CN115426138A - LonTalk-SA protocol authentication method - Google Patents

LonTalk-SA protocol authentication method Download PDF

Info

Publication number
CN115426138A
CN115426138A CN202210970947.XA CN202210970947A CN115426138A CN 115426138 A CN115426138 A CN 115426138A CN 202210970947 A CN202210970947 A CN 202210970947A CN 115426138 A CN115426138 A CN 115426138A
Authority
CN
China
Prior art keywords
message
server
sent
key
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210970947.XA
Other languages
Chinese (zh)
Inventor
冯涛
吴毅
方君丽
蒋泳波
谢鹏寿
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lanzhou University of Technology
Original Assignee
Lanzhou University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lanzhou University of Technology filed Critical Lanzhou University of Technology
Priority to CN202210970947.XA priority Critical patent/CN115426138A/en
Publication of CN115426138A publication Critical patent/CN115426138A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD

Abstract

A LonTalk-SA protocol authentication method includes the steps that a trusted third-party server is added into a LonTalk-SA authentication protocol, identity authentication of a sending end and a receiving end is completed through the trusted third-party server, and exclusive or operation is conducted on random numbers through the sending end and the receiving end to generate a session key. The LonTalk-SA can effectively resist 3 types of attack behaviors of replay, tampering and deception, bidirectional authentication of the communication nodes is provided, and confidentiality, integrity and authentication of messages in the transmission process are guaranteed, so that the safety of a protocol is improved.

Description

LonTalk-SA protocol authentication method
Technical Field
The invention relates to the technical field of building automation communication protocol equipment authentication and data confidentiality security.
Background
The building automation system is a key part in an intelligent building and mainly realizes highly automated and intelligent centralized management on all electromechanical facilities and energy equipment in the intelligent building. The combination of the internet and the traditional bus improves the efficiency of the traditional bus, but also introduces the security problem existing in the internet into the building automation system, for example, an attacker can easily tamper, replay, eavesdrop and the like on data transmitted in the industrial control system.
LonTalk is a protocol optimized for controlling the network. Originally developed by Echelon corporation to connect devices via twisted pair, power line, fiber optic, etc., this protocol is widely used in industrial control, home automation, building systems (e.g., lighting and heating, ventilation, and air conditioning). The protocol is adopted as an open international control network standard protocol by ISO/IEC 14908, and a multifunctional control network protocol stack aiming at scenes such as a smart grid, a smart building and a smart city is specified.
With the development of technology, more and more articles now indicate that the LonTalk authentication protocol in the building automation system has a vulnerability. Documents [ J.Ng, S.L.Keoh, Z.Tang, and H.Ko, SEAPASS: symmetry-key encryption and authentication for building authentication systems, in 2018IEEE 4 World form on the Internet of Things (WF-IoT), 2018,219-224] and documents [ P.Jovanovic and S.Neves, dumb encryption in smart grids: active encryption of the open smart grid id protocol, IACR Cryptology P.2015, 2015,428] indicate that the LonTalk authentication protocol has the following security drawbacks: (1) The identity authentication protocol used only supports the verification of the identity of the sender and cannot check the identity of the receiver. And the sending end can only initiate the challenge-response request, but the receiving end can not, the protocol can only carry out one-way authentication. (2) The key for identity authentication between the devices is only 48 bits, and brute force attack cannot be avoided. (3) Only part of the data segment is used for hash calculation and neither address information nor other header information is protected. (4) Data is transmitted in the clear, and therefore, leakage of confidential data may result. (5) Because the sender always needs to perform identity authentication with the receiver, a communication session cannot be established.
The document [ X.Yan and W.Bo, A Security Extension to LonWorks/LonTalk Protocol, international Journal of Digital Content Technology and its Applications, VOL.7, no.6,2013,790-780] proposes a new LonSec Protocol, which uses SHA-1 and AES encryption methods to encrypt data, so as to ensure the confidentiality and integrity of data, and uses an improved needleham-Schroeder Protocol to provide a key distribution mechanism. However, relevant research proves that the SHA-1 algorithm can be broken violently at present, and the sending terminal device does not perform identity authentication on the third-party server, so that the authenticity of the feedback message cannot be guaranteed. Secondly, a timestamp mechanism is not added in the message transmission process, so that the protocol cannot be guaranteed to be prevented from being attacked by replay.
Disclosure of Invention
The invention aims to provide a LonTalk-SA protocol authentication method.
The invention relates to a LonTalk-SA protocol authentication method, which comprises the following steps:
step (1) when A and B carry out identity authentication, A generates random numbers X and N A A encrypts two random numbers and ID of A and B with master key, and sends ID A Sending the encrypted data packet to a server;
step (2) when the Server receives the message from A, use the master key K AS Carrying out decryption; after decryption, the Server uses K BS Two random numbers sent by A are encrypted and added with a time stamp TS 1 (ii) a Will N A Combined with the encrypted data packet sent to B, using a master key K AS Encrypting and sending to A;
step (3) A, after receiving the information returned by the Server, using the master key K AS Discovery of N after decryption A If no change occurs, determining that no tampering attack occurs; then A sends the Server to the data packet and ID sent by B A And ID B Are combined together and sent to B;
step (4) B uses the master key K after receiving the message BS Decrypting to obtain two random numbers generated by A and a time stamp TS 1 Checking whether the replay attack is suffered or not through the timestamp; at this time, B also generates two random numbers Y and N B (ii) a B will ID A 、ID B 、Y、N B And N A Combined together, using a master key K BS Encrypting and finally applying the ID B Sent to Se together with encrypted data packetsrver;
Step (5) Server receives message from B, using key K BS Decryption is performed. Server key K AS For Y, N B 、N A The combined messages are encrypted and time stamped TS is added 2 (ii) a Finally using K BS N is to be B And the encrypted message sent to A is sent to B after being encrypted;
step (6) after B receives the Server message, use K BS Carry out decryption and check N B Whether it has been tampered with; then B sends the rest data to A;
step (7) after receiving the message from B, the A uses the master key K AS Decrypting to obtain random number Y and time stamp TS 2 Checking whether the timestamp exceeds a preset time range; carrying out XOR operation on Y and X to generate a session key K; a is to N A 、N B Carrying out Hash operation; will N A 、N B The hash values are combined together and encrypted by a session key K and sent to a server B;
step (8) B, performing XOR operation on X and Y to generate a session key K; b decrypts the message using the session key K and recalculates N A 、 N B Comparing the hash value of the message A with the hash value of the message A, and if the hash values are the same, indicating that the authentication of the message B to the message A is successful; and B calculates N B 、N A Is to be performed using the session key K to N B 、N A Encrypting the hash value and sending the encrypted hash value to A;
step (9) A, after receiving the message, decrypts it with the session key K and calculates N B ,N A And comparing the hash value of (A) with the hash value sent by (B), and if the hash values are the same, indicating that the authentication of the (A) to the (B) is successful.
The invention has the advantages that:
(1) Resisting malicious instructions: the attack means that an attacker sends a malicious data packet to a node, so that a malicious instruction destroys a system. However, in the LonTalk-SA authentication protocol, an attacker cannot acquire a master key of a node and a server or a session key between the nodes, so that a data packet sent by the attacker cannot be verified, and the system cannot be damaged;
(2) Anti-eavesdropping attack: an attacker eavesdrops on data transmitted in the network in a passive attack mode, analyzes the data and then initiates an attack on the nodes. Since all messages transmitted in the LonTalk-SA authentication protocol are encrypted by using the secret key, an attacker cannot steal the transmitted data;
(3) Replay attack resistance: an attacker eavesdrops the transmitted data and retransmits the eavesdropped data to a receiving end during the next round of communication among the nodes, so that the purpose of deceiving the receiving end is achieved. A timestamp is added into the LonTalk-SA authentication protocol, and when a receiving end finds that the timestamp in the data packet exceeds a time range, the data packet is directly discarded;
(4) And (3) bidirectional authentication: the LonTalk-SA authentication protocol can authenticate the identities of two communication parties;
(5) Perfect forward security: both communication parties generate a random number to calculate the session key, and each authentication operation generates a new random number to calculate the session key. The leakage of the current session key is ensured not to influence the historical communication message. While guaranteeing the freshness of the session key.
Drawings
Fig. 1 is a message flow diagram of a LonTalk-SA protocol authentication method.
Detailed Description
As shown in fig. 1, in the embodiment of the present invention, there are three participating devices, which are a device a, a device B, and a trusted third party server S; the scheme flow is divided into two parts, namely a session key requesting stage and an identity authentication stage.
The invention relates to a LonTalk-SA protocol authentication method, which comprises the following steps:
step (1) when A and B carry out identity authentication, A generates random numbers X and N A A encrypts two random numbers and ID of A and B with master key, and sends ID A Sending the encrypted data packet to a server;
step (2) when the Server receives the message from A, use the master key K AS Carrying out decryption; after decryption, the Server uses K BS Encrypting two random numbers sent from A and addingTime stamping TS 1 (ii) a Will N A Combined with the encrypted data packet sent to B, using a master key K AS Encrypting and sending to A;
step (3) A receives the information returned by the Server, and uses the master key K AS Discovery of N after decryption A If no change occurs, determining that no tampering attack occurs; then A sends the Server to the data packet and ID sent by B A And ID B Combined together and sent to B;
step (4) B uses the master key K after receiving the message BS Decrypting to obtain two random numbers generated by A and a time stamp TS 1 Checking whether the replay attack is suffered or not through the timestamp; at this time, B also generates two random numbers Y and N B (ii) a B will ID A 、ID B 、Y、N B And N A Combined together, using a master key K BS Encrypting and finally applying the ID B Sending the data packet to the Server together with the encrypted data packet;
step (5) the Server receives the message from B and uses the key K BS Decryption is performed. Server key K AS For Y, N B 、N A The combined messages are encrypted and time stamped TS is added 2 (ii) a Finally using K BS N is to be B And sending the encrypted message sent to A to B after encrypting;
step (6) after B receives the message of Server, use K BS Carry out decryption and check N B Whether it has been tampered with; then B sends the rest data to A;
step (7) after receiving the message from B, the A uses the master key K AS Decrypting to obtain random number Y and time stamp TS 2 Checking whether the timestamp exceeds a preset time range; carrying out XOR operation on Y and X to generate a session key K; a is to N A 、N B Carrying out Hash operation; will N A 、N B Combining the hash values, encrypting by using a session key K and sending to B;
step (8) B, performing XOR operation on X and Y to generate a session key K; b decrypts the message using the session key K and recalculates N A 、 N B Is paired with the hash value of the message sent by AIf the hash values are the same, the authentication of the B to the A is successful; and B calculates N B 、N A Is to be performed using the session key K to N B 、N A Encrypting the hash value and sending the encrypted hash value to A;
step (9) A, after receiving the message, decrypts with the session key K and calculates N B ,N A The hash value of (B) is compared with the hash value sent by B, and if the hash values are the same, the authentication of a to B is successful.
Description of the symbols:
Figure RE-GDA0003887865430000031
Figure RE-GDA0003887865430000041
a trusted third-party server is added in the LonTalk-SA authentication protocol, identity authentication of a sending end and a receiving end is completed by the third-party server, and exclusive or operation is performed on random numbers through the sending end and the receiving end to generate a session key. The LonTalk-SA can effectively resist 3 types of attack behaviors of replay, tampering and deception, provides bidirectional authentication of the communication nodes, and simultaneously ensures confidentiality, integrity and authentication of messages in the transmission process, thereby improving the safety of the protocol.

Claims (1)

  1. The LonTalk-SA protocol authentication method is characterized by comprising the following steps:
    step (1) when A and B carry out identity authentication, A generates random numbers X and N A A encrypts two random numbers and the ID of A and B by using a master key, and the ID is encrypted A Sending the encrypted data packet to a server;
    step (2) when the Server receives the message from A, use the master key K AS Carrying out decryption; after decryption, the Server uses K BS Two random numbers sent by A are encrypted and added with a time stamp TS 1 (ii) a N is to be A Master key K for combination with encrypted data packet sent to B AS Encrypting and sending to A;
    step (3) A receives the information returned by the Server, and uses the master key K AS Discovery of N after decryption A If no change occurs, determining that no tampering attack occurs; then A sends the Server to the data packet and ID sent by B A And ID B Combined together and sent to B;
    step (4) B, after receiving the message, using the master key K BS Decrypting to obtain two random numbers generated by A and a time stamp TS 1 Checking whether the replay attack is suffered or not through the timestamp; at this time, B also generates two random numbers r and N B (ii) a B will ID A 、ID B 、Y、N B And N A Combined together, using a master key K BS Encrypting and finally applying the ID B Sending the data packet to the Server together with the encrypted data packet;
    step (5) the Server receives the message from B and uses the key K BS Decryption is performed. Server key K AS For Y, N B 、N A The combined messages are encrypted and time stamped TS is added 2 (ii) a Finally using K BS Will N B And sending the encrypted message sent to A to B after encrypting;
    step (6) after B receives the message of Server, use K BS Carry out decryption and check N B Whether it has been tampered with; then B sends the rest data to A;
    step (7) after A receives the message from B, use the master key K AS Decrypting to obtain random number Y and time stamp TS 2 Checking whether the timestamp exceeds a preset time range; carrying out XOR operation on Y and X to generate a session key K; a is to N A 、N B Carrying out Hash operation; will N A 、N B Combining the hash values, encrypting by using a session key K and sending to B;
    step (8) B, performing XOR operation on X and Y to generate a session key K; b decrypts the message using the session key K and recalculates N A 、N B Comparing the hash value of the message sent by the A with the hash value of the message sent by the A, and if the hash values are the same, indicating that the authentication of the B on the A is successful; and B calculates N B 、N A Is to be performed using the session key K to N B 、N A Encrypting the hash value and sending the encrypted hash value to A;
    step (9) A, after receiving the message, decrypts it with the session key K and calculates N B ,N A The hash value of (B) is compared with the hash value sent by B, and if the hash values are the same, the authentication of a to B is successful.
CN202210970947.XA 2022-08-14 2022-08-14 LonTalk-SA protocol authentication method Pending CN115426138A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210970947.XA CN115426138A (en) 2022-08-14 2022-08-14 LonTalk-SA protocol authentication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210970947.XA CN115426138A (en) 2022-08-14 2022-08-14 LonTalk-SA protocol authentication method

Publications (1)

Publication Number Publication Date
CN115426138A true CN115426138A (en) 2022-12-02

Family

ID=84197572

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210970947.XA Pending CN115426138A (en) 2022-08-14 2022-08-14 LonTalk-SA protocol authentication method

Country Status (1)

Country Link
CN (1) CN115426138A (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7542569B1 (en) * 1997-11-26 2009-06-02 Nokia Siemens Networks Oy Security of data connections
CN113572788A (en) * 2021-08-06 2021-10-29 兰州理工大学 BACnet/IP protocol equipment authentication safety method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7542569B1 (en) * 1997-11-26 2009-06-02 Nokia Siemens Networks Oy Security of data connections
CN113572788A (en) * 2021-08-06 2021-10-29 兰州理工大学 BACnet/IP protocol equipment authentication safety method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
TAO FENG AND YI WU: "Formal Security Analysis and Improvement Based on LonTalk Authentication Protocol", 《SECURITY AND COMMUNICATION NETWORKS》, 12 July 2022 (2022-07-12), pages 8 *
李谢华;杨树堂;李建华;诸鸿文;: "基于消息类型检测的认证测试分析方法", 上海交通大学学报, no. 01, 28 January 2007 (2007-01-28) *

Similar Documents

Publication Publication Date Title
Cao et al. Fast authentication and data transfer scheme for massive NB-IoT devices in 3GPP 5G network
US6038322A (en) Group key distribution
CN110535868A (en) Data transmission method and system based on Hybrid Encryption algorithm
CN105049401B (en) A kind of safety communicating method based on intelligent vehicle
CN111245862A (en) System for safely receiving and sending terminal data of Internet of things
CN111756529B (en) Quantum session key distribution method and system
CN110020524B (en) Bidirectional authentication method based on smart card
CN112637136A (en) Encrypted communication method and system
CN113630248B (en) Session key negotiation method
CN113852460B (en) Implementation method and system for enhancing working key security based on quantum key
CN113612610B (en) Session key negotiation method
Saxena et al. Efficient signature scheme for delivering authentic control commands in the smart grid
Annessi et al. It's about time: Securing broadcast time synchronization with data origin authentication
CN111294212A (en) Security gateway key negotiation method based on power distribution
CN111049649A (en) Zero-interaction key negotiation security enhancement protocol based on identification password
CN113676448B (en) Offline equipment bidirectional authentication method and system based on symmetric key
CN114422135A (en) Verifiable accidental transmission method based on elliptic curve
CN116614239B (en) Data transmission method and system in Internet of things
CN110995671A (en) Communication method and system
CN116760530A (en) Lightweight authentication key negotiation method for electric power Internet of things terminal
CN210839642U (en) Device for safely receiving and sending terminal data of Internet of things
CN115426138A (en) LonTalk-SA protocol authentication method
KR101204648B1 (en) Method for exchanging key between mobile communication network and wireless communication network
CN113660195B (en) AES-RSA anti-man-in-the-middle attack method based on 104 protocol
CN115776390B (en) MQTT protocol identity authentication and data encryption method based on national secret

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination