CN116366233B - Secure multicast-oriented data link communication system transmission encryption method and system - Google Patents
Secure multicast-oriented data link communication system transmission encryption method and system Download PDFInfo
- Publication number
- CN116366233B CN116366233B CN202310618022.3A CN202310618022A CN116366233B CN 116366233 B CN116366233 B CN 116366233B CN 202310618022 A CN202310618022 A CN 202310618022A CN 116366233 B CN116366233 B CN 116366233B
- Authority
- CN
- China
- Prior art keywords
- subnet
- data
- scrambling
- sequence
- frequency hopping
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000005540 biological transmission Effects 0.000 title claims abstract description 62
- 238000000034 method Methods 0.000 title claims abstract description 47
- 238000004891 communication Methods 0.000 title claims abstract description 39
- 238000005315 distribution function Methods 0.000 claims abstract description 8
- 230000006855 networking Effects 0.000 claims description 22
- PCHJSUWPFVWCPO-UHFFFAOYSA-N gold Chemical group [Au] PCHJSUWPFVWCPO-UHFFFAOYSA-N 0.000 claims description 8
- 238000013461 design Methods 0.000 claims description 6
- 238000009432 framing Methods 0.000 claims description 5
- 230000001360 synchronised effect Effects 0.000 claims description 4
- 230000001121 heart beat frequency Effects 0.000 claims description 2
- 230000007246 mechanism Effects 0.000 abstract description 6
- 230000009286 beneficial effect Effects 0.000 abstract description 5
- 230000006870 function Effects 0.000 description 12
- 230000015572 biosynthetic process Effects 0.000 description 5
- 238000003786 synthesis reaction Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 125000004122 cyclic group Chemical group 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000000739 chaotic effect Effects 0.000 description 1
- 230000001427 coherent effect Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000011217 control strategy Methods 0.000 description 1
- 238000012937 correction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 125000000524 functional group Chemical group 0.000 description 1
- 230000004927 fusion Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 238000012163 sequencing technique Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000004260 weight control Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
- H04W12/033—Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0431—Key distribution or pre-distribution; Key agreement
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/06—Selective distribution of broadcast services, e.g. multimedia broadcast multicast service [MBMS]; Services to user groups; One-way selective calling services
- H04W4/08—User group management
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Multimedia (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention relates to the technical field of multicast of a data link communication system, and discloses a transmission encryption method of a data link communication system oriented to safe multicast, which comprises the following steps of S100, distributing a multicast key, a distribution function subnet identifier and a distribution time slot number to each function subnet; s200, scrambling the original data by using the multicast key, the functional subnet identifier and the subnet number to generate baseband encrypted data; s300, adding frame control information for the baseband encryption data to generate a data frame, wherein the frame control information contains a functional subnet identifier; s400, modulating the data frame to generate a modulation signal; s500, carrying out frequency hopping transmission on the modulation signal by using the time slot number and the subnet number; the method adopts a mode of two-stage transmission encryption and packet encryption scrambling code generation, realizes a hierarchical independent physical layer secure transmission mechanism, is beneficial to the convenient use and the security guarantee of a data link information distribution system, and can solve the authority control and the data transmission security problems of secure multicast.
Description
Technical Field
The invention relates to the technical field of data link communication system multicasting, in particular to a transmission encryption method of a data link communication system facing secure multicasting.
Background
The data link communication system is a tactical wireless data communication system for transmitting formatted digital information in a bit-oriented manner in real time according to a prescribed message format and communication protocol using various advanced modem, error correction coding, networking communication and information fusion techniques. Compared with civil mobile communication systems, the data link communication system has higher requirements on the reliability, safety and interference resistance of the wireless communication mode.
The secure multicast technology allows one or more senders (multicast sources) to send encrypted data packets to a plurality of designated receivers through multicast addresses or authority control technology, and the receivers decrypt and restore the data packets through multicast keys, ensure secure distribution of the multicast keys and secure transmission of multicast information. The multicast technology can save transmission resources and obviously improve the communication efficiency of a data link network, but the security risk faced by multicast communication is higher than that of unicast communication, and unauthorized data generation, modification, damage and illegal use are easy to generate.
In particular, the data link information distribution system (Datalink Information Distribution System, DIDS) is an anti-interference communication system adopting a high-speed frequency hopping system, and adopts a time division multiple access (Time Division Multiple Access, TDMA) and a layer networking system to divide channel resources, so as to realize distributed multiple access of a plurality of user terminals and multipath parallel distribution of data link messages.
The data chain information distribution system (DIDS) defines a functional subnet concept, i.e. a set/sets of time slot block resource plans made to support certain data message types, called functional participation sets (Network Participation Group, NPG), for supporting multiple parallel distribution of data chain messages. The NPG function participation group is a type of multicast transmission function unit in a data chain information distribution system (DIDS).
In order to support secure communication among functional subnetwork members, the conventional data link information distribution system adopts a symmetrical encryption system to encrypt multicast messages, and the data link messages use a multicast key to encrypt a transmitting end and decrypt a receiving end, so that the multicast security of the functional subnetwork is ensured. After legal authentication, the multicast key is distributed by the data link networking center according to the combat plan.
In an open wireless communication environment, only a data chain message multicast transmission of a message encryption mechanism is adopted, and double security risks exist, firstly, a single-stage encryption system exists in a loophole, and the single message encryption is insufficient to protect the multicast transmission security; secondly, the access rights of legal users cannot be distinguished due to the lack of a right control strategy and a right control method, and the users of the functional groups can visit each other, so that the multicast security of the functional subnetwork cannot be distinguished.
Disclosure of Invention
Aiming at the defects of the prior art, the invention aims to provide a transmission encryption method and a system for a data link communication system facing secure multicast, which adopt a two-stage transmission encryption and block encryption scrambling code generation mode to realize a hierarchical independent physical layer secure transmission mechanism, are beneficial to the convenient use and the security guarantee of a data link information distribution system and can solve the authority control and the data transmission security problems of the secure multicast.
In order to achieve the above object, the present invention provides the following technical solutions:
the data link communication system transmission encryption method facing the secure multicast comprises the following steps: s100, distributing a multicast key, a distribution function subnet identifier and a distribution time slot number to each function subnet; s200, scrambling the original data by using the multicast key, the functional subnet identifier and the subnet number to generate baseband encrypted data; s300, adding frame control information for the baseband encryption data to generate a data frame, wherein the frame control information contains a functional subnet identifier; s400, modulating the data frame to generate a modulation signal; s500, the modulating signal is transmitted in a frequency hopping way by using the time slot number and the subnet number.
In the present invention, preferably, the S200 includes: s201, generating an initial value of a scrambling sequence through a public Hash function by utilizing a multicast key, a functional subnet identifier and a subnet number; s202, adopting a balanced Gold sequence according to the initial value of a scrambling sequence, and selecting a specific m sequence optimal pair to generate the scrambling sequence; s203, the original data is scrambled by using the scrambling sequence, and baseband encrypted data is generated.
In the present invention, preferably, the formula for generating the initial value of the scrambling code sequence in S201 is as follows:
;
wherein ,for the scrambling sequence initial value, +.>For the ith bit of the initial value of the scrambling sequence, N is the order of the initial value of the scrambling sequence, a is a design constant, GTK is a multicast key, GID is a functional subnet identifier, and NID is a subnet number.
In the present invention, preferably, the formula for generating the baseband encrypted data in S203 is as follows:;
wherein ,for the scrambled sequence, ++>Encoding bits for the i-th channel, +.>For the ith scrambling bit, +.>The block length is encoded for the channel.
In the present invention, preferably, the S500 includes: s501, generating a frequency hopping pseudo-random sequence by taking the combination of a time slot number and a subnet number as an initial value; s502, performing nonlinear operation on the frequency hopping pseudo-random sequence to generate a frequency hopping pattern; s503, performing frequency hopping transmission on the modulated signal by using the frequency hopping pattern.
In the present invention, preferably, the modulation method in S400 is one of MSK, PSK, QAM.
In the present invention, preferably, the distributing the multicast key to each functional subnet in S100 uses a timing update method or an event update method.
The data link communication system transmission encryption system facing the safe multicast comprises a networking center and a user side, wherein the networking center comprises: the distribution module is used for distributing the multicast key, the distribution function subnet identification and the distribution time slot number to each function subnet; the channel scrambling module is used for scrambling the original data by utilizing the multicast key, the functional subnet identifier and the subnet number to generate baseband encrypted data; the channel scrambling module includes: the initial value generating unit is used for generating an initial value of the scrambling code sequence through a public Hash function by utilizing the multicast key, the functional subnet identifier and the subnet number; the formula for generating the initial value of the scrambling code sequence is:
;
wherein ,for the scrambling sequence initial value, +.>The method is characterized in that the method comprises the steps that (1) the ith bit of an initial value of a scrambling sequence is used, N is the order of the initial value of the scrambling sequence, a is a design constant, GTK is a multicast key, GID is a functional subnet identifier, and NID is a subnet number; a scrambling code sequence generating unit, configured to generate a scrambling code sequence by using a balanced Gold sequence and selecting a specific m-sequence optimal pair according to an initial value of the scrambling code sequence; a scrambling unit for scrambling the original data with a scrambling sequence to generate baseband encrypted data; the formula for generating the baseband encryption data is: />;
wherein ,for the scrambled sequence, ++>Encoding bits for the i-th channel, +.>For the ith scrambling bit, +.>Encoding a block length for a channel; the synchronous framing module is used for adding frame control information to the baseband encrypted data to generate a data frame, wherein the frame control informationThe functional subnet identification is contained in the network; the signal modulation module is used for modulating the data frame and generating a modulation signal; the frequency hopping transmitting module is used for carrying out frequency hopping transmission on the modulation signal by utilizing the time slot number and the subnet number; the frequency hopping transmission module includes: the frequency hopping pseudo-random sequence generating unit is used for generating a frequency hopping pseudo-random sequence by taking the combination of the time slot number and the subnet number as an initial value; the frequency hopping pattern generation unit is used for generating a frequency hopping pattern by performing nonlinear operation on the frequency hopping pseudo-random sequence; and a transmitting unit for performing frequency hopping transmission on the modulated signal by using the frequency hopping pattern.
In the present invention, preferably, the client includes: the frequency hopping receiving module is used for tracking and receiving the modulated signals sent by the heartbeat frequency in the networking; the signal demodulation module is used for demodulating the modulated signal into a data frame; the frame header analysis module is used for analyzing frame control information of the data frame to obtain a functional subnet identification and baseband encryption data; and the channel descrambling module is used for descrambling the baseband encrypted data according to the multicast key, the functional subnet identifier and the subnet number to generate the original data.
A computer readable storage medium comprising instructions that when run on a computer cause the computer to perform the secure multicast oriented data link communication system transmission encryption method of any one of the preceding claims.
Compared with the prior art, the invention has the beneficial effects that:
1) The method adopts two-stage transmission encryption, the channel scrambling of the transmitting side and the channel descrambling of the receiving side adopt a functional subnet identification generation scrambling code sequence to carry out baseband encryption and decryption, and the frequency synthesis and frequency hopping tracking of the transmitting side adopt a time slot number and a subnet number to generate a frequency hopping pattern to carry out radio frequency encryption and decryption. The two-stage transmission encryption realizes a hierarchical independent physical layer secure transmission mechanism, and is beneficial to the convenient use and the security guarantee of a data link information distribution system.
2) The method adopts the functional subnet identification and the multicast key to jointly generate the scrambling sequence, and the functional subnet identification is associated with the data packet type and is irrelevant to the receiving time slot, so that the multicast transmission safety can be ensured.
3) The method adopts the functional subnet identification and the multicast key to jointly generate the scrambling sequence, also supports the dynamic update of the multicast key, and can realize the dynamic management and the authority control of the functional subnet multicast members.
Drawings
Fig. 1 is a flowchart of a transmission encryption method of a data link communication system for secure multicast according to an embodiment of the present invention.
Fig. 2 is a flowchart of S500 in a secure multicast oriented data link communication system transmission encryption method according to an embodiment of the present invention.
Fig. 3 is a flowchart of S200 in a transmission encryption method for a data link communication system for secure multicast according to another embodiment of the present invention.
Fig. 4 is a schematic structural diagram of a transmission encryption system of a data link communication system for secure multicast according to another embodiment of the present invention.
Fig. 5 is a schematic structural diagram of a networking center in a transmission encryption system of a data link communication system for secure multicast according to another embodiment of the present invention.
Fig. 6 is a schematic structural diagram of a user end in a transmission encryption system of a data link communication system for secure multicast according to another embodiment of the present invention.
Fig. 7 is a flowchart of a transmission encryption system of a data link communication system for secure multicast according to another embodiment of the present invention.
Fig. 8 is a flowchart of the operation of the channel scrambling module and the channel descrambling module in the transmission encryption system of the data link communication system for secure multicast according to another embodiment of the present invention. In the accompanying drawings: the system comprises a 1-networking center, an 11-distribution module, a 12-channel scrambling module, a 121-initial value generation unit, a 122-scrambling code sequence generation unit, a 123-scrambling unit, a 13-synchronous framing module, a 14-signal modulation module, a 15-frequency hopping transmission module, a 151-frequency hopping pseudo-random sequence generation unit, a 152-frequency hopping pattern generation unit, a 153-transmission unit, a 2-user side, a 21-frequency hopping receiving module, a 22-signal demodulation module, a 23-frame header analysis module and a 24-channel descrambling module.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
It will be understood that when an element is referred to as being "fixed to" another element, it can be directly on the other element or intervening elements may also be present. When a component is considered to be "connected" to another component, it can be directly connected to the other component or intervening components may also be present. When an element is referred to as being "disposed on" another element, it can be directly on the other element or intervening elements may also be present. The terms "vertical," "horizontal," "left," "right," and the like are used herein for illustrative purposes only.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used herein in the description of the invention is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. The term "and/or" as used herein includes any and all combinations of one or more of the associated listed items.
Referring to fig. 1 and fig. 2, a preferred embodiment of the present invention provides a secure multicast-oriented data link communication system transmission encryption method, which includes:
and S100, distributing a multicast key, a distribution function subnet identifier and a distribution time slot number to each function subnet.
The multicast member (i.e. the user end) obtains the multicast Key (GTK) of the functional subnet from the networking center, and the networking center distributes the multicast Key as the basic Key of each functional subnet. When transmitting data packets, the transceiver acquires the functional subnet identification (Group IDentification, GID) of the current data, and the functional subnet identification of the data packets is acquired by distinguishing the transmitting end and the receiving end. The sender identifies the functional subnet by message type and encapsulates it in bit codes to specific bits of the frame header. The receiver recognizes the functional subnet identification of the current data by parsing the frame header independent of the receive slot table. The time slot number is used for the multicast member to read the received message and distribute it by the networking center. The distribution of the multicast key, the distribution function subnet identification and the distribution time slot number can be performed once or multiple times, and can be performed by adopting a timing update method or an event update method. The timing update method refers to that the networking center distributes the information to each functional subnet once at intervals, and the event update method refers to that the networking center triggers the networking center to distribute the information to each functional subnet according to certain conditions (such as a multicast member request, active grouping modification of the networking center and the like).
S200, the original data is scrambled by using the multicast key, the functional subnet identification and the subnet number, and the baseband encrypted data is generated.
And combining the multicast key, the functional subnet identifier and the subnet number to a certain extent, and taking the combination as an input value, so that a scrambling code can be generated, and the original data can be encrypted by scrambling the original data by using the scrambling code. The original data refers to the data to be processed by the method, and is not necessarily the most original message that the networking center prepares to send to the multicast member, and the original data may be the original message itself or the data of the original message after being processed by encryption, encoding and the like.
S300, adding frame control information to the baseband encryption data to generate a data frame, wherein the frame control information contains a functional subnet identifier.
And adding frame control information before the baseband encrypted data for assisting the receiver in waveform parameter identification and decryption decoding. Specifically, the frame control information includes a functional subnet identifier field, which can identify the message type of the current data block and corresponds to the functional subnet identifier one by one.
S400, modulating the data frame to generate a modulation signal.
And modulating the data frame by adopting a digital modulation method, and meeting the requirements of a data chain information system on signal bandwidth, modulation index and the like. Alternatively, one of MSK, PSK, QAM may be used as the modulation scheme.
S500, the modulating signal is transmitted in a frequency hopping way by using the time slot number and the subnet number.
Firstly, using the combination of time slot number and subnet number as input information, adopting a certain algorithm to generate frequency hopping pattern, then according to the frequency hopping pattern making frequency synthesis so as to make the frequency hopping pattern meet the requirements of uniformity, randomness and wide interval, then transmitting radio frequency signal into space by means of antenna, and transmitting radio wave form to receiving end.
Specifically, S500 includes:
s501, a frequency hopping pseudo-random sequence is generated by taking the combination of the time slot number and the subnet number as an initial value.
S502, performing nonlinear operation on the frequency hopping pseudo-random sequence to generate a frequency hopping pattern.
S503, performing frequency hopping transmission on the modulated signal by using the frequency hopping pattern.
Optionally, the generating process of the frequency hopping pattern is that the combination of the time slot number and the subnet number is input into a cyclic shift register, after the initial phase of the cyclic shift register is given, one of M sequence, M sequence, gold sequence, ZC sequence or chaotic sequence is adopted to generate a frequency hopping pseudo-random sequence, and nonlinear operation (such as operation of solving the remainder, sequencing and the like) is performed to obtain the frequency hopping pattern for carrier frequency synthesis.
The embodiment adopts a two-stage transmission encryption system to realize a hierarchical and independent physical layer security transmission mechanism, which is beneficial to the convenience and security guarantee of a data link information distribution system.
As shown in fig. 3, in a preferred embodiment of the present invention, S200 includes:
s201, generating an initial value of a scrambling sequence through a public Hash function by using a multicast key, a functional subnet identifier and a subnet number.
According to the multicast key, the functional sub-network mark and the sub-network number, the channel scrambling and descrambling module of the transceiver adopts a public Hash function to generate an initial value of the functional grouping scrambling sequence [ ])。
Alternatively, the common Hash function may use a direct addressing method to generate an initial value, formulated as follows:
;
in the formula ,for the scrambling sequence initial value, +.>For the ith bit of the initial value of the scrambling sequence, N is the order of the initial value of the scrambling sequence, a is a design constant, GTK is a multicast key, GID is a functional identification code of the data packet, NID is a subnet number for increasing randomness of the initial value of the scrambling sequence.
S202, according to the initial value of the scrambling sequence, adopting a balanced Gold sequence and selecting a specific m-sequence optimal pair to generate the scrambling sequence.
According to the initial value of the scrambling code sequenceGenerating a functional packet scrambling sequence equal to the length of the encoded block (original data) by using a balanced Gold sequence and selecting a specific m-sequence preference pair>L is the coding block length.
S203, the original data is scrambled by using the scrambling sequence, and baseband encrypted data is generated.
The above-mentioned functional packet scrambling code sequence c is adopted to scramble the coded data so as to obtain baseband encrypted data [ ]) The expression is as follows:
;
wherein ,for the scrambled sequence (baseband encrypted data), a method for the scrambling of the sequence (baseband encrypted data)>Encoding bits for the i-th channel, +.>For the ith scrambling bit, +.>The block length is encoded for the channel. The same exclusive or operation is adopted for channel descrambling, and the coding block is recovered.
The embodiment adopts the processing flow of the method for generating the function block encryption scrambling codes, can solve the authority control and data transmission safety problems of safe multicast, supports the dynamic management of multicast members, and provides a flexible and simple multicast weight control mechanism for a data chain information distribution system.
Referring to fig. 4 to 8, another embodiment of the present invention further provides a transmission encryption system of a data link communication system facing secure multicast. As shown in fig. 4 and fig. 5, the system includes a networking center 1 and a client 2, where the networking center 1 includes:
and the distribution module 11 is used for distributing the multicast key, the distribution function subnet identification and the distribution time slot number to each function subnet.
The channel scrambling module 12 is configured to scramble the original data with the multicast key, the functional subnet identifier and the subnet number to generate baseband encrypted data. The channel scrambling module 12 encrypts the baseband transmission of the channel encoded blocks (i.e., the original data) using the encrypted pseudo-random sequence as a scrambling code. The functional packet scrambling sequence can distinguish different types of data packets, and realize the secure multicast transmission of the distinguishing functional subnetwork.
The channel scrambling module 12 includes:
an initial value generating unit 121 is configured to generate an initial value of the scrambling sequence by using the multicast key, the functional subnet identifier and the subnet number through a public Hash function. The formula for generating the initial value of the scrambling code sequence is:
;
wherein ,for the scrambling sequence initial value, +.>For the ith bit of the initial value of the scrambling sequence, N is the order of the initial value of the scrambling sequence, a is a design constant, GTK is a multicast key, GID is a functional subnet identifier, and NID is a subnet number.
The scrambling code sequence generating unit 122 is configured to generate a scrambling code sequence by using a balanced Gold sequence and selecting a specific m-sequence preferred pair based on the initial value of the scrambling code sequence.
A scrambling unit 123 for scrambling the original data with a scrambling sequence to generate baseband encrypted data; the formula for generating the baseband encryption data is:
;
wherein ,for the scrambled sequence, ++>Encoding bits for the i-th channel, +.>For the ith scrambling bit, +.>The block length is encoded for the channel.
The synchronous framing module 13 is configured to add frame control information to the baseband encrypted data, and generate a data frame, where the frame control information contains a functional subnet identifier. The synchronous framing module 13 appends frame control information before the baseband encrypted data, and is used for assisting the receiver in waveform parameter identification and decryption decoding. Specifically, the frame control information includes a functional subnet identifier field, which can identify the message type of the current data block and corresponds to the functional subnet identifier one by one.
The signal modulation module 14 is configured to modulate the data frame to generate a modulated signal. The signal modulation module 14 modulates the data frame information by adopting a digital modulation method, and meets the requirements of a data chain information system on signal bandwidth, modulation index and the like. Alternatively, one of MSK, PSK, QAM may be used as the modulation scheme.
The frequency hopping transmitting module 15 is configured to perform frequency hopping transmission on the modulated signal by using the slot number and the subnet number.
The frequency hopping transmission module 15 includes:
a frequency hopping pseudo random sequence generating unit 151 for generating a frequency hopping pseudo random sequence with a combination of a slot number and a subnet number as an initial value.
A frequency hopping pattern generating unit 152 for generating a frequency hopping pattern by performing a nonlinear operation on the frequency hopping pseudo random sequence.
A transmitting unit 153 for performing frequency hopping transmission on the modulated signal using the frequency hopping pattern. The frequency synthesizer performs frequency synthesis according to the frequency hopping pattern encrypted by the radio frequency, so that the frequency hopping pattern meets the requirements of uniformity, randomness, wide interval and the like, and then sends the radio frequency signal to the space through the antenna, and the radio frequency signal is transmitted to the user terminal 2 in a radio wave form.
As shown in fig. 6, in a preferred embodiment of the present invention, the client 2 includes:
the frequency hopping receiving module 21 is configured to track and receive the modulated signal sent by the networking center 1 in a frequency hopping manner. The user terminal 2 adopts the same frequency hopping pattern as the transmitting terminal to carry out frequency synthesis, realizes frequency hopping pattern tracking and pulse signal receiving, and delivers the frequency hopping pattern to a later processing module in time sequence for baseband processing.
The signal demodulation module 22 is configured to demodulate the modulated signal into a data frame. The signal demodulation module 22 of the user terminal 2 demodulates the signal by adopting a modulation mode consistent with that of the transmitting terminal, and recovers the digital baseband signal. Alternatively, signal demodulation may be performed using either coherent demodulation or noncoherent demodulation methods.
The frame header parsing module 23 is configured to parse frame control information of the data frame to obtain the functional subnet identifier and the baseband encrypted data. The frame control information sent by the networking center 1 is not encrypted and can be directly analyzed. The frame header parsing module 23 parses the functional subnet identification field in the frame control information for generating the channel scrambling sequence code.
The channel descrambling module 24 is configured to descramble the baseband encrypted data according to the multicast key, the functional subnet identifier and the subnet number, and generate original data. The channel descrambling module 24 generates a scrambling sequence consistent with the transmitting end according to the functional subnet identification, the multicast key and the network number, and uses the scrambling sequence as a baseband transmission key of the data packet. And then carrying out exclusive-or operation on the data segment information by using the key to carry out channel descrambling, and recovering an original channel coding block (namely original data) for subsequent channel decoding and message recovery. Compared with the prior art, the channel descrambling module 24 can adopt the channel-associated indication information to carry out transmission and decryption, does not depend on the static configuration of the slot table, and increases the convenience and flexibility of use.
The operation of the system is shown in fig. 7, and the operation of the channel scrambling module 12 and the channel descrambling module 24 is shown in fig. 8.
The embodiment of the invention also provides a computer readable storage medium, and the computer readable storage medium stores a computer program which realizes the processes of the data link communication system transmission encryption method embodiment facing the secure multicast when being executed by a processor and can achieve the same technical effect. Among them, a computer readable storage medium such as Read-Only Memory (ROM), random access Memory (Random Access Memory RAM), magnetic disk or optical disk, and the like.
The foregoing description is directed to the preferred embodiments of the present invention, but the embodiments are not intended to limit the scope of the invention, and all equivalent changes or modifications made under the technical spirit of the present invention should be construed to fall within the scope of the present invention.
Claims (6)
1. The data link communication system transmission encryption method facing the secure multicast is characterized by comprising the following steps:
s100, distributing a multicast key, a distribution function subnet identifier and a distribution time slot number to each function subnet;
s200, scrambling the original data by using the multicast key, the functional subnet identifier and the subnet number to generate baseband encrypted data;
the S200 includes:
s201, generating an initial value of a scrambling sequence through a public Hash function by utilizing a multicast key, a functional subnet identifier and a subnet number; the formula for generating the initial value of the scrambling code sequence is:
;
wherein ,for the scrambling sequence initial value, +.>The method is characterized in that the method comprises the steps that (1) the ith bit of an initial value of a scrambling sequence is used, N is the order of the initial value of the scrambling sequence, a is a design constant, GTK is a multicast key, GID is a functional subnet identifier, and NID is a subnet number;
s202, adopting a balanced Gold sequence according to the initial value of a scrambling sequence, and selecting a specific m sequence optimal pair to generate the scrambling sequence;
s203, scrambling the original data by using a scrambling sequence to generate baseband encrypted data;
the formula for generating the baseband encryption data is:;
wherein ,for the scrambled sequence, ++>Encoding bits for the i-th channel, +.>For the ith scrambling bit, +.>Encoding a block length for a channel;
s300, adding frame control information for the baseband encryption data to generate a data frame, wherein the frame control information contains a functional subnet identifier;
s400, modulating the data frame to generate a modulation signal;
s500, carrying out frequency hopping transmission on the modulation signal by using the time slot number and the subnet number;
the S500 includes:
s501, generating a frequency hopping pseudo-random sequence by taking the combination of a time slot number and a subnet number as an initial value;
s502, performing nonlinear operation on the frequency hopping pseudo-random sequence to generate a frequency hopping pattern;
s503, performing frequency hopping transmission on the modulated signal by using the frequency hopping pattern.
2. The method for encrypting the transmission of the data link communication system for secure multicast according to claim 1, wherein the modulation method in S400 is one of MSK, PSK, QAM.
3. The secure multicast oriented data link communication system transmission encryption method according to claim 1, wherein the step S100 of distributing the multicast key to each functional subnet uses a timing update method or an event update method.
4. The data link communication system transmission encryption system facing the safe multicast is characterized by comprising a networking center and a user side,
the networking center comprises:
the distribution module is used for distributing the multicast key, the distribution function subnet identification and the distribution time slot number to each function subnet;
the channel scrambling module is used for scrambling the original data by utilizing the multicast key, the functional subnet identifier and the subnet number to generate baseband encrypted data;
the channel scrambling module includes:
the initial value generating unit is used for generating an initial value of the scrambling code sequence through a public Hash function by utilizing the multicast key, the functional subnet identifier and the subnet number; the formula for generating the initial value of the scrambling code sequence is:
;
wherein ,for the scrambling sequence initial value, +.>The method is characterized in that the method comprises the steps that (1) the ith bit of an initial value of a scrambling sequence is used, N is the order of the initial value of the scrambling sequence, a is a design constant, GTK is a multicast key, GID is a functional subnet identifier, and NID is a subnet number;
a scrambling code sequence generating unit, configured to generate a scrambling code sequence by using a balanced Gold sequence and selecting a specific m-sequence optimal pair according to an initial value of the scrambling code sequence;
a scrambling unit for scrambling the original data with a scrambling sequence to generate baseband encrypted data; the formula for generating the baseband encryption data is:
;
wherein ,for the scrambled sequence, ++>Encoding bits for the i-th channel, +.>For the ith scrambling bit, +.>Encoding a block length for a channel;
the synchronous framing module is used for adding frame control information to the baseband encrypted data to generate a data frame, wherein the frame control information contains a functional subnet identifier;
the signal modulation module is used for modulating the data frame and generating a modulation signal;
the frequency hopping transmitting module is used for carrying out frequency hopping transmission on the modulation signal by utilizing the time slot number and the subnet number;
the frequency hopping transmission module includes:
the frequency hopping pseudo-random sequence generating unit is used for generating a frequency hopping pseudo-random sequence by taking the combination of the time slot number and the subnet number as an initial value;
the frequency hopping pattern generation unit is used for generating a frequency hopping pattern by performing nonlinear operation on the frequency hopping pseudo-random sequence;
and a transmitting unit for performing frequency hopping transmission on the modulated signal by using the frequency hopping pattern.
5. The secure multicast oriented data link communication system transmission encryption system according to claim 4, wherein said client comprises:
the frequency hopping receiving module is used for tracking and receiving the modulated signals sent by the heartbeat frequency in the networking;
the signal demodulation module is used for demodulating the modulated signal into a data frame;
the frame header analysis module is used for analyzing frame control information of the data frame to obtain a functional subnet identification and baseband encryption data;
and the channel descrambling module is used for descrambling the baseband encrypted data according to the multicast key, the functional subnet identifier and the subnet number to generate the original data.
6. A computer readable storage medium comprising instructions which, when run on a computer, cause the computer to perform the secure multicast oriented data link communication system transmission encryption method according to any one of claims 1 to 3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310618022.3A CN116366233B (en) | 2023-05-30 | 2023-05-30 | Secure multicast-oriented data link communication system transmission encryption method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310618022.3A CN116366233B (en) | 2023-05-30 | 2023-05-30 | Secure multicast-oriented data link communication system transmission encryption method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116366233A CN116366233A (en) | 2023-06-30 |
| CN116366233B true CN116366233B (en) | 2023-10-24 |
Family
ID=86910668
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310618022.3A Active CN116366233B (en) | 2023-05-30 | 2023-05-30 | Secure multicast-oriented data link communication system transmission encryption method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116366233B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105245248A (en) * | 2015-10-27 | 2016-01-13 | 国网辽宁省电力有限公司营口供电公司 | Method for realizing frequency-hopping communication in strong electromagnetic interference environment |
| CN111147963A (en) * | 2019-12-31 | 2020-05-12 | 东南大学 | Optical communication link signal encryption communication method and system |
| CN113242118A (en) * | 2021-04-29 | 2021-08-10 | 中国电子科技集团公司第五十四研究所 | Data chain encryption communication method based on AES advanced encryption standard |
| CN114205757A (en) * | 2018-10-10 | 2022-03-18 | 华为技术有限公司 | Method for sending unicast or multicast side-line control information and communication equipment |
| CN114513287A (en) * | 2022-01-28 | 2022-05-17 | 华力智芯(成都)集成电路有限公司 | Frame structure and communication method of data chain system suitable for DSP processing platform |
| CN115665889A (en) * | 2022-09-09 | 2023-01-31 | 四川九洲电器集团有限责任公司 | Point-to-point real-time anti-interference burst communication link construction method |
-
2023
- 2023-05-30 CN CN202310618022.3A patent/CN116366233B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105245248A (en) * | 2015-10-27 | 2016-01-13 | 国网辽宁省电力有限公司营口供电公司 | Method for realizing frequency-hopping communication in strong electromagnetic interference environment |
| CN114205757A (en) * | 2018-10-10 | 2022-03-18 | 华为技术有限公司 | Method for sending unicast or multicast side-line control information and communication equipment |
| CN111147963A (en) * | 2019-12-31 | 2020-05-12 | 东南大学 | Optical communication link signal encryption communication method and system |
| CN113242118A (en) * | 2021-04-29 | 2021-08-10 | 中国电子科技集团公司第五十四研究所 | Data chain encryption communication method based on AES advanced encryption standard |
| CN114513287A (en) * | 2022-01-28 | 2022-05-17 | 华力智芯(成都)集成电路有限公司 | Frame structure and communication method of data chain system suitable for DSP processing platform |
| CN115665889A (en) * | 2022-09-09 | 2023-01-31 | 四川九洲电器集团有限责任公司 | Point-to-point real-time anti-interference burst communication link construction method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116366233A (en) | 2023-06-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Margelis et al. | Low throughput networks for the IoT: Lessons learned from industrial implementations | |
| Chen et al. | TwinBee: Reliable physical-layer cross-technology communication with symbol-level coding | |
| CN111818031B (en) | Block chain based covert communication message security encoding method, system and medium | |
| CN101542961B (en) | Encrypting data in a communication network | |
| US20080292105A1 (en) | Lightweight key distribution and management method for sensor networks | |
| US20090303972A1 (en) | Dynamic Scrambling Techniques for Reducing Killer Packets in a Wireless Network | |
| CN106100710B (en) | A kind of unconditional safety of physical layer cooperation transmission method based on interference alignment techniques | |
| WO2011099904A1 (en) | Trust discovery in a communications network | |
| CN101986726B (en) | Method for protecting management frame based on wireless local area network authentication and privacy infrastructure (WAPI) | |
| US7421075B2 (en) | Wireless online cryptographic key generation method | |
| CN107819760B (en) | Symmetric key generation and distribution secret communication system based on wireless channel characteristics | |
| Nain et al. | A reliable covert channel over IEEE 802.15. 4 using steganography | |
| Seong et al. | Practical covert wireless unidirectional communication in IEEE 802.11 environment | |
| CN116366233B (en) | Secure multicast-oriented data link communication system transmission encryption method and system | |
| CN108540287A (en) | Internet of Things safety management encryption method | |
| Mucchi et al. | A novel approach for physical layer cryptography in wireless networks | |
| Guo et al. | Taming the errors in cross-technology communication: A probabilistic approach | |
| CN110113344A (en) | A kind of marine multiple mobile platforms personal identification method based on distributed cryptographic | |
| KR20100092768A (en) | Method for providing mac protocol for data communication security in wireless network communication | |
| Suraci et al. | An RSA-based algorithm for secure D2D-aided multicast delivery of multimedia services | |
| CN111093193B (en) | MAC layer secure communication method suitable for Lora network | |
| Shoewu et al. | Securing Text Messages using Elliptic Curve Cryptography Orthogonal Frequency Division Multiplexing | |
| CN113596054A (en) | Information intersystem transmission soft frequency hopping encryption method | |
| CN108882232B (en) | Authentication code embedded message transmission method between Internet of things devices | |
| US7680278B2 (en) | Domino scheme for wireless cryptographic communication and communication method incorporating same |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |