CN116668193A - Communication method of terminal equipment and server of Internet of things and computer readable storage medium - Google Patents
Communication method of terminal equipment and server of Internet of things and computer readable storage medium Download PDFInfo
- Publication number
- CN116668193A CN116668193A CN202310926434.3A CN202310926434A CN116668193A CN 116668193 A CN116668193 A CN 116668193A CN 202310926434 A CN202310926434 A CN 202310926434A CN 116668193 A CN116668193 A CN 116668193A
- Authority
- CN
- China
- Prior art keywords
- message
- encryption
- internet
- things
- communication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000006854 communication Effects 0.000 title claims abstract description 64
- 238000004891 communication Methods 0.000 title claims abstract description 62
- 238000000034 method Methods 0.000 title claims abstract description 61
- 238000003860 storage Methods 0.000 title claims abstract description 8
- 125000004122 cyclic group Chemical group 0.000 claims description 18
- 238000005336 cracking Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 206010063385 Intellectualisation Diseases 0.000 description 1
- 241001441724 Tetraodontidae Species 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000009954 braiding Methods 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000001788 irregular Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
- 238000010187 selection method Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y30/00—IoT infrastructure
- G16Y30/10—Security thereof
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y40/00—IoT characterised by the purpose of the information processing
- G16Y40/50—Safety; Security of things, users, data or systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Mobile Radio Communication Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention relates to the technical field of encryption communication of the Internet of things, and discloses a communication method of terminal equipment and a server of the Internet of things and a computer readable storage medium, wherein the method comprises an encryption process and a decryption process, and the encryption process comprises the following steps: s1, selecting a permutation and combination mode of a general symmetric encryption algorithm according to at least one of longitude, latitude, time, ID of a main control chip and count value of a timer of the terminal equipment of the Internet of things at the last communication moment of the terminal equipment of the Internet of things and a server; s2, encrypting the input message according to the arrangement and combination mode of the general symmetric encryption algorithm selected in the S1 to form a general encryption message; s3, encrypting the general encryption message by using a first custom encryption algorithm to form a first encryption message; s4, encrypting the first encrypted message by using a second custom encryption algorithm to form a final encrypted message; the method can ensure that the encrypted file is still safe under the condition of key leakage.
Description
Technical Field
The invention relates to the technical field of encryption communication of the Internet of things, in particular to a communication method of terminal equipment and a server of the Internet of things and a computer readable storage medium.
Background
Along with the increasing degree of intellectualization of daily life, production, internet of things equipment is also becoming more popular. In the communication process of many internet of things devices, sensitive contents such as personal privacy, financial data, industry confidentiality and the like are not lacked, so the safety and the integrity of the communication of the internet of things devices are particularly important. However, the existing internet of things equipment often uses a general encryption algorithm, so that the following problems exist:
1. the general encryption algorithm may be broken. Common encryption algorithms are often disclosed, and the encryption implementation process can be easily obtained, so that the encryption algorithm can be possibly cracked.
2. Storing the key in the internet of things device is not secure. The key is the most critical information of the general encryption algorithm, and the encryption function is immediately disabled once the key is revealed. In the application of the internet of things, the secret key has to be stored in the internet of things equipment, and the secret key in the internet of things equipment is easy to obtain, so that a great security risk exists. Therefore, in the application of the internet of things, the key is used as the most critical information, and there is an unavoidable risk.
3. A generic encryption algorithm cannot avoid replay attacks. Even if the key is not compromised, a replay attack can be initiated to the terminal device or server if a real message is obtained. This is a problem that cannot be solved by the general encryption algorithm.
4. The integrity of the communication data cannot be guaranteed by simply using a general encryption algorithm. Many internet of things devices often adopt unstable communication such as wireless communication and the like, and are limited by objective environments, and unstable factors exist in the communication process, so that communication data are lost, and the problem that can not be solved by simply using a general encryption algorithm is solved.
Disclosure of Invention
Aiming at the defects existing in the prior art, the invention aims to provide a communication method of terminal equipment and a server of the Internet of things and a computer readable storage medium, which can improve the safety and the integrity of the communication of the Internet of things.
In order to achieve the above object, the present invention provides the following technical solutions:
the communication method of the terminal equipment of the Internet of things and the server comprises an encryption process and a decryption process, wherein the encryption process comprises the following steps: s1, selecting a permutation and combination mode of a general symmetric encryption algorithm according to at least one of longitude, latitude, time, ID of a main control chip and count value of a timer of the terminal equipment of the Internet of things at the last communication moment of the terminal equipment of the Internet of things and a server; s2, encrypting the input message according to the arrangement and combination mode of the general symmetric encryption algorithm selected in the S1 to form a general encryption message; s3, encrypting the general encryption message by using a first custom encryption algorithm to form a first encryption message; and S4, encrypting the first encrypted message by using a second custom encryption algorithm to form a final encrypted message.
In the present invention, preferably, S1 includes: s11, combining at least one of longitude, latitude, time and count value of a timer of the terminal equipment of the Internet of things and the terminal equipment of the Internet of things at the last communication moment of a server into a character string; s12, generating a message digest value for the character string by using a message digest algorithm; s13, generating a check value of the information abstract by using a data integrity check algorithm on the information abstract value; s14, selecting a permutation and combination mode corresponding to the general symmetric encryption algorithm according to the numerical value interval of the check value of the information abstract.
In the present invention, preferably, S3 includes: s31, performing byte-wise cyclic exclusive OR operation on the first custom key and the general encryption message; s32, combining the general encryption message subjected to the byte-cycle exclusive OR operation with a first custom key to form a first encryption message.
In the present invention, preferably, when the terminal device of the internet of things initiates communication, the generation mode of the first custom key is: the method comprises the steps that a counting value of a timer of a main control chip of the terminal equipment of the Internet of things and an ID of the main control chip of the terminal equipment of the Internet of things are combined into a character string, and a message digest value obtained by a message digest algorithm is used as a first type of custom key for the character string; when a server initiates communication, the generation mode of the first custom key is as follows: the server obtains the count value of the timer and the MAC address of the server, combines the count value and the MAC address of the server into a character string, and takes the information abstract obtained by the character string by using the information abstract algorithm as a first custom key.
In the present invention, preferably, in S32, the general encrypted message after the byte-wise cyclic exclusive-or operation is combined with the first custom key in such a way that the first custom key is spliced behind or in front of the general encrypted message after the byte-wise cyclic exclusive-or operation, or the two are cross-mixed together according to bytes.
In the present invention, preferably, the second custom encryption algorithm in S4 is to perform byte-wise cyclic exclusive-or operation on the second custom key and the first encrypted message, so as to obtain a final encrypted message.
In the present invention, preferably, the second custom key is set by the user and is stored in the terminal device and the server of the internet of things respectively.
In the present invention, preferably, the decryption process includes: s5, transmitting the final encrypted message to target Internet of things terminal equipment or a server; s6, performing byte-wise cyclic exclusive OR operation on the second custom key and the final encrypted message to obtain a first encrypted message; s7, a first custom key is taken out from the first encrypted message, and the first custom key and the rest part of the first encrypted message are subjected to byte-wise cyclic exclusive OR operation to obtain a general encrypted message; s8, comparing whether the first custom key of the communication is the same as the first custom key of the last communication, if so, discarding the final encrypted message obtained by the communication and stopping the communication; if not, continuing to S9; s9, decrypting the general encryption message according to the arrangement and combination mode of the general symmetric encryption algorithm selected in the S1 to obtain an input message.
In the present invention, S1 is preferably further preceded by: s0: and using a data integrity check algorithm to obtain a check value for the original message, and combining the check value with the original message to obtain the input message.
A computer readable storage medium comprising computer executable instructions which, when run on a computer, cause the computer to perform an encryption method of an internet of things terminal device communicating with a server as any one of the above.
Compared with the prior art, the invention has the beneficial effects that:
the method adopts a plurality of general encryption algorithms, which types of encryption algorithms are used, the encryption sequence of the encryption algorithms is random, and the space and time of the terminal equipment of the Internet of things and different terminal equipment of the Internet of things can influence the types and the encryption sequence of the encryption algorithms. The invention also provides a self-defined encryption algorithm, a user can freely change the self-defined encryption algorithm to form a new encryption algorithm which is extremely difficult to crack, and the cracking difficulty of the encrypted file is far higher than that of a general encryption algorithm; the security of the method does not depend on the secret key completely, and meanwhile, a whole set of encryption flow is also relied on to ensure the security, so that the encrypted file is ensured to be still safe under the condition of secret key leakage; the method for generating the reliable random variable has extremely strong universality and extremely low cost, and the random variable generated by using the method can be used for avoiding replay attack; the method comprises a data integrity checking algorithm, and ensures the integrity of communication data.
Drawings
Fig. 1 is a flowchart of an embodiment of a method for communication between an internet of things terminal device and a server according to the present invention.
Fig. 2 is a flowchart of S1 in an embodiment of a method for communicating an internet of things terminal device with a server according to the present invention.
Fig. 3 is a flowchart of S3 in an embodiment of a method for communicating an internet of things terminal device with a server according to the present invention.
Fig. 4 is a flowchart of an embodiment of a method for communication between an internet of things terminal device and a server according to the present invention.
Fig. 5 is a schematic diagram of an encryption process of an embodiment of a communication method between an internet of things terminal device and a server according to the present invention.
Fig. 6 is a schematic diagram of a decryption process of an embodiment of a communication method between an internet of things terminal device and a server according to the present invention.
In the accompanying drawings: 101-original message, 102-input message, 103-check value, 105-general encryption message, 107-first custom key, 108-first encryption message, 109-final encryption message, a 0-data integrity check algorithm, a 1-general symmetric encryption algorithm, a 2-first custom encryption algorithm, a 3-second custom encryption algorithm.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
It will be understood that when an element is referred to as being "fixed to" another element, it can be directly on the other element or intervening elements may also be present. When a component is considered to be "connected" to another component, it can be directly connected to the other component or intervening components may also be present. When an element is referred to as being "disposed on" another element, it can be directly on the other element or intervening elements may also be present. The terms "vertical," "horizontal," "left," "right," and the like are used herein for illustrative purposes only.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used herein in the description of the invention is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. The term "and/or" as used herein includes any and all combinations of one or more of the associated listed items.
Referring to fig. 1 to fig. 3, a preferred embodiment of the present invention provides a communication method between an internet of things terminal device and a server, including an encryption process and a decryption process, where the encryption process includes:
s0: a data integrity check algorithm is used for the original message to obtain a check value, and the check value is combined with the original message to obtain an input message;
s1, selecting a permutation and combination mode of a general symmetric encryption algorithm according to at least one of longitude, latitude, time, ID of a main control chip and count value of a timer of the terminal equipment of the Internet of things at the last communication moment of the terminal equipment of the Internet of things and a server;
s2, encrypting the input message according to the arrangement and combination mode of the general symmetric encryption algorithm selected in the S1 to form a general encryption message;
s3, encrypting the general encryption message by using a first custom encryption algorithm to form a first encryption message;
and S4, encrypting the first encrypted message by using a second custom encryption algorithm to form a final encrypted message.
In S0, a data integrity check algorithm is first used for the original packet, and in this embodiment, the data integrity check algorithm is specifically a CRC16 check algorithm, and other data integrity check algorithms may also be used. After the CRC16 checking algorithm is used for operating the original message, a checking value is generated, and the original message and the checking value are combined (the combination mode can be splicing, mixed braiding and the like) to obtain a message containing the original message and the checking value, wherein the message is used as an input message of a subsequent encryption operation.
The operation of verifying whether the original message is complete is as follows: and taking out the original message from an input message containing the original message and the check value, performing data integrity check algorithm operation on the original message to obtain a new check value, comparing the new check value with the original check value, and if the two check values are the same, indicating that no error occurs in the whole data transmission and operation process of the message.
It should be noted that S0 is not an essential step of the method of the present invention, but is an optimization processing method, and the input message in other steps does not refer to the input message obtained through S0, and the input message only refers to the message to be encrypted through the general symmetric encryption algorithm in S2, and may be the message processed through S0 or the original message itself.
In S2, the input message is encrypted by a general symmetric encryption algorithm (such as AES, DES, IDEA, blowfish, twofish), and the general symmetric encryption algorithm can be one or two or more of them, and the input message is encrypted according to the sequence of the arrangement and combination, so as to obtain the complex general symmetric encryption algorithm encryption information, namely the general encrypted message. The general symmetric encryption algorithms are denoted by X1 through Xn, and since these symmetric encryption algorithms are publicly common, encryption and decryption processes thereof will not be described in detail herein.
In S1, the arrangement and combination mode of the general symmetric encryption algorithm is selected, namely the type and the encryption sequence of the general symmetric encryption algorithm are selected. In order to make the arrangement and combination modes of the general symmetric encryption algorithm have randomness, a certain random value is needed to be selected to determine the arrangement and combination modes, the random values of longitude, latitude, time, ID of a main control chip and count value of a timer of the terminal equipment of the Internet of things at the last communication moment of the terminal equipment of the Internet of things and a server can be selected, one or more values can be selected, and the selection of the values can be determined according to the requirement and the actual equipment condition. All of these values are chosen in this example. Specifically, S1 includes:
s11, combining at least one of longitude, latitude, time and count value of a timer of the terminal equipment of the Internet of things and the terminal equipment of the Internet of things at the last communication moment of a server into a character string;
s12, generating a message digest value for the character string by using a message digest algorithm;
s13, generating a check value of the information abstract by using a data integrity check algorithm on the information abstract value;
s14, selecting a permutation and combination mode corresponding to the general symmetric encryption algorithm according to the numerical value interval of the check value of the information abstract.
Longitude, latitude and time of the Internet of things terminal equipment at last communication moment of the Internet of things terminal equipment and the server, the count value of the timer of the Internet of things terminal equipment and the ID of the master control chip of the Internet of things terminal equipment are combined into a character string, and the character string is respectively stored in the Internet of things terminal equipment and the server for use in communication. And generating a message digest value by using a message digest algorithm on the character string, then generating a check value of the message digest by using a data integrity check algorithm (for example, CRC16 check algorithm) on the message digest value, then judging the check value of the message digest, and selecting different types and encryption sequences of the general symmetric encryption algorithm according to different judging conditions, such as which interval the size of the check value is in 0~A, A-B, B-C, C-0 xFFFF and the interval in which the check value is located.
The general symmetric encryption algorithm is selected and the encryption sequence is changed along with the size of the check value of the information abstract, and after the general symmetric encryption algorithm is used for encryption, a message encrypted by the general symmetric encryption algorithm, namely a general encryption message, is generated and is used as the input information of the subsequent encryption operation.
The selection method can ensure the space and time of the terminal equipment of the Internet of things and different terminal equipment of the Internet of things, and can influence the type and encryption sequence of the general symmetric encryption algorithm. Because the random variable is added, the type and the encryption sequence of the encryption algorithm can be randomly used even if the same terminal equipment of the Internet of things is in the same space and time. Therefore, the encryption method provided by the invention has much higher cracking difficulty than a general encryption algorithm. If the fields of longitude, latitude and time are removed, the dependence of the process of selecting the type and the encryption sequence of the universal symmetric encryption algorithm on a positioning module and a time module is reduced, the hardware cost is further reduced while similar functions are realized, but the random factors of the arrangement and combination modes of the universal symmetric encryption algorithm are reduced, and the cracking difficulty of the encrypted message is reduced theoretically. Therefore, which values are used as the determining factors for selecting the permutation and combination mode of the general symmetric encryption algorithm needs to be determined by the user comprehensively considering the software and hardware environments.
In S3, the first custom key is not fixed, but varies according to the subject from which the communication originates. When the terminal equipment of the Internet of things initiates communication, the terminal equipment of the Internet of things generates a first custom key at the moment, and the generation mode of the first custom key is as follows: the method comprises the steps that a counting value of a timer of a main control chip of the terminal equipment of the Internet of things and an ID of the main control chip of the terminal equipment of the Internet of things are combined into a character string, and a message digest value obtained by a message digest algorithm is used as a first type of custom key for the character string; when the server initiates communication, the server generates a first custom key at this time, and the first custom key is generated in the following manner: the server obtains the count value of the timer and the MAC address of the server, combines the count value and the MAC address of the server into a character string, and takes the information abstract obtained by the character string by using the information abstract algorithm as a first custom key.
Specifically, S3 includes:
s31, performing byte-wise cyclic exclusive OR operation on the first custom key and the general encryption message;
s32, combining the general encryption message subjected to the byte-cycle exclusive OR operation with a first custom key to form a first encryption message.
For example, according to a byte cyclic exclusive-or operation mode, for example, the first custom key is a string of 40 bytes, the general encryption message is a string of 90 bytes, the 1 st to 40 th characters of the general encryption message and the 1 st to 40 th characters of the first custom key are exclusive-or operated according to corresponding bytes, the 41 st to 80 th characters of the general encryption message and the 1 st to 40 th characters of the first custom key are exclusive-or operated according to corresponding bytes, and then the 81 st to 90 th characters of the general encryption message and the 1 st to 10 th characters of the first custom key are exclusive-or operated according to corresponding bytes. Other lengths of messages requiring encryption and so on.
The general encrypted message after the exclusive-or operation is circularly processed according to the bytes becomes a messy character string which can not be read, and the first custom key is a string of random characters, so that the general encrypted message looks like a string of irregular character strings after the two are combined.
The first custom key is combined with the general encryption message after the byte-wise cyclic exclusive-or operation in a mode that the first custom key can be spliced behind or in front of the encryption message, and the first custom key and the general encryption message can be cross-mixed together according to bytes, and the combined message is the first encryption message
The first encryption message is used for splicing the first custom key and the general encryption message which is subjected to the byte-cycle exclusive OR operation to be transmitted together, so that the first encryption message naturally contains a decrypted key, and when a receiver knowing the encryption rule receives the message, the receiver can acquire the key therein, and decrypt the message by using the key, thereby avoiding the risk of key transmission.
In this embodiment, as shown in fig. 5, the encryption manner of the second custom encryption algorithm is: and performing byte-wise cyclic exclusive OR operation on the second custom key and the first encrypted message to obtain a message encrypted by the second custom encryption algorithm, namely a final encrypted message. The second custom key is fixed and set by the user and is respectively stored in the terminal equipment and the server of the Internet of things.
In the method of the present invention, after the final encrypted message is transmitted to the information destination, the operation sequence of the decryption process is opposite to the operation sequence of the encryption, specifically as shown in fig. 6, the decryption of the second custom encryption algorithm is performed first, then the decryption of the first custom encryption algorithm is performed, and finally the decryption of the general symmetric encryption algorithm is performed, and then the information containing the original message and the check value is obtained. The flow chart is shown in fig. 4, and the decryption process specifically includes:
s5, transmitting the final encrypted message to target Internet of things terminal equipment or a server;
s6, performing byte-wise cyclic exclusive OR operation on the second custom key and the final encrypted message to obtain a first encrypted message;
s7, a first custom key is taken out from the first encrypted message, and the first custom key and the rest part of the first encrypted message are subjected to byte-wise cyclic exclusive OR operation to obtain a general encrypted message;
s8, comparing whether the first custom key of the communication is the same as the first custom key of the last communication, if so, discarding the final encrypted message obtained by the communication and stopping the communication; if not, continuing to S9;
s9, decrypting the general encryption message according to the arrangement and combination mode of the general symmetric encryption algorithm selected in the S1 to obtain an input message.
The encryption and decryption processes of the first custom encryption algorithm and the second custom encryption algorithm use byte-cycle exclusive-or operation, which uses the hidden rule of the exclusive-or operation, namely that the input information and the same variable are continuously subjected to exclusive-or operation twice, and the obtained result is still the original input information.
The discard option in S8 is aimed at avoiding replay attacks on the system. The first self-defined key generated by the random variable also has randomness, and after the terminal equipment or the server of the Internet of things receives the final encrypted message, the terminal equipment or the server of the Internet of things compares whether the current communication is the same as the last first self-defined key, and if so, the message of the current communication is discarded, so that replay attack is effectively avoided.
The invention also provides a computer readable storage medium, which comprises computer execution instructions, when the computer execution instructions run on a computer, the computer is caused to execute the communication method between the terminal equipment of the Internet of things and the server.
The foregoing description is directed to the preferred embodiments of the present invention, but the embodiments are not intended to limit the scope of the invention, and all equivalent changes or modifications made under the technical spirit of the present invention should be construed to fall within the scope of the present invention.
Claims (10)
1. The communication method of the terminal equipment of the Internet of things and the server is characterized by comprising an encryption process and a decryption process, wherein the encryption process comprises the following steps:
s1, selecting a permutation and combination mode of a general symmetric encryption algorithm according to at least one of longitude, latitude, time, ID of a main control chip and count value of a timer of the terminal equipment of the Internet of things at the last communication moment of the terminal equipment of the Internet of things and a server;
s2, encrypting the input message according to the arrangement and combination mode of the general symmetric encryption algorithm selected in the S1 to form a general encryption message;
s3, encrypting the general encryption message by using a first custom encryption algorithm to form a first encryption message;
and S4, encrypting the first encrypted message by using a second custom encryption algorithm to form a final encrypted message.
2. The method for communication between the terminal device and the server according to claim 1, wherein S1 includes:
s11, combining at least one of longitude, latitude, time and count value of a timer of the terminal equipment of the Internet of things and the terminal equipment of the Internet of things at the last communication moment of a server into a character string;
s12, generating a message digest value for the character string by using a message digest algorithm;
s13, generating a check value of the information abstract by using a data integrity check algorithm on the information abstract value;
s14, selecting a permutation and combination mode corresponding to the general symmetric encryption algorithm according to the numerical value interval of the check value of the information abstract.
3. The method for communication between the terminal device and the server according to claim 1, wherein S3 includes:
s31, performing byte-wise cyclic exclusive OR operation on the first custom key and the general encryption message;
s32, combining the general encryption message subjected to the byte-cycle exclusive OR operation with a first custom key to form a first encryption message.
4. The method for communication between the terminal device and the server according to claim 3, wherein,
when the terminal equipment of the internet of things initiates communication, the generation mode of the first custom key is as follows:
the method comprises the steps that a counting value of a timer of a main control chip of the terminal equipment of the Internet of things and an ID of the main control chip of the terminal equipment of the Internet of things are combined into a character string, and a message digest value obtained by a message digest algorithm is used as a first type of custom key for the character string;
when a server initiates communication, the generation mode of the first custom key is as follows:
the server obtains the count value of the timer and the MAC address of the server, combines the count value and the MAC address of the server into a character string, and takes the information abstract obtained by the character string by using the information abstract algorithm as a first custom key.
5. The method for communication between the terminal device of the internet of things and the server according to claim 3, wherein in S32, the general encryption message after the byte-wise cyclic exclusive-or operation is combined with the first custom key in such a way that the first custom key is spliced behind or in front of the general encryption message after the byte-wise cyclic exclusive-or operation, or the two general encryption messages are cross-mixed together according to bytes.
6. The method for communication between the terminal device of internet of things and the server according to claim 3, wherein in S4, the second custom encryption algorithm performs byte-wise cyclic exclusive-or operation on the second custom key and the first encrypted message to obtain a final encrypted message.
7. The method for communication between the terminal device and the server according to claim 6, wherein the second custom key is set by a user and is stored in the terminal device and the server, respectively.
8. The method for communication between the terminal device and the server according to claim 6, wherein the decryption process includes:
s5, transmitting the final encrypted message to target Internet of things terminal equipment or a server;
s6, performing byte-wise cyclic exclusive OR operation on the second custom key and the final encrypted message to obtain a first encrypted message;
s7, a first custom key is taken out from the first encrypted message, and the first custom key and the rest part of the first encrypted message are subjected to byte-wise cyclic exclusive OR operation to obtain a general encrypted message;
s8, comparing whether the first custom key of the communication is the same as the first custom key of the last communication, if so, discarding the final encrypted message obtained by the communication and stopping the communication; if not, continuing to S9;
s9, decrypting the general encryption message according to the arrangement and combination mode of the general symmetric encryption algorithm selected in the S1 to obtain an input message.
9. The method for communication between the terminal device and the server according to claim 1, wherein the step S1 further includes:
s0: and using a data integrity check algorithm to obtain a check value for the original message, and combining the check value with the original message to obtain the input message.
10. Computer readable storage medium, characterized in that it comprises computer-executable instructions which, when run on a computer, cause the computer to perform the internet of things terminal device and server communication method according to any of claims 1-9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310926434.3A CN116668193B (en) | 2023-07-27 | 2023-07-27 | Communication method of terminal equipment and server of Internet of things and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310926434.3A CN116668193B (en) | 2023-07-27 | 2023-07-27 | Communication method of terminal equipment and server of Internet of things and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116668193A true CN116668193A (en) | 2023-08-29 |
| CN116668193B CN116668193B (en) | 2023-10-03 |
Family
ID=87717383
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310926434.3A Active CN116668193B (en) | 2023-07-27 | 2023-07-27 | Communication method of terminal equipment and server of Internet of things and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116668193B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117118613A (en) * | 2023-10-18 | 2023-11-24 | 湖北芯擎科技有限公司 | Whole vehicle instrument data security protection method, equipment and readable storage medium |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2004234304A (en) * | 2003-01-30 | 2004-08-19 | Amano Corp | Time stamp imprinting system to electronic information on internet and program medium thereof |
| US20060064759A1 (en) * | 2004-09-22 | 2006-03-23 | Wildlife Acoustics, Inc. | Method and apparatus for controlling access to downloadable content |
| WO2007073623A1 (en) * | 2005-12-29 | 2007-07-05 | Zte Corporation | A method of downloading digital certification and key |
| CN101051892A (en) * | 2007-03-14 | 2007-10-10 | 江中尧 | Enciphering device and method for CPU special data |
| US7702107B1 (en) * | 2005-07-27 | 2010-04-20 | Messing John H | Server-based encrypted messaging method and apparatus |
| CN101977190A (en) * | 2010-10-25 | 2011-02-16 | 北京中科联众科技有限公司 | Digital content encryption transmission method and server side |
| US9025770B1 (en) * | 2007-06-28 | 2015-05-05 | Trend Micro Incorporated | Dynamic encryption arrangement with a wireless device and methods therefor |
| WO2016037415A1 (en) * | 2014-09-11 | 2016-03-17 | 中兴通讯股份有限公司 | Mobile payment method, system and device, and computer storage medium |
| CN109462470A (en) * | 2018-11-14 | 2019-03-12 | 重庆文理学院 | A kind of news release, method of calibration and system |
| CN116094786A (en) * | 2022-12-29 | 2023-05-09 | 天翼物联科技有限公司 | Data processing method, system, device and storage medium based on double-factor protection |
| WO2023103414A1 (en) * | 2021-12-10 | 2023-06-15 | 深圳市洲明科技股份有限公司 | Media data encryption method and apparatus, and media data playback method and system |
-
2023
- 2023-07-27 CN CN202310926434.3A patent/CN116668193B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2004234304A (en) * | 2003-01-30 | 2004-08-19 | Amano Corp | Time stamp imprinting system to electronic information on internet and program medium thereof |
| US20060064759A1 (en) * | 2004-09-22 | 2006-03-23 | Wildlife Acoustics, Inc. | Method and apparatus for controlling access to downloadable content |
| US7702107B1 (en) * | 2005-07-27 | 2010-04-20 | Messing John H | Server-based encrypted messaging method and apparatus |
| WO2007073623A1 (en) * | 2005-12-29 | 2007-07-05 | Zte Corporation | A method of downloading digital certification and key |
| CN101051892A (en) * | 2007-03-14 | 2007-10-10 | 江中尧 | Enciphering device and method for CPU special data |
| US9025770B1 (en) * | 2007-06-28 | 2015-05-05 | Trend Micro Incorporated | Dynamic encryption arrangement with a wireless device and methods therefor |
| CN101977190A (en) * | 2010-10-25 | 2011-02-16 | 北京中科联众科技有限公司 | Digital content encryption transmission method and server side |
| WO2016037415A1 (en) * | 2014-09-11 | 2016-03-17 | 中兴通讯股份有限公司 | Mobile payment method, system and device, and computer storage medium |
| CN109462470A (en) * | 2018-11-14 | 2019-03-12 | 重庆文理学院 | A kind of news release, method of calibration and system |
| WO2023103414A1 (en) * | 2021-12-10 | 2023-06-15 | 深圳市洲明科技股份有限公司 | Media data encryption method and apparatus, and media data playback method and system |
| CN116094786A (en) * | 2022-12-29 | 2023-05-09 | 天翼物联科技有限公司 | Data processing method, system, device and storage medium based on double-factor protection |
Non-Patent Citations (4)
| Title |
|---|
| BOYU SUN 等: ""An Encrypted Traffic Classification Method Combining Graph Convolutional Network and Autoencoder"", 《2020 IEEE 39TH INTERNATIONAL PERFORMANCE COMPUTING AND COMMUNICATIONS CONFERENCE (IPCCC)》 * |
| TRISHA CHATTERJEE 等: ""Symmetric key cryptosystem using combined cryptographic algorithms - Generalized modified Vernam Cipher method, MSA method and NJJSAA method: TTJSA algorithm"", 《2011 WORLD CONGRESS ON INFORMATION AND COMMUNICATION TECHNOLOGIES》 * |
| 罗文兴;管毅;: "一种基于无线传感网的加密算法的设计", 科技通报, no. 06 * |
| 黄宇鹏;余涛;应志玮;徐骏;承林;周志龙;: "基于混合加密安全传输信息的虚拟电厂交易系统", 信息技术与信息化, no. 03 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117118613A (en) * | 2023-10-18 | 2023-11-24 | 湖北芯擎科技有限公司 | Whole vehicle instrument data security protection method, equipment and readable storage medium |
| CN117118613B (en) * | 2023-10-18 | 2024-01-02 | 湖北芯擎科技有限公司 | Whole vehicle instrument data security protection method, equipment and readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116668193B (en) | 2023-10-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8307208B2 (en) | Confidential communication method | |
| US11533297B2 (en) | Secure communication channel with token renewal mechanism | |
| CN104023013B (en) | Data transmission method, server side and client | |
| CN109688098B (en) | Method, device and equipment for secure communication of data and computer readable storage medium | |
| WO2016056987A1 (en) | Generating a symmetric encryption key | |
| CN116668193B (en) | Communication method of terminal equipment and server of Internet of things and computer readable storage medium | |
| WO2016056990A1 (en) | Method and system for establishing a secure communication channel | |
| US9515989B1 (en) | Methods and apparatus for silent alarm channels using one-time passcode authentication tokens | |
| EP3205051A1 (en) | Mutual authentication | |
| CN113872770A (en) | Security verification method, system, electronic device and storage medium | |
| US10122755B2 (en) | Method and apparatus for detecting that an attacker has sent one or more messages to a receiver node | |
| Widiasari | Combining advanced encryption standard (AES) and one time pad (OTP) encryption for data security | |
| CN111988301A (en) | Secure communication method for preventing client from hacker violence attack | |
| US10491570B2 (en) | Method for transmitting data, method for receiving data, corresponding devices and programs | |
| Goyal et al. | Cryptographic security using various encryption and decryption method | |
| CN107534552B (en) | Method executed at server device, client device and server device | |
| CN112291248A (en) | Method and equipment for protecting HTTPS DDoS attack | |
| Maliberan et al. | A new approach in expanding the hash size of MD5 | |
| Kumar et al. | A novel framework for secure file transmission using modified AES and MD5 algorithms | |
| CN116248258A (en) | Password detection method, device, equipment and storage medium | |
| CN116781265A (en) | Data encryption method and device | |
| Mitchell | Error oracle attacks on cbc mode: Is there a future for cbc mode encryption? | |
| CN112765686A (en) | Power consumption attack prevention framework and method for algorithm key in chip | |
| Ubochi et al. | A comparative analysis of symmetric cryptographic algorithm as a data security tool: A survey | |
| Yap et al. | Security analysis of GCM for communication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |