CN116074030A - Magnetic levitation train control system privacy protection authentication method based on bilinear mapping - Google Patents

Magnetic levitation train control system privacy protection authentication method based on bilinear mapping Download PDF

Info

Publication number
CN116074030A
CN116074030A CN202111299123.6A CN202111299123A CN116074030A CN 116074030 A CN116074030 A CN 116074030A CN 202111299123 A CN202111299123 A CN 202111299123A CN 116074030 A CN116074030 A CN 116074030A
Authority
CN
China
Prior art keywords
control system
operation control
signature
vehicle
public
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111299123.6A
Other languages
Chinese (zh)
Inventor
金成日
张艳清
宋悦熙
石贺
张鹏举
胡良辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Casic Feihang Technology Research Institute of Casia Haiying Mechanical and Electronic Research Institute
Original Assignee
Casic Feihang Technology Research Institute of Casia Haiying Mechanical and Electronic Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Casic Feihang Technology Research Institute of Casia Haiying Mechanical and Electronic Research Institute filed Critical Casic Feihang Technology Research Institute of Casia Haiying Mechanical and Electronic Research Institute
Priority to CN202111299123.6A priority Critical patent/CN116074030A/en
Publication of CN116074030A publication Critical patent/CN116074030A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • H04L9/3073Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The invention provides a bilinear mapping-based privacy protection authentication method for a magnetic suspension train control system, which comprises the following steps: s100, a central operation control system generates a hash function and bilinear mapping; s102, each system correspondingly generates a first public key, a second public key and a third public key; s104, a hash function and bilinear mapping are disclosed; s106, the vehicle-mounted operation control system generates a first signature; s108, verifying the first signature, if the step S110 is successfully completed, ending the step; s110, the vehicle is logged in the center; s112, judging whether the partition operation control system has a fault, if not, turning to S114, and turning to S118; s114, the center sends the encrypted control command to the partition, and the partition generates a second signature; s116, verifying the second signature, if the step S122 is successful, ending the step; s118, generating a third signature at the center; s120, verifying the third signature, if the step S126 is successful, ending the step; s122, the vehicle sends real-time state information to the subarea; s124, the partition sends real-time status information to the center; s126, the vehicle sends the real-time state information to the center.

Description

Magnetic levitation train control system privacy protection authentication method based on bilinear mapping
Technical Field
The invention relates to the technical field of privacy protection, in particular to a magnetic levitation train control system privacy protection authentication method based on bilinear mapping.
Background
The magnetic suspension train operation control system comprises a central operation control system, a partition cloud control system and an on-board cloud control system. The system is connected with equipment or systems of vehicles, traction control, lines, turnouts and the like of other systems through advanced technologies such as computer control, computer network, communication, information processing and the like, and the tasks such as control, safety protection, automatic operation, scheduling management and the like of train operation are completed. Therefore, the running control system plays a central role in the automatic control and safety protection of train running in the whole magnetic levitation transportation system. However, in the process of interaction among entities of the operation control system, the privacy of the transmission content is revealed because of the large number of transmission media and long transmission distance. Therefore, the communication safety of each operation control subsystem needs to be ensured, and the privacy protection of the transmission content is realized.
The prior art discloses a communication encryption method, which comprises an encryption negotiation step, a key generation step and a key generation step, wherein the encryption method is used by a distributed terminal and a central terminal in a unified manner through automatic negotiation and adaptation, and the key generation step is used for generating a corresponding key through a certain algorithm based on the same encryption method. A key exchange step, wherein the distributed terminal and the central terminal exchange generated keys in a safe mode through a transmission network; a key storage step, wherein the distributed terminal and the central terminal store the key in a ciphertext form, and a configuration using step, wherein the distributed terminal and the central terminal use the stored key to configure corresponding equipment, and encrypt transmitted data; and a key updating step, wherein a rule of key updating is set in the distributed terminal, so that timeliness of the key is realized.
However, the above-described conventional method has the following drawbacks:
1. the privacy protection method adopts the traditional cryptography encryption method, and although the confidentiality degree of the transmitted content is higher, the transmitted content among entities is in a ciphertext form, the communication complexity is higher, and the system memory is greatly occupied. Meanwhile, because of the large number of interactions, additional space is required for storing a plurality of entity keys, confusion is avoided, and meanwhile, the memory of a larger part of the system is occupied, so that the method has no wide applicability in a real scene.
2. In the prior art, the security of the transmission content is protected in a symmetrical encryption mode, when an entity receives encrypted data, the data needs to be decrypted, and if more data are transmitted, the time complexity of a scheme can be improved; meanwhile, AES symmetric encryption has a certain hidden trouble, and once a key transmission channel is attacked by a malicious adversary, the scheme has the possibility of information leakage.
3. In addition to the above two points, in the prior art, identity authentication is not performed in the data interaction process between entities, so that a third party attack is easy to cause, and once a certain maliciousness exists in an interaction party, the scheme is unsafe and cannot perform privacy protection, and the scheme also has no wide applicability.
Disclosure of Invention
The invention provides a bilinear mapping-based privacy protection authentication method for a magnetic levitation train control system, which can solve the technical problems in the prior art.
The invention provides a bilinear mapping-based privacy protection authentication method for a magnetic suspension train control system, which comprises the following steps:
s100, a central operation control system generates a hash function H and bilinear mapping e;
s102, the central operation control system generates a first public and private key pk a ,sk a The vehicle-mounted operation control system generates a second public and private key pk c ,sk c The partition operation control system generates a third public and private key pk d ,sk d The central operation control system, the vehicle-mounted operation control system and the partition operation control system respectively reserve respective private keys and disclose respective public keys;
s104, the central operation control system discloses a hash function H and bilinear mapping e;
s106, the vehicle-mounted operation control system uses a hash function H to control the vehicle-mounted operation control system according to the following conditionsSelf identity information ID c First public private key pk a ,sk a The public key pk in (a) a Current timestamp TS 1 With the second public-private key pk c ,sk c The private key sk in (a) c Generating a first signature and storing self-identity information ID c First signature and current timestamp TS 1 Sending the data to a central operation control system;
s108, the central operation control system uses the current time stamp TS 1 Verifying the first signature by using bilinear mapping, if the verification is successful, turning to S110, otherwise, ending;
s110, the vehicle-carrying control system utilizes the self-identity information ID c Logging in a central operation control system;
s112, the central operation control system judges whether the partition operation control system has a fault, if not, the operation control system goes to S114, otherwise, the operation control system goes to S118;
s114, the central operation control system encrypts the control command, and sends the encrypted control command to the partition operation control system, and the partition operation control system uses the hash function H to encrypt the control command and the second public and private key pk according to the encrypted control command c ,sk c The public key pk in (a) c Current timestamp TS 3 With the third public-private key pk d ,sk d The private key sk in (a) d Generating a second signature and combining the encrypted control command, the second signature and the current timestamp TS 3 Transmitting to the vehicle-mounted operation control system, and turning to S116;
s116, the vehicle-mounted operation control system performs operation control according to the current time stamp TS 3 Verifying the second signature by using bilinear mapping, if the verification is successful, turning to S122, otherwise, ending;
s118, the central operation control system encrypts the control command and encrypts the control command according to the control command encrypted by the hash function H and the second public and private key pk c ,sk c The public key pk in (a) c Current timestamp TS 4 With the first public-private key pk a ,sk a The private key sk in (a) a Generating a third signature and combining the encrypted control command, the third signature and the current timestamp TS 4 Transmitting to the vehicle-mounted operation control system, and turning to S120;
s120, the vehicle-mounted operation control system performs operation control according to the current time stamp TS 4 Verifying the third signature by using bilinear mapping, if the verification is successful, turning to S126, otherwise, ending;
s122, the vehicle-mounted operation control system decrypts the encrypted control command and sends the real-time state information to the partition operation control system;
s124, the partition operation control system sends the real-time state information to the central operation control system;
s126, the vehicle-mounted operation control system decrypts the encrypted control command and sends the real-time state information to the central operation control system.
Preferably, the method further comprises:
and the central operation control system sends a logout command to the vehicle-mounted operation control system, and the vehicle-mounted operation control system logs in according to the logout command.
Preferably, the central operation control system sends a logout command to the vehicle-mounted operation control system, and the vehicle-mounted operation control system logout logging in according to the logout command comprises:
the central operation control system uses the hash function H to control the second public and private key pk according to the logout command c ,sk c The public key pk in (a) c Current timestamp TS 5 With the first public-private key pk a ,sk a The private key sk in (a) a Generate a fourth signature and send the cancellation command, the fourth signature and the current timestamp TS 5 Sending the data to a vehicle-mounted operation control system;
the vehicle-carried control system is based on the current time stamp TS 5 And verifying the fourth signature by using bilinear mapping, if the verification is successful, indicating that the logout command is effective, and logging out according to the logout command by the vehicle-mounted operation control system.
Preferably, the central control system is based on the current time stamp TS 1 Verifying the first signature using bilinear mapping includes:
the central operation control system verifies the current time stamp TS 1 Whether it is within the effective time range;
verifying the first signature using a bilinear map if within a valid time range;
if equation e (g, sig c )=e(pk c ,H(ID c ||Sig c ||TS 1 ) If true, then the first signature verification is successful, otherwise the first signature verification fails, wherein Sig c Representing a first signature.
Preferably, the determining, by the central operation control system, whether the partition operation control system fails includes:
the central operation control system sends the transmission signal to the partition operation control system if the transmission signal is transmitted at the preset time TS 2 And if the feedback signal of the partition operation control system is received, judging that the partition operation control system does not have a fault, otherwise, judging that the partition operation control system has a fault.
Preferably, the vehicle-mounted operation control system is used for controlling the vehicle according to the current time stamp TS 3 Verifying the second signature using bilinear mapping includes:
the vehicle-carried control system verifies the current time stamp TS 3 Whether it is within the effective time range;
verifying the second signature using the bilinear map if within the valid time range;
if equation e (g, sig d )=e(pk c ,H(Enc(C)||pk c ||TS 3 ) If true, then the second signature verification is successful, otherwise the second signature verification fails, wherein Sig d Representing the second signature, enc (C) represents the encrypted control command.
Preferably, sending the real-time status information to the zone operation control system includes:
based on real-time status information and third public and private key pk by using hash function H d ,sk d The public key pk in (a) d Current timestamp TS 6 With the second public-private key pk c ,sk c The private key sk in (a) c Generating a fifth signature and combining the real-time status information, the fifth signature and the current timestamp TS 6 Sending the data to a partition operation control system;
the sending of the real-time state information to the central operation control system by the partition operation control system comprises the following steps:
the partition operation control system is used for controlling TS according to the current time stamp 6 Verifying the fifth signature using bilinear mapping and checkingAnd sending the real-time state information to the central operation control system under the condition of successful certification.
Preferably, the partition operation control system is based on the current time stamp TS 6 Verifying the fifth signature using the bilinear map includes:
the partition operation control system verifies the current time stamp TS 6 Whether it is within the effective time range;
verifying the fifth signature using the bilinear map if within the valid time range;
if equation e (g, sig c5 )=e(pk d ,H(I||pk d ||TS 6 ) If true, the fifth signature verification is successful, otherwise the fifth signature verification fails, wherein Sig c5 Representing a fifth signature.
Preferably, the vehicle-mounted operation control system is used for controlling the vehicle according to the current time stamp TS 5 Verifying the fourth signature using the bilinear map includes:
the vehicle-carried control system verifies the current time stamp TS 5 Whether it is within the effective time range;
verifying the fourth signature using the bilinear map if within the valid time range;
if equation e (g, sig' a )=e(pk a ,H(R||pk a ||TS 5 ) If true, then the fourth signature verification is successful, otherwise the fourth signature verification fails, wherein Sig' a Representing a fourth signature, R representing a logout command.
Through the technical scheme, the message can be transmitted in a signature authentication mode, the control command is transmitted in a signature mode, signature verification is carried out by utilizing the property of bilinear mapping, the fact that the message is not tampered in the transmission party and the transmission channel process is ensured, and the privacy protection is effectively carried out on the data. Meanwhile, the space occupied by the signature is far smaller than that occupied by the ciphertext, so that the communication complexity can be reduced.
Drawings
The accompanying drawings, which are included to provide a further understanding of embodiments of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention. It is evident that the drawings in the following description are only some embodiments of the present invention and that other drawings may be obtained from these drawings without inventive effort for a person of ordinary skill in the art.
Fig. 1 shows a flow chart of a magnetic levitation train control system privacy protection authentication method based on bilinear mapping according to an embodiment of the present invention.
Detailed Description
It should be noted that, in the case of no conflict, the embodiments and features in the embodiments may be combined with each other. The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. The following description of at least one exemplary embodiment is merely exemplary in nature and is in no way intended to limit the invention, its application, or uses. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
It is noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of example embodiments in accordance with the present application. As used herein, the singular is also intended to include the plural unless the context clearly indicates otherwise, and furthermore, it is to be understood that the terms "comprises" and/or "comprising" when used in this specification are taken to specify the presence of stated features, steps, operations, devices, components, and/or combinations thereof.
The relative arrangement of the components and steps, numerical expressions and numerical values set forth in these embodiments do not limit the scope of the present invention unless it is specifically stated otherwise. Meanwhile, it should be understood that the sizes of the respective parts shown in the drawings are not drawn in actual scale for convenience of description. Techniques, methods, and apparatus known to one of ordinary skill in the relevant art may not be discussed in detail, but should be considered part of the specification where appropriate. In all examples shown and discussed herein, any specific values should be construed as merely illustrative, and not a limitation. Thus, other examples of the exemplary embodiments may have different values. It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further discussion thereof is necessary in subsequent figures.
In the invention, the magnetic suspension train control system comprises three entities, namely a central operation control system, a vehicle-mounted operation control system and a partition operation control system.
Fig. 1 shows a flow chart of a magnetic levitation train control system privacy protection authentication method based on bilinear mapping according to an embodiment of the present invention.
As shown in fig. 1, an embodiment of the present invention provides a privacy protection authentication method for a magnetic levitation train control system based on bilinear mapping, where the method includes:
s100, a central operation control system generates a hash function H and bilinear mapping e;
wherein the hash function H () = {0,1} * G; bilinear mapping e.G.times.G.fwdarw.G T Wherein G is an n-order subgroup, and G is a generator of G.
S102, the central operation control system generates a first public and private key pk a ,sk a The vehicle-mounted operation control system generates a second public and private key pk c ,sk c The partition operation control system generates a third public and private key pk d ,sk d The central operation control system, the vehicle-mounted operation control system and the partition operation control system respectively reserve respective private keys and disclose respective public keys;
wherein pk=g sk (for three entities).
S104, the central operation control system discloses a hash function H and bilinear mapping e;
in other words, the hash function H, bilinear map e, element g may be disclosed.
S106, the vehicle-mounted operation control system utilizes the Hash function H rootAccording to self identity information ID c First public private key pk a ,sk a The public key pk in (a) a Current timestamp TS 1 With the second public-private key pk c ,sk c The private key sk in (a) c Generating a first signature and storing self-identity information ID c First signature and current timestamp TS 1 To the central control system (i.e., the on-board control system will (ID c ||Sig c ||TS 1 ) Sending to a central operation control system);
the first signature generated by the hash function is, for example, as follows:
Figure BDA0003337760500000081
s108, the central operation control system uses the current time stamp TS 1 Verifying the first signature by using bilinear mapping, if the verification is successful, turning to S110, otherwise, ending;
i.e. authentication.
S110, the vehicle-carrying control system utilizes the self-identity information ID c Logging in a central operation control system;
s112, the central operation control system judges whether the partition operation control system has a fault, if not, the operation control system goes to S114, otherwise, goes to S118 (namely, the fault goes to S118);
s114, the central operation control system encrypts the control command, and sends the encrypted control command to the partition operation control system, and the partition operation control system uses the hash function H to encrypt the control command and the second public and private key pk according to the encrypted control command c ,sk c The public key pk in (a) c Current timestamp TS 3 With the third public-private key pk d ,sk d The private key sk in (a) d Generating a second signature and combining the encrypted control command, the second signature and the current timestamp TS 3 To the vehicle-mounted operation control system (to be (Enc (C) ||sig) d ||TS 3 ) Send to the vehicle-mounted operation control system), and go to S116;
the second signature generated by the hash function is, for example, as follows:
Figure BDA0003337760500000091
s116, the vehicle-mounted operation control system performs operation control according to the current time stamp TS 3 Verifying the second signature by using bilinear mapping, if the verification is successful, turning to S122, otherwise, ending;
s118, the central operation control system encrypts the control command and encrypts the control command according to the control command encrypted by the hash function H and the second public and private key pk c ,sk c The public key pk in (a) c Current timestamp TS 4 With the first public-private key pk a ,sk a The private key sk in (a) a Generating a third signature and combining the encrypted control command, the third signature and the current timestamp TS 4 Transmitting to the vehicle-mounted operation control system, and turning to S120;
s120, the vehicle-mounted operation control system performs operation control according to the current time stamp TS 4 Verifying the third signature by using bilinear mapping, if the verification is successful, turning to S126, otherwise, ending;
s122, the vehicle-mounted operation control system decrypts the encrypted control command and sends the real-time state information to the partition operation control system;
s124, the partition operation control system sends the real-time state information to the central operation control system;
s126, the vehicle-mounted operation control system decrypts the encrypted control command and sends the real-time state information to the central operation control system.
For S114 and S118, if the partition operation control system is intact, the central operation control system sends a control command to the partition operation control system and the partition operation control system transmits the control command to the vehicle operation control system; if the partition operation control system fails, the central operation control system directly transmits a control command to the vehicle-mounted operation control system. For the real-time status information I, since the security level of the real-time status information I is lower than the control command C, encryption of the real-time status information I is not required.
Through the technical scheme, the message can be transmitted in a signature authentication mode, the control command is transmitted in a signature mode, signature verification is carried out by utilizing the property of bilinear mapping, the fact that the message is not tampered in the transmission party and the transmission channel process is ensured, and the privacy protection is effectively carried out on the data. Meanwhile, the space occupied by the signature is far smaller than that occupied by the ciphertext, so that the communication complexity can be reduced.
In the present invention, by generating a signature using a time stamp, a repetitive attack can be resisted.
According to one embodiment of the invention, the control command C is encrypted by adopting the public key of the vehicle-mounted operation control system, and then the vehicle-mounted operation control system decrypts the encrypted control command by utilizing the private key of the vehicle-mounted operation control system to obtain the control command C.
According to one embodiment of the invention, the method further comprises:
and the central operation control system sends a logout command to the vehicle-mounted operation control system, and the vehicle-mounted operation control system logs in according to the logout command.
Therefore, the vehicle-mounted operation control system can be logged off after interaction is finished, and the whole flow is finished.
According to one embodiment of the present invention, the central operation control system sends a logout command to the vehicle-mounted operation control system, and the vehicle-mounted operation control system logout logging in according to the logout command includes:
the central operation control system uses the hash function H to control the second public and private key pk according to the logout command c ,sk c The public key pk in (a) c Current timestamp TS 5 With the first public-private key pk a ,sk a The private key sk in (a) a Generate a fourth signature and send the cancellation command, the fourth signature and the current timestamp TS 5 Sending the data to a vehicle-mounted operation control system;
the vehicle-carried control system is based on the current time stamp TS 5 And verifying the fourth signature by using bilinear mapping, if the verification is successful, indicating that the logout command is effective, and logging out according to the logout command by the vehicle-mounted operation control system.
According to one embodiment of the invention, the central control system is based on the current time stamp TS 1 Verifying the first signature using bilinear mapping includes:
the central operation control system verifies the current time stamp TS 1 Whether it is within the effective time range;
verifying the first signature using a bilinear map if within a valid time range;
if equation e (g, sig c )=e(pk c ,H(ID c ||Sig c ||TS 1 ) If true, then the first signature verification is successful, otherwise the first signature verification fails, wherein Sig c Representing a first signature.
For example, the bilinear map verification process is as follows:
Figure BDA0003337760500000111
according to one embodiment of the present invention, the central operation control system judging whether the partition operation control system has a fault includes:
the central operation control system sends a transmission signal S to the partition operation control system if the transmission signal S is in a preset time TS 2 And if the feedback signal of the partition operation control system is received, judging that the partition operation control system does not have a fault, otherwise, judging that the partition operation control system has a fault.
That is, if the feedback signal is received within the preset time, the state of the partition operation control system is good, and no fault occurs; otherwise, the partition operation control system is damaged and has faults.
Through the fault judgment, the problem that the instruction cannot be successfully sent due to the fault of the partition operation control system can be avoided.
According to one embodiment of the invention, the vehicle-mounted operation control system is used for controlling the vehicle-mounted operation control system according to the current time stamp TS 3 Verifying the second signature using bilinear mapping includes:
the vehicle-carried control system verifies the current time stamp TS 3 Whether it is within the effective time range;
verifying the second signature using the bilinear map if within the valid time range;
if equation e (g, sig d )=e(pk c ,H(Enc(C)||pk c ||TS 3 ) If true, then the second signature verification is successful, otherwise the second signature verification fails, wherein Sig d Representing the second signature, enc (C) represents the encrypted control command.
It should be noted that, the process of verifying the third signature is similar to the process of verifying the second signature, and the specific process may refer to the description about the second signature, which is not repeated here.
According to one embodiment of the present invention, sending real-time status information to a zone operation control system includes:
based on real-time status information and third public and private key pk by using hash function H d ,sk d The public key pk in (a) d Current timestamp TS 6 With the second public-private key pk c ,sk c The private key sk in (a) c Generating a fifth signature and combining the real-time status information, the fifth signature and the current timestamp TS 6 Sending the data to a partition operation control system;
the sending of the real-time state information to the central operation control system by the partition operation control system comprises the following steps:
the partition operation control system is used for controlling TS according to the current time stamp 6 And verifying the fifth signature by using the bilinear mapping, and sending the real-time state information to the central operation control system under the condition that the verification is successful.
That is, the real-time state information can be transmitted in a signature form, signature verification is performed by utilizing the property of bilinear mapping, the fact that the transmission party and the transmission channel process information (real-time state information) are not tampered is guaranteed, and privacy protection is effectively performed on the data.
According to one embodiment of the invention, the partition operation control system is based on the current time stamp TS 6 Verifying the fifth signature using the bilinear map includes:
the partition operation control system verifies the current time stamp TS 6 Whether it is within the effective time range;
verifying the fifth signature using the bilinear map if within the valid time range;
if equation e (g, sig c5 )=e(pk d ,H(I||pk d ||TS 6 ) If true, the fifth signature verification is successful, otherwise the fifth signature verification fails, wherein Sig c5 Representing a fifth signature.
It should be noted that, the process of sending the real-time status information to the central operation control system is similar to the process of sending the real-time status information to the partition operation control system, and the difference is that the central operation control system directly obtains the real-time status information after the signature verification is successful, and the forwarding process is not required to be executed. The specific process may refer to the description about the transmission of the real-time status information to the partition operation control system, which is not described herein.
According to one embodiment of the invention, the vehicle-mounted operation control system is used for controlling the vehicle-mounted operation control system according to the current time stamp TS 5 Verifying the fourth signature using the bilinear map includes:
the vehicle-carried control system verifies the current time stamp TS 5 Whether it is within the effective time range;
verifying the fourth signature using the bilinear map if within the valid time range;
if equation e (g, sig' a )=e(pk a ,H(R||pk a ||TS 5 ) If true, then the fourth signature verification is successful, otherwise the fourth signature verification fails, wherein Sig' a Representing a fourth signature, R representing a logout command.
The embodiment shows that the method has the advantages of wide application range, high confidentiality degree and the like, and can effectively avoid the leakage or cracking of the key in the prior art while realizing privacy protection of the transmission parameters, thereby better ensuring the safe operation of the rail transit.
In the description of the present invention, it should be understood that the azimuth or positional relationships indicated by the azimuth terms such as "front, rear, upper, lower, left, right", "lateral, vertical, horizontal", and "top, bottom", etc., are generally based on the azimuth or positional relationships shown in the drawings, merely to facilitate description of the present invention and simplify the description, and these azimuth terms do not indicate and imply that the apparatus or elements referred to must have a specific azimuth or be constructed and operated in a specific azimuth, and thus should not be construed as limiting the scope of protection of the present invention; the orientation word "inner and outer" refers to inner and outer relative to the contour of the respective component itself.
Spatially relative terms, such as "above … …," "above … …," "upper surface at … …," "above," and the like, may be used herein for ease of description to describe one device or feature's spatial location relative to another device or feature as illustrated in the figures. It will be understood that the spatially relative terms are intended to encompass different orientations in use or operation in addition to the orientation depicted in the figures. For example, if the device in the figures is turned over, elements described as "above" or "over" other devices or structures would then be oriented "below" or "beneath" the other devices or structures. Thus, the exemplary term "above … …" may include both orientations of "above … …" and "below … …". The device may also be positioned in other different ways (rotated 90 degrees or at other orientations) and the spatially relative descriptors used herein interpreted accordingly.
In addition, the terms "first", "second", etc. are used to define the components, and are only for convenience of distinguishing the corresponding components, and the terms have no special meaning unless otherwise stated, and therefore should not be construed as limiting the scope of the present invention.
The above description is only of the preferred embodiments of the present invention and is not intended to limit the present invention, but various modifications and variations can be made to the present invention by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (9)

1. A maglev train control system privacy protection authentication method based on bilinear mapping is characterized by comprising the following steps:
s100, a central operation control system generates a hash function H and bilinear mapping e;
s102, the central operation control system generates a first public and private key pk a ,sk a The vehicle-mounted operation control system generates a second public and private key pk c ,sk c The partition operation control system generates a third public and private key pk d ,sk d The central operation control system, the vehicle-mounted operation control system and the partition operation control system respectively reserve respective private keys and disclose respective public keys;
s104, the central operation control system discloses a hash function H and bilinear mapping e;
s106, the vehicle-mounted operation control system utilizes a hash function H to carry out ID according to the self identity information c First public private key pk a ,sk a The public key pk in (a) a Current timestamp TS 1 With the second public-private key pk c ,sk c The private key sk in (a) c Generating a first signature and storing self-identity information ID c First signature and current timestamp TS 1 Sending the data to a central operation control system;
s108, the central operation control system uses the current time stamp TS 1 Verifying the first signature by using bilinear mapping, if the verification is successful, turning to S110, otherwise, ending;
s110, the vehicle-carrying control system utilizes the self-identity information ID c Logging in a central operation control system;
s112, the central operation control system judges whether the partition operation control system has a fault, if not, the operation control system goes to S114, otherwise, the operation control system goes to S118;
s114, the central operation control system encrypts the control command, and sends the encrypted control command to the partition operation control system, and the partition operation control system uses the hash function H to encrypt the control command and the second public and private key pk according to the encrypted control command c ,sk c The public key pk in (a) c Current timestamp TS 3 With the third public-private key pk d ,sk d The private key sk in (a) d Generating a second signature and combining the encrypted control command, the second signature and the current timestamp TS 3 Transmitting to the vehicle-mounted operation control system, and turning to S116;
s116, the vehicle-mounted operation control system performs operation control according to the current time stamp TS 3 Signing a second signature using bilinear mappingLine verification, if verification is successful, turning to S122, otherwise, ending;
s118, the central operation control system encrypts the control command and encrypts the control command according to the control command encrypted by the hash function H and the second public and private key pk c ,sk c The public key pk in (a) c Current timestamp TS 4 With the first public-private key pk a ,sk a The private key sk in (a) a Generating a third signature and combining the encrypted control command, the third signature and the current timestamp TS 4 Transmitting to the vehicle-mounted operation control system, and turning to S120;
s120, the vehicle-mounted operation control system performs operation control according to the current time stamp TS 4 Verifying the third signature by using bilinear mapping, if the verification is successful, turning to S126, otherwise, ending;
s122, the vehicle-mounted operation control system decrypts the encrypted control command and sends the real-time state information to the partition operation control system;
s124, the partition operation control system sends the real-time state information to the central operation control system;
s126, the vehicle-mounted operation control system decrypts the encrypted control command and sends the real-time state information to the central operation control system.
2. The method according to claim 1, characterized in that the method further comprises:
and the central operation control system sends a logout command to the vehicle-mounted operation control system, and the vehicle-mounted operation control system logs in according to the logout command.
3. The method of claim 2, wherein the central control system sending a logout command to the on-board control system, the on-board control system logging out of the logout according to the logout command comprising:
the central operation control system uses the hash function H to control the second public and private key pk according to the logout command c ,sk c The public key pk in (a) c Current timestamp TS 5 With the first public-private key pk a ,sk a The private key sk in (a) a Generating a fourth signature and comparing the cancellation command, the fourth signature and the current signatureFront timestamp TS 5 Sending the data to a vehicle-mounted operation control system;
the vehicle-carried control system is based on the current time stamp TS 5 And verifying the fourth signature by using bilinear mapping, if the verification is successful, indicating that the logout command is effective, and logging out according to the logout command by the vehicle-mounted operation control system.
4. The method according to claim 1, wherein the central control system is based on a current time stamp TS 1 Verifying the first signature using bilinear mapping includes:
the central operation control system verifies the current time stamp TS 1 Whether it is within the effective time range;
verifying the first signature using a bilinear map if within a valid time range;
if equation e (g, sig c )=e(pk c ,H(ID c ||Sig c ||TS 1 ) If true, then the first signature verification is successful, otherwise the first signature verification fails, wherein Sig c Representing a first signature.
5. The method of claim 4, wherein the central operation control system determining whether the zone operation control system is malfunctioning comprises:
the central operation control system sends the transmission signal to the partition operation control system if the transmission signal is transmitted at the preset time TS 2 And if the feedback signal of the partition operation control system is received, judging that the partition operation control system does not have a fault, otherwise, judging that the partition operation control system has a fault.
6. The method of claim 5, wherein the on-board control system is based on a current timestamp TS 3 Verifying the second signature using bilinear mapping includes:
the vehicle-carried control system verifies the current time stamp TS 3 Whether it is within the effective time range;
verifying the second signature using the bilinear map if within the valid time range;
if equation e (g, sig d )=∈(pk c ,H(Enc(C)||pk c ||TS 3 ) If true, then the second signature verification is successful, otherwise the second signature verification fails, wherein Sig d Representing the second signature, enc (C) represents the encrypted control command.
7. The method of claim 6, wherein transmitting real-time status information to the zone operations system comprises:
based on real-time status information and third public and private key pk by using hash function H d ,sk d The public key pk in (a) d Current timestamp TS 6 With the second public-private key pk c ,sk c The private key sk in (a) c Generating a fifth signature and combining the real-time status information, the fifth signature and the current timestamp TS 6 Sending the data to a partition operation control system;
the sending of the real-time state information to the central operation control system by the partition operation control system comprises the following steps:
the partition operation control system is used for controlling TS according to the current time stamp 6 And verifying the fifth signature by using the bilinear mapping, and sending the real-time state information to the central operation control system under the condition that the verification is successful.
8. The method of claim 7, wherein the partition gating system is based on a current timestamp TS 6 Verifying the fifth signature using the bilinear map includes:
the partition operation control system verifies the current time stamp TS 6 Whether it is within the effective time range;
verifying the fifth signature using the bilinear map if within the valid time range;
if equation e (g, sig c5 )=e(pk d ,H(I||pk d ||TS 6 ) If true, the fifth signature verification is successful, otherwise the fifth signature verification fails, wherein Sig c5 Representing a fifth signature.
9. A method according to claim 3, characterized in thatThe vehicle-mounted operation control system performs operation according to the current time stamp TS 5 Verifying the fourth signature using the bilinear map includes:
the vehicle-carried control system verifies the current time stamp TS 5 Whether it is within the effective time range;
verifying the fourth signature using the bilinear map if within the valid time range;
if equation e (g, sig' a )=e(pk a ,H(R||pk a ||TS 5 ) If true, then the fourth signature verification is successful, otherwise the fourth signature verification fails, wherein Sig' a Representing a fourth signature, R representing a logout command.
CN202111299123.6A 2021-11-04 2021-11-04 Magnetic levitation train control system privacy protection authentication method based on bilinear mapping Pending CN116074030A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111299123.6A CN116074030A (en) 2021-11-04 2021-11-04 Magnetic levitation train control system privacy protection authentication method based on bilinear mapping

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111299123.6A CN116074030A (en) 2021-11-04 2021-11-04 Magnetic levitation train control system privacy protection authentication method based on bilinear mapping

Publications (1)

Publication Number Publication Date
CN116074030A true CN116074030A (en) 2023-05-05

Family

ID=86177501

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111299123.6A Pending CN116074030A (en) 2021-11-04 2021-11-04 Magnetic levitation train control system privacy protection authentication method based on bilinear mapping

Country Status (1)

Country Link
CN (1) CN116074030A (en)

Similar Documents

Publication Publication Date Title
Sheikh et al. A comprehensive survey on VANET security services in traffic management system
CN112039870B (en) Privacy protection-oriented vehicle-mounted network authentication method and system based on block chain
CN109194610A (en) Vehicle-mounted mist data lightweight anonymous access authentication method based on block chain auxiliary
US10284525B2 (en) Cross-domain data-gate for secure transmission of data over publicly shared datalinks
US11436873B2 (en) Encrypted communication system and method for controlling encrypted communication system
US20220158853A1 (en) Cryptographic methods and systems using activation codes for digital certificate revocation
CN103036867A (en) Apparatus and method for providing virtual private network service based on mutual authentication
CN107710676B (en) Gateway device and control method thereof
EP3750277A1 (en) Cryptographic methods and systems using blinded activation codes for digital certificate revocation
CN109905371B (en) Bidirectional encryption authentication system and application method thereof
US11049402B2 (en) Cryptography-based platooning mechanism for autonomous vehicle fleet management
CN110881177B (en) Anti-quantum computing distributed Internet of vehicles method and system based on identity secret sharing
CN114205091B (en) Network authentication and key negotiation method for automatic driving vehicle based on chaotic mapping
JP2013138304A (en) Security system and key data operation method
CN110913390B (en) Anti-quantum computing Internet of vehicles method and system based on identity secret sharing
CN111148073B (en) Secret key management method and system for train-ground communication transmission information
JP5016394B2 (en) Wireless control security system
CN112423262A (en) Fleet key negotiation method, storage medium and vehicle
KR20190056661A (en) Secure Communication Method through RSU-based Group Key in Vehicular Network
JP5503692B2 (en) Wireless control security system
CN116074030A (en) Magnetic levitation train control system privacy protection authentication method based on bilinear mapping
CN114157447A (en) Unmanned equipment safety communication method based on block chain technology
CN111698263A (en) Beidou satellite navigation data transmission method and system
Vijayalakshmi et al. An ID-based privacy preservation for VANET
JP4540681B2 (en) COMMUNICATION SECURITY MAINTAINING METHOD, APPARATUS THEREOF, AND PROCESSING PROGRAM THEREOF

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination