrypting network access information for accessing the target network, the encrypted information is decrypted by using the first session key to acquire the network access information, and the network access information is used for accessing the target network.
Optionally, the collecting, by the first collecting unit, the first received signal strength RSS information within a set time period includes:
when a pairing signal sent by the main pairing equipment is received in the set time period, recording a pairing signal RSS when the pairing signal is currently received and the sending time of the pairing signal carried by the pairing signal;
denoising all records in the set time period to obtain candidate RSS information;
and decomposing the candidate RSS information according to a DWT wavelet decomposition method to screen out data meeting the set requirement, performing wavelet reconstruction on the data meeting the set requirement to restore the RSS information, and determining the restored RSS information as the first RSS information.
Alternatively, the first processing unit may determine whether the first RSS information and the second RSS information collected by the helper device within the set time period satisfy a similar condition, including:
receiving a second commitment value sent by the helper device, wherein the second commitment value is a commitment value determined by the helper device according to a configured second commitment scheme for second RSS information collected within the set time period;
receiving second commitment content published by the helper device; the second commitment content is used for determining a second commitment value, and at least comprises the following contents: second RSS information;
determining whether the first RSS information and the second RSS information meet a similar condition.
Optionally, the first processing unit further determines a corresponding first commitment value for the first RSS information according to a configured first commitment scheme, and broadcasts the first commitment value in the internet of things; and publishing a first commitment content, the first commitment content being a content used for determining the first commitment value, the content at least comprising: first RSS information; so that the helper device determines whether the first RSS information and the second RSS information meet similar conditions according to the first RSS information and the second RSS information;
optionally, the determining, by the first processing unit, whether the first RSS information and the second RSS information satisfy a similar condition includes:
determining a first track according to the first RSS information, wherein track points on the first track are represented by a pairing signal RSS and a pairing signal sending time in the first RSS information;
determining a second track according to the second RSS information, wherein track points on the second track are represented by a pairing signal RSS and a pairing signal sending time in the second RSS information;
and determining whether the first RSS information and the second RSS information meet a similar condition according to the distance between the first track and the second track.
Optionally, the first characteristic parameter includes at least:
a pairing signal transmission frequency; the pairing signal sending frequency is determined according to the pairing signal sending time in the RSS information;
random number seed; the random number seed at least comprises a target pairing signal sending time, wherein the main pairing device is interfered by manual disturbance when sending the pairing signal at the target pairing signal sending time.
Optionally, after the first processing unit generates the first session key by using the first feature parameter and before the encrypted information is obtained, the first processing unit further encrypts the setting data by using the first session key to obtain ciphertext data; sending the ciphertext data to the assistant device, so that the assistant device sends the encryption information to the internet of things device after successfully decrypting the ciphertext data by using a second session key; wherein the helper device generates the second session key using the second feature parameters for generating the session key determined from the second RSS information.
Thus, the description of the structure of the device shown in fig. 6 is completed.
The embodiment of the application also provides another device structure diagram. Referring to fig. 7, fig. 7 is a structural diagram of another apparatus according to an embodiment of the present disclosure. The apparatus is applied to helper devices that have successfully accessed a target network, which also has a primary pairing device for managing access within the target network. The device includes:
a second collecting unit configured to collect RSS information of a second received signal strength within a set period of time; the second RSS information at least includes a correspondence between the pairing signal RSS and the pairing signal transmission time; the pairing signal RSS is the RSS of the Internet of things device which receives the pairing signal sent by the main pairing device, and the pairing signal sending time is the time of the main pairing device sending the pairing signal; at least one pairing signal transmitted by the main pairing device is transmitted under artificial disturbance interference;
the second processing unit is configured to determine a second characteristic parameter used for generating a session key from the second RSS information if the second RSS information and first RSS information collected by the internet of things device to be accessed to the target network within the set time period are found to meet similar conditions, where the second characteristic parameter is related to pairing signal sending time in the second RSS information, and the second characteristic parameter is used to generate a second session key;
and the sending unit is used for sending encrypted information to the Internet of things equipment if the first session key generated by the Internet of things equipment is verified to be matched with the second session key, so that the Internet of things equipment decrypts the encrypted information by using the first session key to obtain the network access information and accesses the target network by using the network access information, and the encrypted information is obtained by encrypting the network access information for accessing the target network.
Optionally, the collecting, by the second collecting unit, the first received signal strength RSS information within a set time period includes:
when a pairing signal sent by the main pairing equipment is received in the set time period, recording a pairing signal RSS when the pairing signal is currently received and the sending time of the pairing signal carried by the pairing signal;
denoising all records in the set time period to obtain candidate RSS information;
and decomposing the candidate RSS information according to a DWT wavelet decomposition method to screen out data meeting the set requirement, performing wavelet reconstruction on the data meeting the set requirement to recover the RSS information, and determining the recovered RSS information as the second RSS information.
Optionally, the determining, by the second processing unit, whether the second RSS information and the first RSS information collected by the internet of things device to be accessed to the target network in the set time period satisfy a similar condition includes:
receiving a first commitment value sent by the internet of things equipment, wherein the first commitment value is a commitment value determined by the internet of things equipment according to a configured first commitment scheme aiming at first RSS information collected in the set time period;
receiving first commitment content published by the Internet of things equipment; the first commitment content is used for determining a first commitment value, and at least comprises the following contents: first RSS information;
determining whether the first RSS information and the second RSS information meet a similar condition.
Optionally, the determining whether the first RSS information and the second RSS information satisfy a similar condition includes:
determining a first track according to the first RSS information, wherein track points on the first track are represented by a pairing signal RSS and a pairing signal sending time in the first RSS information;
determining a second track according to the second RSS information, wherein track points on the second track are represented by a pairing signal RSS and a pairing signal sending time in the second RSS information;
and determining whether the first RSS information and the second RSS information meet a similar condition according to the distance between the first track and the second track.
Optionally, the processing unit further determines a corresponding second commitment value for the second RSS information according to a configured second commitment scheme, and broadcasts the second commitment value in the internet of things; publishing a second commitment content, the second commitment content being content employed for determining the second commitment value, the second commitment content including at least: and the second RSS information is used for enabling the Internet of things equipment to determine whether the first RSS information and the second RSS information meet similar conditions or not according to the first RSS information and the second RSS information.
Optionally, the first characteristic parameter includes at least:
a pairing signal transmission frequency; the sending frequency of the pairing signal is determined according to the sending time of the pairing signal in the second RSS information;
random number seed; the random number seed at least comprises a target pairing signal sending time, wherein the main pairing device is interfered by manual disturbance when sending the pairing signal at the target pairing signal sending time.
Optionally, the verifying, by the sending unit, that the first session key generated by the internet of things device matches the second session key may include: decrypting ciphertext data from the Internet of things equipment by using the second session key, wherein the ciphertext data is obtained by encrypting the set data by using the first session key; and if the decryption is successful, verifying that the first session key generated by the Internet of things equipment is matched with the second session key.
Thus, the description of the structure of the apparatus shown in fig. 7 is completed.
Correspondingly, the application also provides a hardware structure of the device shown in fig. 6 or fig. 7. Referring to fig. 8, the hardware structure may include: a processor and a machine-readable storage medium having stored thereon machine-executable instructions executable by the processor; the processor is configured to execute machine-executable instructions to implement the methods disclosed in the above examples of the present application.
Based on the same application concept as the method, embodiments of the present application further provide a machine-readable storage medium, where several computer instructions are stored, and when the computer instructions are executed by a processor, the method disclosed in the above example of the present application can be implemented.
The machine-readable storage medium may be, for example, any electronic, magnetic, optical, or other physical storage device that can contain or store information such as executable instructions, data, and the like. For example, the machine-readable storage medium may be: a RAM (random Access Memory), a volatile Memory, a non-volatile Memory, a flash Memory, a storage drive (e.g., a hard drive), a solid state drive, any type of storage disk (e.g., an optical disk, a dvd, etc.), or similar storage medium, or a combination thereof.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. A typical implementation device is a computer, which may take the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email messaging device, game console, tablet computer, wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functionality of the units may be implemented in one or more software and/or hardware when implementing the present application.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Furthermore, these computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement or the like made within the spirit and principle of the present application shall be included in the scope of the claims of the present application.
Claims (10)
1. An edge device intelligent authentication method based on artificial disturbance is applied to an Internet of things device to be accessed to a target network, wherein the target network further comprises a main pairing device used for managing access of the target network and an assistant device successfully accessed to the target network, and the method comprises the following steps:
collecting first Received Signal Strength (RSS) information within a set time period; the first RSS information at least comprises a corresponding relation between the RSS of the pairing signal and the sending time of the pairing signal; the pairing signal RSS is the RSS of the Internet of things device which receives the pairing signal sent by the main pairing device, and the pairing signal sending time is the time of the main pairing device sending the pairing signal; at least one pairing signal sent by the master pairing device is sent under manual disturbance;
if the first RSS information and second RSS information collected by the assistant device in the set time period are found to meet similar conditions, determining a first characteristic parameter for generating a session key from the first RSS information, wherein the first characteristic parameter is related to the sending time of a pairing signal in the first RSS information, and generating a first session key by using the first characteristic parameter;
and acquiring encrypted information, wherein the encrypted information is acquired by encrypting network access information for accessing the target network, the encrypted information is decrypted by using the first session key to acquire the network access information, and the network access information is used for accessing the target network.
2. The method of claim 1, wherein collecting RSS information for a first received signal strength within a set time period comprises:
when a pairing signal sent by the main pairing equipment is received in the set time period, recording a pairing signal RSS when the pairing signal is currently received and the sending time of the pairing signal carried by the pairing signal;
denoising all records in the set time period to obtain candidate RSS information;
and decomposing the candidate RSS information according to a DWT wavelet decomposition method to screen out data meeting the set requirement, performing wavelet reconstruction on the data meeting the set requirement to recover the RSS information, and determining the recovered RSS information as the first RSS information.
3. The method of claim 1, wherein whether the first RSS information and the second RSS information collected by the helper device within the set time period satisfy a similar condition is determined by:
receiving a second commitment value sent by the helper device, wherein the second commitment value is a commitment value determined by the helper device according to a configured second commitment scheme for second RSS information collected within the set time period;
receiving second commitment content published by the helper device; the second commitment content is used for determining a second commitment value, and at least comprises the following contents: second RSS information;
determining whether the first RSS information and the second RSS information meet a similar condition.
4. The method of claim 3, wherein determining whether the first RSS information and the second RSS information satisfy a similar condition comprises:
determining a first track according to the first RSS information, wherein track points on the first track are represented by a pairing signal RSS and a pairing signal sending time in the first RSS information;
determining a second track according to the second RSS information, wherein track points on the second track are represented by a pairing signal RSS and a pairing signal sending time in the second RSS information;
and determining whether the first RSS information and the second RSS information meet a similar condition according to the distance between the first track and the second track.
5. The method of claim 1, further comprising:
determining a corresponding first commitment value aiming at the first RSS information according to a configured first commitment scheme, and broadcasting the first commitment value in the Internet of things;
publishing a first commitment content, the first commitment content being content employed for determining the first commitment value, the publishing including at least: first RSS information; to cause the helper device to determine whether the first RSS information and the second RSS information satisfy a similar condition.
6. The method according to claim 1, characterized in that said first characteristic parameters comprise at least:
a pairing signal transmission frequency; the pairing signal sending frequency is determined according to the pairing signal sending time in the first RSS information;
random number seed; the random number seed at least comprises a target pairing signal sending time, wherein the main pairing device is interfered by manual disturbance when sending the pairing signal at the target pairing signal sending time.
7. The method of claim 1, wherein after generating the first session key using the first characteristic parameter and before obtaining the encryption information, the method further comprises:
encrypting the set data by using the first session key to obtain ciphertext data;
sending the ciphertext data to the assistant device, so that the assistant device sends the encryption information to the internet of things device after successfully decrypting the ciphertext data by using a second session key; wherein the helper device generates the second session key using the second feature parameters for generating the session key determined from the second RSS information.
8. An edge device intelligent authentication method based on artificial disturbance is applied to an assistant device which has successfully accessed to a target network, wherein the target network also has a primary pairing device for managing access in the target network, and the method comprises the following steps:
collecting second Received Signal Strength (RSS) information within a set time period; the second RSS information at least includes a correspondence between the pairing signal RSS and the pairing signal transmission time; the pairing signal RSS is the RSS of the Internet of things device which receives the pairing signal sent by the main pairing device, and the sending time of the pairing signal is the time of the main pairing device sending the pairing signal; at least one pairing signal transmitted by the main pairing device is transmitted under artificial disturbance interference;
if the second RSS information and first RSS information collected by the Internet of things equipment to be accessed to the target network in the set time period are found to meet similar conditions, determining second characteristic parameters for generating a session key from the second RSS information, wherein the second characteristic parameters are related to the sending time of a pairing signal in the second RSS information, and generating a second session key by using the second characteristic parameters;
if the first session key generated by the IOT equipment is verified to be matched with the second session key,
and sending encryption information to the Internet of things equipment so that the Internet of things equipment decrypts the encryption information by using the first session key to obtain the network access information and accesses the target network by using the network access information, wherein the encryption information is obtained by encrypting the network access information for accessing the target network.
9. An edge device intelligent authentication system based on artificial disturbance, which is characterized by comprising: the device comprises an Internet of things device to be accessed into a target network, a main pairing device used for managing access in the target network and an assistant device successfully accessed into the target network in the target network;
the main pairing device is used for sending pairing signals, the pairing signals carry sending time of the main pairing device for sending the pairing signals, and at least one pairing signal is sent under manual disturbance;
the internet of things device performing according to the method steps as claimed in any one of claims 1 to 7;
the helper device performs according to the method steps as in claim 8.
10. An electronic device, comprising: a processor and a machine-readable storage medium;
the machine-readable storage medium stores machine-executable instructions executable by the processor;
the processor is configured to execute machine executable instructions to perform the method steps of any of claims 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210437372.5A CN114584304B (en) | 2022-04-25 | 2022-04-25 | Edge equipment intelligent authentication method, system and equipment based on artificial disturbance |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210437372.5A CN114584304B (en) | 2022-04-25 | 2022-04-25 | Edge equipment intelligent authentication method, system and equipment based on artificial disturbance |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114584304A true CN114584304A (en) | 2022-06-03 |
| CN114584304B CN114584304B (en) | 2022-08-16 |
Family
ID=81778936
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210437372.5A Active CN114584304B (en) | 2022-04-25 | 2022-04-25 | Edge equipment intelligent authentication method, system and equipment based on artificial disturbance |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114584304B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105162772A (en) * | 2015-08-04 | 2015-12-16 | 三星电子(中国)研发中心 | IoT equipment authentication and key agreement method and device |
| US20160366586A1 (en) * | 2015-06-09 | 2016-12-15 | At&T Intellectual Property I, Lp | Signal fingerprinting for authentication of communicating devices |
| US20190342104A1 (en) * | 2018-05-01 | 2019-11-07 | Analog Devices, Inc. | Device authentication based on analog characteristics without error correction |
| CN111835752A (en) * | 2020-07-09 | 2020-10-27 | 国网山西省电力公司信息通信分公司 | Lightweight authentication method based on equipment identity and gateway |
| CN112399345A (en) * | 2020-10-29 | 2021-02-23 | 四川长虹网络科技有限责任公司 | Network access method and device based on location encryption and readable storage medium |
| US20210203433A1 (en) * | 2017-12-31 | 2021-07-01 | Istanbul Medipol Universitesi | Automatic repeat-request system for providing absolute safety and authentication in wireless networks |
| WO2021191905A2 (en) * | 2020-03-24 | 2021-09-30 | Veev Group, Inc. | System, method and computer program product which uses biometrics as a feedback for home control monitoring to enhance wellbeing |
-
2022
- 2022-04-25 CN CN202210437372.5A patent/CN114584304B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160366586A1 (en) * | 2015-06-09 | 2016-12-15 | At&T Intellectual Property I, Lp | Signal fingerprinting for authentication of communicating devices |
| CN105162772A (en) * | 2015-08-04 | 2015-12-16 | 三星电子(中国)研发中心 | IoT equipment authentication and key agreement method and device |
| US20210203433A1 (en) * | 2017-12-31 | 2021-07-01 | Istanbul Medipol Universitesi | Automatic repeat-request system for providing absolute safety and authentication in wireless networks |
| US20190342104A1 (en) * | 2018-05-01 | 2019-11-07 | Analog Devices, Inc. | Device authentication based on analog characteristics without error correction |
| WO2021191905A2 (en) * | 2020-03-24 | 2021-09-30 | Veev Group, Inc. | System, method and computer program product which uses biometrics as a feedback for home control monitoring to enhance wellbeing |
| CN111835752A (en) * | 2020-07-09 | 2020-10-27 | 国网山西省电力公司信息通信分公司 | Lightweight authentication method based on equipment identity and gateway |
| CN112399345A (en) * | 2020-10-29 | 2021-02-23 | 四川长虹网络科技有限责任公司 | Network access method and device based on location encryption and readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114584304B (en) | 2022-08-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108810895B (en) | Wireless Mesh network identity authentication method based on block chain | |
| Margelis et al. | Low throughput networks for the IoT: Lessons learned from industrial implementations | |
| US9571464B2 (en) | Network-enabled device provisioning | |
| CN108241517B (en) | Software upgrading method, client and electronic equipment | |
| CN112019541B (en) | Data transmission method and device, computer equipment and storage medium | |
| CN106922217A (en) | Method and node in cordless communication network | |
| CN110933484A (en) | Management method and device of wireless screen projection equipment | |
| CN111064572B (en) | Data communication method and device | |
| Li et al. | A secure sign-on protocol for smart homes over named data networking | |
| Lacava et al. | Securing Bluetooth Low Energy networking: An overview of security procedures and threats | |
| CN105024807A (en) | Data processing method and system | |
| CN108549824A (en) | A kind of data desensitization method and device | |
| Hu et al. | Tangible security: Survey of methods supporting secure ad-hoc connects of edge devices with physical context | |
| Wang et al. | Physical layer authentication based on nonlinear kalman filter for v2x communication | |
| Ludant et al. | From 5g sniffing to harvesting leakages of privacy-preserving messengers | |
| CN114223233A (en) | Data security for network slice management | |
| Hessel et al. | Lorawan security: An evolvable survey on vulnerabilities, attacks and their systematic mitigation | |
| CN114584304B (en) | Edge equipment intelligent authentication method, system and equipment based on artificial disturbance | |
| CN111132155B (en) | 5G secure communication method, device and storage medium | |
| CN113434474A (en) | Flow auditing method, equipment and storage medium based on federal learning | |
| CN108055356A (en) | A kind of information processing method, server, client and readable storage medium storing program for executing | |
| CN109120621B (en) | Data processor | |
| CN111200599A (en) | Access authentication method, device, equipment and readable storage medium | |
| Martínez de Lucena et al. | An analysis of the gateway integrity checking protocol from the perspective of intrusion detection systems | |
| KR101571377B1 (en) | System and method for beacon data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |