CN116634416A - Dynamic data encryption method, dynamic data encryption device, computer equipment and storage medium - Google Patents
Dynamic data encryption method, dynamic data encryption device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN116634416A CN116634416A CN202310684928.5A CN202310684928A CN116634416A CN 116634416 A CN116634416 A CN 116634416A CN 202310684928 A CN202310684928 A CN 202310684928A CN 116634416 A CN116634416 A CN 116634416A
- Authority
- CN
- China
- Prior art keywords
- communication
- deployment
- node
- key
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 60
- 238000004891 communication Methods 0.000 claims abstract description 259
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 60
- 230000005540 biological transmission Effects 0.000 claims abstract description 25
- 238000012545 processing Methods 0.000 claims abstract description 4
- 238000013507 mapping Methods 0.000 claims description 21
- 230000006870 function Effects 0.000 claims description 16
- 238000004590 computer program Methods 0.000 claims description 8
- 230000000977 initiatory effect Effects 0.000 claims description 6
- 230000003068 static effect Effects 0.000 description 13
- 230000008569 process Effects 0.000 description 10
- 230000000694 effects Effects 0.000 description 9
- 238000010586 diagram Methods 0.000 description 8
- 238000004364 calculation method Methods 0.000 description 6
- 230000008859 change Effects 0.000 description 5
- 238000011161 development Methods 0.000 description 4
- 230000036961 partial effect Effects 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000001514 detection method Methods 0.000 description 3
- 125000004122 cyclic group Chemical group 0.000 description 2
- 239000004973 liquid crystal related substance Substances 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 230000003247 decreasing effect Effects 0.000 description 1
- 238000009795 derivation Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000000670 limiting effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000002441 reversible effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/009—Security arrangements; Authentication; Protecting privacy or anonymity specially adapted for networks, e.g. wireless sensor networks, ad-hoc networks, RFID networks or cloud networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
- H04W12/033—Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Algebra (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Mathematical Physics (AREA)
- Pure & Applied Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The present disclosure provides a dynamic data encryption method, apparatus, computer device, and storage medium, wherein the method includes: acquiring topology structure information of an underwater wireless sensor network, and determining deployment nodes to be communicated based on the topology structure information, wherein the topology structure information comprises a plurality of deployment nodes for underwater acoustic communication; determining a communication key corresponding to the deployment node to be communicated based on the deployment position of the deployment node to be communicated; and carrying out encryption processing on the communication data based on the communication key to obtain an encryption result, and carrying out data transmission on the encryption result between the nodes to be deployed in communication. In the embodiment of the disclosure, the communication key can be associated with the deployment positions of the nodes to be deployed for communication, so that the communication keys corresponding to the deployment nodes in different deployment positions are different, a dynamic encryption mode of an ECC algorithm is realized, the ECC algorithm can be suitable for an underwater environment, and the safety of underwater communication based on the ECC algorithm is improved.
Description
Technical Field
The disclosure relates to the technical field of underwater acoustic network data security, in particular to a dynamic data encryption method, a dynamic data encryption device, computer equipment and a storage medium.
Background
In the earth, the ocean area is over two-thirds, and although the ocean is important for the whole world, the development and research of the ocean are far from sufficient. The underwater wireless sensor network (Underwater Wireless Sensor network, uWSN) is a main technical means for researching underwater environment detection, ocean resource development and ocean disaster prediction at present. However, the underwater communication environment has larger difference compared with the land communication environment, and has the characteristics of narrow bandwidth, high error rate, low speed and the like of the underwater acoustic channel, and the problems of difficult charging, limited hardware resources, non-ideal CPU computing power and the like. Currently, among encryption technologies applicable to the UWSN, elliptic encryption algorithms (Elliptic curve cryptography, ECC) are favored encryption algorithms for many researchers.
The encryption mode adopted by the existing ECC algorithm is usually a static encryption mode, and the security of the static encryption mode cannot meet the requirement of the UWSN. In the static encryption mode, the encryption mode of all nodes in the UWSN is always the same, and once one node is decoded, the data sent by all nodes in the UWSN is all acquired, so that the whole UWSN faces a huge threat.
In view of the foregoing, there is a need for a dynamic data encryption method with small calculation amount, high encryption speed and higher security.
Disclosure of Invention
The embodiment of the disclosure at least provides a dynamic data encryption method, a dynamic data encryption device, computer equipment and a storage medium.
In a first aspect, an embodiment of the present disclosure provides a dynamic data encryption method, which is characterized by including:
acquiring topology structure information of an underwater wireless sensor network, and determining deployment nodes to be communicated based on the topology structure information, wherein the topology structure information comprises a plurality of deployment nodes for underwater acoustic communication;
determining a communication key corresponding to the node to be deployed for communication based on the deployment position of the node to be deployed for communication;
encrypting the communication data based on the communication key to obtain an encryption result;
and transmitting the data between the nodes to be deployed in a communication way according to the encryption result.
In an alternative embodiment, the to-be-communicated deployment node comprises a first deployment node and a second deployment node, wherein the first deployment node comprises at least one data encryption node, and the second deployment node comprises at least one data decryption node;
The determining, based on the deployment location, a communication key corresponding to the deployment node to be communicated, including:
determining an elliptic curve corresponding to an elliptic encryption algorithm;
determining base point position coordinates of base points corresponding to the to-be-communicated deployment nodes based on the deployment positions;
and calculating a first key corresponding to the first deployment node based on the base point position coordinates, and calculating a second key corresponding to the second deployment node.
In an optional implementation manner, the determining the base point position coordinates of the base point corresponding to the node to be deployed for communication includes:
based on the deployment positions, respectively determining a first deployment position of the first deployment node and a second deployment position of the second deployment node;
mapping the first deployment position to the elliptic curve to obtain a first position coordinate, and mapping the second deployment position to the elliptic curve to obtain a second position coordinate;
and acquiring a time function, and respectively calculating the abscissa and the ordinate of the base point based on the time function, the first position coordinate and the second position coordinate to obtain the position coordinate of the base point.
In an optional implementation manner, the calculating, based on the base point position coordinates, a first key corresponding to the first deployment node and calculating a second key corresponding to the second deployment node includes:
Acquiring order information of the elliptic curve, and determining a first private key corresponding to the first deployment node and a second private key corresponding to the second deployment node based on the order information;
performing elliptic curve multiplication operation on the first private key and the base point position coordinate to obtain a first public key, and calculating the multiplication of the second private key and the base point position coordinate to obtain a second public key;
and determining the first key according to the first private key and the first public key, and determining the second key according to the second private key and the second public key.
In an alternative embodiment, the encrypting the communication data based on the communication key includes:
encrypting the communication data based on the communication key to obtain first encrypted data;
acquiring node labels of the nodes to be deployed in communication, and calculating the label sum of the node labels;
calculating the product of the data length of the first encrypted data and the sum of the marks to obtain expansion multiples;
and expanding the bit number of the first encrypted data based on the expansion multiple, and intercepting the second encrypted data according to an expansion result.
In an alternative embodiment, the communication key comprises a first key and a second key, wherein the first key comprises a first private key and the second key comprises a second public key;
encrypting the communication data based on the communication key to obtain first encrypted data, wherein the first encrypted data comprises:
an elliptic curve corresponding to an elliptic encryption algorithm is obtained, and encryption points, on which the product of the first private key and the second public key is mapped, are determined;
and determining encryption coordinates of the encryption points, and encrypting the communication data based on the encryption coordinates to obtain first encrypted data.
In an alternative embodiment, the to-be-communicated deployment node comprises a first deployment node and a second deployment node, wherein the first deployment node comprises at least one data encryption node, and the second deployment node comprises at least one data decryption node;
and performing data transmission between the deployment nodes to be communicated according to the encryption result, wherein the data transmission comprises the following steps:
after the second deployment node receives second encrypted data sent by the first deployment node, calculating the second encrypted data based on the label and the data length to obtain the first encrypted data;
And decrypting the first encrypted data based on the communication key to obtain the communication data.
In an alternative embodiment, the communication key comprises a first key and a second key, wherein the first key comprises a first public key and the second key comprises a second private key;
the decrypting the first encrypted data based on the communication key to obtain the communication data includes:
obtaining an elliptic curve corresponding to an elliptic encryption algorithm, and determining a decryption point of the product of the second private key and the first public key mapped on the elliptic curve;
and determining decryption coordinates of the decryption point, and decrypting the first encrypted data based on the decryption coordinates to obtain the communication data.
In an optional embodiment, the determining, based on the topology information, a node to be deployed for communication includes:
taking a deployment node initiating a communication request as a first deployment node, determining adjacent deployment nodes of the first deployment node based on the topological structure information, and determining the adjacent deployment nodes as second deployment nodes responding to the communication request;
and determining the deployment node to be communicated according to the first deployment node and the second deployment node.
In a second aspect, an embodiment of the present disclosure further provides a dynamic data encryption apparatus, including:
the underwater wireless sensor network communication system comprises an acquisition unit, a communication unit and a communication unit, wherein the acquisition unit is used for acquiring topological structure information of the underwater wireless sensor network and determining deployment nodes to be communicated based on the topological structure information, and the topological structure information comprises a plurality of deployment nodes for underwater acoustic communication;
the determining unit is used for determining a communication key corresponding to the deployment node to be communicated based on the deployment position of the deployment node to be communicated;
the encryption unit is used for carrying out encryption processing on the communication data based on the communication key to obtain an encryption result;
and the transmission unit is used for transmitting the encryption result to the nodes to be deployed for data transmission.
In a third aspect, embodiments of the present disclosure further provide a computer device, comprising: a processor, a memory and a bus, the memory storing machine-readable instructions executable by the processor, the processor and the memory in communication via the bus when the computer device is running, the machine-readable instructions when executed by the processor performing the steps of the first aspect, or any of the possible implementations of the first aspect.
In a fourth aspect, the presently disclosed embodiments also provide a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the first aspect, or any of the possible implementations of the first aspect.
The embodiment of the disclosure discloses a dynamic data encryption method, a dynamic data encryption device, computer equipment and a storage medium. In the embodiment of the disclosure, the topology structure information of the underwater wireless sensor network can be acquired first, and the node to be deployed for communication is dynamically determined based on the topology structure information, instead of directly designating the fixed node to be deployed for communication as in a static encryption mode. Then, a communication key corresponding to the node to be deployed for communication can be determined based on the deployment position of the node to be deployed for communication, so that communication data is encrypted based on the communication key to obtain an encryption result, and data transmission is carried out between the nodes to be deployed for communication by the encryption result, so that the communication key is associated with the deployment positions of the nodes to be deployed for communication, the communication keys corresponding to the deployment nodes in different deployment positions are different, a dynamic encryption mode of an ECC algorithm is realized, and the safety of underwater communication based on the ECC algorithm is improved.
The foregoing objects, features and advantages of the disclosure will be more readily apparent from the following detailed description of the preferred embodiments taken in conjunction with the accompanying drawings.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings required for the embodiments are briefly described below, which are incorporated in and constitute a part of the specification, these drawings showing embodiments consistent with the present disclosure and together with the description serve to illustrate the technical solutions of the present disclosure. It is to be understood that the following drawings illustrate only certain embodiments of the present disclosure and are therefore not to be considered limiting of its scope, for the person of ordinary skill in the art may admit to other equally relevant drawings without inventive effort.
FIG. 1 illustrates a flow chart of a dynamic data encryption method provided by an embodiment of the present disclosure;
FIG. 2 is a diagram showing the comparison of the encryption effect of the ECC algorithm and the RSA algorithm according to the embodiment of the present disclosure;
FIG. 3 is a schematic diagram of an elliptic curve corresponding to an ECC algorithm according to an embodiment of the present disclosure;
FIG. 4 shows a schematic diagram of a secondary encryption process provided by an embodiment of the present disclosure;
FIG. 5 is a schematic diagram of a dynamic data encryption device according to an embodiment of the present disclosure;
fig. 6 shows a schematic diagram of a computer device provided by an embodiment of the present disclosure.
Detailed Description
For the purposes of making the objects, technical solutions and advantages of the embodiments of the present disclosure more apparent, the technical solutions in the embodiments of the present disclosure will be clearly and completely described below with reference to the drawings in the embodiments of the present disclosure, and it is apparent that the described embodiments are only some embodiments of the present disclosure, but not all embodiments. The components of the embodiments of the present disclosure, which are generally described and illustrated in the figures herein, may be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the present disclosure provided in the accompanying drawings is not intended to limit the scope of the disclosure, as claimed, but is merely representative of selected embodiments of the disclosure. All other embodiments, which can be made by those skilled in the art based on the embodiments of this disclosure without making any inventive effort, are intended to be within the scope of this disclosure.
It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures.
The term "and/or" is used herein to describe only one relationship, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist together, and B exists alone. In addition, the term "at least one" herein means any one of a plurality or any combination of at least two of a plurality, for example, including at least one of A, B, C, and may mean including any one or more elements selected from the group consisting of A, B and C.
It has been found that, in the case of performing studies such as underwater environmental detection, marine resource development, and marine disaster prediction by the UWSN, an elliptic encryption algorithm (Elliptic curve cryptography, ECC) is a popular encryption algorithm for many researchers among encryption techniques applicable to the UWSN.
However, the encryption mode adopted by the ECC algorithm is often a static encryption mode, and the security of the static encryption mode generally cannot meet the requirement of the UWSN. In the static encryption mode, the encryption mode of all nodes in the UWSN is always the same, and once one node is decoded, the data sent by all nodes in the UWSN is all acquired, so that the whole UWSN faces a huge threat.
Based on the above study, the present disclosure provides a dynamic data encryption method, apparatus, computer device, and storage medium. In the embodiment of the disclosure, the topology structure information of the underwater wireless sensor network can be acquired first, and the node to be deployed for communication is dynamically determined based on the topology structure information, instead of directly designating the fixed node to be deployed for communication as in a static encryption mode. Then, a communication key corresponding to the node to be deployed for communication can be determined based on the deployment position of the node to be deployed for communication, so that communication data is encrypted based on the communication key to obtain an encryption result, and data transmission is carried out between the nodes to be deployed for communication by the encryption result, so that the communication key is associated with the deployment positions of the nodes to be deployed for communication, the communication keys corresponding to the deployment nodes in different deployment positions are different, a dynamic encryption mode of an ECC algorithm is realized, and the safety of underwater communication based on the ECC algorithm is improved.
For the sake of understanding the present embodiment, first, a detailed description will be given of a dynamic data encryption method disclosed in an embodiment of the present disclosure, where an execution body of the dynamic data encryption method provided in the embodiment of the present disclosure is generally a computer device with a certain computing capability. In some possible implementations, the dynamic data encryption method may be implemented by way of a processor invoking computer readable instructions stored in a memory.
Referring to fig. 1, a flowchart of a dynamic data encryption method provided by an embodiment of the present disclosure is shown, where the dynamic data encryption method is applied to an underwater wireless sensor network, the underwater wireless sensor network includes an encryption node and a decryption node, and the method includes steps S101 to S107, where:
s101: the method comprises the steps of obtaining topological structure information of an underwater wireless sensor network, and determining deployment nodes to be communicated based on the topological structure information, wherein the topological structure information comprises a plurality of deployment nodes for underwater acoustic communication.
In the embodiment of the disclosure, an underwater wireless sensor network (Underwater Wireless Sensor network, hereinafter abbreviated as a UWSN) is a main technical means for researching underwater environment detection, ocean resource development and ocean disaster prediction at present. The UWSN comprises a plurality of underwater wireless sensors, the underwater wireless sensors can be used as deployment nodes, and topology structure information of the UWSN can be constructed based on deployment positions of the deployment nodes.
In the UWSN, the underwater wireless sensors typically perform data transmission between adjacent underwater wireless sensors when performing underwater acoustic communication. However, the underwater wireless sensor is affected by ocean currents or waves and other factors, so that the position and corresponding longitude and latitude coordinates are changed, and the topological structure information of the UWSN is changed. Or when the underwater wireless sensor is increased or decreased in the UWSN, the topology information of the UWSN is changed.
Thus, in the embodiments of the present disclosure, the nodes to be deployed for communication may be dynamically determined based on topology information of the UWSN. In specific implementation, a deployment node a initiating a communication request may be detected first, and then topology information may be acquired to determine a deployment node B adjacent to the deployment node a, and determine the deployment node a and the deployment node B as deployment nodes to be communicated.
S103: and determining a communication key corresponding to the deployment node to be communicated based on the deployment position of the deployment node to be communicated.
In the embodiment of the present disclosure, in consideration of communication security, communication data may be encrypted by an elliptic encryption algorithm (Elliptic curve cryptography, hereinafter referred to as ECC algorithm), and data transmission is performed based on the encrypted communication data.
Based on this, a communication key for encrypting and decrypting the communication data can be determined first, where a dynamic encryption manner can be adopted, that is, different communication keys are determined for different deployment nodes. Specifically, the communication key corresponding to the deployment node may be determined based on the deployment location of the deployment node, where the communication key includes a public key and a private key, and a specific manner of determining the communication key is described below, which is not described herein.
S105: and encrypting the communication data based on the communication key to obtain an encryption result.
S107: and transmitting the data between the nodes to be deployed in a communication way according to the encryption result.
In the embodiment of the disclosure, the node to be deployed for communication includes a data encryption node and a data decryption node, where the data encryption node corresponds to a communication key a and the data decryption node corresponds to a communication key B.
When the communication data is encrypted, the communication data may be encrypted based on the partial key in the communication key a and the partial key in the communication key B to obtain an encryption result including ciphertext, and the encryption result may be transmitted to the data decryption node.
After receiving the encryption result, the data decryption node may decrypt the ciphertext, and specifically, may decrypt the ciphertext based on the partial key in the communication key a and the partial key in the communication key B, so as to obtain communication data, thereby completing data transmission between the nodes to be deployed for communication. It should be understood that the key used in the decryption process is the same as or different from the key used in the encryption process, and the comparison of the present disclosure is not particularly limited.
As can be seen from the foregoing description, in the embodiments of the present disclosure, topology information of an underwater wireless sensor network may be acquired first, and a node to be deployed for communication may be dynamically determined based on the topology information, instead of directly specifying a fixed node to be deployed for communication as in a static encryption manner. Then, a communication key corresponding to the node to be deployed for communication can be determined based on the deployment position of the node to be deployed for communication, so that communication data is encrypted based on the communication key to obtain an encryption result, and data transmission is carried out between the nodes to be deployed for communication by the encryption result, so that the communication key is associated with the deployment positions of the nodes to be deployed for communication, the communication keys corresponding to the deployment nodes in different deployment positions are different, a dynamic encryption mode of an ECC algorithm is realized, and the safety of underwater communication based on the ECC algorithm is improved.
In an optional embodiment, the step S101, based on the topology information, determines a node to be deployed for communication, which specifically includes the following steps:
s1011: and taking the deployment node initiating the communication request as a first deployment node, determining adjacent deployment nodes of the first deployment node based on the topological structure information, and determining the adjacent deployment nodes as second deployment nodes responding to the communication request.
S1012: and determining the deployment node to be communicated according to the first deployment node and the second deployment node.
In the embodiments of the present disclosure, it is known from the above that in the UWSN, the underwater wireless sensors typically perform data transmission between adjacent underwater wireless sensors when performing communication. Based on the above, after determining the first deployment node that initiates the communication request, a neighboring deployment node of the first deployment node may be determined based on the topology information, and the neighboring deployment node may be determined as the second deployment node. A node to be deployed for communication may then be determined from the first deployment node and the second deployment node.
In addition, the first deployment node may also designate a third deployment node that performs communication, where it may be determined whether the third deployment node is a neighboring deployment node of the first deployment node based on the topology information.
If yes, the node to be deployed for communication can be determined according to the first deployment node and the third deployment node. If not, an intermediate deployment node adjacent to the first deployment node and the third deployment node may be determined and communication data transmitted to the third deployment node through the intermediate deployment node. Thus, the node to be deployed for communication may be determined from the first deployment node, the intermediate deployment node, and the second deployment node.
In the embodiment of the disclosure, the situation that the underwater wireless sensor in the UWSN is dynamically changed is considered, for example, the original underwater wireless sensor is influenced by ocean currents or waves and other factors, so that the position and corresponding longitude and latitude coordinates are changed, or the original underwater wireless sensor is deactivated due to electric quantity exhaustion, and a new underwater wireless sensor is added.
Therefore, in the embodiment of the disclosure, the topology structure information of the UWSN may be dynamically updated, and after the first deployment node initiating the communication request is determined, the adjacent deployment node may be determined in real time based on the topology structure information, so as to determine the adjacent deployment node as the second deployment node, thereby improving accuracy of the determined second deployment node, and reducing occurrence of communication failure caused by that the second deployment node is not the adjacent deployment node.
In an optional implementation manner, the to-be-communicated deployment node includes a first deployment node and a second deployment node, where the first deployment node includes at least one data encryption node, the second deployment node includes at least one data decryption node, and the step S103 is applied to the data encryption node, where determining, based on the deployment location, a communication key corresponding to the to-be-communicated deployment node specifically includes the following procedures:
S1031: and determining an elliptic curve corresponding to the elliptic encryption algorithm.
In the disclosed embodiments, the environment is more harsh considering that the situation is more complex in the ocean than on land. Due to the characteristics of narrow bandwidth, high error rate, low speed and the like of the underwater acoustic channel, and the limitations of difficult charging, limited hardware resources, non-ideal cpu calculation power and the like, more factors need to be considered when designing an encryption algorithm of the UWSN. The important indexes to be considered when the UWSN communication encryption algorithm is designed at present include memory overhead, calculated amount, calculation speed and safety, and the reasonable encryption algorithm can improve the stability and reliability of the UWSN communication.
Therefore, the elliptic encryption algorithm, namely the ECC algorithm, has the characteristics of short key, complex operation, short encryption time, good encryption effect, high security performance and the like, and is relatively suitable for the use environment of the UWSN. Specifically, the ECC encryption effect of the 160-bit key is equivalent to the 1024-bit RSA algorithm encryption effect, and the ECC encryption effect of the 210-bit key is equivalent to the 2048-bit RSA algorithm encryption effect.
Here, fig. 2 is a graph showing the encryption effect comparison between the ECC algorithm and the RSA algorithm, wherein graphs of different key lengths and corresponding ciphertext lengths in the ECC algorithm and the RSA algorithm are shown. As can be seen from fig. 2, in the ECC algorithm, the variation of the ciphertext length due to the variation of the key length is small, so that the ciphertext data encrypted by the ECC algorithm is smaller in amount and more suitable for data transmission in an underwater environment.
In data encryption using an ECC algorithm, an elliptic curve corresponding to the ECC algorithm may be first determined, where a schematic diagram of the elliptic curve corresponding to the ECC algorithm is shown in fig. 3. Wherein, the equation of the elliptic curve is as follows: y is 2 ≡x 3 +ax+b (mod p), a, b, p are the main parameters of the elliptic curve equation.
Thus, the above main parameters can be initialized first, where the parameter p is typically a large prime number and 0 < a, b < p, to ensure that the determined elliptic curve is smooth and nonsingular. Meanwhile, equation 4a should be satisfied 2 +27b 2 Not equal to 0 (mod p), where mod represents a modulo operation, and the larger the parameter p, the higher the security when encrypting based on elliptic curves, while also ensuring that the parameter p is not too large to cause a slow calculation.
After determining a plurality of sets of main parameter combinations satisfying the above conditions, any one set of target parameter combinations may be selected from the plurality of sets of main parameter combinations, and the elliptic curve equation may be determined based on the target parameter combinations. Here, the values of x and y in the elliptic curve manner should satisfy the following conditions: x, y is within the interval [0, p-1], and x, y ε N.
S1032: and determining the base point position coordinates of the base points corresponding to the deployment nodes to be communicated based on the deployment positions.
S1033: and calculating a first key corresponding to the first deployment node based on the base point position coordinates, and calculating a second key corresponding to the second deployment node.
In the embodiment of the disclosure, it is considered that in the static encryption mode of the ECC algorithm, the encryption modes of all nodes in the UWSN are often the same, that is, the adopted keys are the same, so that security is poor when communication is performed between the nodes.
Therefore, when determining the communication key of the deployment node to be communicated, the present disclosure may determine the corresponding base point G in combination with the deployment position of each deployment node to be communicated, and calculate the communication key corresponding to each deployment node to be communicated according to the base point position coordinates, where the communication key corresponding to each deployment node to be communicated may include a public key and a private key, and the communication key corresponding to each deployment node to be communicated may be different.
Here, it is considered that the underwater wireless sensor in the UWSN may be affected by ocean currents or waves and the like to change the position and corresponding longitude and latitude coordinates, but the initial nominal position is unchanged. Therefore, the initial position of the node to be deployed for communication can be taken as the deployment position.
When determining the base point G corresponding to the deployment node to be communicated based on the deployment position, firstly, the deployment node to be communicated may be connected, and an approximate point of the base point G may be determined on the connection line or an extension line of the connection line, where the position of the approximate point may change with time, and then, the base point G corresponding to the approximate point on the elliptic curve may be determined. In particular, the ellipse curve and the approximate point can be determined based on the predetermined mapping information A base point G of the mapping relationship, and a base point position coordinate (x g ,y g )。
Here, the mapping information includes a mapping relationship between each point on the elliptic curve and a latitude and longitude range of a deployment position corresponding to the underwater wireless sensor in the UWSN, and a specific manner of determining the mapping information is described below, which is not described herein.
After the base point position coordinates of the base point G are determined, a first key corresponding to the first deployment node and a second key corresponding to the second deployment node may be calculated based on the base point position coordinates. Here, the first key and the second key may be a collection of keys. The manner of determining the base point position coordinates of the base point G specifically and calculating the first key and the second key based on the base point position coordinates is as follows, and will not be described herein.
In the embodiment of the disclosure, it is considered that in the static encryption mode of the ECC algorithm, the encryption modes of all nodes in the UWSN are often the same, that is, the adopted keys are the same, so that security is poor when communication is performed between the nodes. Therefore, when the communication key of the deployment node to be communicated is determined, the corresponding base point G is determined by combining the deployment position of each deployment node to be communicated, and the communication key corresponding to each deployment node to be communicated is calculated according to the position coordinates of the base point, so that the communication key corresponding to each deployment node to be communicated can be different, the dynamic encryption mode of an ECC algorithm is realized, and the safety of communication data in the UWSN is improved.
In an optional embodiment, the step S1032 is applied to the data encryption node, where determining the base point position coordinates of the base point corresponding to the node to be deployed for communication specifically includes the following steps:
(1) Determining a first deployment position of the first deployment node and a second deployment position of the second deployment node based on the deployment positions, respectively;
(2) Mapping the first deployment position onto the elliptic curve to obtain a first position coordinate, and mapping the second deployment position onto the elliptic curve to obtain a second position coordinate;
(3) And acquiring a time function, and respectively calculating the abscissa and the ordinate of the base point based on the time function, the first position coordinate and the second position coordinate to obtain the position coordinate of the base point.
In the embodiment of the disclosure, a mapping relationship between each point on the elliptic curve and a latitude and longitude range of a deployment position corresponding to an underwater wireless sensor in the UWSN may be determined first. For example, the latitude and longitude range of the deployment position corresponding to the underwater wireless sensor in the UWSN is (O, N), that is, the latitude and longitude of the deployment position of the underwater wireless sensor in the UWSN are all within the latitude and longitude range.
Next, a set of points, e.g., points a-E, may be determined in the elliptic curve. Then, a latitude and longitude range subset (O1, N1) corresponding to the set in the latitude and longitude range can be determined, and a mapping relationship between the subset and the point set can be established. It should be understood that a mapping relationship between the corresponding latitude and longitude ranges may be determined for each point in the elliptic curve, and a mapping table may be established based on the determined plurality of mapping relationships.
Based on the above, after the first deployment position and the second deployment position are determined, the mapping table may be used to query, so as to obtain a point on the elliptic curve having a mapping relationship with the longitude and latitude of the first deployment position and a point on the elliptic curve having a mapping relationship with the longitude and latitude of the second deployment position, and determine the coordinates of the obtained point, so as to obtain the first position coordinates and the second position coordinates.
For example, if it is determined that the point corresponding to the first deployment location on the elliptic curve is point a, the first location coordinate of point a is (x A ,y A ). The point corresponding to the second deployment position on the elliptic curve is a point B, and the second position coordinate of the point B is (x B ,y B ). Next, a time function λ can be obtained t Wherein lambda is t As a function of time t, and lambda t ≠1。
Here, λ in the case of time synchronization in the individual deployment nodes t The value of (2) may vary over timeAnd changes, thereby achieving the effect of updating with time, so that the determined base point position coordinates are updated with time. Alternatively, the lambda t It may also be set to a fixed value to reduce the amount of computation in determining the base point position coordinates, thereby reducing the computational load in the UWSN.
In calculating the base point position coordinates based on the time function, the base point position coordinates can be calculated by the formulaCalculation is performed to obtain the base point position coordinates (x g ,y g )。
In the embodiment of the disclosure, when the base point position coordinates of the base point are calculated, besides introducing the position coordinates of the nodes to be deployed in communication, a time function can be introduced, and the value of the time function can be changed along with the change of time, so that the effect of updating along with the change of time is achieved, the determined base point position coordinates are updated along with the change of time, the time-period encryption of an ECC algorithm is realized, and the safety of communication data in the UWSN is further improved.
In an optional embodiment, the step S1033 is applied to the data encryption node, where calculating, based on the base point position coordinates, a first key corresponding to the first deployment node and calculating a second key corresponding to the second deployment node specifically includes the following steps:
(1) Acquiring order information of the elliptic curve, and determining a first private key corresponding to the first deployment node and a second private key corresponding to the second deployment node based on the order information;
(2) Performing elliptic curve multiplication operation on the first private key and the base point position coordinates to obtain a first public key, and calculating the multiplication of the second private key and the base point position coordinates to obtain a second public key;
(3) And determining the first key according to the first private key and the first public key, and determining the second key according to the second private key and the second public key.
In the present disclosure realizeIn an embodiment, the order information of the elliptic curve may be obtained first to determine the order n of the elliptic curve based on the order information, where n may be a positive integer. Then, a first private key K corresponding to the first deployment node A can be determined based on the order n A And a second private key K corresponding to a second deployment node B B . Here, the first private key is the same as or different from the second private key, 0<K A ,K B <n, and K A And K B The value ranges are (0, n), and meanwhile, K A And K B Should be an integer.
In determining the above K A And K B After that, K can be calculated A Obtaining a first public key P corresponding to the first deployment node by multiplying the base point position coordinates A I.e. P A =K A G. In addition, K can be calculated B Obtaining a second public key P corresponding to the second deployment node by multiplying the base point position coordinates B I.e. P B =K B G. The determined K can then be used to A And P A Determining a first key corresponding to a first deployment node, and determining K B And P B And determining a second key corresponding to the second deployment node.
In the embodiment of the disclosure, the public key can be determined based on the private key of the deployment node to be communicated, so that the method for determining the public key is simpler, and the computing power resource is saved. Meanwhile, the base point G needs to be determined based on the public key reverse calculation private key, and the mode of determining the base point G is difficult, so that the private key is difficult to reversely calculate based on the public key, and the safety of communication data in the UWSN is further improved.
In an optional embodiment, the step S105 is applied to the data encryption node, where the encrypting process is performed on the communication data based on the communication key, and specifically includes the following steps:
s1051: and encrypting the communication data based on the communication key to obtain first encrypted data.
S1052: and obtaining the node labels of the nodes to be deployed in communication, and calculating the label sum of the node labels.
S1053: and calculating the product of the data length of the first encrypted data and the sum of the marks to obtain expansion multiples.
S1054: and expanding the bit number of the first encrypted data based on the expansion multiple, and intercepting the second encrypted data according to an expansion result.
In the embodiment of the disclosure, the communication data may be encrypted based on an ECC algorithm to obtain first encrypted data C 1 . Here, the communication data may be encrypted based on at least a part of the communication key in the determined ECC algorithm, and a specific encryption process is described below and will not be described herein.
Next, the resulting C can be subjected to 1 Performing secondary encryption to obtain second encrypted data C 2 A specific secondary encryption process is shown in fig. 4. Wherein first the node number of the node to be deployed for communication, i.e. the id number, can be acquired and the number of the id number and H calculated, then the first encrypted data (i.e. C in fig. 4 can be determined 1 ) And calculates the product of the data length and the sum of the labels to obtain the expansion multiple HL.
After determining the HL, the first encrypted data C may be based on the HL 1 (a 1 ,a 2 ,...a l ,...,a L )a 1 The expansion is performed to obtain the expanded encrypted data as shown in fig. 4. Then, the expanded encrypted data may be shifted to the left by H bits in a cyclic manner, and the first L-bit ciphertext may be extracted as second encrypted data C 2 。
Here, in the process of circularly shifting the expanded encrypted data to the left by H bits, each removed bit may be complemented to a position where the last bit of the expanded encrypted data is free. C can be added before the cyclic movement 1 The binary or hexadecimal system is converted, so that the subsequent operation is facilitated.
In an embodiment of the present disclosure, the communication data is encrypted based on an ECC algorithm to obtain first encrypted data C 1 The first encrypted data C may also be then 1 Performing secondary encryption to obtain second encrypted data C 2 From the slaveAnd the safety of communication data in the UWSN is further improved.
In an optional implementation manner, the communication key includes a first key and a second key, where the first key includes a first private key and the second key includes a second public key, and the step S1051 is applied to the data encryption node, where encrypting the communication data based on the communication key, to obtain first encrypted data specifically includes the following steps:
(1) Acquiring an elliptic curve corresponding to an elliptic encryption algorithm, and determining an encryption point of the product of the first private key and the second public key mapped on the elliptic curve;
(2) And determining the encryption coordinates of the encryption points, and encrypting the communication data based on the encryption coordinates to obtain first encrypted data.
In the embodiment of the present disclosure, as can be seen from fig. 3, the elliptic curve of the image of equation y=kx+d intersects at a point P, a point Q and a point R, and the elliptic curve is constantly established in the continuous domain by a point addition definition p+q=r, and the operation procedure of this definition is as follows.
The coordinates of the set point P are (x P ,y P ) The coordinates of the point Q are (x Q ,y Q ). Here, the formula can be used firstA slope k is calculated, wherein a is the main parameter described above. Next, the formula x can be calculated R ≡(k 2 -x P -x Q ) (mod p) and equation y R ≡(k(x P -x R )-y P ) (mod p) calculating the coordinates of the point R as (x) R ,y R )。
Based on the definition p+q=r described above, an encryption manner in which communication data is encrypted based on an elliptic encryption algorithm can be determined. Specifically, any point on the elliptic curve may be first determined as an encryption point, and the encryption coordinates of the encryption point may be determined. Here, in order to increase the confidentiality of the encryption point, the connectivity between the encryption point and the first deployment node and the second deployment node may be increased. For example, the encryptionPoint first private key K A With said second public key P B Product K of (2) A P b Points mapped on the elliptic curve, the encryption coordinates of the encryption points being (x) AB ,y AB )。
Next, the communication data may be encrypted based on the encryption coordinates to obtain first encrypted data C 1 Here, C 1 Satisfy encryption formula C 1 =x AB M+y AB The encryption formula is derived from the definition p+q=r, and the specific derivation process is not described in this disclosure.
In an embodiment of the present disclosure, the communication data may be encrypted based on the encryption coordinates to obtain first encrypted data, where an encryption point corresponding to the encryption coordinates may be the first private key K A With said second public key P B Product K of (2) A P b The points mapped on the elliptic curve improve the connectivity between the encryption point and the first deployment node and the second deployment node, so that the first encrypted data is more difficult to break.
In an optional implementation manner, the to-be-communicated deployment node includes a first deployment node and a second deployment node, where the first deployment node includes a data encryption node, and the second deployment node includes a data decryption node, and the step S107 is performed to perform data transmission between the to-be-communicated deployment nodes according to the encryption result, and is applied to the data decryption node, and the method further includes the following steps:
s1071: and after the second deployment node receives the second encrypted data sent by the first deployment node, calculating the second encrypted data based on the label and the data length to obtain the first encrypted data.
S1072: and decrypting the first encrypted data based on the communication key to obtain the communication data.
In the embodiment of the present disclosure, when data transmission is performed between the deployment nodes to be communicated, after the first deployment node encrypts the communication data, the second encrypted data C obtained after encryption may be obtained 2 Is transmitted to the firstAnd two deployment nodes.
The second deployment node receives the second encrypted data C 2 After that, the C can be firstly performed 2 Performing decryption once to obtain the first encrypted data C 1 . Specifically, the expansion multiple HL can be obtained first, and based on HL, the expansion multiple HL is compared with the expansion multiple C 2 The number of bits of (C) is expanded to obtain C after expansion 2 . Next, the expanded C may be expanded 2 Circularly shifting H bits to the right, and extracting the following L bits to obtain first encrypted data C 1 。
At determination of C 1 After that, can be applied to the C 1 And performing secondary decryption to obtain communication data so as to complete data transmission between the nodes to be deployed for communication, wherein the specific decryption process is described below and is not repeated here.
In the embodiment of the disclosure, the second encrypted data can be decrypted by a primary decryption manner to obtain the first encrypted data, so that a technical basis is provided for next secondary decryption of the first encrypted data.
In an optional embodiment, the communication key includes a first key and a second key, where the first key includes a first public key and the second key includes a second private key, and the step S1072 is applied to the data decryption node, where the decrypting the first encrypted data based on the communication key obtains the communication data, and specifically includes the following steps:
(1) Acquiring an elliptic curve corresponding to an elliptic encryption algorithm, and determining a decryption point of the product of the second private key and the first public key mapped on the elliptic curve;
(2) And determining decryption coordinates of the decryption point, and decrypting the first encrypted data based on the decryption coordinates to obtain the communication data.
In an embodiment of the present disclosure, a decryption point may first be determined, where data C-K is communicated A P B M, in addition, from the above, P A =K A G,P B =K B G. Based on this, the following can be deduced: c=K A P B M=K A (K B G)M=K B (K A G)M=K B P A M, wherein C is a preset constant, so that the decryption point is the second private key K B With the first public key P A Product K of (2) B P A 。
At the determination of decryption Point K B P A After that, the decryption coordinates (x BA ,y BA ) The ratio is based on a decryption formulaAnd decrypting the first encrypted data to obtain communication data M.
In the embodiment of the present disclosure, the corresponding decryption point may be determined based on the encryption point, so that the first encrypted data is decrypted based on the decryption coordinate of the decryption point, so as to obtain communication data, so as to complete data transmission between the nodes to be deployed for communication.
In summary, in the embodiment of the present disclosure, topology information of an underwater wireless sensor network may be first acquired, and a node to be deployed for communication may be dynamically determined based on the topology information, instead of directly designating a fixed node to be deployed for communication as in a static encryption manner. Then, a communication key corresponding to the node to be deployed for communication can be determined based on the deployment position of the node to be deployed for communication, so that communication data is encrypted based on the communication key to obtain an encryption result, and data transmission is carried out between the nodes to be deployed for communication by the encryption result, so that the communication key is associated with the deployment positions of the nodes to be deployed for communication, the communication keys corresponding to the deployment nodes in different deployment positions are different, a dynamic encryption mode of an ECC algorithm is realized, and the safety of underwater communication based on the ECC algorithm is improved.
It will be appreciated by those skilled in the art that in the above-described method of the specific embodiments, the written order of steps is not meant to imply a strict order of execution but rather should be construed according to the function and possibly inherent logic of the steps.
Based on the same inventive concept, the embodiments of the present disclosure further provide a dynamic data encryption device corresponding to the dynamic data encryption method, and since the principle of solving the problem by the device in the embodiments of the present disclosure is similar to that of the dynamic data encryption method in the embodiments of the present disclosure, the implementation of the device may refer to the implementation of the method, and the repetition is omitted.
Referring to fig. 5, a schematic diagram of a dynamic data encryption device according to an embodiment of the disclosure is shown, where the device includes: an acquisition unit 51, a determination unit 52, an encryption unit 53, a transmission unit 54; wherein, the liquid crystal display device comprises a liquid crystal display device,
an obtaining unit 51, configured to obtain topology information of an underwater wireless sensor network, and determine a node to be deployed for communication based on the topology information, where the topology information includes a plurality of deployment nodes for performing underwater acoustic communication;
a determining unit 52, configured to determine a communication key corresponding to the deployment node to be communicated based on the deployment location of the deployment node to be communicated;
an encryption unit 53, configured to encrypt the communication data based on the communication key, to obtain an encryption result;
and the transmission unit 54 is used for transmitting the data of the encryption result between the nodes to be deployed in communication.
In the embodiment of the disclosure, the topology structure information of the underwater wireless sensor network can be acquired first, and the node to be deployed for communication is dynamically determined based on the topology structure information, instead of directly designating the fixed node to be deployed for communication as in a static encryption mode. Then, a communication key corresponding to the node to be deployed for communication can be determined based on the deployment position of the node to be deployed for communication, so that communication data is encrypted based on the communication key to obtain an encryption result, and data transmission is carried out between the nodes to be deployed for communication by the encryption result, so that the communication key is associated with the deployment positions of the nodes to be deployed for communication, the communication keys corresponding to the deployment nodes in different deployment positions are different, a dynamic encryption mode of an ECC algorithm is realized, and the safety of underwater communication based on the ECC algorithm is improved.
In a possible implementation manner, the to-be-communicated deployment node includes a first deployment node and a second deployment node, where the first deployment node includes at least one data encryption node, and the second deployment node includes at least one data decryption node, and the determining unit 52 is further configured to:
The determining, based on the deployment location, a communication key corresponding to the deployment node to be communicated, including:
determining an elliptic curve corresponding to an elliptic encryption algorithm;
determining base point position coordinates of base points corresponding to the to-be-communicated deployment nodes based on the deployment positions;
and calculating a first key corresponding to the first deployment node based on the base point position coordinates, and calculating a second key corresponding to the second deployment node.
In a possible embodiment, the determining unit 52 is further configured to:
based on the deployment positions, respectively determining a first deployment position of the first deployment node and a second deployment position of the second deployment node;
mapping the first deployment position to the elliptic curve to obtain a first position coordinate, and mapping the second deployment position to the elliptic curve to obtain a second position coordinate;
and acquiring a time function, and respectively calculating the abscissa and the ordinate of the base point based on the time function, the first position coordinate and the second position coordinate to obtain the position coordinate of the base point.
In a possible embodiment, the determining unit 52 is further configured to:
acquiring order information of the elliptic curve, and determining a first private key corresponding to the first deployment node and a second private key corresponding to the second deployment node based on the order information;
Performing elliptic curve multiplication operation on the first private key and the base point position coordinate to obtain a first public key, and calculating the multiplication of the second private key and the base point position coordinate to obtain a second public key;
and determining the first key according to the first private key and the first public key, and determining the second key according to the second private key and the second public key.
In a possible implementation, the encryption unit 53 is further configured to:
encrypting the communication data based on the communication key to obtain first encrypted data;
acquiring node labels of the nodes to be deployed in communication, and calculating the label sum of the node labels;
calculating the product of the data length of the first encrypted data and the sum of the marks to obtain expansion multiples;
and expanding the bit number of the first encrypted data based on the expansion multiple, and intercepting the second encrypted data according to an expansion result.
In a possible implementation manner, the communication key includes a first key and a second key, where the first key includes a first private key, and the second key includes a second public key, and the encryption determining unit 53 is further configured to:
an elliptic curve corresponding to an elliptic encryption algorithm is obtained, and encryption points, on which the product of the first private key and the second public key is mapped, are determined;
And determining encryption coordinates of the encryption points, and encrypting the communication data based on the encryption coordinates to obtain first encrypted data.
In a possible implementation manner, the to-be-communicated deployment node includes a first deployment node and a second deployment node, where the first deployment node includes at least one data encryption node, and the second deployment node includes at least one data decryption node, and the transmission unit 54 is further configured to:
after the second deployment node receives second encrypted data sent by the first deployment node, calculating the second encrypted data based on the label and the data length to obtain the first encrypted data;
and decrypting the first encrypted data based on the communication key to obtain the communication data.
In a possible implementation manner, the communication key includes a first key and a second key, where the first key includes a first public key, and the second key includes a second private key, and the encryption determining unit 53 is further configured to:
obtaining an elliptic curve corresponding to an elliptic encryption algorithm, and determining a decryption point of the product of the second private key and the first public key mapped on the elliptic curve;
And determining decryption coordinates of the decryption point, and decrypting the first encrypted data based on the decryption coordinates to obtain the communication data.
In a possible implementation, the obtaining unit 51 is further configured to:
taking a deployment node initiating a communication request as a first deployment node, determining adjacent deployment nodes of the first deployment node based on the topological structure information, and determining the adjacent deployment nodes as second deployment nodes responding to the communication request;
and determining the deployment node to be communicated according to the first deployment node and the second deployment node.
The process flow of each unit in the apparatus and the interaction flow between units may be described with reference to the related descriptions in the above method embodiments, which are not described in detail herein.
Corresponding to the dynamic data encryption method in fig. 1, the embodiment of the present disclosure further provides a computer device 600, as shown in fig. 6, which is a schematic structural diagram of the computer device 600 provided in the embodiment of the present disclosure, including:
a processor 61, a memory 62, and a bus 63; memory 62 is used to store execution instructions, including memory 621 and external memory 622; the memory 621 is also referred to as an internal memory, and is used for temporarily storing operation data in the processor 61 and data exchanged with the external memory 622 such as a hard disk, the processor 61 exchanges data with the external memory 622 through the memory 621, and when the computer device 600 is operated, the processor 61 and the memory 62 communicate with each other through the bus 63, so that the processor 61 executes the following instructions:
Acquiring topology structure information of an underwater wireless sensor network, and determining deployment nodes to be communicated based on the topology structure information, wherein the topology structure information comprises a plurality of deployment nodes for underwater acoustic communication;
determining a communication key corresponding to the node to be deployed for communication based on the deployment position of the node to be deployed for communication;
encrypting the communication data based on the communication key to obtain an encryption result;
and transmitting the data between the nodes to be deployed in a communication way according to the encryption result.
The disclosed embodiments also provide a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the dynamic data encryption method described in the method embodiments above. Wherein the storage medium may be a volatile or nonvolatile computer readable storage medium.
Embodiments of the present disclosure further provide a computer program product, where the computer program product carries program code, where instructions included in the program code may be used to perform the steps of the dynamic data encryption method described in the foregoing method embodiments, and specifically reference the foregoing method embodiments will not be described herein.
Wherein the above-mentioned computer program product may be realized in particular by means of hardware, software or a combination thereof. In an alternative embodiment, the computer program product is embodied as a computer storage medium, and in another alternative embodiment, the computer program product is embodied as a software product, such as a software development kit (Software Development Kit, SDK), or the like.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described system and apparatus may refer to corresponding procedures in the foregoing method embodiments, which are not described herein again. In the several embodiments provided in the present disclosure, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. The above-described apparatus embodiments are merely illustrative, for example, the division of the units is merely a logical function division, and there may be other manners of division in actual implementation, and for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some communication interface, device or unit indirect coupling or communication connection, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present disclosure may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a non-volatile computer readable storage medium executable by a processor. Based on such understanding, the technical solution of the present disclosure may be embodied in essence or a part contributing to the prior art or a part of the technical solution, or in the form of a software product stored in a storage medium, including several instructions to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method described in the embodiments of the present disclosure. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
Finally, it should be noted that: the foregoing examples are merely specific embodiments of the present disclosure, and are not intended to limit the scope of the disclosure, but the present disclosure is not limited thereto, and those skilled in the art will appreciate that while the foregoing examples are described in detail, it is not limited to the disclosure: any person skilled in the art, within the technical scope of the disclosure of the present disclosure, may modify or easily conceive changes to the technical solutions described in the foregoing embodiments, or make equivalent substitutions for some of the technical features thereof; such modifications, changes or substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the disclosure, and are intended to be included within the scope of the present disclosure. Therefore, the protection scope of the present disclosure shall be subject to the protection scope of the claims.
Claims (12)
1. A method for dynamic data encryption, comprising:
acquiring topology structure information of an underwater wireless sensor network, and determining deployment nodes to be communicated based on the topology structure information, wherein the topology structure information comprises a plurality of deployment nodes for underwater acoustic communication;
Determining a communication key corresponding to the node to be deployed for communication based on the deployment position of the node to be deployed for communication;
encrypting the communication data based on the communication key to obtain an encryption result;
and transmitting the data between the nodes to be deployed in a communication way according to the encryption result.
2. The method of claim 1, wherein the nodes to be deployed for communication comprise a first deployment node and a second deployment node, wherein the first deployment node comprises at least one data encryption node and the second deployment node comprises at least one data decryption node;
the determining, based on the deployment location, a communication key corresponding to the deployment node to be communicated, including:
determining an elliptic curve corresponding to an elliptic encryption algorithm;
determining base point position coordinates of base points corresponding to the to-be-communicated deployment nodes based on the deployment positions;
and calculating a first key corresponding to the first deployment node based on the base point position coordinates, and calculating a second key corresponding to the second deployment node.
3. The method of claim 2, wherein determining base point location coordinates of the base point corresponding to the node to be deployed for communication comprises:
Based on the deployment positions, respectively determining a first deployment position of the first deployment node and a second deployment position of the second deployment node;
mapping the first deployment position to the elliptic curve to obtain a first position coordinate, and mapping the second deployment position to the elliptic curve to obtain a second position coordinate;
and acquiring a time function, and respectively calculating the abscissa and the ordinate of the base point based on the time function, the first position coordinate and the second position coordinate to obtain the position coordinate of the base point.
4. The method of claim 2, wherein the computing a first key corresponding to the first deployment node and computing a second key corresponding to the second deployment node based on the base point location coordinates comprises:
acquiring order information of the elliptic curve, and determining a first private key corresponding to the first deployment node and a second private key corresponding to the second deployment node based on the order information;
performing elliptic curve multiplication operation on the first private key and the base point position coordinate to obtain a first public key, and calculating the multiplication of the second private key and the base point position coordinate to obtain a second public key;
And determining the first key according to the first private key and the first public key, and determining the second key according to the second private key and the second public key.
5. The method of claim 1, wherein the encrypting the communication data based on the communication key comprises:
encrypting the communication data based on the communication key to obtain first encrypted data;
acquiring node labels of the nodes to be deployed in communication, and calculating the label sum of the node labels;
calculating the product of the data length of the first encrypted data and the sum of the marks to obtain expansion multiples;
and expanding the bit number of the first encrypted data based on the expansion multiple, and intercepting the second encrypted data according to an expansion result.
6. The method of claim 5, wherein the communication key comprises a first key and a second key, wherein the first key comprises a first private key and the second key comprises a second public key;
encrypting the communication data based on the communication key to obtain first encrypted data, wherein the first encrypted data comprises:
an elliptic curve corresponding to an elliptic encryption algorithm is obtained, and encryption points, on which the product of the first private key and the second public key is mapped, are determined;
And determining encryption coordinates of the encryption points, and encrypting the communication data based on the encryption coordinates to obtain first encrypted data.
7. The method of claim 5, wherein the nodes to be deployed for communication comprise a first deployment node and a second deployment node, wherein the first deployment node comprises at least one data encryption node and the second deployment node comprises at least one data decryption node;
and performing data transmission between the deployment nodes to be communicated according to the encryption result, wherein the data transmission comprises the following steps:
after the second deployment node receives second encrypted data sent by the first deployment node, calculating the second encrypted data based on the label and the data length to obtain the first encrypted data;
and decrypting the first encrypted data based on the communication key to obtain the communication data.
8. The method of claim 7, wherein the communication key comprises a first key and a second key, wherein the first key comprises a first public key and the second key comprises a second private key;
the decrypting the first encrypted data based on the communication key to obtain the communication data includes:
Obtaining an elliptic curve corresponding to an elliptic encryption algorithm, and determining a decryption point of the product of the second private key and the first public key mapped on the elliptic curve;
and determining decryption coordinates of the decryption point, and decrypting the first encrypted data based on the decryption coordinates to obtain the communication data.
9. The method of claim 1, wherein the determining a node to be deployed for communication based on the topology information comprises:
taking a deployment node initiating a communication request as a first deployment node, determining adjacent deployment nodes of the first deployment node based on the topological structure information, and determining the adjacent deployment nodes as second deployment nodes responding to the communication request;
and determining the deployment node to be communicated according to the first deployment node and the second deployment node.
10. A dynamic data encryption device, comprising:
the underwater wireless sensor network communication system comprises an acquisition unit, a communication unit and a communication unit, wherein the acquisition unit is used for acquiring topological structure information of the underwater wireless sensor network and determining deployment nodes to be communicated based on the topological structure information, and the topological structure information comprises a plurality of deployment nodes for underwater acoustic communication;
The determining unit is used for determining a communication key corresponding to the deployment node to be communicated based on the deployment position of the deployment node to be communicated;
the encryption unit is used for carrying out encryption processing on the communication data based on the communication key to obtain an encryption result;
and the transmission unit is used for transmitting the data of the encryption result between the nodes to be deployed in communication.
11. A computer device, comprising: a processor, a memory and a bus, said memory storing machine readable instructions executable by said processor, said processor and said memory communicating over the bus when the computer device is running, said machine readable instructions when executed by said processor performing the steps of the dynamic data encryption method according to any one of claims 1 to 9.
12. A computer-readable storage medium, characterized in that the computer-readable storage medium has stored thereon a computer program which, when executed by a processor, performs the steps of the dynamic data encryption method according to any one of claims 1 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310684928.5A CN116634416A (en) | 2023-06-09 | 2023-06-09 | Dynamic data encryption method, dynamic data encryption device, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310684928.5A CN116634416A (en) | 2023-06-09 | 2023-06-09 | Dynamic data encryption method, dynamic data encryption device, computer equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116634416A true CN116634416A (en) | 2023-08-22 |
Family
ID=87636567
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310684928.5A Pending CN116634416A (en) | 2023-06-09 | 2023-06-09 | Dynamic data encryption method, dynamic data encryption device, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116634416A (en) |
-
2023
- 2023-06-09 CN CN202310684928.5A patent/CN116634416A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Wu et al. | Efficient and secure searchable encryption protocol for cloud-based Internet of Things | |
| Azarderakhsh et al. | Key compression for isogeny-based cryptosystems | |
| US8189771B2 (en) | Hash functions with elliptic polynomial hopping | |
| US8170203B2 (en) | Message authentication code with elliptic polynomial hopping | |
| US8189775B2 (en) | Method of performing cipher block chaining using elliptic polynomial cryptography | |
| US8165287B2 (en) | Cryptographic hash functions using elliptic polynomial cryptography | |
| US8385541B2 (en) | Method of performing elliptic polynomial cryptography with elliptic polynomial hopping | |
| KR100513127B1 (en) | Elliptic curve transformation device, utilization device and utilization system | |
| US8139765B2 (en) | Elliptical polynomial-based message authentication code | |
| WO2014109828A2 (en) | Method for secure substring search | |
| JP5564053B2 (en) | Method for generating encryption key, network and computer program | |
| Gu et al. | New public key cryptosystems based on non‐Abelian factorization problems | |
| US20120323981A1 (en) | Proxy calculation system, proxy calculation method, proxy calculation requesting apparatus, and proxy calculation program and recording medium therefor | |
| EP0936776A2 (en) | A network system using a threshold secret sharing method | |
| Chang et al. | A node authentication protocol based on ECC in WSN | |
| US11902440B2 (en) | Method and system for Cheon resistant static Diffie-Hellman security | |
| US9509511B2 (en) | Identity based encryption | |
| US9590805B1 (en) | Ladder-based cryptographic techniques using pre-computed points | |
| Rafik et al. | Fast and secure implementation of ECC-based concealed data aggregation in WSN | |
| US10484173B2 (en) | X-only generic mapping function for PACE protocol | |
| CN116634416A (en) | Dynamic data encryption method, dynamic data encryption device, computer equipment and storage medium | |
| Bahi et al. | Secure data aggregation in wireless sensor networks: homomorphism versus watermarking approach | |
| Clarridge et al. | A cryptosystem based on the composition of reversible cellular automata | |
| JP4922139B2 (en) | Key sharing method, first device, second device, and program thereof | |
| JP5038868B2 (en) | Key sharing method, first device, second device, and program thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |