CN114679268B - Method for mutual authentication and key agreement between unmanned aerial vehicles and storable medium - Google Patents
Method for mutual authentication and key agreement between unmanned aerial vehicles and storable medium Download PDFInfo
- Publication number
- CN114679268B CN114679268B CN202210319290.0A CN202210319290A CN114679268B CN 114679268 B CN114679268 B CN 114679268B CN 202210319290 A CN202210319290 A CN 202210319290A CN 114679268 B CN114679268 B CN 114679268B
- Authority
- CN
- China
- Prior art keywords
- unmanned aerial
- point
- aerial vehicle
- ground station
- hash value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
- H04L9/3278—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response using physically unclonable functions [PUF]
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Algebra (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Mathematical Physics (AREA)
- Pure & Applied Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Mobile Radio Communication Systems (AREA)
- Traffic Control Systems (AREA)
Abstract
The invention provides a method for mutual authentication and key negotiation between unmanned aerial vehicles, which comprises the following steps: s1, a ground station generates a system public parameter and a private key thereof; s2, registering the unmanned aerial vehicles on the ground station, and generating authentication information for each unmanned aerial vehicle by the ground station according to the public parameters and the private key of the unmanned aerial vehicles; s3, the unmanned aerial vehicle and the unmanned aerial vehicle perform mutual authentication and negotiate a session key. The authentication and key negotiation method between unmanned aerial vehicles provided by the embodiment of the invention comprises the unmanned aerial vehicles and a ground station: the ground station is a system capable of providing registration service for the unmanned aerial vehicle and generating parameters required by authentication, and the embodiment of the invention realizes mutual authentication and key negotiation between the unmanned aerial vehicle and the unmanned aerial vehicle, and ensures future secure communication of the unmanned aerial vehicle and the unmanned aerial vehicle. In addition, a Physical Unclonable Function (PUF) is embedded in the unmanned aerial vehicle, so that the security of authentication information stored by the unmanned aerial vehicle is ensured.
Description
Technical Field
The present invention relates to the field of information security technologies, and in particular, to a method, a computing device, and a storable medium for performing mutual authentication and key agreement between multiple unmanned aerial vehicles.
Background
Unmanned aerial vehicle is as unmanned miniature aircraft, utilizes radio remote control technique and embedded unmanned aerial vehicle's controlling means to operate unmanned aerial vehicle, and it is widely used in remote sensing survey and drawing, express delivery transportation, pipeline inspection, environmental detection and military reconnaissance etc. fields.
With the development of unmanned aerial vehicle technology, the cooperative completion of specified tasks among unmanned aerial vehicles has become a reality. And the unmanned aerial vehicles are combined according to a certain scale and structure, and a cooperative effect is generated through information sharing among the unmanned aerial vehicles so as to realize intelligent cooperative execution tasks. The mode of cooperation among unmanned aerial vehicles is widely applied in various fields, such as disaster relief, and when the unmanned aerial vehicles perform search and rescue work in mountain areas, the communication signals can be shielded due to complex and changeable environments of the areas. Adopt unmanned aerial vehicle cooperation mode, different unmanned aerial vehicles can each other be communication relay, carry out data sharing, can effectively avoid the communication that appears to shelter from the problem to promote search and rescue efficiency.
The mode of unmanned aerial vehicle collaboration provides many benefits for production and life, but presents some safety issues. Since communications between drones are made over a common channel, an attacker can eavesdrop on the communications within the network, tamper with the information, or forge spurious information to inject into the communications. Therefore, ensuring secure communication between unmanned aerial vehicles is an aspect of research that needs to be considered, namely how identity authentication and key agreement are performed between unmanned aerial vehicles. Finally, considering that the unmanned aerial vehicle is easy to be attacked by physical capture, how to ensure that the unmanned aerial vehicle has no influence on the security of an authentication scheme after being captured and stealing internal data is also a problem that needs to be studied in depth.
Disclosure of Invention
In view of the above, the embodiment of the invention provides a method for mutual authentication and key negotiation between unmanned aerial vehicles, wherein the unmanned aerial vehicles perform mutual authentication and session key negotiation between the unmanned aerial vehicles, so as to ensure the security and efficiency of the cooperation of the unmanned aerial vehicles; meanwhile, under the condition that an attacker captures the unmanned aerial vehicle and steals internal data, the security of authentication and key negotiation is not affected.
In order to achieve the above object, an embodiment of the present invention provides a method for authentication and key agreement between unmanned aerial vehicles, the method including:
s1, a ground station generates a system public parameter and a private key thereof;
s2, registering the unmanned aerial vehicles on the ground station, and generating authentication information for each unmanned aerial vehicle by the ground station according to the public parameters and the private key of the unmanned aerial vehicles;
s3, the unmanned aerial vehicle and the unmanned aerial vehicle perform mutual authentication and negotiate a session key.
In another aspect, an embodiment of the present invention further provides a computer readable storage medium, where at least one instruction, at least one section of program, a code set, or an instruction set is stored, where the at least one instruction, the at least one section of program, the code set, or the instruction set is loaded and executed by a processor to implement the authentication and key negotiation method between unmanned aerial vehicles as described above.
In yet another aspect, in another aspect, an embodiment of the present invention further provides a computing device, where the computing device includes a processor and a memory, where the memory stores at least one instruction, at least one program, a code set, or an instruction set, and the at least one instruction, the at least one program, the code set, or the instruction set is loaded and executed by the processor to implement the method for authentication and key negotiation between unmanned aerial vehicles as described above.
The authentication and key negotiation method between unmanned aerial vehicles provided by the embodiment of the invention comprises the unmanned aerial vehicles and a ground station: the unmanned aerial vehicle is an unmanned aerial vehicle for executing corresponding tasks; the ground station refers to a system capable of providing registration service and generating parameters required by authentication for the unmanned aerial vehicle, and an elliptic curve, a base point, two hash functions, a ground station public key and a pseudonym are required to be used as common parameters. The embodiment of the invention realizes mutual authentication and key negotiation between the unmanned aerial vehicle and the unmanned aerial vehicle, and ensures future safety communication of the unmanned aerial vehicle and the unmanned aerial vehicle. In addition, a Physical Unclonable Function (PUF) is embedded in the unmanned aerial vehicle, so that the security of authentication information stored by the unmanned aerial vehicle is ensured.
Drawings
Specific embodiments of the present invention will be described below by way of example with reference to the accompanying drawings.
Fig. 1 is a flowchart of unmanned aerial vehicle registration according to an embodiment of the present invention;
fig. 2 is a flowchart of authentication between unmanned aerial vehicles according to an embodiment of the present invention;
fig. 3 is a new unmanned aerial vehicle adding flow chart according to the embodiment of the invention;
fig. 4 is a block diagram of a computing device according to an embodiment of the present invention.
Detailed Description
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the following description will explain the specific embodiments of the present invention with reference to the accompanying drawings. It is evident that the drawings in the following description are only examples of the invention, from which other drawings and other embodiments can be obtained by a person skilled in the art without inventive effort. For simplicity of the drawing, only the parts relevant to the present invention are schematically shown in each drawing, and they do not represent the actual structure thereof as a product.
In order to solve the technical problems of the embodiments of the present invention, the embodiments of the present invention provide the following technical solutions:
an authentication and key agreement method between unmanned aerial vehicles comprises the following steps:
s1, a ground station generates a system public parameter and a private key thereof;
s2, registering the unmanned aerial vehicles on the ground station, and generating authentication information for each unmanned aerial vehicle by the ground station according to the public parameters and the private key of the unmanned aerial vehicles;
s3, the unmanned aerial vehicle and the unmanned aerial vehicle perform mutual authentication and negotiate a session key.
Preferably, the step S1 includes the steps of:
s1.1: let GF (q) be a finite field, where q is a large prime number representing the size of GF (q), the ground station selects elliptic curve E over GF (q) q (a,b):y 2 =x 3 +ax+b (mod q), where (a, b) ∈GF (p), U is E q A base point on (a, b);
s1.2: the ground station selects a first random numberAs a self-private key, wherein,
performing point multiplication operation on the private key s and the base point U to obtain a public key P of the ground station pub ;
I.e. calculate P pub =s·U;
S1.3: the ground station selects its pseudonym SID and two hash functions h 1 (. Cndot.) and h 2 (. Cndot.) wherein h 1 (. Cndot.) mapping arbitrary length strings to an integer, h 2 (. Cndot.) mapping a string of arbitrary length into a string of fixed length;
s1.4: the ground station stores the private key s and discloses the elliptic curve E q (a, b), big prime q, base point U, ground station public key P pub Ground station pseudonym SID and two hash functions h 1 (. Cndot.) and h 2 (·)。
As shown in fig. 1, preferably, the step S2 includes the steps of:
s2.1: assuming a total of n unmanned aerial vehicles, the ground station selects a second random number for each unmanned aerial vehicleThe random number d i Performing point multiplication operation with the elliptic curve base point U to obtainWherein->And->Respectively point D i Is the abscissa and ordinate of (2);
i.e. calculation
S2.2: the ground station transmits the self-pseudonym SID and the point D i Is the abscissa of (2)After merging, utilizing the hash function h 1 (. Cndot.) generating a first hash value, the product of the first hash value and the ground station private key s plus the second random number d i The obtained result is then subjected to a model q to obtainF i . Ground station will point D i And F i Sending the data to a corresponding unmanned aerial vehicle through a safety channel;
i.e. calculation
S2.3: unmanned aerial vehicle receives D i And F i After that, select a challenge C i The challenge is the input of the PUF embedded in the drone, outputting the corresponding response R i =PUF i (C i );
S2.4: response R of unmanned aerial vehicle by said PUF i And the received point D i Is the ordinate of (2)After merging, utilizing the hash function h 2 (-) generated second hash value and received F i Exclusive OR to obtain G i . Then the unmanned aerial vehicle will authenticate the information point D i 、G i And C i Is stored in the memory of the computer,
i.e. calculation
As shown in fig. 2, preferably, the step S3 includes the steps of:
s3.1: challenge C stored in internal memory by unmanned plane alpha (alpha is more than or equal to 1 and less than or equal to n) α As input to the PUF, the PUF outputs a corresponding response R α =PUF α (C α ) And then output response R α And point D stored in memory α Is the ordinate of (2)After merging, utilizing the hash function h 2 (. Cndot.) generating a third hash value, G stored in memory α Exclusive-or with the third hash value to obtain F α ;
I.e. calculation
S3.2: the unmanned plane alpha generates a third random numberThe random number k α Performing point multiplication operation with the elliptic curve base point U to obtain +.>Wherein->And->Respectively is the point K α And the abscissa and ordinate of (c). Unmanned aerial vehicle α then subjects the F α Adding a third random number k α The added result is modulo q to obtain J α ;
I.e. calculationAnd J α =F α +k α mod q;
S3.3: point D stored in memory of unmanned aerial vehicle alpha α Said point K α And J α Sending the information to the unmanned plane beta (beta is more than or equal to 1 and less than or equal to n, alpha is not equal to beta) through a public channel;
s3.4: after receiving the information, the unmanned plane beta receives J α Performing point multiplication operation with the elliptic curve base point U to obtain Z α1 Reuse of the received point D and the pseudonym SID by the ground station α Is the abscissa of (2)After merging, utilizing the hash function h 1 (-) -generated fourth hash value with said ground station public key P pub Performing dot product operation to obtain Z α2 Then the received point D α Calculated Z α2 And received K α Adding, and obtaining Z by the added result modulo q α3 Will Z α1 And Z is α3 Comparing, i.e
If the two are equal, the unmanned plane alpha passes the authentication of the unmanned plane beta, and the step S3.5 is continued, otherwise, the authentication is terminated;
s3.5: challenge C that drone β will store in memory β Input into the PUF, the PUF outputs a corresponding response R β =PUF β (C β ) And then output response R β And point D stored in memory β Is the ordinate of (2)After merging, utilizing the hash function h 2 (. Cndot.) generating a fifth hash value, G stored in memory β Exclusive-or with the fifth hash value to obtain F β ;;
I.e. calculation
S3.6: unmanned aerial vehicle beta generates fourth random numberThe random number k β Performing point multiplication operation with the elliptic curve base point U to obtain +.>Wherein point K β Is +.about.L and +.about.L respectively>And->Unmanned plane beta then subjects the F β And a fourth random number k β The added result is modulo q to obtain J β Reuse by the->And->After merging, utilizing the hash function h 2 (. Cndot.) generated sixth hash value and calculated J β Obtaining L by exclusive OR;
i.e. calculationJ β =F β +k β mod q and
s3.7: point D stored in memory of unmanned aerial vehicle beta β Said point K β And L is sent to the unmanned plane alpha through a public channel;
s3.8: after receiving the information, the unmanned aerial vehicle alpha sends the information to the unmanned aerial vehicleAnd the received point D β Is +.>After merging, utilizing the hash function h 2 (. Cndot.) generating a seventh hash value, and xoring the received L with the seventh hash value to obtain J β ,
I.e. calculation
Will J β Performing point multiplication operation with the elliptic curve base point U to obtain Z β1 Reuse of the received point D and the pseudonym SID by the ground station β Is the abscissa of (2)After merging, utilizing the hash function h 1 (-) -generated eighth hash value with said ground station public key P pub Performing dot product operation to obtain Z β2 Then the received pointD β Calculated Z β2 And received K β The added result is modulo q to obtain Z β3 Will Z β1 And Z is β3 Comparison is performed, namely:
if the two are equal, the unmanned plane beta passes the authentication of the unmanned plane alpha, and the step S3.9 is continued, otherwise, the authentication session is terminated;
s3.9: the unmanned aerial vehicle alpha uses the third random number k α And point K β Performing dot product operation to obtain V= (V) x ,V y ) Wherein V is x And V y Respectively the abscissa and the ordinate of the point V, and then calculating the obtained V x 、V y Said point D α Is the ordinate of (2)Sum point D β Is +.>After merging, utilizing the hash function h 2 (. Cndot.) generating a ninth hash value SK, using the ninth hash value as the negotiated first session key, and then using the ninth hash value SK, said +.>And->After merging, utilizing the hash function h 2 (. Cndot.) generating a tenth hash value W;
i.e. calculate v=k α ·K β =(V x ,V y )、And
s3.10: the unmanned aerial vehicle alpha sends the tenth hash value W to the unmanned aerial vehicle beta through a public channel;
s3.11: after receiving the information, the unmanned plane beta receives the fourth random number k β And point K α Performing dot product operation to obtain V= (V) x ,V y ) And then V is calculated x 、V y Said point D α Is the ordinate of (2)Sum point D β Is +.>After merging, utilizing the hash function h 2 (. Cndot.) generating an eleventh hash value SK;
i.e. calculate v=k β ·K α =(V x ,V y ) And
s3.12: the unmanned plane beta compares whether the received tenth hash value W is equal to the value SK,And->After merging, utilizing the hash function h 2 (. Cndot.) generated twelfth hash valueIf the two are not equal, the session is terminated, otherwise, the eleventh hash value SK is used as a negotiated second session key, and then the unmanned aerial vehicle alpha and the unmanned aerial vehicle beta use the session key SK to communicate, so that authentication and key negotiation are finished.
As shown in fig. 3, the method further includes a new unmanned aerial vehicle, specifically including the following steps:
s4.1: the ground station selects a fifth random number for a pre-registered new droneThe fifth random number +.>Performing point multiplication operation with the elliptic curve base point U to obtain +.>Wherein->And->Are respectively the points->Is the abscissa and ordinate of (2);
i.e. calculation
S4.2: the ground station adds the self-pseudonym SID and the pointIs +.>After merging, utilizing the hash function h 1 (. Cndot.) generating a thirteenth hash value, the product of the thirteenth hash value and the ground station private key s plus the fifth random number +.>The obtained result is then modulo q to obtain F i new Ground station, point->And F i new Sending the information to a new unmanned aerial vehicle through a safety channel;
i.e. calculation
S4.3: after receiving the information, the new unmanned aerial vehicle selects a challengeAs input to the PUF embedded in the drone, the PUF outputs the corresponding response +.>
S4.4: response by the PUF for a new droneAnd received dot->Is +.>After merging, utilizing the hash function h 2 (. Cndot.) generated fourteenth hash value with received F i new Exclusive or get->Then the unmanned aerial vehicle will authenticate the information point +.>And->Is stored in the memory of the computer,
i.e. calculation
Referring to FIG. 4, a schematic diagram of a computing device 1500 according to one embodiment of the present application is shown. The computing device 1500 may be used to implement the method of mutual authentication and key agreement between drones provided in the embodiments described above.
Specifically, the present invention relates to a method for manufacturing a semiconductor device.
The computing device 1500 includes a Central Processing Unit (CPU) 1501, a system memory 1504 including a Random Access Memory (RAM) 1502 and a Read Only Memory (ROM) 1503, and a system bus 1505 connecting the system memory 1504 and the central processing unit 1501. The computing device 1500 also includes a basic input/output system (I/O system) 1506, and a mass storage device 1507 for storing an operating system 1513, application programs 1514, and other program modules 1515, which facilitate the transfer of information between the various devices within the computer.
The basic input/output system 1506 includes a display 1508 for displaying information and an input device 1509, such as a mouse, keyboard, etc., for the user to input information. Wherein the display 1508 and the input device 1509 are both connected to the central processing unit 1501 via an input-output controller 1510 connected to the system bus 1505. The basic input/output system 1506 may also include an input/output controller 1510 for receiving and processing input from a number of other devices, such as a keyboard, mouse, or electronic stylus. Similarly, the input output controller 1510 also provides output to a display screen, a printer, or other type of output device.
The mass storage device 1507 is connected to the central processing unit 1501 via a mass storage controller (not shown) connected to the system bus 1505. The mass storage device 1507 and its associated computer-readable media provide non-volatile storage for the computing device 1500. That is, the mass storage device 1507 may include a computer-readable medium (not shown) such as a hard disk or CD-ROM drive.
The computer readable medium may include computer storage media and communication media without loss of generality. Computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data. Computer storage media includes RAM, ROM, EPROM, EEPROM, flash memory or other solid state memory technology, CD-ROM, DVD or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices.
Of course, those skilled in the art will recognize that the computer storage medium is not limited to the one described above. The system memory 1504 and mass storage device 1507 described above may be collectively referred to as memory.
According to various embodiments of the application, the computing device 1500 may also be operated by a remote computer connected to the network through a network, such as the Internet. That is, the computing device 1500 may be connected to the network 1512 via a network interface unit 1511 coupled to the system bus 1505, or alternatively, the network interface unit 1511 may be used to connect to other types of networks or remote computer systems (not shown).
The memory also includes one or more programs stored in the memory and configured to be executed by the one or more processors. The one or more programs include means for implementing mutual authentication and key agreement between the drones.
In an exemplary embodiment, a computing device is also provided that includes a processor and a memory having at least one instruction, at least one program, set of codes, or set of instructions stored therein. The at least one instruction, at least one program, code set, or instruction set is configured to be executed by the processor to implement the method of mutual authentication and key agreement between drones described above.
In an exemplary embodiment, there is also provided a computer readable storage medium having stored therein at least one instruction, at least one program, a set of codes or a set of instructions, which when executed by a processor of a terminal, implement the method of mutual authentication and key agreement between drones of the above embodiments. Alternatively, the above-mentioned computer-readable storage medium may be a ROM (Read-Only Memory), a RAM (Random Access Memory ), a CD-ROM (Compact Disc Read-Only Memory), a magnetic tape, a floppy disk, an optical data storage device, or the like.
In an exemplary embodiment, a computer program product is also provided, which, when executed, is adapted to carry out the above-described method of mutual authentication and key agreement between drones.
Two or more "and/or", describing the association relationship of the association object, means that there may be three relationships, for example, a and/or B, may represent: a exists alone, A and B exist together, and B exists alone. The character "/" generally indicates that the context-dependent object is an "or" relationship.
In addition, the step numbers described herein are merely exemplary of one possible execution sequence among steps, and in some other embodiments, the steps may be executed out of the order of numbers, such as two differently numbered steps being executed simultaneously, or two differently numbered steps being executed in an order opposite to that shown, which is not limited by the embodiments of the present application.
The foregoing description of the exemplary embodiments of the present application is not intended to limit the invention to the particular embodiments disclosed, but on the contrary, the intention is to cover all modifications, equivalents, alternatives, and alternatives falling within the spirit and scope of the invention.
The foregoing is only a partial embodiment of the present invention, and it should be noted that it will be apparent to those skilled in the art that modifications and adaptations can be made without departing from the principles of the present invention, and such modifications and adaptations are intended to be comprehended within the scope of the present invention.
Claims (6)
1. An authentication and key agreement method between unmanned aerial vehicles, characterized in that the method comprises the following steps:
s1, ground station generationThe system public parameters and the private key thereof specifically comprise: s1.1, setting GF (q) as a finite field, wherein q is a large prime number representing the size of GF (q), and the ground station selects an elliptic curve E over GF (q) q (a,b):y 2 =x 3 +ax+b (mod q), where (a, b) ∈GF (p), U is E q A base point on (a, b);
s1.2, the ground station selects a first random numberAs a self-private key, wherein,
performing point multiplication operation on the private key s and the base point U to obtain a public key P of the ground station pub I.e. P pub =s·U;
S1.3, the ground station selects the pseudonym SID of the ground station and two hash functions h 1 (. Cndot.) and h 2 (. Cndot.) wherein h 1 (. Cndot.) mapping arbitrary length strings to an integer, h 2 (. Cndot.) mapping a string of arbitrary length into a string of fixed length;
s1.4: the ground station stores the private key s and discloses the elliptic curve E q (a, b), big prime q, base point U, ground station public key P pub Ground station pseudonym SID and two hash functions h 1 (. Cndot.) and h 2 (·);
S2, registering the unmanned aerial vehicles on the ground station, and generating authentication information for each unmanned aerial vehicle by the ground station according to the public parameters and the private key of the unmanned aerial vehicles;
s3, the unmanned aerial vehicle and the unmanned aerial vehicle perform mutual authentication and negotiate a session key.
2. The authentication and key agreement method between unmanned aerial vehicles according to claim 1, wherein S2 comprises the steps of:
s2.1, assuming that n unmanned aerial vehicles are in total, the ground station selects a second random number for each unmanned aerial vehicleThe random number d i Performing point multiplication operation with the elliptic curve base point U to obtain +.>Wherein->And->Respectively point D i Is the abscissa and ordinate of (2), i.e. +.>
S2.2 the ground station adds its own pseudonym SID and point D i Is the abscissa of (2)After merging, utilizing the hash function h 1 (. Cndot.) generating a first hash value, the product of the first hash value and the ground station private key s plus the second random number d i The obtained result is then modulo q to obtain F i The ground station will point D i And F i Is sent to the corresponding unmanned aerial vehicle through a safety channel, namely
S2.3, the unmanned aerial vehicle receives D i And F i After that, select a challenge C i The challenge is the input of the PUF embedded in the drone, outputting the corresponding response R i =PUF i (C i );
S2.4, response R of unmanned aerial vehicle by the PUF i And the received point D i Is the ordinate of (2)After merging, utilizing the hash function h 2 (-) generated second hash value and received F i Exclusive OR to obtain G i Unmanned aerial vehicle will authenticate information point D i 、G i And C i Stored in memory, i.e.)>
3. The method for authentication and key agreement between unmanned aerial vehicles according to claim 2, wherein S3 comprises the steps of:
s3.1, challenge C stored in internal memory by unmanned plane alpha (alpha is more than or equal to 1 and less than or equal to n) α As input to the PUF, the PUF outputs a corresponding response R α =PUF α (C α ) And then output response R α And point D stored in memory α Is the ordinate of (2)After merging, utilizing the hash function h 2 (. Cndot.) generating a third hash value, G stored in memory α Exclusive-or with the third hash value to obtain F α I.e.
S3.2, generating a third random number by the unmanned aerial vehicle alphaThe third random number k α Performing point multiplication operation with the elliptic curve base point U to obtain +.>Wherein->And->Respectively is the point K α Is the unmanned plane alpha to re-divide the F α Adding a third random number k α The added result is modulo q to obtain J α I.e. +.>And J α =(F α +k α )mod q;
S3.3, point D stored in memory by unmanned plane alpha α Said point K α And J α Sending the information to the unmanned plane beta (beta is more than or equal to 1 and less than or equal to n, alpha is not equal to beta) through a public channel;
s3.4, after the unmanned aerial vehicle beta receives the information sent by the unmanned aerial vehicle alpha, the received J α Performing point multiplication operation with the elliptic curve base point U to obtain Z α1 Then the pseudonym SID of the ground station and the received point D α Is the abscissa of (2)After merging, utilizing the hash function h 1 (-) generated fourth hash value and ground station public key P pub Performing dot product operation to obtain Z α2 Then the received point D α Calculated Z α2 And received K α Adding, and obtaining Z by the added result modulo q α3 Will Z α1 And Z is α3 Comparing, i.e. comparing J α U andif the two are equal, the unmanned plane alpha passes the authentication of the unmanned plane beta, and the step S3.5 is continued, otherwise, the authentication is terminated;
s3.5 challenge C for storing unmanned plane beta in memory β Input into the PUF, the PUF outputs a corresponding response R β =PUF β (C β ) And then output response R β And point D stored in memory β Is the ordinate of (2)After merging, utilizing the hash function h 2 (. Cndot.) generating a fifth hash value, G stored in memory β Exclusive-or with the fifth hash value to obtain F β I.e.
S3.6, generating fourth random number by unmanned plane betaThe fourth random number k β Performing point multiplication operation with the elliptic curve base point U to obtain +.>Wherein point K β Is +.about.L and +.about.L respectively>And->Unmanned plane beta then subjects the F β And a fourth random number k β The added result is modulo q to obtain J β Reuse by the->And->After merging, utilizing the hash function h 2 (. Cndot.) generated sixth hash value and calculated J β Obtaining L by exclusive OR;
i.e.J β =(F β +k β ) mod q and
s3.7, point D stored in memory is processed by unmanned plane beta β Said point K β And L is sent to the unmanned plane alpha through a public channel;
s3.8, after receiving the information, the unmanned aerial vehicle alpha receives the informationAnd the received point D β Is +.>After merging, utilizing the hash function h 2 (. Cndot.) generating a seventh hash value, and xoring the received L with the seventh hash value to obtain J β I.e.
Will J β Performing point multiplication operation with the elliptic curve base point U to obtain Z β1 Reuse of the received point D and the pseudonym SID by the ground station β Is the abscissa of (2)After merging, utilizing the hash function h 1 (-) -generated eighth hash value with said ground station public key P pub Performing dot product operation to obtain Z β2 Then the received point D β Calculated Z β2 And received K β The added result is modulo q to obtain Z β3 Will Z β1 And Z is β3 Comparison is performed, namely:
comparative J β U and
if the two are equal, the unmanned plane beta passes the authentication of the unmanned plane alpha, and the step S3.9 is continued, otherwise, the authentication session is terminated;
s3.9, the unmanned plane alpha uses the third random number k α And point K β Performing dot product operation to obtain V= (V) x ,V y ) Wherein V is x And V y Respectively the abscissa and the ordinate of the point V, and then calculating the obtained V x 、V y Said point D α Is the ordinate of (2)Sum point D β Is the ordinate of (2)After merging, utilizing the hash function h 2 (. Cndot.) generating a ninth hash value SK, using the ninth hash value as the negotiated first session key, and then using the ninth hash value SK, said +.>And->After merging, utilizing the hash function h 2 (. Cndot.) generating a tenth hash value W;
i.e. calculate v=k α ·K β =(V x ,V y )、And
s3.10, the unmanned aerial vehicle alpha transmits the tenth hash value W to the unmanned aerial vehicle beta through a public channel;
s3.11, after receiving the information, the unmanned plane beta receives the fourth random number k β And point K α Performing dot product operation to obtain V= (V) x ,V y ) And then V is calculated x 、V y Said point D α Is the ordinate of (2)Sum point D β Is +.>After merging, utilizing the hash function h 2 (. Cndot.) generating an eleventh hash value SK;
i.e. calculate v=k β ·K α =(V x ,V y ) And
s3.12, comparing whether the received tenth hash value W is equal to the eleventh hash value SK by the unmanned aerial vehicle beta,And->After merging, utilizing the hash function h 2 (. Cndot.) generated twelfth hash valueIf the two are not equal, the key negotiation session is terminated, otherwise, the eleventh hash value SK is used as a negotiated second session key, and then the unmanned aerial vehicle alpha and the unmanned aerial vehicle beta communicate by using the second session key SK.
4. A method of authentication and key agreement between drones according to claim 3, further comprising:
s4.1, the ground station selects a fifth random number for a new pre-registered unmanned aerial vehicleThe fifth random numberPerforming point multiplication operation with the elliptic curve base point U to obtain +.>Wherein->And->Are respectively the points->Is defined by the abscissa and the ordinate of (c),
i.e.
S4.2, the ground station adds the self-pseudonym SID and the pointIs +.>After merging, utilizing the hash function h 1 (. Cndot.) generating a thirteenth hash value, the product of the thirteenth hash value and the ground station private key s plus the fifth random number +.>The obtained result is then modulo q to obtain F i new Ground station, point->And F i new Sending the information to a new unmanned aerial vehicle through a safety channel;
i.e. calculation
S4.3, after the new unmanned aerial vehicle receives the information, selecting a challengeAs input to the PUF embedded in the drone, the PUF outputs the corresponding response +.>
S4.4 response by the PUF for a new unmanned aerial vehicleAnd received dot->Is +.>After merging, utilizing the hash function h 2 (. Cndot.) generated fourteenth hash value with received F i new Exclusive or get->I.e.The unmanned aerial vehicle then sends the authentication information point +.>And->Stored in a memory.
5. A computing device comprising a processor and a memory having stored therein at least one instruction, at least one program, code set, or instruction set loaded and executed by the processor to implement the method of mutual authentication and key agreement between drones according to any one of claims 1 to 4.
6. A computer readable storage medium having stored therein at least one instruction, at least one program, code set, or instruction set loaded and executed by a processor to implement the method of mutual authentication and key agreement between drones according to any one of claims 1 to 4.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210319290.0A CN114679268B (en) | 2022-03-29 | 2022-03-29 | Method for mutual authentication and key agreement between unmanned aerial vehicles and storable medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210319290.0A CN114679268B (en) | 2022-03-29 | 2022-03-29 | Method for mutual authentication and key agreement between unmanned aerial vehicles and storable medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114679268A CN114679268A (en) | 2022-06-28 |
CN114679268B true CN114679268B (en) | 2023-07-21 |
Family
ID=82075913
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210319290.0A Active CN114679268B (en) | 2022-03-29 | 2022-03-29 | Method for mutual authentication and key agreement between unmanned aerial vehicles and storable medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114679268B (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115150828A (en) * | 2022-07-12 | 2022-10-04 | 西安电子科技大学 | Unmanned aerial vehicle identity authentication and key agreement method based on position password |
CN115314228B (en) * | 2022-10-10 | 2023-03-24 | 广东电网有限责任公司佛山供电局 | Unmanned aerial vehicle identity authentication method, device and system |
CN116528229B (en) * | 2023-07-03 | 2023-09-05 | 北京中科网芯科技有限公司 | 5G secure communication method and system thereof |
CN117892967A (en) * | 2024-01-18 | 2024-04-16 | 国网经济技术研究院有限公司 | Pumped storage power station inspection system based on space remote sensing |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109714167A (en) * | 2019-03-15 | 2019-05-03 | 北京邮电大学 | Authentication and cryptographic key negotiation method and equipment suitable for mobile application signature |
Family Cites Families (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9016565B2 (en) * | 2011-07-18 | 2015-04-28 | Dylan T X Zhou | Wearable personal digital device for facilitating mobile device payments and personal use |
US9875660B2 (en) * | 2016-03-28 | 2018-01-23 | Cisco Technology, Inc. | Multi-modal UAV certification |
CN107437993A (en) * | 2016-05-26 | 2017-12-05 | 中兴通讯股份有限公司 | One kind is based on without the side's authentication key agreement method of certificate two and device |
CN105913691B (en) * | 2016-06-06 | 2018-06-29 | 北京威胜通达科技有限公司 | A kind of method that service is declared in flying area |
CN106714166A (en) * | 2016-12-23 | 2017-05-24 | 成都赫尔墨斯科技有限公司 | Anti-UAV method based on user authentication |
EP3668126A4 (en) * | 2017-08-10 | 2021-01-20 | Beijing Xiaomi Mobile Software Co., Ltd. | Unmanned aerial vehicle access method and device |
CN108521401B (en) * | 2018-03-06 | 2020-05-12 | 西安电子科技大学 | Method for enhancing safety of MANET network of unmanned aerial vehicle |
CN108683641A (en) * | 2018-04-24 | 2018-10-19 | 广州亿航智能技术有限公司 | A kind of data communications method, device, unmanned plane and computer storage media |
CN108966174A (en) * | 2018-07-27 | 2018-12-07 | 长春草莓科技有限公司 | A kind of communication encryption method of unmanned plane and earth station |
US10798557B2 (en) * | 2018-12-20 | 2020-10-06 | The Johns Hopkins University | Space-based long term evolution (LTE) communications architecture |
CN110972132B (en) * | 2019-11-12 | 2023-07-18 | 江苏恒宝智能系统技术有限公司 | Unmanned aerial vehicle queue identity authentication method |
CN110855427B (en) * | 2019-11-18 | 2023-05-30 | 国网四川省电力公司电力科学研究院 | Unmanned aerial vehicle authentication method and system |
CN111628959B (en) * | 2019-11-20 | 2021-07-09 | 南京航空航天大学 | Large-scale unmanned aerial vehicle group security authentication mechanism based on random label |
CN113872761B (en) * | 2021-11-17 | 2023-07-07 | 湖北工业大学 | Batch authentication method for intelligent household equipment, computing equipment and storable medium |
CN114063651B (en) * | 2021-11-18 | 2023-07-04 | 湖北工业大学 | Method for mutual authentication between user and multiple unmanned aerial vehicles and storable medium |
-
2022
- 2022-03-29 CN CN202210319290.0A patent/CN114679268B/en active Active
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109714167A (en) * | 2019-03-15 | 2019-05-03 | 北京邮电大学 | Authentication and cryptographic key negotiation method and equipment suitable for mobile application signature |
Non-Patent Citations (3)
Title |
---|
城市应急联动系统中三台合一的研究与应用;张正文,陈卓,阮鸥;《计算机与数字工程》;全文 * |
基于无人机多光谱影像的海滨景区浒苔信息提取研究;李冬雪;高志强;尚伟涛;姜晓鹏;宋德彬;张媛媛;;海洋环境科学(第03期);全文 * |
基于椭圆曲线的隐私增强认证密钥协商协议;曹天杰;雷红;;电子学报(第02期);全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN114679268A (en) | 2022-06-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN114679268B (en) | Method for mutual authentication and key agreement between unmanned aerial vehicles and storable medium | |
CN112288097B (en) | Federal learning data processing method, federal learning data processing device, computer equipment and storage medium | |
US10878248B2 (en) | Media authentication using distributed ledger | |
CN111490878B (en) | Key generation method, device, equipment and medium | |
CN110603557B (en) | System and method for controlling transaction ledger | |
US20190356472A1 (en) | Blockchain-implemented method and system | |
US20150341349A1 (en) | Privacy-preserving biometric authentication | |
CN112367164B (en) | Service request processing method and device, computer equipment and storage medium | |
CN110572468A (en) | server cluster file synchronization method and device, electronic equipment and storage medium | |
CN111489159A (en) | Data processing method, data processing device, computer equipment and medium | |
CN105577602A (en) | Data pushing method and data pushing device based on open application programming interface | |
CN111614761A (en) | Block chain message transmission method, device, computer and readable storage medium | |
EP3742304A1 (en) | Validation of measurement datasets in a distributed database | |
CN114063651B (en) | Method for mutual authentication between user and multiple unmanned aerial vehicles and storable medium | |
CN110190964A (en) | Identity identifying method and electronic equipment | |
CN104504347A (en) | Data consistency matching processing method and device | |
CN103731424B (en) | A kind of transmission method of network data, apparatus and system | |
CN115168827B (en) | Two-dimensional code generation method containing identity information and two-dimensional code reading method | |
CN114650182B (en) | Identity authentication method, system, device, gateway equipment, equipment and terminal | |
CN116488873A (en) | Information transmission method, apparatus, computer device and storage medium | |
CN113595742B (en) | Data transmission method, system, computer device and storage medium | |
CN114666155A (en) | Equipment access method, system and device, Internet of things equipment and gateway equipment | |
CN117728962B (en) | Signature transmission method for ensuring storage consistency of multi-level video data | |
CN114499869B (en) | Resource cross-chain exchange method and device based on block chain and computer equipment | |
CN113094745B (en) | Data transformation method and device based on privacy protection and server |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |