CN115622693B - Body area network key negotiation method and system based on secret sharing - Google Patents
Body area network key negotiation method and system based on secret sharing Download PDFInfo
- Publication number
- CN115622693B CN115622693B CN202211099981.0A CN202211099981A CN115622693B CN 115622693 B CN115622693 B CN 115622693B CN 202211099981 A CN202211099981 A CN 202211099981A CN 115622693 B CN115622693 B CN 115622693B
- Authority
- CN
- China
- Prior art keywords
- sender
- polynomial
- receiver
- sequence
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a body area network key negotiation method and a body area network key negotiation system based on secret sharing. The method comprises the following steps: mapping sender features in the sender feature sequence to a bloom filter; the sender constructs a secret fragment sequence and stores the secret fragment sequence in a data structure of a hash-like table; the receiver retrieves the receiver characteristics of the appointed threshold number which exist in the bloom filter at the same time from the receiver characteristic sequence and marks the receiver characteristics as a matching value; the receiver acquires polynomial values corresponding to the matching values in the data structure, and rebuilds the polynomial based on the matching values and the polynomial values corresponding to the matching values to solve the key to be negotiated; and the sender verifies the solved key to be negotiated. An attacker cannot easily estimate the original characteristic value through a bloom filter, and cannot easily estimate the original characteristic value of a sender according to a polynomial value in a data structure, so that the safety is improved; the dependence on the accuracy of the characteristic value generation process is eliminated, as long as most of characteristic values are available, and the robustness is improved.
Description
Technical Field
The present invention relates to the field of information security technologies, and in particular, to a body area network key negotiation method and system based on secret sharing.
Background
Electronic medicine (E-health) is an omnibearing application of communication technology in the medical care field from prevention, diagnosis, treatment, recovery and the like. The medical resource distribution system can alleviate the problems of uneven medical resource distribution and unpublished and transparent medical information, and integrate scattered medical resources to a certain extent. The main undertakers for realizing the task of monitoring the health condition of the patient in real time in the E-health are various sensors. They monitor various health indicators of the patient's body in real time, indicating the health status of the patient's body. With the rapid development of embedded technology, more and more sensors are integrated in wearable devices, so that the wearable devices can provide personalized and customized health medical services.
Various devices communicate in the human body field through a wireless network to form a human body local area network (BodyAreaNetworks, BANs). BANs are essentially a special wireless sensor network, but with the difference that its constituent nodes have lower performance and less endurance. In BANs, end-to-end transmission between data collected by sensors can be achieved, while BANs must also have the ability to share data with remote facilities due to the relatively weak computational power and associated medical requirements of such devices. The health data contains biological information of identifiable users, belongs to privacy of the users, and has high sensitivity. Therefore, compared with the traditional sensor network, the sensor network has higher requirements on the safety of the communication process.
The physiological signals of human bodies have certain uniqueness and distinguishing property, such as heartbeat, blood pressure and the like. Such data can be monitored throughout the body and is a source that can be effectively used for key agreement, and thus has been widely studied by researchers. One current direction of research is how this type of physiological signal can be used to assist in key agreement between intelligent sensors.
Because physiological signals are similar but not identical (equivalent to converting physiological data over a period of time into a discrete sequence of eigenvalues, such as those collected from two parts of the human body, the eigenvalues at most of the positions of the two sequences are identical), current research focuses on how to utilize these same data and exclude the effects of different data. Researchers have proposed using bloom filters, where the sender maps feature values into bloom filters, and then the receiver retrieves the same feature values in the bloom filters. Thus, the sender and the receiver know which characteristic values the opposite party has are identical with the receiver under the condition that the characteristics are not exposed, the receiver splices the identical characteristic values and randomizes the same by using a hash function, and then the sender sends the spliced characteristic values and the index set of the matched characteristics to the sender, and the sender verifies the secret key. However, this solution makes the key related to the physiological data, with a security risk.
Furthermore, the key agreement technique described above ignores the problem of inconsistency of the feature sequence. For example, for pulse-Interval (IPI) data, there may be an inconsistency problem in converting the data from an original analog signal to a digital signal, i.e., an ideal two-segment feature sequence should be: s1= {101, 010, 010, 111, 110} and s2= {101, 011, 010, 111, 110}. Largely identical, the values at a certain location are different. However, because of errors in the conversion process, s2= {101, 000, 011, 010, 111, 110}, an additional value is inserted in the middle, so that the original identical eigenvalue indexes are inconsistent. This can lead to very poor practical performance of schemes that rely on such consistency between feature values by default.
Disclosure of Invention
The invention aims to at least solve the problems that in the prior art, potential safety hazards exist on the key and physiological data, and consistency among characteristic values is relied on, and provides a secret sharing-based body area network key negotiation method and system.
To achieve the above object of the present invention, according to a first aspect of the present invention, there is provided a body area network key negotiation method based on secret sharing, comprising: the sender maps sender features in the sender feature sequence to bloom filters; the method comprises the steps that a sender constructs a secret fragment sequence and stores the secret fragment sequence in a data structure of a hash-like table, wherein the secret fragment sequence comprises sender characteristics and polynomial values corresponding to the sender characteristics, the polynomial values are obtained through polynomial calculation, and the polynomial is established based on a key to be negotiated and a defined threshold and referring to a polynomial in Shamir secret sharing; the receiver retrieves receiver characteristics with appointed threshold quantity and existing in a bloom filter from the receiver characteristic sequence, and marks the receiver characteristics as matching values; the receiver acquires polynomial values corresponding to the matching values in the data structure, and rebuilds the polynomial based on the matching values and the polynomial values corresponding to the matching values to solve the key to be negotiated; the sender verifies the key to be negotiated which is solved by the receiver, and if the verification is passed, the key negotiation is successful.
In order to achieve the above object of the present invention, according to the same inventive concept, a second aspect of the present invention provides a transmitting apparatus comprising: the bloom filter mapping module maps the sender characteristics in the sender characteristic sequence to bloom filters; the data structure establishing module is used for establishing a secret fragment sequence and storing the secret fragment sequence in a data structure of a class hash table, wherein the secret fragment sequence comprises a sender characteristic and a polynomial value corresponding to the sender characteristic, the polynomial value is obtained through polynomial calculation, and the polynomial is established based on a key to be negotiated and a threshold and refers to a polynomial in Shamir secret sharing; the sending module is used for sending the bloom filter and the data structure to a receiver; the receiving module is used for receiving the encryption information which is sent by the receiver and is encrypted by the key to be negotiated and solved by the receiver; the key to be negotiated which is solved by the receiver is obtained by the following steps: the receiver retrieves receiver characteristics with appointed threshold quantity and existing in a bloom filter from the receiver characteristic sequence, and marks the receiver characteristics as matching values; the receiver acquires polynomial values corresponding to the matching values in the data structure, and rebuilds the polynomial based on the matching values and the polynomial values corresponding to the matching values to solve the key to be negotiated; and the verification module is used for verifying the key to be negotiated, which is solved by the receiver, and if the verification is passed, the key negotiation is successful.
In order to achieve the above object of the present invention, according to the same inventive concept, a third aspect of the present invention provides a receiver apparatus, comprising: the receiving module is used for receiving the bloom filter and the data structure sent by the sender; all sender characteristics in the sender characteristic sequence are mapped in the bloom filter; the data structure establishment process comprises the following steps: the method comprises the steps that a sender constructs a secret fragment sequence and stores the secret fragment sequence in a data structure of a hash-like table, wherein the secret fragment sequence comprises sender characteristics and polynomial values corresponding to the sender characteristics, the polynomial values are obtained through polynomial calculation, and the polynomial is established based on a key to be negotiated and a defined threshold and referring to a polynomial in Shamir secret sharing; the matching value searching module is used for searching receiver characteristics which exist in the bloom filter at the same time of the appointed threshold number from the receiver characteristic sequence and marking the receiver characteristics as matching values; the key to be negotiated is solved by the module, polynomial values corresponding to the matching values are obtained in the data structure, and the key to be negotiated is solved by reconstructing the polynomial based on the matching values and the polynomial values corresponding to the matching values; and the sending module is used for sending the encryption information encrypted by the solved key to be negotiated to the sender.
In order to achieve the above object of the present invention, according to the same inventive concept, a fourth aspect of the present invention provides a body area network key negotiation system based on secret sharing, which includes a sender device provided in the second aspect of the present invention and a receiver device provided in the first aspect of the present invention, where the sender device and the receiver device perform key negotiation according to the method provided in the first aspect of the present invention.
The application has the following beneficial technical effects:
very high security: the method has the advantages that the only plaintext data exchange occurs in the sender to send the bloom filter and the data structure to the receiver, the sender characteristics are hidden through the bloom filter, the key to be negotiated of the sender is hidden in the polynomial value and is irrelevant to the sender characteristics, the false positives of the bloom filter are effectively reduced by using the hash function set with high safety strength and the large bloom filter scale, so that an attacker cannot easily estimate the original characteristic value through the bloom filter, meanwhile, the attacker cannot easily and reversely estimate the original sender characteristic value according to the polynomial value stored in the data structure HT, and as long as the value taking space of the characteristic value is larger, the difficulty of reverse pushing is larger, and the safety is greatly improved;
good robustness: the data structure of the hash-like table is adopted, so that the application gets rid of the dependence on the accuracy of the characteristic value generation process, and even if errors exist in the process of converting physiological data from analog signals to digital signals, the invention has good performance as long as most of characteristic values are available;
scalability: all parameters of the method can be adaptively adjusted, for example, a larger eigenvalue value space can provide higher safety intensity; keys of different lengths can be protected by adjusting the mersen prime numbers in polynomial calculation; by adjusting the provisioning threshold, a tradeoff between security and availability may be made;
plug and play: the key negotiation method and the key negotiation device do not need to be built in keys or other secret information in the intelligent sensor, and only need to support the key negotiation scheme provided by the application.
Drawings
Fig. 1 is a flow chart of a body area network key negotiation method based on secret sharing in embodiment 1 of the present invention;
fig. 2 is a schematic diagram of the data structure in embodiment 1 of the present invention.
Detailed Description
Embodiments of the present invention are described in detail below, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to like or similar elements or elements having like or similar functions throughout. The embodiments described below by referring to the drawings are illustrative only and are not to be construed as limiting the invention.
In the description of the present invention, it should be understood that the terms "longitudinal," "transverse," "upper," "lower," "front," "rear," "left," "right," "vertical," "horizontal," "top," "bottom," "inner," "outer," and the like indicate orientations or positional relationships based on the orientation or positional relationships shown in the drawings, merely to facilitate describing the present invention and simplify the description, and do not indicate or imply that the devices or elements referred to must have a specific orientation, be configured and operated in a specific orientation, and therefore should not be construed as limiting the present invention.
In the description of the present invention, unless otherwise specified and defined, it should be noted that the terms "mounted," "connected," and "coupled" are to be construed broadly, and may be, for example, mechanical or electrical, or may be in communication with each other between two elements, directly or indirectly through intermediaries, as would be understood by those skilled in the art, in view of the specific meaning of the terms described above.
Example 1
The embodiment discloses a secret sharing-based body area network key negotiation method, the process schematic diagram of which is shown in fig. 1, comprising:
the following steps are performed in parallel or in series for the sender:
and A1, a sender constructs a secret fragment sequence and stores the secret fragment sequence in a data structure of a hash-like table, wherein the secret fragment sequence comprises sender characteristics and polynomial values corresponding to the sender characteristics, the polynomial values are obtained through polynomial calculation, and the polynomial is established by referring to a polynomial in Shamir secret sharing based on a key to be negotiated and a constraint threshold. The method specifically comprises the following steps:
step A11, establishing a polynomial as follows:
wherein K represents a key to be negotiated of the sender; t represents a contract threshold; x represents a characteristic variable which needs to be substituted into polynomial calculation;
representing a first sender characteristic; />
Representing a second sender characteristic; />
Representing the t-1 st sender characteristic. Let sender characteristic sequence be->
n represents the number of sender characteristics in the sender characteristic sequence,/->
Representing the nth sender characteristic. />
May be the first t-1 sender characteristics in the sender's signature sequence or may be obtained from t-1 sender characteristics randomly selected from the sender's signature sequence.
Preferably, the polynomial value f (x) should be constrained to a finite field, e.g. a prime number is modulo after each calculation is completed, and the prime number should be greater than the key length to be negotiated, e.g. the thirteenth mersen prime number is taken when the key length to be negotiated is 128 bits.
And step A12, obtaining polynomial values corresponding to all sender characteristics, and substituting the sender characteristics as x into the polynomial to obtain the polynomial values.
First sender feature
The polynomial values of (2) are:
nth sender feature
The polynomial values of (2) are:
step A13, constructing a secret fragment sequence as
Wherein (1)>
Representation->
Corresponding polynomial values,/->
Representation->
The corresponding polynomial value, n, represents the number of sender characteristics in the sender characteristic sequence.
Step A14, defining a data structure HT of a hash-like table, wherein the address space of the data structure is m. To have a sufficiently large storage space for increased security, the number of buckets in the data structure is preferably at least 10n. If n is 30, the HT address space can be set to satisfy m E [0, 511], as shown in FIG. 2.
Step A15, selecting a hash function h, and selecting a polynomial value corresponding to the ith sender characteristic in the secret fragment sequence
The address stored in the data structure is +.>
Wherein i=1, 2, … n, +.>
Representing the function value of the ith sender feature processed by the hash function h,% represents the modulo operation. Specifically, the secret patch sequence can be traversed smoothly, and +.>
The addresses placed in HT in order are +.>
Sequentially placed means that the value placed first is in front and the value placed later is in back. The hash function h is preferably, but not limited to, SHA256 and above.
Step A2, the sender maps the sender characteristics in the sender characteristic sequence to a bloom filter. To improve security, a high security strength hash function set and a larger bloom filter size are used, preferably, a hash function set is agreed with the receiver, and the sender features in the sender feature sequence are mapped into the bloom filter one by using the hash function set, specifically:
let the sender feature sequence
n represents the number of sender characteristics in the sender characteristic sequence,/->
Representing a first sender characteristic; />
Representing a second sender characteristic; />
Representing the nth sender characteristic.
Let the agreed hash function set be: h= { H 1 ,h 2 ,…,h q Q represents the number of hash functions in the set of hash functions, and the size of q may be set according to the number of sender features in the sequence of sender features and the size of the bloom filter to ensure security, typically a fraction of the size of the bloom filter divided by the number of sender features, e.g. when the number of sender features n=30 and the size of the bloom filter BF is 433, q is an integer slightly less than 433/30, e.g. 10. The hash function in the set of hash functions is preferably, but not limited to SHA256 and above.
The sender characteristics in the sender characteristic sequence are mapped into the bloom filter one by using the hash function set, that is, each sender characteristic is mapped into the bloom filter through each hash function of the hash function set, if q is 10, then each sender characteristic value is subjected to 10 hash calculations by using 10 different hash functions, and the calculated values are mapped into the bloom filter.
As shown in fig. 1, the sender, after obtaining the bloom filter BF and the data structure HT, sends both to the receiver.
As shown in fig. 1, the receiving side performs the steps of:
and B1, the receiver retrieves the receiver characteristics with the appointed threshold number and existing in the bloom filter from the receiver characteristic sequence, and marks the receiver characteristics as matching values.
Specifically, a receiver is providedSquare characteristic sequence F r According to the agreed hash function set H, the receiver retrieves whether the receiver feature appears in the bloom filter BF, and if the receiver feature appears in the bloom filter BF, the receiver feature is marked as a matching value. It should be noted that the receiver eigenvalue is considered to appear in the bloom filter only when the function values of all the hash functions in the hash function set H exist in the bloom filter BF. If there are 10 hash functions in the hash function set H, the hash function values of the receiver characteristic values are obtained by using the 10 hash functions respectively, and when the 10 hash function values can be found in the bloom filter, the receiver characteristic values are considered to appear in the bloom filter, and the receiver characteristic is marked as a matching value.
The number of the searched matching values needs to be detected, if the receiver can detect the appointed threshold t matching values, the search is stopped, the step B2 is entered, and if the receiver feature sequence F is traversed r And t matching values cannot be retrieved, and the key negotiation is considered to be failed.
And step B2, the receiving party obtains polynomial values corresponding to the matching values from the data structure, and particularly, the polynomial values corresponding to the matching values are deduced according to the process that the polynomial values of the sending party are stored in the data structure, and the key to be negotiated is solved by reconstructing the polynomial based on the matching values and the polynomial values corresponding to the matching values. Preferably, the polynomial is reconstructed using Lagrangian interpolation to solve for the key K' to be negotiated. The specific process is as follows:
after the receiving party obtains the polynomial value corresponding to the matching value, reconstructing the matched secret fragment sequence S ', reconstructing the polynomial according to S ' by using a Lagrange interpolation method, and thus solving the key K ' to be negotiated.
Further preferably, as shown in fig. 1, after receiving the encrypted information sent by the receiver and encrypted by the resolved key to be negotiated, the sender further executes step A3, and if the verification is passed, the sender verifies the key to be negotiated resolved by the receiver, and if the verification is passed, the key negotiation is successful.
As shown in fig. 1, after the receiver resolves the key to be negotiated K', the receiver generates by encrypting KHashed message authentication code HMAC (K', N) o |ID s |ID r ) And send to the sender, wherein N o Representing the current time string, ID s Representing sender device ID, ID r Representing the ID of the receiver equipment, and K' represents the key to be negotiated which is solved by the receiver; if the sender receives the hash message verification code, N can be solved by using the key K to be negotiated of the sender o |ID s |ID r The solved key K' to be negotiated is considered to pass verification.
In this embodiment, the sender is preferably but not limited to a sender device in a body area network, such as a sensor, a gateway, a server, etc., and the receiver is preferably but not limited to a receiver device in a body area network, such as a sensor, a gateway, a server, etc.
In this embodiment, the sender characteristic sequence and the receiver characteristic sequence are preferably but not limited to physiological characteristic signal sequences acquired by sensors in the body area network, such as a heartbeat signal sequence or a blood pressure signal sequence.
In this embodiment, the keys are directly exchanged, so that the keys are irrelevant to physiological data, the risk in this aspect is reduced, and the security is further improved. In addition, a data structure of a class hash table is used, and the requirement for physiological characteristic sequence consistency is eliminated.
Example 2
Based on the same inventive concept, the present embodiment provides a sender device, which is preferably but not limited to a sensor or gateway device or a server in a body area network, the sender device comprising:
the bloom filter mapping module maps the sender characteristics in the sender characteristic sequence to bloom filters;
the data structure establishing module is used for establishing a secret fragment sequence and storing the secret fragment sequence in a data structure of a hash-like table, wherein the secret fragment sequence comprises a sender characteristic and a polynomial value corresponding to the sender characteristic, the polynomial value is obtained through polynomial calculation, and the polynomial is established based on a key to be negotiated and a constraint threshold and referring to a polynomial in Shamir secret sharing;
the sending module is used for sending the bloom filter and the data structure to a receiver;
the receiving module is used for receiving the encryption information which is sent by the receiver and is encrypted by the key to be negotiated and solved by the receiver;
the key to be negotiated which is solved by the receiver is obtained by the following steps: the receiver retrieves the receiver characteristics of the bloom filter with the appointed threshold number from the receiver characteristic sequence, and marks the receiver characteristics as matching values; the receiver acquires polynomial values corresponding to the matching values in the data structure, and rebuilds the polynomial based on the matching values and the polynomial values corresponding to the matching values to solve the key to be negotiated;
and the verification module is used for verifying the key to be negotiated, which is solved by the receiver, and if the verification is passed, the key negotiation is successful.
Example 3
Based on the same inventive concept, the present embodiment provides a receiver device, which is preferably but not limited to a sensor or gateway device or a server in a body area network, and the receiver device includes:
the receiving module is used for receiving the bloom filter and the data structure sent by the sender;
all sender characteristics in the sender characteristic sequence are mapped in the bloom filter;
the data structure establishment process comprises the following steps: the sender constructs a secret fragment sequence and stores the secret fragment sequence in a data structure of a hash-like table, wherein the secret fragment sequence comprises sender characteristics and polynomial values corresponding to the sender characteristics, the polynomial values are obtained through polynomial calculation, and the polynomial is established based on a key to be negotiated and a constraint threshold and referring to a polynomial in Shamir secret sharing;
the matching value searching module is used for searching receiver characteristics which exist in the bloom filter at the same time of the appointed threshold number from the receiver characteristic sequence and marking the receiver characteristics as matching values;
the key to be negotiated is solved by the module, polynomial values corresponding to the matching values are obtained in the data structure, and the key to be negotiated is solved by reconstructing the polynomial based on the matching values and the polynomial values corresponding to the matching values;
and the sending module is used for sending the encrypted information encrypted by the decoded key to be negotiated to the sender.
Example 4
Based on the same inventive concept, the present embodiment provides a body area network key negotiation system based on secret sharing, which includes the sender device provided in embodiment 2 and the receiver device provided in embodiment 3, where the sender device and the receiver device perform key negotiation according to the method provided in embodiment 1.
In the description of the present specification, a description referring to terms "one embodiment," "some embodiments," "examples," "specific examples," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present invention. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiments or examples. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
While embodiments of the present invention have been shown and described, it will be understood by those of ordinary skill in the art that: many changes, modifications, substitutions and variations may be made to the embodiments without departing from the spirit and principles of the invention, the scope of which is defined by the claims and their equivalents.
Claims (9)
1. A body area network key negotiation method based on secret sharing, comprising:
the sender maps sender features in the sender feature sequence to bloom filters;
the method comprises the steps that a sender constructs a secret fragment sequence and stores the secret fragment sequence in a data structure of a hash-like table, wherein the secret fragment sequence comprises sender characteristics and polynomial values corresponding to the sender characteristics, the polynomial values are obtained through polynomial calculation, and the polynomial is established based on a key to be negotiated and a defined threshold and referring to a polynomial in Shamir secret sharing;
the receiver retrieves receiver characteristics with appointed threshold quantity and existing in a bloom filter from the receiver characteristic sequence, and marks the receiver characteristics as matching values;
the receiver acquires polynomial values corresponding to the matching values in the data structure, and rebuilds the polynomial based on the matching values and the polynomial values corresponding to the matching values to solve the key to be negotiated;
the sender verifies the key to be negotiated which is solved by the receiver, and if the verification is passed, the key negotiation is successful;
the step of the sender constructing a sequence of secret shards and depositing the sequence of secret shards in a data structure of a hash-like table comprises:
the secret patch sequence is constructed as s= {<f s 1 ,f(f s 1 )>,…,<f s n ,f(f s n )>And (f), where f s 1 Representing a first sender characteristic, f (f s 1 ) Represents f s 1 Corresponding polynomial values, f s n Representing the nth sender characteristic, f (f s n ) Represents f s n A corresponding polynomial value, n representing the number of sender features in the sender feature sequence;
defining a data structure of a class hash table, wherein the address taking space of the data structure is m;
selecting a hash function h, and selecting a polynomial value corresponding to the ith sender characteristic in the secret fragment sequence
The address stored in the data structure is +.>
Wherein i=1, 2, … n, +.>
Representing the ith sender feature by a hash functionh, the function value after treatment,% represents the modulo operation.
2. A secret sharing-based body area network key agreement method as recited in claim 1, wherein the step of the sender mapping sender characteristics in the sender characteristic sequence to bloom filters includes:
a set of hash functions is agreed upon, with which sender features in the sender feature sequence are mapped one by one into a bloom filter.
3. A body area network key negotiation method based on secret sharing as claimed in claim 1 wherein the polynomial established based on the key to be negotiated and the agreed threshold reference Shamir secret sharing is:
wherein K represents a key to be negotiated of the sender; t represents a contract threshold; x represents the feature variable that needs to be substituted into the polynomial calculation.
4. A body area network key agreement method based on secret sharing as recited in claim 1, wherein the number of buckets in the data structure is at least 10n.
5. A body area network key negotiation method based on secret sharing as claimed in claim 1,2 or 3, wherein the receiver retrieves a agreed threshold number of receiver characteristics simultaneously present in the bloom filter from the receiver characteristic sequence, marks the receiver characteristics as matching values, and considers the key negotiation to fail if the number of matching values retrieved by the receiver is smaller than the agreed threshold.
6. A body area network key agreement method based on secret sharing as recited in claim 5, further comprising:
after the receiver has resolved the key to be negotiated, it generates a hashed message authentication code HMAC (K', N) o |ID s |ID r ) And transmitting the hashed message authentication code to the sender, wherein N o Representing the current time string, ID s Representing sender device ID, ID r Representing the ID of the receiver equipment, and K' represents the key to be negotiated which is solved by the receiver;
if the sender receives the hash message verification code, N can be solved by using the key K to be negotiated of the sender o |ID s |ID r The solved key K' to be negotiated is considered to pass verification.
7. A sender device, comprising:
the bloom filter mapping module maps the sender characteristics in the sender characteristic sequence to bloom filters;
the data structure establishing module is used for establishing a secret fragment sequence and storing the secret fragment sequence in a data structure of a class hash table, wherein the secret fragment sequence comprises a sender characteristic and a polynomial value corresponding to the sender characteristic, the polynomial value is obtained through polynomial calculation, and the polynomial is established based on a key to be negotiated and a threshold and refers to a polynomial in Shamir secret sharing; the step of the sender constructing a sequence of secret fragments and storing said sequence of secret fragments in a data structure of a hash-like table comprises:
the secret patch sequence is constructed as s= {<f s 1 ,f(f s 1 )>,…,<f s n ,f(f s n )>And (f), where f s 1 Representing a first sender characteristic, f (f s 1 ) Represents f s 1 Corresponding polynomial values, f s n Representing the nth sender characteristic, f (f s n ) Represents f s n A corresponding polynomial value, n representing the number of sender features in the sender feature sequence;
defining a data structure of a class hash table, wherein the address taking space of the data structure is m;
selecting a hash function h, and selecting a polynomial value corresponding to the ith sender characteristic in the secret fragment sequence
The address stored in the data structure is +.>
Wherein i=1, 2, … n, +.>
Representing the function value of the ith sender feature processed by the hash function h,% represents the modulo operation;
the sending module is used for sending the bloom filter and the data structure to a receiver;
the receiving module is used for receiving the encryption information which is sent by the receiver and is encrypted by the key to be negotiated and solved by the receiver;
the key to be negotiated which is solved by the receiver is obtained by the following steps: the receiver retrieves receiver characteristics with appointed threshold quantity and existing in a bloom filter from the receiver characteristic sequence, and marks the receiver characteristics as matching values; the receiver acquires polynomial values corresponding to the matching values in the data structure, and rebuilds the polynomial based on the matching values and the polynomial values corresponding to the matching values to solve the key to be negotiated;
and the verification module is used for verifying the key to be negotiated, which is solved by the receiver, and if the verification is passed, the key negotiation is successful.
8. A receiver device, comprising:
the receiving module is used for receiving the bloom filter and the data structure sent by the sender;
all sender characteristics in the sender characteristic sequence are mapped in the bloom filter;
the data structure establishment process comprises the following steps: the method comprises the steps that a sender constructs a secret fragment sequence and stores the secret fragment sequence in a data structure of a hash-like table, wherein the secret fragment sequence comprises sender characteristics and polynomial values corresponding to the sender characteristics, the polynomial values are obtained through polynomial calculation, and the polynomial is established based on a key to be negotiated and a defined threshold and referring to a polynomial in Shamir secret sharing; the step of the sender constructing a sequence of secret shards and depositing the sequence of secret shards in a data structure of a hash-like table comprises:
the secret patch sequence is constructed as s= {<f s 1 ,f(f s 1 )>,…,<f s n ,f(f s n )>And (f), where f s 1 Representing a first sender characteristic, f (f s 1 ) Represents f s 1 Corresponding polynomial values, f s n Representing the nth sender characteristic, f (f s n ) Represents f s n A corresponding polynomial value, n representing the number of sender features in the sender feature sequence;
defining a data structure of a class hash table, wherein the address taking space of the data structure is m;
selecting a hash function h, and selecting a polynomial value corresponding to the ith sender characteristic in the secret fragment sequence
The address stored in the data structure is +.>
Wherein i=1, 2, … n, +.>
Representing the function value of the ith sender feature processed by the hash function h,% represents the modulo operation;
the matching value searching module is used for searching receiver characteristics which exist in the bloom filter at the same time of the appointed threshold number from the receiver characteristic sequence and marking the receiver characteristics as matching values;
the key to be negotiated is solved by the module, polynomial values corresponding to the matching values are obtained in the data structure, and the key to be negotiated is solved by reconstructing the polynomial based on the matching values and the polynomial values corresponding to the matching values;
and the sending module is used for sending the encryption information encrypted by the solved key to be negotiated to the sender.
9. A body area network key agreement system based on secret sharing, comprising a sender device according to claim 7 and a receiver device according to claim 8, the sender device and the receiver device performing key agreement according to the method of one of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211099981.0A CN115622693B (en) | 2022-09-09 | 2022-09-09 | Body area network key negotiation method and system based on secret sharing |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211099981.0A CN115622693B (en) | 2022-09-09 | 2022-09-09 | Body area network key negotiation method and system based on secret sharing |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115622693A CN115622693A (en) | 2023-01-17 |
| CN115622693B true CN115622693B (en) | 2023-05-30 |
Family
ID=84858795
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211099981.0A Active CN115622693B (en) | 2022-09-09 | 2022-09-09 | Body area network key negotiation method and system based on secret sharing |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115622693B (en) |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114091094A (en) * | 2021-11-16 | 2022-02-25 | 中国电子科技集团公司第三十研究所 | Fingerprint authentication and key agreement method supporting updating |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| FR2969875B1 (en) * | 2010-12-23 | 2013-01-04 | Thales Sa | METHOD AND SYSTEM FOR MULTI-MODAL MULTI-THRESHOLD AUTHENTICATION USING SECRET SHARING |
| CN103457722B (en) * | 2013-08-11 | 2017-02-08 | 吉林大学 | Bidirectional identity authentication and data safety transmission providing body area network safety method based on Shamir threshold |
| US9769133B2 (en) * | 2014-11-21 | 2017-09-19 | Mcafee, Inc. | Protecting user identity and personal information by sharing a secret between personal IoT devices |
| EP3488554B1 (en) * | 2016-07-25 | 2022-06-08 | Robert Bosch GmbH | Method and system for dynamic searchable symmetric encryption with forward privacy and delegated verifiability |
| CN106453393B (en) * | 2016-11-11 | 2019-10-11 | 湖北大学 | The secret protection data type matching process that can verify that in participatory perception |
| CN107241321B (en) * | 2017-05-26 | 2018-03-16 | 陕西科技大学 | A kind of personal medical information method for secret protection |
| CN107798251A (en) * | 2017-10-19 | 2018-03-13 | 江苏大学 | Secret protection symptom matching system and its matching process based on Proxy Signature |
| US11271739B2 (en) * | 2020-06-25 | 2022-03-08 | Digital 14 Llc | Error-correcting key agreement for noisy cryptographic systems |
-
2022
- 2022-09-09 CN CN202211099981.0A patent/CN115622693B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114091094A (en) * | 2021-11-16 | 2022-02-25 | 中国电子科技集团公司第三十研究所 | Fingerprint authentication and key agreement method supporting updating |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115622693A (en) | 2023-01-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6420854B2 (en) | Device and user authentication | |
| EP2291977B1 (en) | Personal security manager for ubiquitous patient monitoring | |
| US8347094B2 (en) | Securing wireless body sensor networks using physiological data | |
| EP3458985A1 (en) | Method, device and system for verifying user health data | |
| Ali et al. | Authentication of lossy data in body-sensor networks for cloud-based healthcare monitoring | |
| US9374706B2 (en) | Wireless sensor network and central node device thereof | |
| Dewangan et al. | Internet of things for healthcare: a review | |
| Naresh et al. | Secure lightweight IoT integrated RFID mobile healthcare system | |
| Kaur et al. | Securing and managing healthcare data generated by intelligent blockchain systems on cloud networks through DNA cryptography | |
| Kumar et al. | Secure health monitoring using medical wireless sensor networks | |
| CN115622693B (en) | Body area network key negotiation method and system based on secret sharing | |
| KR20180041508A (en) | Method for Mutual authentication of Agent and Data Manager in U-health | |
| CN113890890B (en) | Efficient data management method applied to intelligent medical system | |
| Parthasarathy et al. | Healthcare data security in cloud storage using light weight symmetric key algorithm. | |
| CN103312738A (en) | Remote wireless secure transmission method and system of medical health information | |
| No et al. | Design and implementation of key-policy attribute-based encryption in body sensor network | |
| CN202750117U (en) | SD cipher card based internet of things health medical service system | |
| KR101398902B1 (en) | encryption data transfering method of Wireless Module Embedded Blood Glucose Test Meter and system using thereof | |
| Cho et al. | Lightweight biometric key agreement scheme for secure body sensor networks | |
| Le et al. | Public key cryptography-based security scheme for wireless sensor networks in healthcare | |
| Prathibha et al. | A Novel High-Speed Data Encryption Scheme for Internet of Medical Things Using Modified Elliptic Curve Diffie–Hellman and Advance Encryption Standard | |
| Akhtar et al. | An Intelligent and Secured Privacy Preserving Framework For Wireless Body Area Networks (WBANs) | |
| Hassan et al. | Build Secure Web of Things system to Mange Patient Information Monitoring System. | |
| Mirembe | Design of a secure framework for the implementation of telemedicine, eHealth, and wellness services | |
| Uma et al. | A Novel of High Secure Protocol Architecture for Healthcare Wireless Body Area Network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |