CN115278661A - Unicast transmission method, system, electronic equipment and storage medium based on air interface frame - Google Patents
Unicast transmission method, system, electronic equipment and storage medium based on air interface frame Download PDFInfo
- Publication number
- CN115278661A CN115278661A CN202110482293.1A CN202110482293A CN115278661A CN 115278661 A CN115278661 A CN 115278661A CN 202110482293 A CN202110482293 A CN 202110482293A CN 115278661 A CN115278661 A CN 115278661A
- Authority
- CN
- China
- Prior art keywords
- air interface
- interface frame
- terminal
- address
- frame
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W74/00—Wireless channel access, e.g. scheduled or random access
- H04W74/08—Non-scheduled or contention based access, e.g. random access, ALOHA, CSMA [Carrier Sense Multiple Access]
- H04W74/0833—Non-scheduled or contention based access, e.g. random access, ALOHA, CSMA [Carrier Sense Multiple Access] using a random access procedure
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W92/00—Interfaces specially adapted for wireless communication networks
- H04W92/04—Interfaces between hierarchically different network devices
- H04W92/10—Interfaces between hierarchically different network devices between terminal device and access point, i.e. wireless air interface
Abstract
The embodiment of the application provides a unicast transmission method, a unicast transmission system, electronic equipment and a storage medium based on an air interface frame, and relates to the technical field of information security. The method comprises the following steps: the network equipment responds to a network access request initiated by a terminal, so that the network equipment and the terminal both obtain initial air interface addresses; generating an air interface address which changes along with the unicast transmission frequency by a sending end of the air interface frame, marking the air interface frame according to the air interface address, and unicast-transmitting the marked air interface frame to a receiving end of the air interface frame; and the receiving end of the air interface frame verifies the received air interface frame according to a preset verification method, and obtains the service data in the air interface frame after the verification is passed. The method and the device can effectively prevent the identity of the transmitting end or the receiving end of the air interface frame from being eavesdropped by an eavesdropper.
Description
Technical Field
The present application relates to the field of information security technologies, and in particular, to a unicast transmission method and system based on an air interface frame, an electronic device, and a storage medium.
Background
An air interface refers to a short name of an air interface (air interface) in wireless communication, an air interface frame refers to information transmitted between wireless air interfaces, and an air interface address (radio ID) is a unique identifier used by a transmitting end of the air interface frame to identify a transmitting end of the air interface frame or to designate a receiving end.
The existing air interface eavesdropping defense technology is mainly divided into two types: one type is to encrypt an air interface frame at a data link layer, which is called air interface frame encryption and mainly defends an eavesdropper from acquiring communication contents; another type is to introduce a special coding algorithm called wiretap code in channel coding.
In the current wireless protocol design, after the air interface address is determined, the air interface address is not changed. Therefore, after sniffing the initial air interface address, an eavesdropper can screen the air interface frame of a specified user (which can be a sending end or a receiving end) from a plurality of air interface frames so as to realize continuous eavesdropping on the specific user.
The air interface frame encryption can effectively prevent an eavesdropper from acquiring the plaintext data message of a normal user through eavesdropping the air interface frame, but cannot prevent the eavesdropper from continuously acquiring the ciphertext data message carried by the air interface frame of a certain user. Sensitive information such as the length of the data message can be exposed by the ciphertext data message, and multiple researches show that an attacker can complete the malicious behaviors such as sensitive information acquisition and the like by continuously eavesdropping and analyzing the ciphertext data message.
An eavesdropping coding (wiretap code) technology can prevent an eavesdropper from decoding the eavesdropped air interface frame, so that the sensitive information exposed by the air interface frame overheard by the eavesdropper is relatively less compared with the air interface frame encryption. However, the eavesdropping coding requires that the channel state of the eavesdropping is known in advance, and the communication efficiency of the eavesdropping coding is strongly related to the channel state of the eavesdropping, so that the eavesdropping coding cannot be deployed in a multi-user wireless network basically, and no wireless communication protocol uses the eavesdropping coding.
Disclosure of Invention
Embodiments of the present invention provide a unicast transmission method, system, electronic device, and storage medium based on an air interface frame, which overcome the above problems or at least partially solve the above problems.
In a first aspect, a unicast transmission method based on an air interface frame is provided, where the method includes:
the network equipment responds to a network access request initiated by a terminal, so that the network equipment and the terminal both obtain initial air interface addresses;
a sending end of the air interface frame generates an air interface address which changes along with unicast transmission times, marks the air interface frame according to the air interface address, and unicast-transmits the marked air interface frame to a receiving end of the air interface frame;
the receiving end of the air interface frame verifies the received air interface frame according to a preset verification method, and obtains the service data in the air interface frame after the verification is passed;
when the air interface frame is transmitted by unicast for the first time, the air interface address in the air interface frame transmitted by unicast for the first time is an initial air interface address, and a receiving end of the air interface frame verifies the air interface frame transmitted by unicast for the first time by using the initial air interface address;
when the sending end of the air interface frame is a network device, the receiving end of the air interface frame is a terminal, and when the sending end of the air interface frame is a terminal, the receiving end of the air interface frame is a network device.
In one possible implementation, the network device and the terminal are in a mobile network; a sending end of an air interface frame is a network device, and a receiving end of the air interface frame is a terminal;
the method for enabling the network device and the terminal to obtain an initial air interface address by the network device responding to a network access request initiated by the terminal includes:
and the network equipment responds to a network access request initiated by the terminal, and generates and sends an initial air interface address to the terminal.
In a possible implementation manner, in a scenario where a terminal sends uplink data to a network device, a sending end of an air interface frame generates an air interface address that changes with unicast transmission times, which includes: a terminal sends a channel resource allocation request to network equipment;
the method comprises the following steps that a sending end of an air interface frame generates an air interface address which changes along with unicast transmission times, marks the air interface frame according to the air interface address, and unicast-transmits the marked air interface frame to a receiving end of the air interface frame, and comprises the following steps:
the network equipment responds to the channel resource allocation request, and determines unicast transmission times according to the times of the terminal for transmitting the channel resource allocation request in an accumulated manner;
the network equipment generates an air interface address which changes along with the unicast transmission frequency, marks downlink control information according to the air interface address, and performs unicast transmission on the downlink control information serving as an air interface frame to the terminal; the service data in the downlink control information includes channel resources for indicating a designated channel for transmitting the uplink data.
In a possible implementation manner, the receiving end of the air interface frame verifies the received air interface frame according to a preset verification method, and obtains the service data in the air interface frame after the verification is passed, and then the method further includes:
the terminal determines an appointed channel for transmitting the uplink data according to the channel resource and transmits the uplink data in the appointed channel;
and the network equipment receives the uplink data sent by the terminal on the appointed channel.
In a possible implementation manner, in a scenario in which the network device sends downlink data to the terminal, marking an air interface frame according to an air interface address, and unicast-transmitting the marked air interface frame to a receiving end of the air interface frame includes:
and marking downlink control information according to the air interface address, and transmitting the downlink control information to a terminal as an air interface frame in a unicast mode, wherein the service data of the downlink control information comprises channel resources used for indicating a designated channel for transmitting the downlink data.
In a possible implementation manner, the receiving end of the air interface frame verifies the received air interface frame according to a preset verification method, and obtains the service data in the air interface frame after the verification is passed, and then the method further includes:
the network equipment sends downlink data in a designated channel;
the terminal determines an appointed channel for transmitting the downlink data according to the channel resource, and receives the downlink data sent by the network equipment in the appointed channel.
In one possible implementation manner, the downlink control information includes: a serial number field for storing serial numbers, an air interface address field for storing air interface addresses and a data field for storing service data;
marking an air interface frame according to an air interface address comprises:
and storing the air interface address to an air interface address field, acquiring a sequence number according to the unicast transmission times, storing the sequence number to a sequence number field, storing the service data to a data field, and acquiring a marked air interface frame.
In one possible implementation, the network device and the terminal are in a wireless local area network, and the sending end of the air interface frame is the terminal or the network device;
the method for enabling the network device and the terminal to obtain an initial air interface address by the network device responding to a network access request initiated by the terminal includes:
the network equipment responds to a network access request initiated by the terminal and obtains an initial air interface address included in the network access request.
In one possible implementation manner, the air interface frame comprises a data field for storing service data, a receiving end Mac address field for storing an air interface address, and a sequence number field for storing a sequence number;
marking an air interface frame according to an air interface address comprises:
and storing the air interface address to a Mac address field of a receiving end, acquiring a sequence number according to the unicast transmission times, storing the sequence number to a sequence number field, storing service data to a data field, and acquiring a marked air interface frame.
In one possible implementation, the generating, by a sending end of an air interface frame, an air interface address that changes with unicast transmission times includes:
when the air interface frame is transmitted in a non-first unicast mode, a sending end of the air interface frame determines a serial number according to unicast transmission times between the sending end and a receiving end, the serial number is encrypted according to a preset encryption method, and an encryption result is used as an air interface address.
In one possible implementation manner, encrypting the serial number according to a preset encryption method, and using an encryption result as an air interface address includes:
the sending end uses the sequence number as a plaintext and uses a preset session key as an encryption key to generate an air interface address;
the receiving end of the air interface frame verifies the air interface frame by using a preset verification method, which comprises the following steps:
the receiving end decrypts the ciphertext by taking the air interface address as the ciphertext and taking a predetermined session key as a decryption key, and if the obtained plaintext is the same as the serial number in the air interface frame, the verification is passed; or alternatively
And the receiving end encrypts the serial number by taking a predetermined session key as an encryption key, and if the obtained ciphertext is the same as the air interface address in the air interface frame, the verification is passed.
In one possible implementation manner, encrypting the serial number according to a preset encryption method, and using an encryption result as an air interface address includes:
performing hash operation on the serial number and a preset session key according to a preset hash algorithm, and taking a hash operation result as an air interface address;
the receiving end of the air interface frame verifies the air interface frame by using a preset verification method, which comprises the following steps:
and the receiving end performs hash operation on the sequence number and the preset session key according to a pre-acquired hash algorithm, and if the hash operation result is the same as the air interface address in the air interface frame, the verification is passed.
In one possible implementation manner, determining, by a sending end of an air interface frame, a sequence number according to a number of unicast transmissions between the sending end and a receiving end includes:
the sending end counts the number of times of transmitting the air interface frame to the receiving end in an accumulated way to obtain a counting result;
if the sum of the counting result and the preset value is smaller than a preset threshold value, taking the sum of the counting result and the preset value as a serial number;
and if the sum of the counting result and the preset value is not less than the preset threshold value, restoring the counting result to an initial value, and taking the initial value as a serial number, wherein the initial value is less than the preset threshold value.
In a second aspect, a unicast transmission system based on air interface frames is provided, which includes a network device and a terminal;
the terminal is used for initiating a network access request, and the network equipment is used for responding to the network access request initiated by the terminal so that the network equipment and the terminal both obtain an initial air interface address;
generating an air interface address which changes along with unicast transmission times by a sending end of the air interface frame, marking the air interface frame according to the air interface address, and unicast-transmitting the marked air interface frame to a receiving end of the air interface frame, so that the receiving end of the air interface frame verifies the received air interface frame according to a preset verification method, and obtains service data in the air interface frame after the verification is passed;
when the air interface frame is transmitted by unicast for the first time, the air interface address in the air interface frame transmitted by unicast for the first time is an initial air interface address, and a receiving end of the air interface frame verifies the air interface frame transmitted by unicast for the first time by using the initial air interface address;
when the sending end of the air interface frame is a network device, the receiving end of the air interface frame is a terminal, and when the sending end of the air interface frame is a terminal, the receiving end of the air interface frame is a network device.
In one possible implementation, the network device and the terminal are in a mobile network; a sending end of an air interface frame is a network device, and a receiving end of the air interface frame is a terminal;
the network device includes: an air interface address allocation module for responding to a network access request initiated by a terminal and enabling both the network equipment and the terminal to obtain an initial air interface address;
the air interface address allocation module is specifically configured to: and responding to a network access request initiated by the terminal, and generating and sending an initial air interface address to the terminal.
In a possible implementation manner, in a scenario where a terminal sends uplink data to a network device, a sending end of an air interface frame generates an air interface address that changes with unicast transmission times, which includes: a terminal sends a channel resource allocation request to network equipment;
the method comprises the following steps that a sending end of an air interface frame generates an air interface address which changes along with unicast transmission times, marks the air interface frame according to the air interface address, and unicast-transmits the marked air interface frame to a receiving end of the air interface frame, and comprises the following steps:
the network equipment responds to the channel resource allocation request, and determines unicast transmission times according to the times of the terminal for transmitting the channel resource allocation request in an accumulated manner;
the network equipment generates an air interface address which changes along with the unicast transmission frequency, marks downlink control information according to the air interface address, and performs unicast transmission on the downlink control information serving as an air interface frame to the terminal; the service data in the downlink control information includes channel resources for indicating a designated channel for transmitting the uplink data.
In a possible implementation manner, the receiving end of the air interface frame verifies the received air interface frame according to a preset verification method, and obtains the service data in the air interface frame after the verification is passed, and then the method further includes:
the terminal determines an appointed channel for transmitting the uplink data according to the channel resource and transmits the uplink data in the appointed channel;
and the network equipment receives the uplink data sent by the terminal on the appointed channel.
In a possible implementation manner, in a scenario in which the network device sends downlink data to the terminal, marking an air interface frame according to an air interface address, and unicast-transmitting the marked air interface frame to a receiving end of the air interface frame includes:
the network equipment marks downlink control information according to the air interface address, unicast-transmits the downlink control information to the terminal as an air interface frame, and the service data of the downlink control information comprises channel resources used for indicating a designated channel for transmitting the downlink data.
In a possible implementation manner, the receiving end of the air interface frame verifies the received air interface frame according to a preset verification method, and obtains the service data in the air interface frame after the verification is passed, and then the method further includes:
the network equipment sends downlink data in a designated channel;
the terminal determines an appointed channel for transmitting the downlink data according to the channel resource, and receives the downlink data sent by the network equipment in the appointed channel.
The downlink control information includes: a serial number field for storing serial numbers, an air interface address field for storing air interface addresses and a data field for storing service data;
the network equipment marks an air interface frame according to the air interface address, and the method comprises the following steps: and storing the air interface address to an air interface address field, acquiring a sequence number according to the unicast transmission times, storing the sequence number to a sequence number field, storing the service data to a data field, and acquiring a marked air interface frame.
In one possible implementation, the network device and the terminal are in a wireless local area network, and the sending end of the air interface frame is the terminal or the network device;
the method for enabling the network device and the terminal to obtain an initial air interface address by the network device responding to a network access request initiated by the terminal includes:
the network equipment responds to a network access request initiated by the terminal and obtains an initial air interface address included in the network access request.
In one possible implementation manner, the air interface frame comprises a data field for storing service data, a receiving end Mac address field for storing an air interface address, and a sequence number field for storing a sequence number;
marking an air interface frame according to an air interface address comprises:
and storing the air interface address to a Mac address field of a receiving end, acquiring a sequence number according to unicast transmission times, storing the sequence number to a sequence number field, storing service data to a data field, and acquiring a marked air interface frame.
In one possible implementation, the sending end of the air interface frame includes an air interface address updating module for generating an air interface address that changes with unicast transmission times;
the air interface address updating module is specifically configured to: when the air interface frame is transmitted in a non-first unicast mode, a transmitting end of the air interface frame determines a serial number according to unicast transmission times between the transmitting end and a receiving end, the serial number is encrypted according to a preset encryption method, and an encryption result is used as an air interface address.
In one possible implementation manner, the air interface address updating module includes a first encryption module that encrypts the serial number according to a preset encryption method;
the encryption module is specifically configured to: generating an air interface address by taking the sequence number as a plaintext and a preset session key as an encryption key;
the receiving end of the air interface frame comprises a first verification module for verifying the air interface frame by using a preset verification method;
the first verification module is specifically configured to:
decrypting the ciphertext by taking the air interface address as the ciphertext and taking a predetermined session key as a decryption key, and if the obtained plaintext is the same as the serial number in the air interface frame, passing the verification; or
And encrypting the serial number by taking a predetermined session key as an encryption key, and if the obtained ciphertext is the same as the air interface address in the air interface frame, the verification is passed.
In one possible implementation manner, the air interface address updating module comprises a second encryption module for encrypting the serial number according to a preset encryption method;
the second encryption module is specifically configured to perform hash operation on the serial number and a preset session key according to a preset hash algorithm, and take a hash operation result as an air interface address;
the receiving end of the air interface frame comprises a second verification module for verifying the air interface frame by using a preset verification method;
the second verification module is specifically configured to: and performing hash operation on the sequence number and the preset session key according to a pre-acquired hash algorithm, and if the hash operation result is the same as the air interface address in the air interface frame, the verification is passed.
In one possible implementation manner, the air interface address updating module comprises a serial number determining module for determining a serial number according to unicast transmission times between the air interface address updating module and the receiving end;
the serial number determination module specifically comprises:
the counting unit is used for counting the number of times of accumulatively sending the air interface frame to the receiving end to obtain a counting result;
the first summing unit is used for taking the sum of the counting result and the preset value as a serial number if the sum of the counting result and the preset value is smaller than a preset threshold value;
and the cyclic updating unit is used for recovering the counting result to an initial value if the sum of the counting result and the preset value is not less than the preset threshold value, and taking the initial value as a serial number, wherein the initial value is less than the preset threshold value.
In a third aspect, an embodiment of the present invention provides an electronic device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor executes the computer program to implement the steps of the method provided in the first aspect.
In a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium, on which a computer program is stored, which, when executed by a processor, implements the steps of the method as provided in the first aspect.
In a fifth aspect, an embodiment of the present invention provides a computer program, where the computer program includes computer instructions stored in a computer-readable storage medium, and when a processor of a computer device reads the computer instructions from the computer-readable storage medium, the processor executes the computer instructions, so that the computer device executes the steps of implementing the method provided in the first aspect.
In the unicast transmission based on the air interface frame, the system, the electronic device and the storage medium provided by the embodiment of the present invention, the network device responds to the network access request initiated by the terminal to obtain the initial air interface address included in the network access request, or allocates the initial air interface address generated according to the network access request to the terminal, so that both the network device and the terminal can obtain the initial air interface address; when the air interface frame is unicast transmitted between the network equipment and the terminal for the first time, the sending end of the air interface frame marks the air interface frame through the initial air interface address, so that the receiving end of the air interface frame verifies the air interface frame by using the air interface address, and the service data in the air interface frame is obtained. Because the initial air interface address is only known by the network equipment and the terminal, an eavesdropper cannot determine the identity of a receiving end of the air interface frame when the air interface frame is transmitted for the first time, and when the air interface frame is transmitted between the network equipment and the terminal in a non-first unicast manner, the sending end of the air interface frame generates the air interface address which changes along with the unicast transmission times, so that the eavesdropper cannot determine the identity of the receiving end by tracking the fixed air interface addresses of a plurality of air interface frames, and the identity of the sending end or the receiving end of the air interface frame is effectively prevented from being eavesdropped by the eavesdropper.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings used in the description of the embodiments of the present application will be briefly described below.
Fig. 1 is a schematic flowchart of a unicast transmission method based on an air interface frame according to an embodiment of the present application;
fig. 2 is an interaction diagram of a terminal sending uplink data to a network device in a mobile network according to an embodiment of the present application;
fig. 3 is an interaction diagram of sending downlink data to a terminal by a network device in a mobile network according to an embodiment of the present application;
fig. 4 is a schematic diagram of a DCI structure for unicast transmission according to an embodiment of the present application;
fig. 5 is a schematic diagram of a frame format of an 802.11 protocol air interface frame;
fig. 6 is an interaction diagram illustrating that a terminal in a wireless local area network transmits uplink data to a network device according to an embodiment of the present application;
fig. 7 is an interaction diagram illustrating that a network device in a wireless local area network sends downlink data to a terminal according to the embodiment of the present application;
fig. 8 is a schematic flowchart of a process for obtaining a changed air interface address according to an embodiment of the present application;
FIG. 9 is a flowchart illustrating a method for determining a serial number according to an embodiment of the present application;
fig. 10 is a flowchart illustrating a flowchart of an anti-eavesdropping method in unicast transmission according to an embodiment of the present application;
fig. 11 is a schematic diagram of an eavesdropping by an eavesdropper in the unicast transmission provided by the embodiment of the present application by using an eavesdropping prevention system;
fig. 12 is an alternative structural diagram of the distributed system applied to the blockchain system according to the embodiment of the present application;
FIG. 13 is an alternative block structure according to an embodiment of the present invention;
fig. 14 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
Reference will now be made in detail to the embodiments of the present application, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are exemplary only for the purpose of explaining the present application and are not to be construed as limiting the present invention.
As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. It will be understood that when an element is referred to as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element or intervening elements may also be present. Further, "connected" or "coupled" as used herein may include wirelessly connected or wirelessly coupled. As used herein, the term "and/or" includes all or any element and all combinations of one or more of the associated listed items.
To make the objects, technical solutions and advantages of the present application more clear, the following detailed description of the embodiments of the present application will be made with reference to the accompanying drawings.
The terms referred to in this application will first be introduced and explained:
1. and (4) terminal equipment. In the embodiment of the present application, the terminal device is a device having a wireless transceiving function, and may be referred to as a terminal (terminal), a User Equipment (UE), a Mobile Station (MS), a Mobile Terminal (MT), an access terminal device, a vehicle-mounted terminal device, an industrial control terminal device, a UE unit, a UE station, a mobile station, a remote terminal device, a mobile device, a UE terminal device, a wireless communication device, a UE agent, or a UE apparatus. The terminal devices may be fixed or mobile. It should be noted that the terminal device may support at least one wireless communication technology, such as LTE, NR, wideband Code Division Multiple Access (WCDMA), and the like. For example, the terminal device may be a mobile phone (mobile phone), a tablet (pad), a desktop, a notebook, a kiosk, a vehicle terminal, a Virtual Reality (VR) terminal device, an Augmented Reality (AR) terminal device, a wireless terminal in industrial control (industrial control), a wireless terminal in unmanned driving (self driving), a wireless terminal in remote surgery (remote medical supply), a wireless terminal in smart grid (smart grid), a wireless terminal in transportation safety, a wireless terminal in smart city (smart city), a wireless terminal in smart home (smart home), a cellular phone, a cordless phone, a session initiation protocol (session initiation protocol), SIP) phone, a Wireless Local Loop (WLL) station, a Personal Digital Assistant (PDA), a handheld device with wireless communication capability, a computing device or other processing device connected to a wireless modem, a wearable device, an in-vehicle terminal device, a terminal device in a future mobile communication network or a terminal device in a future evolved public mobile land network (PLMN), etc. In some embodiments of the present application, the terminal may also be a device having a transceiving function, such as a system-on-chip. The chip system may include a chip and may further include other discrete devices.
2. A network device. In the embodiment of the present application, the network device is a device that provides a wireless communication function for the terminal device, and may also be referred to as an access network device, a Radio Access Network (RAN) device, and the like. Therein, the network device may support at least one wireless communication technology, such as LTE, NR, WCDMA, etc. By way of example, network devices include, but are not limited to: a next generation base station (generation node B, gNB), evolved node B (eNB), radio Network Controller (RNC), node B (NB), base Station Controller (BSC), base Transceiver Station (BTS), home base station (e.g., home evolved node B or home node B, HNB), base Band Unit (BBU), transceiving point (TRP), transmitting Point (TP), mobile switching center, etc., in a fifth generation mobile communication system (5 th-generation, 5G). The network device may also be a wireless controller, a Central Unit (CU), and/or a Distributed Unit (DU) in a Cloud Radio Access Network (CRAN) scenario, or the network device may be a relay station, an access point, a vehicle-mounted device, a terminal device, a wearable device, and a network device in future mobile communication or a network device in a PLMN that is evolved in the future, and the like. In some embodiments, the network device may also be an apparatus, such as a system-on-chip, having functionality to provide wireless communication for the terminal device. By way of example, a system of chips may include a chip and may also include other discrete devices.
3. Communication between a terminal device and a network device. In the embodiment of the application, the terminal equipment and the network equipment communicate through an air interface. For example, the communication interface between the terminal device and the network device may be a universal UE to network interface (Uu interface). When a communication interface between the terminal device and the network device is a Uu air interface, communication between the terminal device and the network device may also be referred to as Uu air interface communication.
4. Air interface frame: the terminal and the network device transmit information between wireless air interfaces.
5. Air interface address: in a wireless communication scenario, a transmitting end of an air interface frame is used to identify a unique identifier of the transmitting end of the air interface frame or a designated target receiving end, that is, an air interface address may be used to represent an identity of the transmitting end or a target receiving end according to actual needs.
For example, in the process of transmitting an air interface frame in a mobile network (3G, 4G, 5G, etc.), transmission of an air interface address is unidirectional, that is, only network equipment is used to send the air interface address to a terminal, but the terminal does not send the air interface address to the network equipment, the air interface address and channel resources for subsequent data transmission are recorded in the air interface frame sent by the network equipment to the terminal, and the air interface address is used to indicate the identity of the terminal, so that the terminal corresponding to the air interface address performs uplink/downlink data transmission according to the channel resources after receiving the air interface frame.
In a Wireless Local Area Network (Wireless Local Area Network), during the transmission of an air interface frame, the transmission of the air interface frame is bidirectional, that is, both a terminal and a Network device (e.g., a router) send the air interface frame, the air interface frame sent by the terminal includes its own air interface address, so that the Network device can conveniently identify the terminal, and the air interface frame sent by the Network device includes the air interface address of a target terminal, so that the terminal can identify whether each received air interface frame is sent to itself.
6. Hash: the general translation is a hash, or transliteration to a hash, which is the transformation of an input of arbitrary length (also called a pre-mapped pre-image) into an output of fixed length by a hashing algorithm. This transformation is a kind of compression mapping, i.e. the space of the hash value is usually much smaller than the space of the inputs, and different inputs may hash to the same output, and so have the property of being one-way irreversible, i.e. it is not possible to determine a unique input value inverse from the hash value.
7. Session key: also known as data encryption keys or work keys, are randomly generated encryption and decryption keys that are negotiated between communicating users to ensure a secure communication session between the users and another computer or computers. Session keys are typically generated dynamically, only when encryption of session data is required.
8. The blockchain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism and an encryption algorithm. A block chain (Blockchain), which is essentially a decentralized database, is a series of data blocks associated by using a cryptographic method, and each data block contains information of a batch of network transactions, so as to verify the validity (anti-counterfeiting) of the information and generate a next block. The blockchain may include a blockchain underlying platform, a platform product services layer, and an application services layer.
The block chain underlying platform can comprise processing modules such as user management, basic service, intelligent contract and operation monitoring. The user management module is responsible for identity information management of all blockchain participants, and comprises the steps of maintaining public and private key generation (account management), key management, user real identity and blockchain address corresponding relation maintenance (authority management) and the like, and under the authorized condition, supervising and auditing the transaction condition of some real identities, and providing rule configuration (wind control audit) of risk control; the basic service module is deployed on all block chain node point devices and used for verifying the effectiveness of the service request, recording the effective request after consensus is completed on storage, for a new service request, the basic service firstly performs interface adaptation analysis and authentication processing (interface adaptation), then encrypts service information (consensus management) through a consensus algorithm, transmits the encrypted service information to a shared account (network communication) completely and consistently, and performs recording and storage; the intelligent contract module is responsible for registering and issuing contracts, triggering the contracts and executing the contracts, developers can define contract logics through a certain programming language, issue the contract logics to a block chain (contract registration), call keys or other event triggering and executing according to the logics of contract clauses, complete the contract logics and simultaneously provide the function of upgrading and canceling the contracts; the operation monitoring module is mainly responsible for deployment, configuration modification, contract setting, cloud adaptation in the product release process and visual output of real-time states in product operation, such as: alarm, monitoring network conditions, monitoring node equipment health status, and the like.
The platform product service layer provides basic capability and an implementation framework of typical application, and developers can complete block chain implementation of business logic based on the basic capability and the characteristics of the superposed business. The application service layer provides the application service based on the block chain scheme for the business participants to use.
The existing wireless protocol designs are mainly divided into two categories, which have a large difference in the use of the air interface address in the transmission process of the air interface frame, and include a mobile network and a wireless local area network, which will be described below.
The unicast transmission method and device based on the air interface frame, the electronic device and the storage medium provided by the application aim to solve the technical problems in the prior art.
The following describes the technical solutions of the present application and how to solve the above technical problems with specific embodiments. These several specific embodiments may be combined with each other below, and details of the same or similar concepts or processes may not be repeated in some embodiments. Embodiments of the present application will be described below with reference to the accompanying drawings.
Referring to fig. 1, a flowchart of a unicast transmission method based on an air interface frame according to an embodiment of the present application is exemplarily shown, where the flowchart includes:
s101, the network equipment responds to a network access request initiated by the terminal, so that the network equipment and the terminal both obtain initial air interface addresses.
In order to solve the problem that an air interface address in an existing air interface frame is fixed and thus the air interface frame is continuously intercepted, the invention concept of the embodiment of the application is to update the air interface address to solve the problem. The terminal of the application can initiate a network access request to the network device when accessing the network, and according to different application scenarios, the network device can directly obtain an initial air interface address from the network access request, or allocate the initial air interface address to the terminal according to the network access request. That is to say, the initial air interface address may be written into the network access request by the terminal, or may be generated by the network device according to the received network access request, after step S101, both the terminal and the network device will have the initial air interface address, so that no matter whether the sending end for unicast transmission of the air interface frame is the terminal or the network device, the air interface frame may be marked by the initial air interface address, and accordingly, the receiving end of the air interface frame may also verify the air interface frame by using the initial air interface address.
S102, a sending end of an air interface frame generates an air interface address which changes along with unicast transmission times, marks the air interface frame according to the air interface address, and unicast-transmits the marked air interface frame to a receiving end of the air interface frame; and when the air interface frame is unicast and transmitted for the first time, the air interface address in the air interface frame unicast and transmitted for the first time is the initial air interface address.
The application scenario of unicast transmission of the air interface frame between the network device and the terminal may be an application scenario in which the terminal transmits data to the network device in an uplink manner, or an application scenario in which the network device transmits data to the terminal in a downlink manner.
When an air interface frame is unicast-transmitted between the network equipment and the terminal for the first time, a transmitting end of the air interface frame marks the air interface frame through an initial air interface address, and an eavesdropper cannot determine the identity of a receiving end of the air interface frame according to the air interface frame unicast-transmitted for the first time because the initial air interface address is only known by the network equipment and the terminal which just accesses the network.
Starting from the second unicast transmission of the air interface frame by the network device and the terminal, the air interface address in the air interface frame of each unicast transmission is different from the air interface address in the air interface frame of the previous unicast transmission, and because the air interface address generated by the transmitting end of the air interface frame is continuously changed along with the unicast transmission times, an eavesdropper cannot determine the identity of the receiving end of the air interface frame in a manner of eavesdropping the air interface address in the air interface frame for multiple times.
S103, the receiving end of the air interface frame verifies the received air interface frame according to a preset verification method, and obtains service data in the air interface frame after the verification is passed; when a receiving end of the air interface frame receives the air interface frame for the first time, the receiving end uses an initial air interface address to verify the air interface frame of the unicast transmission for the first time;
the method for preventing eavesdropping in unicast transmission according to the embodiment of the application includes that a network device responds to a network access request initiated by a terminal to obtain an initial air interface address included in the network access request, or an initial air interface address generated according to the network access request is allocated to the terminal, so that both the network device and the terminal can obtain the initial air interface address, when the network device first unicast-transmits an air interface frame between the terminals, a transmitting end of the air interface frame marks the air interface frame through the initial air interface address, so that a receiving end of the air interface frame verifies the air interface frame by using the air interface address, and service data in the air interface frame is obtained.
As can be seen from the foregoing embodiments, the existing wireless protocol designs are mainly divided into two major categories, and the two categories of wireless protocols have a large difference in the use of the air interface address in the transmission process of the air interface frame, so that the embodiments of the present application will subsequently improve the two categories of wireless protocols respectively.
On the basis of the above embodiments, as an alternative embodiment, the network device and the terminal are in a mobile network.
In a mobile network, an air interface frame can only be sent to a terminal by a network device, so that in the mobile network, a sending end of the air interface frame is always the network device, and a receiving end is always the terminal.
The method for a network device to respond to a network access request initiated by a terminal to obtain an initial air interface address included in the network access request, or to allocate the initial air interface address generated according to the network access request to the terminal includes:
the network equipment responds to a network access request initiated by the terminal and allocates an initial air interface address to the terminal.
That is, in the mobile network, the initial air interface address is generated by the network device, and when the network device receives a network access request initiated by the terminal, the initial air interface address is generated and allocated to the terminal.
On the basis of the foregoing embodiments, when the network device and the terminal are in the mobile network, the air interface frame includes Downlink Control Information (DCI). The DCI is carried by a Physical Downlink Control Channel (PDCCH), and Downlink Control information sent to the terminal by the network device may include uplink/Downlink Channel resources, hybrid automatic Repeat reQuest (HARQ) information, power Control, and the like.
In a scenario where a terminal sends uplink data to a network device, a sending end of an air interface frame generates an air interface address that changes with unicast transmission times, which also includes: the terminal sends a channel resource allocation request to the network device.
It should be understood that, in the mobile network, the interaction between the terminal and the network device needs to be performed on a specified channel, and therefore, when the terminal sends uplink data to the network device, it needs to first send a channel resource allocation request to the network device by the terminal, the network device allocates the specified channel to the terminal according to the request, and then the terminal sends the uplink data to the network device on the specified channel.
The method comprises the following steps that a sending end of an air interface frame generates an air interface address which changes along with unicast transmission times, marks the air interface frame according to the air interface address, and unicast-transmits the marked air interface frame to a receiving end of the air interface frame, and comprises the following steps:
the network equipment responds to the channel resource allocation request, and determines unicast transmission times according to the times of the terminal transmitting the channel resource allocation request in an accumulated manner; the embodiment of the application can take the number of times of accumulating the sending channel resource allocation requests as the unicast propagation number.
The network equipment generates an air interface address which changes along with the unicast transmission times, marks downlink control information according to the air interface address, and performs unicast transmission on the downlink control information serving as an air interface frame to the terminal; the service data in the downlink control information includes channel resources for indicating a designated channel for transmitting the uplink data.
In the embodiment of the application, in the mobile network, the downlink control information is transmitted in the form of an air interface frame, and in a scenario of sending the uplink data, the downlink control information includes a channel resource indicating a designated channel for transmitting the uplink data.
The receiving end of the air interface frame verifies the received air interface frame according to a preset verification method, and obtains the service data in the air interface frame after the verification is passed, and then the method further comprises the following steps:
the terminal determines an appointed channel for transmitting the uplink data according to the channel resource and transmits the uplink data in the appointed channel;
and the network equipment receives the uplink data sent by the terminal on the appointed channel.
Referring to fig. 2, an interaction diagram for a terminal to send uplink data to a network device in a mobile network according to an embodiment of the present disclosure is exemplarily shown, as shown in fig. 2, in the mobile network, transmission of an air interface address is unidirectional, that is, the air interface address can only be sent to the terminal by the network device. Fig. 2 illustrates a base station as a network device.
When the terminal accesses the mobile network through the network equipment, the terminal firstly sends a request for accessing the mobile network to the network equipment, and the network equipment allocates a unique initial air interface address to the terminal according to the received request, so that the terminal can determine an appointed channel for firstly sending uplink data according to the initial air interface address in the subsequent process.
In the uplink phase of data, the terminal first sends a channel resource allocation request to the network device, so that the network device allocates channel resources to the terminal after receiving the channel resource allocation request.
After receiving a channel resource allocation request, a network device determines a channel resource allocated to a terminal, and because the channel resource is information that needs to be kept secret and is also unique to each terminal, in this embodiment of the present application, DCI for storing the channel resource is used as an air interface frame, the channel resource is used as service data, when downlink data is sent to the terminal for the first time, the network device may identify the DCI with an allocated initial air interface address, when downlink data is subsequently sent to the terminal, the network device determines the air interface address according to the number of times of the air interface frame that has been sent to the terminal, stores the air interface address and the channel resource to downlink control information, and then sends the downlink control information to the terminal. Therefore, the air interface address of the DCI sent by the network equipment every time is changed, and an eavesdropper is difficult to eavesdrop the DCI received by a specific terminal continuously, so that the communication safety is guaranteed.
After the terminal receives and analyzes the downlink control information, the terminal verifies according to the air interface address, and if the verification is successful, the channel resource in the downlink control information is determined to be sent to the terminal, so that the uplink data is sent in the channel designated by the channel resource, and the network equipment receives the uplink data sent by the terminal in the designated channel.
On the basis of the foregoing embodiments, as an optional embodiment, in a scenario where a network device sends downlink data to a terminal, marking an air interface frame according to an air interface address, and unicast-transmitting the marked air interface frame to a receiving end of the air interface frame includes:
and marking downlink control information according to the air interface address, and transmitting the downlink control information to a terminal as an air interface frame in a unicast mode, wherein the service data of the downlink control information comprises channel resources used for indicating a designated channel for transmitting the downlink data.
It should be noted that, when the network device sends the downlink data to the terminal, the terminal does not need to request the specified channel from the network device, but the network device directly indicates the specified channel for transmitting the downlink data to the terminal, and the information of the specified channel is also sent through the downlink control information.
On the basis of the foregoing embodiments, as an optional embodiment, the receiving end of the air interface frame verifies the received air interface frame according to a preset verification method, and obtains service data in the air interface frame after the verification is passed, and then the method further includes:
the network equipment sends downlink data in a designated channel;
and the terminal determines an appointed channel for transmitting the downlink data according to the channel resource and receives the downlink data sent by the network equipment in the appointed channel.
Referring to fig. 3, which exemplarily shows an interaction diagram that a network device sends downlink data to a terminal in a mobile network according to an embodiment of the present invention, as shown in fig. 3, in a data downlink stage, the network device does not need to receive a channel resource allocation request, but uses DCI for storing channel resources as an air interface frame, uses the channel resources as service data, determines an air interface address according to the number of times of the air interface frame sent to the terminal, stores the air interface address and the channel resources to downlink control information, then sends the downlink control information to the terminal, and sends the downlink data on a channel specified by the channel resource.
After receiving and analyzing the downlink control information, the terminal obtains the current serial number, the air interface address and the channel resource in the downlink control information, verifies the air interface address, and determines that the channel resource in the downlink control information is sent to the terminal if the verification is passed, so that the downlink data is received in the channel specified by the channel resource.
It should be understood that, when the terminal interacts with the base station for the first time, the terminal identifies the air interface frame sent to the terminal according to the initial air interface address allocated by the base station, and from the second interaction, the terminal verifies the air interface address in the received air interface frame according to a verification method predetermined with the base station.
As can be seen from fig. 2 and fig. 3, in a mobile network environment, when a network device and a terminal in the embodiment of the present application transmit uplink and downlink data, DCI information is used as an air interface frame, a channel resource is used as service data in the air interface frame, and an air interface address is determined according to the number of times of interaction with a target terminal each time, so that the channel resource is sufficiently kept secret, and an eavesdropper cannot continuously eavesdrop the channel resource used by a certain terminal, and therefore cannot continuously eavesdrop the uplink and downlink data interacted between the network device and the certain terminal.
The downlink control information in the embodiment of the present application includes a sequence number field for storing a sequence number, an air interface address field for storing an air interface address, and a data field for storing channel resources required for uplink data transmission or downlink data transmission. The sequence number is generated by the transmitting end according to the number of unicast transmissions with the receiving end, and for example, the number of unicast transmissions may be directly used as the sequence number.
In the DCI structure in the related art, that is, the DCI structure before improvement includes an air interface address field and a data field, and for the same terminal, the air interface addresses in the air interface address field in the DCI structure sent by the network device for multiple times are all ID1. Therefore, an eavesdropper can determine the identity of the receiving end of the DCI by eavesdropping the DCI for multiple times and utilizing the invariable air interface address in the DCI.
Referring to fig. 4, which exemplarily shows a schematic diagram of a DCI structure for unicast transmission in an embodiment of the present application, as shown in the figure, a sequence number field is added in the DCI structure in the embodiment of the present application, where the sequence number field is used to store a sequence number of DCI sent by a network device each time, and it can be seen from the figure that an air interface address in an air interface address field and a sequence number in the sequence number field in DCI sent each time are different, thereby achieving a problem of avoiding a target receiving end that an eavesdropper continuously eavesdrops on the DCI.
In a mobile network environment, marking an air interface frame according to an air interface address in the embodiment of the present application includes:
the network equipment stores the air interface address to an air interface address field, obtains a sequence number according to the unicast transmission times, stores the sequence number to a sequence number field, stores the service data to a data field, and obtains a marked air interface frame.
On the basis of the above embodiments, as an optional embodiment, the network device and the terminal are in a wireless local area network. In a wireless local area network, both a network device and a terminal may send an air interface frame to the other side, and thus, in the wireless local area network, both the network device and the terminal may serve as a sending end or a receiving end of the air interface frame. And when the sending end is the network equipment, the receiving end is the terminal.
The method for enabling the network equipment and the terminal to obtain an initial air interface address by responding to a network access request initiated by the terminal by the network equipment comprises the following steps:
the network equipment responds to a network access request initiated by the terminal and obtains an initial air interface address included in the network access request.
In the wireless local area network, when accessing the network, the terminal sends an initial air interface address to the network device, where the initial air interface address is recorded in the network access request by the terminal.
On the basis of the foregoing embodiments, in the wireless local area network, the air interface frame at least includes a data field for storing service data, a receiving end Mac address field for storing an air interface address, and a sequence number field for storing a sequence number. The sequence number is generated by the sending end according to the unicast transmission times between the sending end and the receiving end.
In a wireless local area network, both a terminal and a network device may serve as a sending end of an air interface frame, 802.11 defined by Institute of Electrical and Electronics Engineers (IEEE) is a standard commonly used in wireless local area networks nowadays, and the air interface frame in the wireless local area network according to the embodiments of the present application does not need to improve the structure of the air interface frame like the air interface frame in a mobile network, but multiplexes a part of fields of the air interface frame, so that the embodiments of the present application can be applicable to the wireless local area network nowadays.
Referring to fig. 5, a schematic diagram of a frame format of an air interface frame of an 802.11 protocol is exemplarily shown, where as shown, the air interface frame includes the following fields:
frame Control, frame Control structure, describing and controlling the relevant information of MAC Frame;
duration, indicating how long the frame and its acknowledgement frame will occupy the channel, the Duration value being used for the calculation of the network allocation vector;
addresses 1 to 4 indicate Address fields, and generally include RA (Receiver Address, mac Address of the receiving end), TA (Transmission Address, mac Address of the transmitting end), SA (Sender Address), and DA (Destination Address).
Sequence, sequence control field, for filtering repeated frames;
data, a Data field, for storing transmitted or received information. The format of this field is very different for different types of data frames;
FCS (frame check sequence) including 32-bit Cyclic Redundancy Check (CRC) for checking whether a received frame is complete.
Each field in the air interface frame has a length limit, the byte length of most fields is fixed, for example, the Duration field is 2 bytes, the sequence field is 4 bytes, and the byte length of some fields is variable, for example, the length of the data field is 0-2312 bytes, that is, the data field may be null (0 byte), or may be up to 2312 bytes at most.
According to the embodiment of the application, the service data is written into the data field, the Sequence number is written into the Sequence field, the air interface address is written into the Mac address field of the receiving terminal, the encrypted transmission of the air interface frame is ensured under the condition that the 802.11 protocol is not changed, and an eavesdropper is prevented from continuously eavesdropping on the receiving terminal under the wireless local area network scene.
Further, in a wireless network environment, marking an air interface frame according to an air interface address in the embodiment of the present application includes:
and the transmitting end of the air interface frame stores the air interface address to a Mac address field of the receiving end, obtains a serial number according to unicast transmission times, stores the serial number to a serial number sequence field, stores service data to a data field and obtains a marked air interface frame.
Referring to fig. 6, which exemplarily shows an interaction diagram that a terminal in a wireless local area network sends uplink data to a network device, as shown in fig. 6, when the terminal accesses the wireless local area network, the terminal first needs to send an initial air interface address to the network device, so that when receiving an air interface frame, a router can determine an identity of a sending end of the air interface frame according to the air interface address in the air interface frame.
In a data uplink stage, a terminal determines service data, when the uplink data is sent for the first time, the terminal marks an air interface frame through an initial air interface address, the air interface frame carries the service data, and after receiving the air interface frame, network equipment analyzes the air interface frame through the initial air interface address, determines the identity of a sending end of the air interface frame, and then acquires the service data; starting from the second sending of the uplink data, the terminal generates an air interface address which changes along with the unicast transmission times, wherein each air interface address is different from the previous air interface address, the network equipment verifies the received air interface frame through a preset verification method, the identity of a sending end of the air interface frame is determined, and then service data are obtained.
Referring to fig. 7, which exemplarily shows an interaction diagram that a network device (shown as a router in the figure) in a wireless local area network sends downlink data to a terminal, as shown in fig. 8, when the terminal accesses the wireless local area network, the terminal first needs to send an initial air interface address to the network device, so that when the router first sends an air interface frame, the router can determine an identity of a receiving end of the air interface frame according to the air interface address in the air interface frame.
In a data downlink stage, a router determines service data, when downlink data is sent for the first time, the router marks an air interface frame through an initial air interface address, the air interface frame carries the service data, after a terminal receives the air interface frame, the terminal analyzes the air interface frame through the initial air interface address, determines that the air interface frame is sent to the terminal, and then obtains the service data; starting from the second sending of the downlink data, the router generates an air interface address which changes along with the unicast transmission times, wherein each air interface address is different from the previous air interface address, the terminal verifies the received air interface frame through a preset verification method, determines that the air interface frame is sent to the terminal, and then obtains the service data.
As can be seen from fig. 6 and 7, the air interface frame in the wireless local area network is bidirectional transmission — when the terminal sends uplink data to the network device, an air interface frame needs to be sent, when the network device sends downlink data to the terminal, the air interface address in the air interface frame is an initial air interface address sent by the terminal to the router when the terminal accesses, when the terminal sends uplink data subsequently, the current serial number and the air interface address are determined according to the number of interactions, when the router sends downlink data to the terminal, the air interface address included in the air interface frame sent for the first time is an initial air interface address sent by the terminal to the router when the terminal accesses, and when the downlink data is sent subsequently, the serial number and the air interface address are determined according to the number of interactions.
On the basis of the foregoing embodiments, as an optional embodiment, the generating, by a sending end of an air interface frame, an air interface address that changes with unicast transmission times includes:
when the air interface frame is transmitted in a non-first unicast mode, a sending end of the air interface frame determines a serial number according to unicast transmission times between the sending end and a receiving end, the serial number is encrypted according to a preset encryption method, and an encryption result is used as an air interface address.
That is to say, in the embodiment of the present application, no matter in a mobile network environment or in a wireless local area network environment, when the sending end of the air interface frame determines the air interface address, and when the air interface frame is not unicast-transmitted for the first time, the sending end of the air interface frame first determines the sequence number according to the unicast transmission times, then encrypts the sequence number according to a preset encryption method, and uses the encryption result as the air interface address.
The air interface frame generated in the embodiment of the present application includes two pieces of information: the sequence number and the air interface address are different from the existing air interface frame in that firstly, the air interface address in the air interface frame in the embodiment of the application is constantly changed, so that an eavesdropper of the air interface frame cannot determine a receiving end of the air interface frame through continuously eavesdropping the air interface address, and secondly, the information of the sequence number is added in the air interface frame, and the sequence number can be used as a basis for the receiving end to verify whether the air interface frame is sent to the receiving end.
Please refer to fig. 8, which exemplarily shows a schematic flow diagram for obtaining a changed air interface address provided in this embodiment, as shown in the figure, in a process of obtaining an air interface address, a session key is not changed, a sequence number is continuously updated along with the number of unicast transmissions, in the figure, a sequence number 2 indicates a sequence number determined according to a second unicast transmission, a sequence number T indicates a sequence number determined according to a T (T is a positive integer greater than 3) unicast transmission, and the session key and the sequence number are encrypted by using a preset encryption algorithm to obtain an air interface address corresponding to the unicast transmission (as shown in the figure, the air interface address 2, the air interface address 3, \\\8230, and the air interface address T), it should be understood that the session key and the encryption algorithm are information which is well agreed in advance by a sending end and a receiving end, and may be determined when the sending end and the receiving end interact for the first time.
Specifically, the method for generating an air interface address in the embodiment of the present application includes:
the first scheme comprises the following steps: and generating an air interface address by taking the current sequence number as a plaintext and a preset session key as an encryption key.
In the first scheme, the receiving end and the sending end need to confirm the consistency of the encryption and decryption keys in advance, so that after the receiving end obtains an air interface frame, the air interface frame can be correctly decrypted by the receiving end, and a current serial number is obtained. The encryption algorithm in the embodiment of the present application is not specifically limited, and may be, for example, the following encryption algorithm:
1. DES (Data Encryption Standard): the data encryption is standard, the speed is high, and the method is suitable for occasions where a large amount of data is encrypted;
2.3 DES (Triple DES): based on DES, three different keys are used for encrypting one block of data for three times, so that the intensity is higher;
3. AES (Advanced Encryption Standard): the advanced encryption standard has high speed and high security level, and supports the encryption of 128, 192, 256 and 512 bit keys;
4. blowfish, belonging to the block encryption algorithm.
Scheme two is as follows: performing hash operation on the current serial number and the session key according to a preset hash algorithm, and taking a hash operation result as an air interface address;
because the hash algorithm is difficult to find a reverse rule, that is, the current serial number is difficult to be deduced from the hash value, when the hash algorithm is used for encryption, the sending end and the receiving end are required to appoint the same hash algorithm in advance, so that the receiving end adopts the appointed hash algorithm to carry out hash operation on the current serial number in the air interface frame, and if the calculated hash value is the same as the air interface address in the air interface frame, the air interface frame is determined to be sent to the receiving end.
On the basis of the above embodiments, as an optional embodiment, the following schemes are provided for the receiving end to verify the air interface frame by the preset verification method:
aiming at an encryption method taking a session key as an encryption key, the corresponding verification method comprises the following steps:
the air interface address is used as a ciphertext, a predetermined session key is used as a decryption key to decrypt the ciphertext, if the obtained plaintext is the same as the serial number in the air interface frame, the verification is successful, and if the obtained plaintext is different from the serial number in the air interface frame, the verification is failed; or
And encrypting the serial number by taking a predetermined session key as an encryption key, if the obtained ciphertext is the same as the air interface address, the verification is successful, and if the obtained ciphertext is different from the air interface address, the verification is failed.
Aiming at the method for encrypting by using the Hash algorithm, the corresponding verification method is as follows:
the receiving end performs hash operation on the sequence number and the preset session key according to a pre-acquired hash algorithm, and if the hash operation result is the same as the air interface address in the air interface frame, the receiving end is determined to be the target receiving end
It should be understood that for a mobile network scenario, the sending end of an air interface frame: the network device broadcasts the air interface frame to each terminal in the cell range of the network device, and performs uplink and downlink data transmission with each terminal, but the terminal only performs uplink and downlink data transmission with one network device, that is, the network device stores the encryption method which has a good protocol with each terminal in the cell range, and the terminal only stores the verification method which has a good protocol with one network device, so if the terminal fails to verify the received control frame by using the pre-stored verification method, the service data in the air interface frame can be directly discarded. For a wireless local area network scenario, a sending end of an air interface frame may be a network device or a terminal, where when the sending end is a network device, a receiving end is a terminal, and when the sending end is a terminal, the receiving end is a network device. When the receiving end is a terminal, if the terminal verifies once to determine that the verification fails, the service data can be directly discarded, when the receiving end is a network device, because the network device stores the encryption method which is well agreed with a plurality of terminals, the verification method which is well agreed with the plurality of terminals is correspondingly stored, and the service data can be discarded only if the verification fails through all the verification methods, thereby ensuring the normal transmission of the data.
As an optional embodiment, in the embodiment of the present application, a cycle counting manner is adopted when determining the serial number, so that the serial number is limited in a certain numerical range, and a drawback that an empty address occupies too many characters due to an infinite increase of the serial number is avoided, please refer to fig. 9, which exemplarily shows a flowchart of determining the serial number in the embodiment of the present application, where as shown in the drawing, the flowchart includes:
s201, counting the number of times of transmitting empty frames to the receiving end in an accumulated mode to obtain a counting result;
s202, calculating the sum of the counting result and a preset value to obtain a summation result;
s203, judging the size of the summation result and a preset threshold, if the summation result is smaller than the preset threshold, executing the step S204, and if the summation result is not smaller than the preset threshold, executing the step S205;
s204, taking the sum of the counting result and a preset value as a serial number, and ending the process;
and S205, restoring the counting result to an initial value, taking the initial value as a serial number, and ending the process, wherein the initial value is smaller than a preset threshold value.
The sending end of the embodiment of the present application counts the sent times after sending an air interface frame to a target receiving end each time, obtains a counting result, and sums the counting result with a preset value after obtaining the counting result, where the preset value of the embodiment of the present application may be 1, that is, 1 is added to the counting result every time an air interface frame is sent, and then the summed result is compared with a preset threshold, where the preset threshold may be 216If the summation result is smaller than the preset threshold, the summation result is taken as the current serial number, otherwise, the technical result is restored to the initial value, the initial value of the embodiment of the present application may be 0, and then the initial value is taken as the current serial number.
For example, in the embodiment of the present application, a preset value is preset to be 1, a preset threshold value is 100, and an initial value is 3, if a sending end has sent an air interface frame to a target receiving end 50 times, a summation result of 50 and 1 is smaller than the preset threshold value 100, so that a current sequence number of the sending end when sending the air interface frame 51 st time is 51; if the sending end has sent the empty frame 99 times to the target receiving end, the result of summing 99 and 1 is not less than the preset threshold 100, so the counting result is restored to 3, and 3 is used as the current sequence number, which can be further presumed that when the sending end sends the empty frame again, the counting result of the sent empty frame is 3, thereby achieving the purpose of cyclic update.
Referring to fig. 10, a flowchart schematically illustrating a flowchart of a method for preventing eavesdropping in unicast transmission according to an embodiment of the present application is shown, where the method includes:
s301, the network equipment responds to a network access request initiated by the terminal, and generates and sends an initial air interface address to the terminal;
s302, when an air interface frame is unicast transmitted between the network equipment and the terminal for the first time, a sending end of the air interface frame marks the air interface frame through an initial air interface address, so that a receiving end of the air interface frame verifies the air interface frame by using the air interface address, and service data in the air interface frame is obtained;
s303, when the empty frame is transmitted by unicast between the network equipment and the terminal for the non-first time, the number of times that the empty frame is transmitted to the receiving end by the transmitting end of the empty frame is counted to obtain a counting result;
s304, the sending end calculates the sum of the counting result and a preset value to obtain a summation result;
s305, the sending end judges the size of the summation result and a preset threshold, if the summation result is smaller than the preset threshold, the step S306 is executed, and if the summation result is not smaller than the preset threshold, the step S307 is executed;
s306, the sending end takes the sum of the counting result and the preset value as a serial number, and executes the step S308;
s307, the sending end restores the counting result to an initial value, takes the initial value as a serial number, and executes the step S308 when the initial value is smaller than a preset threshold value;
s308, the sending end uses the sequence number as a plaintext and uses a preset session key as an encryption key to generate an air interface address;
s309, the receiving end verifies the air interface frame by using a preset verification method, and obtains the service data in the air interface frame after the verification is passed.
The embodiment of the application provides an anti-eavesdropping system in unicast transmission, which comprises network equipment and a terminal;
the terminal is used for initiating a network access request, and the network equipment is used for responding to the network access request initiated by the terminal so that the network equipment and the terminal both obtain an initial air interface address;
generating an air interface address which changes with the unicast transmission frequency by a sending end of the air interface frame, marking the air interface frame according to the air interface address, and unicast-transmitting the marked air interface frame to a receiving end of the air interface frame, so that the receiving end of the air interface frame verifies the received air interface frame according to a preset verification method, and obtains service data in the air interface frame after the verification is passed;
when the air interface frame is transmitted by unicast for the first time, the air interface address in the air interface frame transmitted by unicast for the first time is an initial air interface address, and a receiving end of the air interface frame verifies the air interface frame transmitted by unicast for the first time by using the initial air interface address;
and when the sending end of the empty frame is the terminal, the receiving end of the empty frame is the network equipment.
The method includes that a network device responds to a network access request initiated by a terminal to obtain an initial air interface address included in the network access request, or an initial air interface address generated according to the network access request is distributed to the terminal, so that the network device and the terminal can obtain the initial air interface address, when the network device carries out first unicast transmission on an air interface frame between the terminals, a sending end of the air interface frame marks the air interface frame through the initial air interface address, so that a receiving end of the air interface frame verifies the air interface frame by using the air interface address, service data in the air interface frame is obtained, because the initial air interface address is only known by the network device and the terminal, an eavesdropper cannot determine the identity of the receiving end of the air interface frame when the air interface frame is carried out first time, when the air interface frame is not carried out first unicast transmission between the network device and the terminal, the sending end of the air interface frame generates the air interface address which changes along with unicast transmission times, so that the eavesdropper cannot determine the identity of the receiving end through tracking fixed air interface addresses of a plurality of air interface frames, and the eavesdropper can effectively prevent the eavesdropper from eavesdropping the identity of the sending end or the identities of the air interface frame.
The network equipment and the terminal are in a mobile network; a sending end of an empty frame is a network device, and a receiving end of the empty frame is a terminal;
the network device includes: an air interface address allocation module for responding to a network access request initiated by a terminal and enabling both the network equipment and the terminal to obtain an initial air interface address;
the air interface address allocation module is specifically configured to: and responding to a network access request initiated by the terminal, and generating and sending an initial air interface address to the terminal.
In a possible implementation manner, in a scenario where a terminal sends uplink data to a network device, a sending end of an air interface frame generates an air interface address that changes with unicast transmission times, which includes: a terminal sends a channel resource allocation request to network equipment;
the method comprises the following steps that a sending end of an air interface frame generates an air interface address which changes along with unicast transmission times, marks the air interface frame according to the air interface address, and unicast-transmits the marked air interface frame to a receiving end of the air interface frame, and comprises the following steps:
the network equipment responds to the channel resource allocation request, and determines unicast transmission times according to the times of the terminal for transmitting the channel resource allocation request in an accumulated manner;
the network equipment generates an air interface address which changes along with the unicast transmission times, marks downlink control information according to the air interface address, and performs unicast transmission on the downlink control information serving as an air interface frame to the terminal; the service data in the downlink control information includes channel resources for indicating a designated channel for transmitting the uplink data.
In a possible implementation manner, the receiving end of the air interface frame verifies the received air interface frame according to a preset verification method, and obtains the service data in the air interface frame after the verification is passed, and then the method further includes:
the terminal determines an appointed channel for transmitting the uplink data according to the channel resource and transmits the uplink data in the appointed channel;
and the network equipment receives the uplink data sent by the terminal on the appointed channel.
In a possible implementation manner, in a scenario where the network device sends downlink data to the terminal, marking an air interface frame according to an air interface address, and unicast-transmitting the marked air interface frame to a receiving end of the air interface frame, includes:
the network equipment marks downlink control information according to the air interface address, unicast-transmits the downlink control information to the terminal as an air interface frame, and the service data of the downlink control information comprises channel resources used for indicating a designated channel for transmitting the downlink data.
In a possible implementation manner, the receiving end of the air interface frame verifies the received air interface frame according to a preset verification method, and obtains the service data in the air interface frame after the verification is passed, and then the method further includes:
the network equipment sends downlink data in a designated channel;
the terminal determines an appointed channel for transmitting the downlink data according to the channel resource, and receives the downlink data sent by the network equipment in the appointed channel.
The downlink control information includes: a serial number field for storing serial numbers, an air interface address field for storing air interface addresses and a data field for storing service data;
the network equipment marks an air interface frame according to the air interface address, and the method comprises the following steps: and storing the air interface address to an air interface address field, acquiring a serial number according to unicast transmission times, storing the serial number to a serial number field, storing service data to a data field, and acquiring a marked air interface frame.
In one possible implementation, the network device and the terminal are in a wireless local area network, and the sending end of the air interface frame is the terminal or the network device;
the method for enabling the network equipment and the terminal to obtain an initial air interface address by responding to a network access request initiated by the terminal by the network equipment comprises the following steps:
the network equipment responds to a network access request initiated by the terminal and obtains an initial air interface address included in the network access request.
In one possible implementation manner, the air interface frame comprises a data field for storing service data, a receiving end Mac address field for storing an air interface address, and a sequence number field for storing a sequence number;
marking an air interface frame according to an air interface address comprises:
and storing the air interface address to a Mac address field of a receiving end, acquiring a sequence number according to unicast transmission times, storing the sequence number to a sequence number field, storing service data to a data field, and acquiring a marked air interface frame.
In one possible implementation, the sending end of the air interface frame includes an air interface address updating module for generating an air interface address which changes with unicast transmission times;
the air interface address updating module is specifically configured to: when the air interface frame is transmitted in a non-first unicast mode, a transmitting end of the air interface frame determines a serial number according to unicast transmission times between the transmitting end and a receiving end, the serial number is encrypted according to a preset encryption method, and an encryption result is used as an air interface address.
In one possible implementation manner, the air interface address updating module includes a first encryption module that encrypts the serial number according to a preset encryption method;
the encryption module is specifically configured to: generating an air interface address by taking the sequence number as a plaintext and a preset session key as an encryption key;
the receiving end of the air interface frame comprises a first verification module for verifying the air interface frame by using a preset verification method;
the first verification module is specifically configured to:
decrypting the ciphertext by taking the air interface address as the ciphertext and taking a predetermined session key as a decryption key, and if the obtained plaintext is the same as the serial number in the air interface frame, passing the verification; or
And encrypting the serial number by taking a predetermined session key as an encryption key, and if the obtained ciphertext is the same as the air interface address in the air interface frame, the verification is passed.
In one possible implementation manner, the air interface address updating module includes a second encryption module for encrypting the serial number according to a preset encryption method;
the second encryption module is specifically configured to perform hash operation on the serial number and the preset session key according to a preset hash algorithm, and take a hash operation result as an air interface address;
the receiving end of the air interface frame comprises a second verification module for verifying the air interface frame by using a preset verification method;
the second verification module is specifically configured to: and performing hash operation on the sequence number and the preset session key according to a pre-acquired hash algorithm, and if the hash operation result is the same as the air interface address in the air interface frame, the verification is passed.
In one possible implementation manner, the air interface address updating module includes a serial number determining module for determining a serial number according to the unicast transmission times between the air interface address updating module and the receiving end;
the serial number determination module specifically comprises:
the counting unit is used for counting the number of times of accumulatively sending the air interface frame to the receiving end to obtain a counting result;
the first summing unit is used for taking the sum of the counting result and the preset value as a serial number if the sum of the counting result and the preset value is smaller than a preset threshold value;
and the cyclic updating unit is used for recovering the counting result to an initial value if the sum of the counting result and the preset value is not less than the preset threshold value, and taking the initial value as a serial number, wherein the initial value is less than the preset threshold value.
Referring to fig. 11, which exemplarily shows a schematic diagram of an eavesdropper eavesdropping performed by an eavesdropper in the anti-eavesdropping system in unicast transmission provided in the embodiment of the present application, as shown in the drawing, the system includes a network device 201 and 2 terminals, 3 terminals are 202 and 203, respectively, when the network device 201 first unicast-transmits an air interface frame to 2 terminals, the network device marks an air interface frame 1 sent to the terminal 202 with an initial air interface address A1, and marks an air interface frame 2 sent to the terminal 203 with an air interface address A2, when an eavesdropper eavesdrops two air interface frames, since it does not know which terminal the air interface addresses A1 and A2 correspond to, it cannot know a correspondence between the air interface frame and the terminal, but then the eavesdropper continues to eavesdrop whether the air interface addresses A1 and A2 appear in new air interface frames.
When the network device 201 unicast-transmits an air interface frame to 2 terminals for the second time, the network device generates air interface addresses A3 and A4 that change with the unicast transmission frequency, marks the air interface frame 3 to the terminal 202 with the air interface address A3, and marks the air interface frame 4 to the terminal 202 with the air interface address A4, and when an eavesdropper eavesdrops two air interface frames, it is found that the corresponding relationship between the air interface frame and the terminal still cannot be determined because the air interface addresses in the two air interface frames are not A1 or A2, but A3 and A4, and thus, the embodiment of the present application can effectively place the identity of a receiving end where the eavesdropper identifies the air interface frame.
The system related to the embodiment of the invention can be a distributed system formed by connecting a client, a plurality of nodes (any form of computing equipment in an access network, such as a server and a user terminal) through a network communication mode.
Taking a distributed system as an example of a blockchain system, referring To fig. 12, fig. 12 is an optional structural schematic diagram of the distributed system 100 applied To the blockchain system provided in the embodiment of the present invention, and is formed by a plurality of nodes 200 (computing devices in any form in an access network, such as servers and user terminals) and a client 300, where a Peer-To-Peer (P2P) network is formed between the nodes, and the P2P Protocol is an application layer Protocol operating on a Transmission Control Protocol (TCP). In a distributed system, any machine, such as a server or a terminal, can join to become a node, which includes a hardware layer, an intermediate layer, an operating system layer, and an application layer.
Referring to the functions of each node in the block chain system shown in fig. 12, the related functions include:
1) Routing, a basic function that a node has, is used to support communication between nodes.
Besides the routing function, the node can also have the following functions:
2) The application is used for being deployed in a block chain, realizing specific services according to actual service requirements, recording data related to the realization functions to form recorded data, carrying a digital signature in the recorded data to represent a source of task data, and sending the recorded data to other nodes in the block chain system, so that the recorded data is added to a temporary block when the other nodes verify the source and the integrity of the recorded data.
For example, the services implemented by the application include:
2.1 Wallet) for providing functions of conducting transactions of electronic money, including initiating transactions (i.e. sending transaction records of current transactions to other nodes in the blockchain system, and storing the record data of the transactions in temporary blocks of the blockchain as a response for acknowledging that the transactions are valid after the other nodes are successfully verified; of course, the wallet also supports the querying of the remaining electronic money in the electronic money address;
2.2 Shared account book) is used for providing functions of operations such as storage, query and modification of account data, record data of the operations on the account data are sent to other nodes in the block chain system, and after the other nodes verify that the record data are valid, the record data are stored in a temporary block as a response for acknowledging that the account data are valid, and confirmation can be sent to the node initiating the operations.
2.3 Intelligent contracts, computerized agreements, which can enforce the terms of a contract, implemented by code deployed on a shared ledger for execution when certain conditions are met, for completing automated transactions according to actual business requirement code, such as querying the logistics status of goods purchased by a buyer, transferring the buyer's electronic money to a merchant's address after the buyer has signed up for goods; of course, smart contracts are not limited to executing contracts for trading, but may also execute contracts that process received information.
3) And the Block chain comprises a series of blocks (blocks) which are mutually connected according to the generated chronological order, new blocks cannot be removed once being added into the Block chain, and the blocks record the record data submitted by the nodes in the Block chain system.
When the embodiment of the present application is applied to a block chain system, an air interface frame is characterized by a block, when one node in the block chain system sends recorded data to other nodes in the block chain system, the node serves as a sending end, the other nodes serve as receiving ends, and a method for preventing eavesdropping when the sending end and the receiving end interact with each other may be specifically referred to in the above embodiment, which is not described in detail herein.
Referring to fig. 13, fig. 13 is an alternative schematic diagram of a Block Structure (Block Structure) provided in the embodiment of the present invention, where each Block includes a hash value of a transaction record stored in the Block (hash value of the Block) and a hash value of a previous Block, and the blocks are connected by the hash values to form a Block chain. The block may also include information such as a time stamp at the time of block generation. A block chain (Blockchain), which is essentially a decentralized database, is a string of data blocks associated by using cryptography, and each data block contains related information for verifying the validity (anti-counterfeiting) of the information and generating a next block.
An embodiment of the present application provides an electronic device, including: a memory and a processor; at least one program stored in the memory for execution by the processor, which when executed by the processor, implements: the method includes that a network device responds to a network access request initiated by a terminal to obtain an initial air interface address included in the network access request, or an initial air interface address generated according to the network access request is distributed to the terminal, so that the network device and the terminal can obtain the initial air interface address, when the network device carries out first unicast transmission on an air interface frame between the terminals, a sending end of the air interface frame marks the air interface frame through the initial air interface address, so that a receiving end of the air interface frame verifies the air interface frame by using the air interface address, service data in the air interface frame is obtained, because the initial air interface address is only known by the network device and the terminal, an eavesdropper cannot determine the identity of the receiving end of the air interface frame when the air interface frame is carried out first time, when the air interface frame is not carried out first unicast transmission between the network device and the terminal, the sending end of the air interface frame generates the air interface address which changes along with unicast transmission times, so that the eavesdropper cannot determine the identity of the receiving end through tracking fixed air interface addresses of a plurality of air interface frames, and the eavesdropper can effectively prevent the eavesdropper from eavesdropping the identity of the sending end or the identities of the air interface frame.
In an alternative embodiment, there is provided an electronic apparatus, as shown in fig. 14, an electronic apparatus 4000 shown in fig. 14 including: a processor 4001 and a memory 4003. Processor 4001 is coupled to memory 4003, such as via bus 4002. Optionally, the electronic device 4000 may further comprise a transceiver 4004. In addition, the transceiver 4004 is not limited to one in practical applications, and the structure of the electronic device 4000 is not limited to the embodiment of the present application.
The Processor 4001 may be a CPU (Central Processing Unit), a general-purpose Processor, a DSP (Digital Signal Processor), an ASIC (Application Specific Integrated Circuit), an FPGA (field programmable Gate Array) or other programmable logic device, a transistor logic device, a hardware component, or any combination thereof. Which may implement or execute the various illustrative logical blocks, modules, and circuits described in connection with the disclosure herein. The processor 4001 may also be a combination that performs a computational function, including, for example, a combination of one or more microprocessors, a combination of a DSP and a microprocessor, or the like.
The Memory 4003 may be a ROM (Read Only Memory) or other type of static storage device that can store static information and instructions, a RAM (Random Access Memory) or other type of dynamic storage device that can store information and instructions, an EEPROM (Electrically Erasable Programmable Read Only Memory), a CD-ROM (Compact Disc Read Only Memory) or other optical Disc storage, optical Disc storage (including Compact Disc, laser Disc, optical Disc, digital versatile Disc, blu-ray Disc, etc.), a magnetic Disc storage medium or other magnetic storage device, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited thereto.
The memory 4003 is used for storing application codes for executing the scheme of the present application, and the execution is controlled by the processor 4001. Processor 4001 is configured to execute application code stored in memory 4003 to implement what is shown in the foregoing method embodiments.
The embodiment of the present application provides a computer readable storage medium, on which a computer program is stored, and when the computer program runs on a computer, the computer is enabled to execute the corresponding content in the foregoing method embodiment. Compared with the prior art, an initial air interface address included in a network access request is obtained by a network device in response to the network access request initiated by a terminal, or the initial air interface address generated according to the network access request is distributed to the terminal, so that the network device and the terminal can both obtain the initial air interface address, when the network device carries out first unicast transmission of an air interface frame between the terminals, a transmitting end of the air interface frame marks the air interface frame through the initial air interface address, so that a receiving end of the air interface frame verifies the air interface frame by using the air interface address, service data in the air interface frame is obtained, because the initial air interface address is only known by the network device and the terminal, an eavesdropper cannot determine the identity of the receiving end of the air interface frame when the air interface frame is transmitted for the first time, and when the air interface frame is not carried out the first unicast transmission between the network device and the terminal, the air interface address changed along with the unicast transmission times is generated by the transmitting end of the air interface frame, so that the eavesdropper cannot determine the identity of the receiving end by tracking the fixed air interface addresses of a plurality of air interface frames. .
The embodiment of the present application provides a computer program, which includes computer instructions stored in a computer-readable storage medium, and when a processor of a computer device reads the computer instructions from the computer-readable storage medium, the processor executes the computer instructions, so that the computer device executes the contents as shown in the foregoing method embodiment. Compared with the prior art, the network device responds to a network access request initiated by a terminal to obtain an initial air interface address included in the network access request, or allocates the initial air interface address generated according to the network access request to the terminal, so that the network device and the terminal can both obtain the initial air interface address, when the network device performs first unicast transmission of an air interface frame between the terminals, a transmitting end of the air interface frame marks the air interface frame through the initial air interface address, so that a receiving end of the air interface frame verifies the air interface frame by using the air interface address, and service data in the air interface frame is obtained.
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and may be performed in other orders unless explicitly stated herein. Moreover, at least a portion of the steps in the flow chart of the figure may include multiple sub-steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed alternately or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
The foregoing is only a partial embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.
Claims (16)
1. A unicast transmission method based on an air interface frame is characterized by comprising the following steps:
the network equipment responds to a network access request initiated by a terminal, so that the network equipment and the terminal both obtain initial air interface addresses;
generating an air interface address which changes along with the unicast transmission frequency by a sending end of the air interface frame, marking the air interface frame according to the air interface address, and unicast-transmitting the marked air interface frame to a receiving end of the air interface frame;
the receiving end of the air interface frame verifies the received air interface frame according to a preset verification method, and obtains the service data in the air interface frame after the verification is passed;
when the air interface frame is transmitted by unicast for the first time, the air interface address in the air interface frame transmitted by unicast for the first time is the initial air interface address, and a receiving end of the air interface frame verifies the air interface frame transmitted by unicast for the first time by using the initial air interface address;
and when the sending end of the air interface frame is the terminal, the receiving end of the air interface frame is the network equipment.
2. The unicast transmission method based on air interface frames according to claim 1, characterized in that said network device and terminal are in mobile network; the sending end of the air interface frame is the network equipment, and the receiving end of the air interface frame is the terminal;
the network device responds to a network access request initiated by a terminal, so that the network device and the terminal both obtain an initial air interface address, and the method comprises the following steps:
and the network equipment responds to a network access request initiated by a terminal, and generates and sends the initial air interface address to the terminal.
3. The unicast transmission method based on the air interface frame according to claim 2, wherein in a scenario where the terminal sends uplink data to the network device, a sending end of the air interface frame generates an air interface address that changes with the number of unicast transmissions, and before the method further comprises: the terminal sends a channel resource allocation request to the network equipment;
the method comprises the following steps that a sending end of the air interface frame generates an air interface address which changes along with unicast transmission times, marks the air interface frame according to the air interface address, and unicast-transmits the marked air interface frame to a receiving end of the air interface frame, and comprises the following steps:
the network equipment responds to the channel resource allocation request and determines unicast transmission times according to the times of the terminal transmitting the channel resource allocation request in an accumulated manner;
the network equipment generates an air interface address which changes along with the unicast transmission times, marks downlink control information according to the air interface address, and performs unicast transmission on the downlink control information serving as an air interface frame to the terminal; the service data in the downlink control information includes channel resources for indicating a designated channel for transmitting uplink data.
4. The air interface frame-based unicast transmission method according to claim 3, wherein the receiving end of the air interface frame verifies the received air interface frame according to a preset verification method, and obtains the service data in the air interface frame after the verification is passed, and then further comprising:
the terminal determines an appointed channel for transmitting uplink data according to the channel resource and transmits the uplink data in the appointed channel;
and the network equipment receives the uplink data sent by the terminal in the designated channel.
5. The air interface frame-based unicast transmission method according to claim 2, wherein in a scenario where a network device sends downlink data to the terminal, the marking an air interface frame according to the air interface address, and unicast-transmitting the marked air interface frame to a receiving end of the air interface frame, comprises:
and marking downlink control information according to the air interface address, and transmitting the downlink control information to the terminal as an air interface frame in a unicast mode, wherein the service data of the downlink control information comprises channel resources used for indicating a designated channel for transmitting the downlink data.
6. The air interface frame-based unicast transmission method according to claim 5, wherein the receiving end of the air interface frame verifies the received air interface frame according to a preset verification method, and obtains the service data in the air interface frame after the verification is passed, and then further comprising:
the network equipment sends downlink data in the designated channel;
and the terminal determines an appointed channel for transmitting the downlink data according to the channel resource and receives the downlink data sent by the network equipment in the appointed channel.
7. The unicast transmission method based on the air interface frame according to claim 3 or 5, wherein the downlink control information includes: a serial number field for storing serial numbers, an air interface address field for storing air interface addresses and a data field for storing service data;
the marking of the air interface frame according to the air interface address comprises:
and storing the air interface address to the air interface address field, acquiring a sequence number according to unicast transmission times, storing the sequence number to the sequence number field, storing the service data to the data field, and acquiring a marked air interface frame.
8. The unicast transmission method based on the air interface frame according to claim 1, wherein the network device and the terminal are in a wireless local area network, and the sending end of the air interface frame is the terminal or the network device;
the network device responds to a network access request initiated by a terminal, so that the network device and the terminal both obtain an initial air interface address, including:
the network equipment responds to a network access request initiated by a terminal and obtains an initial air interface address included in the network access request.
9. The air interface frame-based unicast transmission method according to claim 8, characterized in that said air interface frame comprises a data field for storing service data, a receiving end Mac address field for storing an air interface address, and a sequence number field for storing a sequence number;
marking an air interface frame according to the air interface address comprises:
and storing the air interface address to the Mac address field of the receiving end, obtaining a sequence number according to unicast transmission times, storing the sequence number to the sequence field of the sequence number, storing the service data to the data field, and obtaining a marked air interface frame.
10. The air interface frame-based unicast transmission method according to any one of claims 1 to 9, wherein a sending end of an air interface frame generates an air interface address that changes with unicast transmission times, including:
when the air interface frame is transmitted in a non-first unicast mode, a sending end of the air interface frame determines a serial number according to unicast transmission times between the sending end and a receiving end, the serial number is encrypted according to a preset encryption method, and an encryption result is used as an air interface address.
11. The unicast transmission method based on the air interface frame according to claim 10, wherein the encrypting the sequence number according to a preset encryption method and taking the encryption result as an air interface address comprises:
the sending end uses the sequence number as a plaintext and uses a preset session key as an encryption key to generate the air interface address;
the receiving end of the air interface frame verifies the air interface frame by using a preset verification method, which comprises the following steps:
the receiving end decrypts the ciphertext by taking the air interface address as the ciphertext and taking a predetermined session key as a decryption key, and if the obtained plaintext is the same as the serial number in the air interface frame, the verification is passed; or alternatively
And the receiving end encrypts the serial number by taking a predetermined session key as an encryption key, and if the obtained ciphertext is the same as an air interface address in an air interface frame, the verification is passed.
12. The unicast transmission method based on the air interface frame according to claim 10, wherein the encrypting the sequence number according to a preset encryption method and taking the encryption result as an air interface address comprises:
performing hash operation on the serial number and a preset session key according to a preset hash algorithm, and taking a hash operation result as the air interface address;
the method for verifying the air interface frame by the receiving end of the air interface frame by using a preset verification method comprises the following steps:
and the receiving end performs hash operation on the serial number and a preset session key according to a pre-acquired hash algorithm, and if the hash operation result is the same as the air interface address in the air interface frame, the verification is passed.
13. The air interface frame-based unicast transmission method according to claim 10, wherein the determining, by the sending end of the air interface frame, the sequence number according to the number of unicast transmissions with the receiving end comprises:
the sending end counts the number of times of transmitting the air interface frame to the receiving end in an accumulated mode to obtain a counting result;
if the sum of the counting result and the preset value is smaller than the preset threshold value, taking the sum of the counting result and the preset value as the serial number;
and if the sum of the counting result and a preset value is not less than the preset threshold value, restoring the counting result to an initial value, and taking the initial value as the serial number, wherein the initial value is less than the preset threshold value.
14. A unicast transmission system based on an air interface frame is characterized by comprising network equipment and a terminal;
the terminal is used for initiating a network access request, and the network equipment is used for responding to the network access request initiated by the terminal, so that the network equipment and the terminal both obtain an initial air interface address;
generating an air interface address which changes with unicast transmission times by a sending end of an air interface frame, marking the air interface frame according to the air interface address, and unicast-transmitting the marked air interface frame to a receiving end of the air interface frame, so that the receiving end of the air interface frame verifies the received air interface frame according to a preset verification method, and obtains service data in the air interface frame after the verification is passed;
when the air interface frame is transmitted by unicast for the first time, the air interface address in the air interface frame transmitted by unicast for the first time is the initial air interface address, and a receiving end of the air interface frame verifies the air interface frame transmitted by unicast for the first time by using the initial air interface address;
and when the sending end of the air interface frame is the network equipment, the receiving end of the air interface frame is a terminal, and when the sending end of the air interface frame is the terminal, the receiving end of the air interface frame is the network equipment.
15. An electronic device, comprising a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor implements the steps of the method for unicast transmission based on air interface frame according to any of claims 1 to 13 when executing the program.
16. A computer-readable storage medium, wherein the computer-readable storage medium stores computer instructions for causing the computer to perform the steps of the method for unicast transmission based on air interface frames according to any one of claims 1 to 13.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110482293.1A CN115278661A (en) | 2021-04-30 | 2021-04-30 | Unicast transmission method, system, electronic equipment and storage medium based on air interface frame |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110482293.1A CN115278661A (en) | 2021-04-30 | 2021-04-30 | Unicast transmission method, system, electronic equipment and storage medium based on air interface frame |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115278661A true CN115278661A (en) | 2022-11-01 |
Family
ID=83745171
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110482293.1A Pending CN115278661A (en) | 2021-04-30 | 2021-04-30 | Unicast transmission method, system, electronic equipment and storage medium based on air interface frame |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115278661A (en) |
-
2021
- 2021-04-30 CN CN202110482293.1A patent/CN115278661A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109413645B (en) | Method and device for access authentication | |
| CN105450406A (en) | Data processing method and device | |
| CN1770681A (en) | Conversation key safety distributing method under wireless environment | |
| Bali et al. | Lightweight authentication for MQTT to improve the security of IoT communication | |
| CN103118363A (en) | Method, system, terminal device and platform device of secret information transmission | |
| CN114143117B (en) | Data processing method and device | |
| CN112912878B (en) | Secure crypto processor | |
| WO2021103772A1 (en) | Data transmission method and apparatus | |
| CN105100268A (en) | Security control method and system of Internet-of-things device as well as application server | |
| CN113613227B (en) | Data transmission method and device of Bluetooth equipment, storage medium and electronic device | |
| CN110191467A (en) | A kind of method for authenticating of internet of things equipment, unit and storage medium | |
| Saxena et al. | BVPSMS: A batch verification protocol for end-to-end secure SMS for mobile users | |
| CN114223233A (en) | Data security for network slice management | |
| Mershad et al. | REACT: secure and efficient data acquisition in VANETs | |
| Leu et al. | Improving security level of LTE authentication and key agreement procedure | |
| CN113905012A (en) | Communication method, device, equipment and medium | |
| CN103905389A (en) | Relay equipment-based security association, data transmission method, device and system | |
| Fazzat et al. | A comparative performance study of cryptographic algorithms for connected vehicles | |
| Wu et al. | Efficient authentication for Internet of Things devices in information management systems | |
| CN111181730A (en) | User identity generation and updating method and device, storage medium and node equipment | |
| CN113923668B (en) | Method, device, chip and readable storage medium for identifying network attack behavior | |
| CN102739660A (en) | Key exchange method for single sign on system | |
| CN115278661A (en) | Unicast transmission method, system, electronic equipment and storage medium based on air interface frame | |
| CN112862488A (en) | Data signature method and device, electronic equipment and computer readable storage medium | |
| CN109792459B (en) | Method for transmitting data to at least one device, data transmission control server, storage server, processing server and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |