CN114697957A

CN114697957A - Identity authentication and data encryption transmission method based on wireless self-organizing network

Info

Publication number: CN114697957A
Application number: CN202210259200.3A
Authority: CN
Inventors: 顾韶竹; 陈黎; 李喆; 王卓君; 崔小舟; 李思笛
Original assignee: Beijing Institute of Electronic System Engineering
Current assignee: Beijing Institute of Electronic System Engineering
Priority date: 2022-03-16
Filing date: 2022-03-16
Publication date: 2022-07-01

Abstract

The invention discloses an identity authentication and data encryption transmission method based on a wireless self-organizing network, which comprises the following steps: initializing each node; generating a digital signature; carrying out distributed identity authentication; and data encryption and data decryption are carried out. The new node can access the network at any time when accessing the network, and other nodes do not need to be initialized again. The data transmission security is enhanced in the information transmission process, eavesdropping is prevented, the robustness is higher, the transmitted information has anti-counterfeiting and traceability, the digital signature has the information authentication function, the information can be prevented from being illegally tampered, abnormal nodes can be found in time, abnormal conditions of the nodes can be counted, and when the abnormal conditions reach a threshold value, data interaction with the nodes is stopped. The invention adopts a distributed identity authentication method, each node can carry out identity authentication, and a new node can carry out identity authentication nearby, thereby improving the efficiency of identity authentication, reducing the network overhead and enhancing the damage resistance of the network.

Description

Identity authentication and data encryption transmission method based on wireless self-organizing network

Technical Field

The invention relates to the technical field of security of wireless self-organizing networks. And more particularly, to an identity authentication and data encryption transmission method based on a wireless ad hoc network.

Background

Conventional wireless cellular communication networks require support from fixed network equipment (e.g., switches, routers, base stations, etc.) for data forwarding and user service control. However, in some special occasions without these infrastructures, such as battlefields, remote mountain areas, rescue sites for disasters such as fire and flood, and temporary meeting places, people urgently need a new network form, which can realize fast networking without depending on any communication infrastructure and complete network establishment, maintenance and information transmission by means of mutual cooperation among wireless terminals. To meet this demand, wireless ad hoc networks have been developed.

A wireless Ad Hoc Network (MANET) is a temporary Network established by a group of Mobile terminals with wireless Network interfaces without the assistance and centralized management of fixed Network facilities, and thus, it does not need the support of fixed infrastructure, but is a Network formed by a plurality of Mobile terminals self-organizing. The mobile terminals in the wireless ad hoc network are also called nodes, and each node can move freely and forward data in a direct or indirect mode to realize mutual communication. The nodes in the wireless self-organizing network have the functions of both terminals and routers, and data can be forwarded to a destination node by a sender through multi-hop. When the wireless self-organizing network communicates, other user nodes forward data. The network form breaks through the geographical limitation of the traditional wireless cellular network, has the characteristics of self-organization, no centrality, dynamic topology, multi-hop routing and the like, can be deployed more quickly, conveniently and efficiently, and is suitable for the communication needs of some emergency occasions, such as individual soldier communication systems in battlefields.

However, the inventors have found that the above characteristics make it impossible for a center-based authentication service to be directly applied in a wireless ad hoc network. Meanwhile, due to the characteristics of data transmission of wireless signals, frequent topology conversion, no third-party authentication and the like, the wireless ad hoc network is more easily subjected to external security attack.

Therefore, it is desirable to provide a method for wireless ad hoc network-based identity authentication and data encryption transmission that is not vulnerable to external security attacks.

Disclosure of Invention

In order to overcome at least one of the above problems, an object of the present invention is to provide an identity authentication and data encryption transmission method based on a wireless ad hoc network, so that a new node can access the network whenever it accesses the network, and other nodes do not need to be initialized again, thereby enhancing data transmission security, preventing eavesdropping, and having stronger robustness under the conditions of poor wireless channel environment and packet loss of information, so that the transmitted information has anti-counterfeiting and traceability properties, and each node can perform identity authentication, and the new node can perform identity authentication nearby, thereby improving the efficiency of identity authentication, reducing network overhead, and enhancing the anti-damage capability of the network.

In order to achieve the purpose, the invention adopts the following technical scheme:

the invention provides an identity authentication and data encryption transmission method based on a wireless self-organizing network, which is applied to the wireless self-organizing network, wherein the wireless self-organizing network comprises a plurality of nodes, and the method comprises the following steps:

performing initialization operation on each node, wherein each node has a unique identifier and is internally provided with a first global shared single key K_DAnd a second global shared single key K_A；

Generating a digital signature, wherein: the node takes the corresponding unique identifier and the request authentication message as initialization input M and is based on the first global shared single key K_DPerforming encryption operation by using a double-key digital signature method to generate a digital signature;

performing distributed identity authentication, wherein the nodes comprise a new network access node and an accessed node, and performing distributed identity authentication on the new network access node and the accessed node respectively; and

performing data encryption and data decryption, wherein the second global shared single key K is used as the basis_AAnd carrying out data encryption and data decryption.

In one embodiment, the first global shared single key K_DThe new network access node generates a digital signature by matching with the double-key digital signature method, and the second global shared single key K_AFor transmission and encryption.

In one embodiment, the generating the digital signature comprises:

randomly selecting prime numbers p and prime factors q of p-1;

performing a hash operation based on the initialization input M, the prime number p and a prime factor q of p-1 to obtain a hash operation result g, wherein the initialization input M is an original message, and g is H (M, p, q);

generating a user key K based on the hash operation result g_X1And a corresponding public key K_Y1；

Selecting a secret random number k; and

based on a user key K_X1And a first and global shared single key K_DPerforming an encryption operation on the initialization input M to obtain a digital signature (r, s) ═ Sig_k(M,p,q,g,K_X1)。

In one embodiment, the performing distributed identity authentication for the new network access node includes:

the new network-accessing node is based on the initialization input M, the digital signature (r, s), the prime p, the prime factor q and the public key K_Y1Determining identity authentication information M', wherein M | | (r, s) | | q | | | p | | K_Y1；

Authenticating the identity message M' based on the second global shared single key K_ACarrying out encryption by a single key method;

the encrypted identity authentication message M' is sent by broadcast information;

after other arbitrary nodes receive the broadcast information, the second global shared list based on local storageKey K_ACarrying out decryption by a single-key method;

based on the public key K_Y1And the first global shared public key K_DPerforming digital signature verification to obtain a to-be-verified digital signature v ═ Ver (M, s, q, p); and

and if the digital signature v to be verified is equal to Ver (M, s, q, p) and r in the signature (r, s), determining that the node is a legal node, and listing the node identity in a routing table.

In one embodiment, the performing distributed identity authentication for the new network access node further includes:

other arbitrary nodes determine the initialization input M, the digital signature (r, s), the prime number p, the prime factor q and the public key K of the corresponding node_Y1；

Initialization input M, digital signature (r, s), prime number p, prime factor q and public key K based on other arbitrary nodes_Y1Determining the identity authentication message M 'of any other node, wherein M' is M | | (r, s) | | q | | p | | | K_Y1；

The identity authentication message M' of the other arbitrary nodes is based on the second global shared single key K_ACarrying out single-key method encryption;

after receiving the broadcast information, the new network access node is based on the locally stored second global shared single key K_ACarrying out decryption by a single-key method;

and if the digital signature v to be verified is equal to Ver (M, s, q, p) and r in the digital signature (r, s), determining that the other arbitrary nodes are legal nodes, and listing the node identities of the other arbitrary nodes in a routing table.

In one embodiment, the performing distributed identity authentication on the networked node includes:

when the network-accessed node receives the identity authentication message of the new network-accessed node, the identity authentication is carried out on the new network-accessed node;

if the new network access node is verified to be a legal identity, the identity authentication message of the network access node is requested again and sent to the new network access node;

the new network access node authenticates the identity of the network access node; and

the network-accessed node uses the public key K of the network-accessed node_Y1And sending the information to the new network access node.

In one embodiment, before sending the initialization input M to the user in the routing table, the data encryption includes:

digital signature public key K generated based on opposite party_Y1And a local digital signature private key K_XSigning the data to obtain a digital signature (r, s);

based on the initialization input M, the digital signature (r, s), the prime p, the prime factor q and the public key K_Y1Determining identity authentication message M', the M | | (r, s) | | | q | | | p | | K_Y1；

Authenticating the identity message M' based on the second global shared single key K_AEncrypting by a single-key method to obtain an encrypted message C; and

and sending the encrypted message C to an opposite terminal.

In one embodiment, the data decryption comprises:

the opposite terminal receives the encrypted message C;

the second global shared single key K based on local storage_ADecrypting by using a single-key method to obtain the initialization input M;

based on the public key K_Y1And a local private key K_X1Performing digital signature verification to obtain a to-be-verified digital signature v ═ Ver (M, s, q, p);

if the digital signature v to be verified is equal to Ver (M, s, q, p) and r in the signature (r, s), determining that the node is a legal node and the message is not tampered, and completing the identity authentication and data encryption transmission process based on the wireless self-organizing network; and

and if the digital signature v to be verified is not consistent with r in the signature (r, s, q, p), adding 1 to the distrusted value in the local routing table of the corresponding node.

In one embodiment, said data decryption further comprises:

and if the number of times that the digital signature v to be verified is not consistent with r in the signature (r, s) is more than or equal to 3, stopping data interaction with the node.

In one embodiment, if the node is determined to be a legitimate node and the message has not been tampered with, the loss certainty value in the local routing table of the corresponding node is set to zero.

The invention has the following beneficial effects:

in the invention, when the initialization parameter is bound, the identity information of other nodes is not required to be bound, so that a new node can be accessed at any time when accessing the network, and other nodes do not need to be initialized again. A single-key encryption method is adopted in the information transmission process, the data transmission safety is enhanced, eavesdropping is prevented, and the robustness is stronger than that of a stream encryption algorithm under the conditions that the wireless channel environment is poor and packet loss exists in information. The digital signature technology enables the transmitted information to have anti-counterfeiting and traceability, further can finish identity authentication work, and meanwhile, the digital signature has a message authentication function and can prevent the information from being illegally tampered. The invention can find abnormal nodes in time, count abnormal conditions of the nodes, and stop data interaction with the nodes when the abnormal conditions reach the threshold value. By adopting the distributed identity authentication method, each node can perform identity authentication, and a new node can perform identity authentication nearby, so that the identity authentication efficiency is improved, the network overhead is reduced, and the damage resistance of the network is enhanced.

Drawings

In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.

Fig. 1 is a flowchart illustrating an identity authentication and data encryption transmission method based on a wireless ad hoc network according to an embodiment of the present invention;

fig. 2 is a flowchart illustrating an overall method for authentication and data encryption transmission according to an embodiment of the present invention;

FIG. 3 illustrates a flow diagram for generating a digital signature according to an embodiment of the invention;

FIG. 4 is a flow diagram illustrating the transmission of encryption and decryption of identity authentication information according to an embodiment of the present invention; and

fig. 5 shows a data encryption and decryption transmission flow diagram according to an embodiment of the invention.

Detailed Description

The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application. Similar parts in the figures are denoted by the same reference numerals. It is to be understood by persons skilled in the art that the following detailed description is illustrative and not restrictive, and is not to be taken as limiting the scope of the present application. It should be noted that, for convenience of description, the gold in the drawings is output from a portion related to the present application. It is to be understood that the embodiments described are only a few embodiments of the present application and not all embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application without making any creative effort belong to the protection scope of the present application.

A wireless ad hoc network is a temporary network established by a group of mobile terminals with wireless network interfaces without the assistance and centralized management of fixed network infrastructure. The nodes in the wireless self-organizing network have two functions of a terminal and a router, and data can be forwarded to a destination node by a sender through multi-hop. The network has the characteristics of self-organization, no centrality, dynamic topology, multi-hop routing and the like. However, these characteristics make the center-based authentication service unable to be directly applied to the wireless ad hoc network, and the wireless ad hoc network is more vulnerable to external security attacks due to the characteristics of wireless signal transmission data, frequent topology change, no third-party authentication, and the like.

Currently, research on wireless ad hoc networks includes:

1. the patent "security guidance model for distributed identity authentication in mobile ad hoc network" applied by the seventh good and nine research institute of the ship rework group in china (application number CN200610124572.6 application publication number CN1953374), discloses a security guidance module for distributed authentication in a wireless ad hoc network, and introduces an identity authentication method based on threshold digital signature into the wireless ad hoc network for performing identity authentication hop by hop.

The method has the advantages that the source route can be guaranteed not to be tampered in the route request stage, a legal participant is placed to carry out false local signature to prevent signature verification, and meanwhile the method has the capabilities of preventing eavesdropping and replay attack. However, the method can generate a digital signature only when there are no less than t nodes in the network, otherwise, only partial signature can be performed, and a strict threshold signature cannot be performed, so that the security under such a situation is reduced, and meanwhile, the hop-by-hop identity authentication method greatly increases the time and complexity of information processing, and is not beneficial to rapid information circulation.

2. A patent applied to fifty-fourth institute of science and technology in china, "a data transmission method for preventing spoofing and attack based on wireless ad hoc network" (application No. 201510344412.1 application publication No. 104883372), discloses a method for implementing fast authentication and key agreement of nodes in wireless ad hoc network by using signcryption algorithm protocol and stream encryption based data encapsulation protocol. The method comprises the steps of processing a request authentication message, a communication key and a local time stamp by using a signcryption algorithm, then broadcasting, verifying whether the time stamp is consistent with the local time after decryption of a receiving authentication node, verifying the validity of the authentication message, encrypting data by using a stream encryption algorithm after verification, and transmitting information by using the communication key as a symmetric key.

The method has the advantages that the quick authentication can be completed by only using one round of signcryption algorithm during the identity authentication, and meanwhile, the data can be encrypted and transmitted in real time based on the algorithm of stream encryption, so that the safety of the data is ensured. However, the method binds public and private key pairs of all members during initial authentication, and needs to reset public and private key pairs of all nodes to access the network when a new member outside the group is added, which is not beneficial to random access of new nodes in the wireless self-organizing network.

That is, none of the above prior art techniques can deal well with the above problems with wireless ad hoc networks.

In order to solve at least one of the above problems, the inventor has studied and explored a digital signature technology, a distributed identity authentication technology and a data encryption technology, and proposes a distributed identity authentication and data encryption transmission method based on a mobile wireless ad hoc network.

The digital signature is also called a public key digital signature, and is a section of digital string which can be generated only by a sender of information and cannot be forged by others, and the section of digital string is also a valid proof for the authenticity of the information sent by the sender of the information. It is a method for authenticating digital information that is similar to a common physical signature written on paper, but is implemented using techniques in the field of public key cryptography. A set of digital signatures typically defines two complementary operations, one for signing and the other for verification. The digital signature is an application of asymmetric key encryption technology and digital digest technology. In the invention, the digital signature technology ensures the anti-counterfeiting and traceability of the transmission information between nodes in the wireless ad hoc network, has the attribute of authentication, and performs identity authentication on the basis.

Identity authentication, also called identity verification, means that the user identity is confirmed by a certain means. There are many methods for authentication, which can be basically classified into: shared key based authentication, biometric feature based authentication, and public key encryption algorithm based authentication. In the invention, the distributed identity authentication method can shorten the data transmission path of identity authentication, improve the network efficiency and finally realize the distributed identity authentication and data encryption transmission based on the wireless self-organizing network.

Data encryption means that plaintext is converted into ciphertext through an encryption algorithm and an encryption key, and decryption means that ciphertext is recovered into plaintext through a decryption algorithm and a decryption key. The core of data encryption is cryptography, and information is encrypted by using a cryptographic technology to realize information concealment, so that the effect of protecting the safety of the information is achieved, and the method is the most reliable method for protecting the information by a computer system. In the invention, the data transmitted subsequently is encrypted according to the public key of the other party obtained in the identity authentication process, so that the security of data transmission is ensured.

As shown in fig. 1, an embodiment of the present invention provides an identity authentication and data encryption transmission method based on a wireless ad hoc network, which is applied to the wireless ad hoc network, where the wireless ad hoc network includes a plurality of nodes, and the method includes: performing initialization operation on each node, wherein each node has a unique identifier and is internally provided with a first global shared single key K_DAnd a second global shared single key K_A(ii) a Generating a digital signature, wherein: the node takes the corresponding unique identifier and the request authentication message as initialization input M and is based on a first global shared single key K_DPerforming encryption operation by using a double-key digital signature method to generate a digital signature; carrying out distributed identity authentication, wherein the nodes comprise a new network access node and an accessed node, and carrying out distributed identity authentication on the new network access node and the accessed node respectively; and performing data encryption and data decryption, wherein the second global shared single key K is used for encrypting and decrypting the data_AAnd carrying out data encryption and data decryption.

Each process is described in detail below.

(1) Initializing a node: each node joining the wireless self-organizing network has a unique identifier and is internally provided with a global shared single key K_DAnd a dual-key system digital signature algorithm, global shared single key K_AAnd a single key encryption algorithm;

(2) and (3) generating a digital signature: the node takes the self unique identifier and the request authentication message as initialInputting M, operating a double-key system digital signature algorithm, randomly selecting prime numbers p and prime factors q of (p-1), carrying out hash operation to obtain g as H (M, p, q), and generating a user secret key K according to g as H (M, p, q)_X1And a corresponding public key K_Y1Selecting secret random number K, using secret key K_X1And global shared single key K_DCarrying out encryption operation on the message M to obtain a signature (r, s) ═ Sig_k(M,p,q,g,K_X1)。

(3) And (3) identity authentication process: if the node is just started to access the network, the node should use the original identity information, the digital signature, the coefficient q, the coefficient p and the public key K_Y1The identity authentication message M' to be sent is formed by cascade connection, and M ═ M | (r, s) | | q | | | p | | | K_Y1For M', a global shared single key K is used_AAnd carrying out single-key algorithm encryption and then transmitting in a broadcasting mode. After receiving the broadcast information, any other node should use the locally stored global shared single key K_APerforming single-key algorithm decryption, and then using the parsed K_Y1And globally sharing a public key K_DAnd (4) carrying out digital signature verification, and if v is equal to Ver (M, s, q, p) and r in the signature, proving that the opposite side is a legal node, and listing the identity of the opposite side in a routing table. In the process, the node may receive the identity authentication message sent by other nodes, and at this time, the node performs identity authentication on other nodes according to the authentication flow.

If the node completes the wireless self-organizing network construction with other nodes, when the identity authentication message of the new node for network access is received, after the identity of the new node is verified to be legal, the identity authentication message of the node is requested to be sent to the new node again, so that the new node authenticates the identity of the node, and simultaneously, the public key of the digital signature of the node is sent to the new node.

(4) Data encryption and decryption processes: before sending the message M to the user in the routing table, the public key K of the digital signature generated by the opposite side is utilized_Y1And private key K of personal digital signature_XSigning (r, s) data, cascading an original message M, the signature (r, s), a coefficient q, a coefficient p and a public key KY1 to obtain a message M' ═ M | (r, s) | | | q | | | p | | | K to be sent_Y1For M', use K_APerforming single-key algorithm encryption, and encryptingTo the peer.

After the opposite end receives the message C, the locally stored global shared single key K is utilized_ADecrypting with single-key algorithm to obtain original information M, and then signing public key K according to the original information M_Y1In combination with a local private key K_X1And (4) carrying out digital signature verification, if v is equal to Ver (M, s, q, p) and r in the signature, proving that the opposite side is a legal node and the message is not tampered, and completing the distributed identity authentication and data encryption transmission process based on the mobile wireless self-organizing network. If v is inconsistent with r, the message may be tampered by a third party, 1 should be added to the loss certainty value of the node in the local routing table, and if the identity authentication inconsistent information is received for more than 3 times, data interaction with the node should be stopped.

In a specific application scenario, the distributed identity authentication and data encryption transmission method based on the mobile wireless self-organizing network adopts a digital signature technology, a distributed identity authentication technology and a data encryption and decryption technology, and specifically comprises the following steps:

step 1, node initialization: each node joining the wireless self-organizing network has a unique identifier and is internally provided with a global shared single key K_DAnd dual-key system digital signature algorithm, global shared single key K_AAnd a single-key encryption algorithm, the flow is shown in fig. 2, and both the node a and the node B have completed parameter presetting;

step 2, the node A and the node B respectively read the global shared single key K_DGlobal shared single key K_AAnd a self identifier;

step 3, the node A and the node B respectively operate a double-key digital signature algorithm, randomly select prime numbers p and prime factors q of (p-1), carry out hash operation to obtain g (M, p, q), generate a user key and a corresponding public key according to the g (H, p, q), select a secret random number K, and utilize the key and a global shared single key K_DThe message M is encrypted to obtain a signature (r, s), and as shown in fig. 3, the node a generates a private key K of the user_XAAnd user public key K_YAWhile generating a digital signature (r)_A,s_A) Node B generates a user private key K_XBAnd user public key K_YBWhile generating numbersSignature (r)_B,s_B)；

Step 4, the node a and the node B respectively synthesize a message M' to be sent, as shown in fig. 4;

step 5, node A and node B use global shared single key K respectively_APerforming single-key algorithm encryption on the message M' to be sent to generate an encrypted identity authentication message C, as shown in fig. 4;

step 6, the node A and the node B broadcast the encrypted messages of the node A and the node B respectively, and the identity authentication messages are continuously broadcast three times when a new node is started and accesses the network;

step 7, the node A and the node B respectively receive the information of the external node;

step 8, node A and node B utilize global shared single key K for respectively received message_ADecrypting the encrypted message C by using a single-key algorithm to obtain a message M;

step 9, the node A decomposes the message M' to obtain the original message M and the public key K of the opposite user_YBDigital signature (r)_B,s_B) The node B decomposes the message M' to obtain the original message M and the public key K of the opposite side user_YADigital signature (r)_A,s_A)；

Step 10, node a and node B respectively determine whether the public key of the other party is already in the local routing table, if so, go to step 11, and if not, go to step 14 directly.

Step 11, the node A and the node B respectively judge whether the corresponding value of the loss of confidence degree of the user corresponding to the public key of the opposite party in the local routing table is less than 3, if the corresponding value is less than 3, the step 12 is carried out, and if the corresponding value is not less than 3, the step 7 is directly carried out;

step 12, the node A and the node B respectively run a double-key digital signature algorithm, and substitute the double-key digital signature algorithm into a user private key and an opposite user public key to calculate a digital signature v;

step 13, the node a and the node B respectively compare v obtained by calculation with r in the original information, if v is r, the information loss degree of the node of the opposite side is set to be 0, and the step 16 is skipped, otherwise, the information loss degree of the node of the opposite side is added with 1, and the step 7 is executed;

step 14, node A, node BSeparately running the two-key digital signature algorithm and substituting the two-key digital signature algorithm into the global shared single key K_DCalculating a digital signature v by the public key of the opposite user;

step 15, the node a and the node B respectively compare v obtained by calculation with r in the original information, if v is equal to r, add the opposite node information into the local routing table, and perform step 16, otherwise, perform step 7;

step 16, the node A and the node B respectively obtain the real message M of the opposite side;

step 17, for the formal message M to be sent, the node A and the node B respectively run the double-key digital signature algorithm, and the node A is used to use the user private key K_XAAnd the other party's user public key K_YBGenerating a digital signature (r)_A,s_A) Using the private key K of the node B_XBAnd the other party's user public key K_YAGenerating a digital signature (r)_B,s_B) As shown in fig. 5, and then returns to step 4.

And completing distributed identity authentication and data encryption transmission based on the mobile wireless self-organizing network.

It is further noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.

Those of skill would further appreciate that the various illustrative components and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the components and steps of the various examples have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.

The principle and the implementation of the present application are explained in the present application by using specific examples, and the above description of the embodiments is only used to help understanding the technical solution and the core idea of the present application. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and such improvements and modifications also fall within the scope of the claims of the present application.

It should be understood that the above-mentioned embodiments of the present invention are only examples for clearly illustrating the present invention, and are not intended to limit the embodiments of the present invention, and it will be obvious to those skilled in the art that other variations or modifications may be made on the basis of the above description, and all embodiments may not be exhaustive, and all obvious variations or modifications may be included within the scope of the present invention.

Claims

1. An identity authentication and data encryption transmission method based on a wireless self-organizing network is applied to the wireless self-organizing network, the wireless self-organizing network comprises a plurality of nodes, and is characterized in that,

the method comprises the following steps:

2. The method of claim 1, wherein the first global shared single key K_DThe new network access node generates a digital signature by matching with the double-key digital signature method, and the second global shared single key K_AFor transmission and encryption.

3. The method of claim 2, wherein generating the digital signature comprises:

randomly selecting prime numbers p and prime factors q of p-1;

Selecting a secret random number k; and

4. The method of claim 3, wherein the performing distributed identity authentication for the new network-accessing node comprises:

the new network-accessing node is based on the initialization input M, the digital signature (r, s), the prime p, the prime factor q and the public key K_Y1Determining identity authentication message M', the M | | (r, s) | | | q | | | p | | K_Y1；

after other arbitrary nodes receive the broadcast information, the second global shared single key K is stored locally_ACarrying out decryption by a single-key method;

5. The method of claim 4, wherein the performing distributed identity authentication for the new network entry node further comprises:

other arbitrary nodes determine the initialization input M, digital signature (r, s), prime number p, prime factor q and public key K of the corresponding node_Y1；

after receiving the broadcast information, the new network access node is based on the second global shared single key K stored locally_ACarrying out decryption by a single-key method;

6. The method of claim 4, wherein the performing distributed identity authentication for the networked node comprises:

if the new network access node is verified to be a legal identity, the identity authentication message of the network access node is requested to be sent to the new network access node again;

7. Method according to claim 6, characterized in that before sending said initialization input M to a user in a routing table, said data encryption comprises:

and sending the encrypted message C to an opposite terminal.

8. The method of claim 7, wherein the data decryption comprises:

the opposite terminal receives the encrypted message C;

9. The method of claim 8, wherein the data decryption further comprises:

10. The method of claim 8, wherein if the node is determined to be a legitimate node and the message has not been tampered with, setting a loss certainty value in a local routing table of the corresponding node to zero.