CN117676559A - Communication method and system based on network slice - Google Patents

Communication method and system based on network slice Download PDF

Info

Publication number
CN117676559A
CN117676559A CN202311560460.5A CN202311560460A CN117676559A CN 117676559 A CN117676559 A CN 117676559A CN 202311560460 A CN202311560460 A CN 202311560460A CN 117676559 A CN117676559 A CN 117676559A
Authority
CN
China
Prior art keywords
user
ciphertext
network
key
slice
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311560460.5A
Other languages
Chinese (zh)
Inventor
董涛
高珊珊
刘志慧
金世超
殷杰
吴静
江昊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan University WHU
Space Star Technology Co Ltd
Original Assignee
Wuhan University WHU
Space Star Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan University WHU, Space Star Technology Co Ltd filed Critical Wuhan University WHU
Priority to CN202311560460.5A priority Critical patent/CN117676559A/en
Publication of CN117676559A publication Critical patent/CN117676559A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0433Key management protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Algebra (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to a communication method and a communication system based on network slicing, wherein the method comprises the following steps: the user side encrypts the network slice identifier requested by the user by using an encryption key and a preset encryption algorithm to obtain a slice identifier ciphertext; the user sends the slice identification ciphertext and the account ciphertext of the corresponding user to the space-based network; the space-based network end updates the account ciphertext based on the re-encryption key identifier N in the account ciphertext, and sends the updated account ciphertext and the slice identifier ciphertext to the ground-based network end; and decrypting the foundation network end to obtain a network slice identifier, and returning the network slice meeting the user request to the user end through the space-based network end. The invention solves the problems of low communication safety, large resource occupation amount and the like in the process of accessing the user to the space-based information network slice due to old space-based information network slice identity authentication method and large calculated amount, and further improves the space-based information network slice identity authentication efficiency and the safety level.

Description

Communication method and system based on network slice
Technical Field
The present invention relates to the field of network security technologies, and in particular, to a communication method and system based on network slicing.
Background
For network slice access security, the current common technical support means is various identity authentication technologies. The world integration network gradually goes into the field of vision of people, makes people can enjoy network service anytime and anywhere, and along with the diversification of network service requirements, the world integration network needs to introduce network slicing technology to meet the differentiated network service requirements. However, in the space-based information network slice identity authentication process based on the space-based information integration, the star-based communication may be invaded by an attacker, and risks such as communication data and personal information leakage of users are faced. Therefore, the technology of the slice identity authentication of the space-based information network needs to be optimized to resist attacks. However, in the existing satellite network slicing research, the relief schemes of common attack modes such as man-in-the-middle spoofing and the like and the identity authentication research for guaranteeing the communication safety are left blank, and some of the identity authentication technologies applicable to the 5G network slicing are poor in performance, so that the computing resource consumption cannot be reduced on the premise of considering authentication safety and user privacy, and the network environment of the space-based information network with high delay, high jitter and limited load resources cannot be adapted.
With the high-speed development of computer technology, people pay more attention to how to further safely realize the safe communication of important slice application information, ensure that both communication parties finish anonymous authentication, resist common network attack, and reduce the calculation overhead required by the traditional encryption technology in the space-based information network satellite with limited load resources.
Therefore, how to further improve the identity authentication efficiency and the security of the space-based information network slice is a problem to be solved.
Disclosure of Invention
In order to solve the technical problems in the prior art, the invention aims to provide a communication method and a communication system based on network slicing, which further improve the identity authentication efficiency and the security of the space-based information network slicing.
In order to achieve the above object, the present invention provides a communication method based on network slicing, comprising the following steps:
step S10, a user side encrypts a network slice identifier requested by the user by using an encryption key and a preset encryption algorithm to obtain a slice identifier ciphertext;
step S20, the user sends the slice identification ciphertext and the account ciphertext of the corresponding user to a space-based network terminal;
step S30, the space-based network terminal updates the account ciphertext based on the re-encryption key identifier N in the account ciphertext, and sends the updated account ciphertext and the slice identifier ciphertext to a ground-based network terminal;
and step S40, the foundation network end decrypts to obtain the network slice identifier, and the network slice meeting the user request is returned to the user end through the space-based network end.
According to one aspect of the present invention, before executing the step S10, the space-based network side sets the communication key k of the network slice based on the security levels of the user side and the ground-based network side x And the communication key k is used for x Distributing to the user terminal and the foundation network terminal so that the user terminal and the foundation network terminal are based on the call key k x And the network slice directly communicates.
According to an aspect of the present invention, before executing the step S10, the method further includes:
performing basic parameter initialization, wherein the basic parameters comprise the scale p of a finite field F ∈, elliptic curve parameters a and b, a base point G= (x, y) of an elliptic curve and an order n of G;
initializing the user terminal, the space-based network terminal and the foundation network terminal based on the finite field F so as to finish respective public key and private key distribution;
defining two anti-collision hash functions H within the finite field F ≡ - 1 And H 2
According to an aspect of the present invention, in the step S20, the method specifically includes:
step S201, the account information of the user and the preset encryption key k are processed AES Combining to obtain plaintext M 1
Step S202, based on the public key P of the user A For the plaintext M 1 Encryption, computing a first portion of ciphertext C A And a second part of ciphertext h A
Step S203, based on the base point G of the elliptic curve and the second partial ciphertext h A Calculating the signature r of the elliptic curve public key cryptographic algorithm A
Step S204, based on the private key d of the user A Calculating the private key signature S A
The plaintext M 1 The method comprises the following steps:
M 1 =(id A account password k AES );
Wherein, id A The method comprises the steps of using the user identity as an identity mark, and using the identity mark to uniquely determine a public key of the user, wherein an account and a password are account information of the user;
the first partial ciphertext C A The method comprises the following steps:
wherein M is 1 In plaintext, H 1 Id, a collision-resistant hash function A For user identification, k is a random number generated within the finite field F ∈, P A Is the public key of the user;
the second partial ciphertext h A The method comprises the following steps:
h A =H 2 (K||M 1 ||id A );
wherein H is 2 As a collision-resistant hash function, k=kg= (x) 1 ,y 1 ) K is a random number generated in the finite field F ∈, G is the base point of the elliptic curve, (x) 1 ,y 1 ) Is a point on the elliptic curve, M 1 Is in plaintext, id A The identification of the user;
signature r of elliptic curve public key cryptographic algorithm A The method comprises the following steps:
r A =x 1 +h A
wherein, (x) 1 ,y 1 ) Is a point on the elliptic curve, h A Is the second partial ciphertext;
the private key signature S A The method comprises the following steps:
S A =(1+d A ) -1 (k-r A d A );
wherein d A K is a random number generated in the finite field F ∈r, which is the private key of the user A Signed for elliptic curve public key cryptography.
According to an aspect of the present invention, in the step S30, the method specifically includes:
step S301, the space-based network side obtains a re-encryption key corresponding to the user from a preset re-encryption key list based on the re-encryption key identifier;
step S302, based on the re-encryption key, the first partial ciphertext C A Re-encrypting and based on the re-encrypted first partial ciphertext C T Updating the account ciphertext, and sending the updated account ciphertext and the slice identification ciphertext to a ground network terminal;
the re-encrypted first partial ciphertext C T The method comprises the following steps:
wherein C is A For the first portion of ciphertext, rk AT And encrypting the key again.
According to an aspect of the present invention, in the step S40, the method specifically includes:
step S401, the foundation network end is based on the second partial ciphertext h A Signature r of elliptic curve public key cryptographic algorithm A The private key signature S A And the public key of the user is applied to the first partial ciphertext C T Decrypting to obtain the preset encryption key and the account information;
step S402, calculating a second partial ciphertext h based on the account information and the user identification information A ' and elliptic curve public key cryptographic algorithm signature r A ';
Step S403, in the second partial ciphertext h A And the elliptic curve public key cryptographic algorithm signature r A And the second partial ciphertext h A ' and elliptic curve public key cryptographic algorithm signature r A When the encrypted content is consistent, decrypting the slice identification ciphertext based on the preset encryption key to obtain the network slice identification;
and step S404, returning the network slice conforming to the user request to the user terminal through the space-based network terminal based on the network slice identifier.
According to an aspect of the present invention, in the step S402, the method specifically includes:
the foundation network terminal signs r based on the elliptic curve public key cryptographic algorithm A The private key signature S A And the public key P of the user A Calculating a point K' on the elliptic curve;
based on the point K' on the elliptic curve, the private key d of the foundation network end T Identification information id of the user A And a collision-resistant hash function H 1 The first partial ciphertext C after re-encryption T Decryption to obtain plaintext M 1 ';
Based on the plaintext M 1 ' calculate the second partial ciphertext h A ' and elliptic curve public key cryptographic algorithm signature r A ';
The point K' on the elliptic curve is:
K'=S A P+(r A +S A )P A
wherein P is generator of group G, G is addition cyclic group with order n, S A For private key signature, r A Signing for elliptic curve public key cryptographic algorithm, P A Is the public key of user a;
the plaintext M 1 ' is:
wherein C is T The first part of ciphertext after being encrypted, id A For user A's identification, H 1 D is a collision-resistant hash function T K 'is a private key of the foundation network end, and K' is a point on the elliptic curve.
According to an embodiment of the present invention, in step S404, the method specifically includes:
the ground-based network terminal combines a plurality of network slices conforming to the user request into a slice identifier Fu Shuzu, and transmits the slice identifier array to the user terminal, so that the user selects one of the plurality of network slices.
According to one technical scheme of the invention, the re-encryption key is generated by adopting the following steps:
the user side is based on a random number k generated by the user in the finite field F & lt, and the anti-collision hash function H 1 Identification id of the user A Identification id of the foundation network end T Public key P of the user A And the public key P of the foundation network end T Calculating the re-encryption key rk of the user AT And re-encrypting the key rk AT Transmitting to the space-based network terminal;
the space-based network end encrypts the re-encryption key rk AT Storing the encrypted data into a preset re-encryption key list, and storing the re-encryption key rk AT Returning a corresponding key number N in the preset re-encryption key list to the user side;
the re-encryption key rk AT The method comprises the following steps:
according to one aspect of the present invention, there is provided a network slice based communication system comprising:
the user end is used for encrypting the network slice identifier by using a preset encryption key and a preset encryption algorithm to obtain a slice identifier ciphertext;
the space-based network end is used for updating the account ciphertext based on the re-encryption key identifier N in the account ciphertext;
the user end is also used for sending the slice identification ciphertext and the account ciphertext of the corresponding user to the space-based network end;
the foundation network end is used for decrypting to obtain the network slice identifier, and returning the network slice meeting the user request to the user end through the space-based network end;
the space-based network end is also used for sending the updated account ciphertext and the slice identification ciphertext to the ground-based network end.
According to an aspect of the present invention, there is provided an electronic apparatus including: one or more processors, one or more memories, and one or more computer programs; wherein the processor is connected to the memory, the one or more computer programs are stored in the memory, and when the electronic device is running, the processor executes the one or more computer programs stored in the memory, so that the electronic device performs a network slice-based communication method according to any one of the above technical solutions.
According to an aspect of the present invention, there is provided a computer readable storage medium storing computer instructions which, when executed by a processor, implement a network slice based communication method as set forth in any one of the above technical solutions.
Compared with the prior art, the invention has the following beneficial effects:
the invention provides a communication method and a system based on network slicing, which solve the problems of low communication safety, large resource occupation amount and the like in the process of accessing a user to a space-based information network slicing due to old space-based information network slicing identity authentication method and large calculation amount by a proxy re-encryption mechanism and a slicing identity authentication flow, and further improve the space-based information network slicing identity authentication efficiency and the safety level.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required to be used in the embodiments will be briefly described below. It is apparent that the drawings in the following description are only some embodiments of the present invention, and that other drawings may be obtained from these drawings without inventive effort for a person of ordinary skill in the art.
FIG. 1 schematically shows a flow chart of a communication method based on network slicing provided by the invention;
FIG. 2 schematically illustrates a schematic diagram of an implementation framework provided by the present invention;
figure 3 schematically shows a schematic diagram of SM2 and proxy re-encryption combination provided by the present invention;
FIG. 4 schematically shows a schematic diagram of a slice identity authentication process of a space-based information network provided by the invention;
fig. 5 schematically illustrates a communication system structure diagram based on network slicing according to the present invention;
fig. 6 schematically shows a hardware structure of an electronic device according to the present invention;
fig. 7 schematically shows a schematic structure of a computer-readable storage medium according to the present invention.
Detailed Description
In order to make the present application solution better understood by those skilled in the art, the following description will be made in detail and with reference to the accompanying drawings in the embodiments of the present application, it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, shall fall within the scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that embodiments of the present application described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
According to embodiments of the present application, there is provided a method embodiment of a network slice based communication method, it being noted that the steps illustrated in the flowchart of the figures may be performed in a computer system, such as a set of computer executable instructions, and that although a logical order is illustrated in the flowchart, in some cases the steps illustrated or described may be performed in an order different from that herein.
The embodiment designs a space-based information network slice identity authentication technology based on trusted cryptograph conversion by using a proxy re-encryption technology and a slice identity framework. The slice identity authentication flow refers to a slice application process in a ground 5G network, and trusted ciphertext conversion is realized by combining proxy re-encryption and SM2 encryption algorithm.
Referring to fig. 1, fig. 1 is a flowchart of a communication method based on network slicing, as shown in fig. 1, including the following steps:
step S100, including: the user side encrypts the network slice identifier requested by the user by using a preset encryption key and a preset encryption algorithm to obtain a slice identifier ciphertext;
it should be noted that, in this embodiment, the environment is used for the communication of the radix sedoensis based information network based on the slice identity authentication of the radix sedoensis based on the trusted cryptograph conversion, referring to fig. 2, fig. 2 is a schematic diagram of an implementation framework provided by the present invention, and fig. 2 includes a user end, a radix sedoensis information network satellite (i.e. a radix sedoensis network end), and a ground core network end (i.e. a ground network end).
It will be appreciated that the preset encryption algorithm may be an encryption algorithm agreed between the user side and the base network side at the time of system initialization, and the encryption algorithm includes but is not limited to AES.
Further, the preset encryption key is a key of the preset encryption algorithm, and is used for encrypting the network slice identifier sent to the foundation network end by the user end.
Further, the network slice identifier M 2 Can be set as NSSAI, wherein the encryption obtains a slice identification ciphertext C AES The step of using the preset encryption key k AES Identifying M for the network slice 2 Is symmetrically encrypted:
C AES = EnC AES (M 2 , k AES )。 (1)
step S20, the user side sends the slice identification ciphertext and the account ciphertext of the corresponding user to the space-based network side, including: the user sends the slice identification ciphertext and the account ciphertext of the corresponding user to the space-based network;
it may be understood that the account information of the user may be obtained by sending a user ID and a password to the ground network end when the user accesses the network for the first time, or may be obtained by sending a user ID and a password to the ground network end when the user opens a network session each time, where the account information includes an account number and a password.
Further, the step of obtaining the account ciphertext further includes:
step S201: account information and preset encryption key k for user a AES Combining to obtain plaintext M 1
It will be appreciated that the plain text M described above 1 The method comprises the following steps:
M 1 =(id A account password k AES );
Wherein M is 1 In plaintext, H 1 Id, a collision-resistant hash function A For the identity of user a, k is a random number generated within the finite field F ∈, P A Is the public key of user a.
Step S202: public key P based on user A A For plaintext M 1 Encryption, computing a first portion of ciphertext C A And a second part of ciphertext h A
It will be appreciated that the first partial ciphertext C A The method comprises the following steps:
wherein M is 1 In plaintext, H 1 Id, a collision-resistant hash function A For the identity of user a, k is a random number generated within the finite field F ∈, P A Is the public key of user a;
it will be appreciated that the second partial ciphertext h A The method comprises the following steps:
h A =H 2 (K||M 1 ||id A ); (3)
wherein H is 2 As a collision-resistant hash function, k=kg= (x) 1 ,y 1 ) K is a random number generated in the finite field F ∈, G is the base point of the elliptic curve, (x) 1 ,y 1 ) Is a point on the elliptic curve, M 1 Is in plaintext, id A Is the identity of user a.
Step S203: base point G and second partial ciphertext h based on elliptic curve A Computing elliptic curve public key cryptographic algorithm signature r A
It will be appreciated that elliptic curve public key cryptographic algorithm signature r A The method comprises the following steps:
r A =x 1 +h A
wherein, (x) 1 ,y 1 ) Is a point on the elliptic curve, h A Is the second portion of ciphertext.
Step S204: private key d based on user A A Calculate a private key signature S A
It will be appreciated that the private key signature S A The method comprises the following steps:
S A =(1 + d A ) -1 (k - r A d A ); (4)
wherein d A K is a random number generated in the finite field F ≡, r for the private key of user A A Signed for elliptic curve public key cryptography.
Further, the account ciphertext c= (C A ,N,h A ,r A ,s A )。
Step S30, including: step S301, the space-based network side obtains a re-encryption key corresponding to a user from a preset re-encryption key list based on the re-encryption key identification;
it may be understood that the re-encryption key list is a list stored in a memory of the space-based network side, where the list includes a re-encryption key identifier and a re-encryption key, where the re-encryption key identifier may be used to uniquely identify a re-encryption key of a different user, where the re-encryption key may be generated by a user of the user side through calculation, and the generated re-encryption key is sent to the space-based network side, where the space-based network side returns the unique re-encryption key identifier to the user side.
Step S302, based on the re-encryption key, the first partial ciphertext C A Re-encrypting and based on the re-encrypted first partial ciphertext C T Updating the account ciphertext, and sending the updated account ciphertext and the slice identification ciphertext to the foundation network terminal;
In a specific implementation, after receiving a message sent by a user terminal, a space-based network terminal sends a first ciphertext C to an account ciphertext C according to a re-encryption key identifier in the account ciphertext C A Re-encrypting to obtain a first ciphertext C T
Further, the first ciphertext C T The method comprises the following steps:
wherein C is A The first portion of ciphertext before re-encryption, rk AT And encrypting the key again.
Further, the updated account ciphertext is C' = (C) T ,N,h A ,r A ,s A )。
Step S40, the foundation network end decrypts to obtain the network slice identification, and returns the network slice meeting the user request to the user end through the space-based network end, comprising:
step S401, the foundation network side is based on the second partial ciphertext h A Elliptic curve public key cryptographic algorithm signature r A Private key signature S A And the public key of the user to the first partial ciphertext C T Decrypting to obtain a preset encryption key and account information;
step S402, calculating a second partial ciphertext h based on the account information and the identification information of the user A ' and elliptic curve public key cryptographic algorithm signature r A ';
In a specific implementation, after receiving updated account ciphertext and slice identification ciphertext sent by a space-based network end, a ground-based network end decrypts a first ciphertext in the account ciphertext to obtain account information and a preset encryption key, and recalculates a second partial ciphertext h according to the account information and the representation information of a user A ' and elliptic curve public key cryptographic algorithm signature r A '。
Further, the second partial ciphertext h is calculated A ' and elliptic curve public key cryptographic algorithm signature r A The' step comprises:
step S402a, signing r by foundation network based on elliptic curve public key cryptographic algorithm A Private key signature S A And the public key P of the user A Calculating a point K' on the elliptic curve;
the point K' on the elliptic curve is:
K'=S A P+(r A +S A )P A ; (6)
wherein P is generator of group G, G is addition cyclic group with order n, S A For private key signature, r A Signing for elliptic curve public key cryptographic algorithm, P A Is the public key of user a.
Step S402b, based on the point K' on the elliptic curve, the private key d of the foundation network end T Identification information id of user A And a collision-resistant hash function H 1 For the first ciphertext C T Decryption to obtain plaintext M 1 ';
Plaintext M 1 ' is:
wherein C is T The first ciphertext, id, after being re-encrypted A For user A's identification, H 1 D is a collision-resistant hash function T K 'is a private key of the foundation network end, and K' is a point on the elliptic curve.
Step S402c, based on plaintext M 1 ' calculate the second partial ciphertext h A ' and elliptic curvePublic key cryptographic algorithm signature r A '。
Step S403, in the second partial ciphertext h A Signature r of elliptic curve public key cryptographic algorithm A And a second part of ciphertext h A ' and elliptic curve public key cryptographic algorithm signature r A When the encrypted piece identification ciphertext is consistent, decrypting the piece identification ciphertext based on a preset encryption key to obtain a network piece identification;
in a specific implementation, the foundation network end judgment (h' A ,r′ A ) Sum (h) A ,s A ) If they are identical, then accept message M' 1 Otherwise, refusing to receive.
Step S403, returning the network slice meeting the user request to the user terminal through the space-based network terminal based on the network slice identifier;
further, the returning the network slice meeting the user request to the user terminal through the space-based network terminal includes:
the ground-based network terminal combines the plurality of network slices conforming to the user request into a slice identifier Fu Shuzu and transmits the slice identifier array to the user terminal so that the user selects one of the plurality of network slices.
In a specific implementation, the foundation network side provides a plurality of NSSAIs which approximately meet the application requirements of users, and the NSSAIs are formed into a slice identifier Fu Shuzu NSSAIS, packaged and sent to the corresponding users for the users to select the desired slice;
wherein M is 1 =(id T ||k AES ),M 2 NSSAIS, will M 1 Calculate ciphertext C by taking into equation (2) (3) (4) T Selecting an AES key k AES And encrypt M with it 2 Obtaining C AES Combine to form the final ciphertext c= (C T ,C AES ,N,h T ,r T ,s T )。
Further, the space-based network performs re-encryption on the ciphertext C by using the formula (5), and outputs a new ciphertext C' = (C) A ,N,h T ,r T ,s T ) The method comprises the steps of carrying out a first treatment on the surface of the And sends the new ciphertext C' to the user terminal.
Further, the client side will C A Substituting into formulas (6), (7) and (1) to decrypt to obtain M' 1 Key k is taken AES Decryption M' 2 Obtaining the slice characteristic identification information NSSAIS distributed by the core network for the user. Using M' 1 Calculating partial ciphertext h according to equation (3) T ′=H 2 (K′||M′ 1 ||id T ) Computing partial signature r' T =x′ 1 +h′ T Judging (h' T ,r′ T ) Sum (h) T ,s T ) If they are identical, then accept message M' 1 Otherwise, refusing to receive.
Further, the client transmits the packet by matching the slices, and if only the characteristic value of one slice is successful, the client uses the slice. In the case of not being able to match NSSAI exactly, as many slices as possible are selected that meet the criteria. And feeding the selected slice back to the foundation network end again for service authentication.
The communication method based on the network slice further comprises the following steps: before executing step S10, the space-based network side sets the communication key k of the network slice based on the security levels of the user side and the ground-based network side x And will communicate the key k x Distributing to the user terminal and the foundation network terminal so that the user terminal and the foundation network terminal are based on the call key k x And communicate directly with the network slice.
In a specific implementation, after determining space-based information network slicing service at a user end and a foundation network end, a space-based network end selects a secret key k meeting the security level requirement for both communication parties x ,M=k x This key serves as a direct call key for the user to thereafter enjoy the space-based information network slicing service.
Further, the space-based network terminal selects a random number k in a finite field F ∈and encrypts the key k by a public key and a private key of the space-based network terminal x And the encrypted key is sent to the user terminal and the foundation network terminal so that the user terminal and the foundation network terminal can decrypt and accept the key after passing the authentication.
It can be appreciated that based on the defects in the background art, the embodiment of the invention provides a communication method based on network slicing. Method ofComprising the following steps: the user side encrypts the network slice identifier requested by the user by using a preset encryption key and a preset encryption algorithm to obtain a slice identifier ciphertext; encrypting the account information of the user and a preset encryption key by using a public key and a private key of the user to obtain an account ciphertext, wherein the account ciphertext comprises a first part of ciphertext C A Re-encryption key identification N, second partial ciphertext h A Elliptic curve public key cryptographic algorithm signature r A And private key signature S A The method comprises the steps of carrying out a first treatment on the surface of the Transmitting the slice identification ciphertext and the account ciphertext to a space-based network terminal; the space-based network end obtains a re-encryption key corresponding to the user from a preset re-encryption key list based on the re-encryption key identification; based on re-encryption key pair first partial ciphertext C A Re-encrypting and based on the re-encrypted first partial ciphertext C T Updating the account ciphertext, and sending the updated account ciphertext and the slice identification ciphertext to the foundation network terminal; the foundation network end is based on the second partial ciphertext h A Elliptic curve public key cryptographic algorithm signature r A Private key signature S A And the public key of the user to the first partial ciphertext C T Decrypting to obtain a preset encryption key and account information; based on the account information and the identification information of the user, calculating a second partial ciphertext h A ' and elliptic curve public key cryptographic algorithm signature r A 'A'; in the second part of ciphertext h A Signature r of elliptic curve public key cryptographic algorithm A And a second part of ciphertext h A ' and elliptic curve public key cryptographic algorithm signature r A When the encrypted piece identification ciphertext is consistent, decrypting the piece identification ciphertext based on a preset encryption key to obtain a network piece identification; returning the network slice meeting the user request to the user terminal through the space-based network terminal based on the network slice identifier; the space-based network side sets a communication key k of a network slice based on security levels of the user side and the foundation network side x And will communicate the key k x Distributing to the user terminal and the foundation network terminal so that the user terminal and the foundation network terminal are based on the call key k x And communicate directly with the network slice.
The invention solves the problems of low communication safety, large resource occupation amount and the like in the process of accessing the space-based information network slice by a user due to old space-based information network slice identity authentication method and large calculation amount by a proxy re-encryption mechanism and a slice identity authentication flow, and further improves the space-based information network slice identity authentication efficiency and the safety level.
In a possible embodiment, before the step of obtaining the slice identifier ciphertext by encrypting the network slice identifier requested by the user by using the preset encryption key and the preset encryption algorithm, the method includes: initializing parameters;
step S001, initializing basic parameters, wherein the basic parameters comprise the scale p of a finite field F ∈, elliptic curve parameters a and b, a base point G= (x, y) of an elliptic curve and the order n of G;
step S002, initializing the user of the user terminal, the space-based network terminal and the foundation network terminal based on the finite field F so as to finish the distribution of the public key and the private key;
step S003, defining two anti-collision hash functions H in a finite field F ∈ - 1 And H 2
In a specific implementation, selecting an SM2 encryption algorithm basic parameter, a scale p of a finite field F ∈p, elliptic curve parameters a and b, a base point G= (x, y) of an elliptic curve, and an order n of G;
Further, the user side, the space-based network side and the foundation network side are respectively selected from own 32-byte private keys within the range of the finite field F ∈3, and secret-store own private keys, wherein the user private keys are respectively marked as d A ,d B ......d F Wherein the target user is A, and the private keys of the access network and the core network are respectively marked as d S ,d T Each party calculates a corresponding public key by using own private key, marks the corresponding private key, and the user public keys are P respectively A ,P B ......P F The public keys of the space-based network end and the foundation network end are P respectively S ,P T
Further, two collision-resistant hash functions within a finite field are defined: h 1 :{0,1} 64 ×G->F§,H 2 :{0,1} 64 ×{0,1} 64 ×G->F§。
In a possible embodiment, before the step of obtaining, by the space-based network side, the re-encryption key corresponding to the user from the preset re-encryption key list based on the re-encryption key identifier, the method includes: updating the re-encryption key list;
step S004, the user is based on the random number k generated by the user in the finite field F and the anti-collision hash function H 1 Identification id of user A Identification id of foundation network end T Public key P of user A And public key P of foundation network end T Computing the re-encryption key rk of the user AT And re-encrypt the key rk AT Transmitting to a space-based network terminal;
step S005, the space-based network re-encrypts the key rk AT Storing the encrypted data into a preset re-encryption key list, and re-encrypting a re-encryption key rk AT Returning a corresponding key number N in a preset re-encryption key list to the user side;
re-encryption key rk AT The method comprises the following steps:
in a specific implementation, the user side transmits the re-encryption key to a satellite S in the space-based network side, the satellite stores the re-encryption key, numbers the key, and returns the number N to the user side.
In a possible embodiment, the communication method based on network slicing provided in this embodiment further includes a step that a user accesses a ground network end through a user end;
in the step of accessing the ground network end, the user a firstly sends a registration application to the ground network end to register an account of an accessible network, wherein the transmission information plaintext comprises the identity ID and the password of the user a, and m= (ID) A Secret code).
The user side also needs to encrypt the plaintext M by using formulas (2), (3) and (4) through the public key and the private key of the user before the information transmission, and outputs ciphertext c= (C) for transmission A ,N,h A ,r A ,s A )。
After receiving the ciphertext C, the space-based network satellite selects a re-encryption key according to N in the plaintext C, and pairs C based on the re-encryption key A Re-encryption is performed based on formula (5), and ciphertext C' = (C) is output T ,N,h A ,r A ,s A )。
The foundation network end decrypts the ciphertext based on the formula (6) and the formula (7) after receiving the ciphertext C ', and recalculates (h' A ,r′ A ) In (h' A ,r′ A ) Sum (h) A ,s A ) And when the account information and the password are consistent, distributing the account information and the password for the user A, and reversely transmitting the account information and the password to the user A through the channel.
In the embodiment, by using a re-encryption mechanism for the user registration process, the security of the user in the user registration process based on the space-based network communication is greatly improved, and the identity authentication efficiency is improved.
In a possible embodiment, referring to fig. 3, fig. 3 is a schematic diagram of combination of SM2 and proxy re-encryption provided by the present invention, in fig. 3, by combining an SM2 encryption algorithm with high password complexity and low computing resource consumption with a proxy re-encryption technology, quick and reliable communication suitable for a space-based information network is implemented, the identity authentication flow of which is referring to fig. 4, and fig. 4 is a schematic diagram of a space-based information network slice identity authentication process based on the method provided by the present invention.
Wherein, the sender of the message is set as user A, and id is set as id A The message receiver is user T, id is id T Id is a user identification that can uniquely determine the user public key (excluding the user's true identity and address). Setting a finite field where an algorithm is located as F (), setting the order of the finite field as p, and selecting a base point as G on the finite field. Two secure cryptographic hash functions (typically SM 3) are chosen: h1 H2. Both AT parties each generate a random number d A ∈F§,d T E F ∈ the random number serves as the AT's respective private key. Then calculate the public key P of both parties A =d A G,P T =d T G。
User a generates a random number K in a finite field, and calculates k=kg= (x) 1 ,y 1 ) The method comprises the steps of carrying out a first treatment on the surface of the Encrypting plaintext M,Second partial ciphertext h A =H 2 (K||M||id A ) The method comprises the steps of carrying out a first treatment on the surface of the Computing SM2 partial signature r A =x 1 +h A The method comprises the steps of carrying out a first treatment on the surface of the Computing partial signature s A =(1+d A ) -1 (k-r A d A ) The method comprises the steps of carrying out a first treatment on the surface of the Obtaining final ciphertext information C= (C) A ,id A ,h A ,r A ,s A )。
User a calculates a re-encryption key rk AT . Public key P of A A And T public key P T Combining the processing to generate a re-encryption key, calculating from the existing information and the public key of T
After the calculation is completed, the user A uses the user A to encrypt the ciphertext C and the re-encryption key rk AT The new ciphertext C' = (C) is output by converting the ciphertext by the satellite at the space-based network according to the re-encryption key T ,id A ,h A ,r A ,s A ). And the new ciphertext C' is sent to the foundation network end.
The foundation network end decrypts the ciphertext C 'to obtain plaintext, and performs authenticity verification on the plaintext, and the method is carried out on the plaintext in (h' A ,r′ A ) Sum (h) A ,s A ) And when the messages are consistent, receiving the messages.
In the embodiment, the problems of low communication security, large resource occupation amount and the like in the process of accessing the space-based information network slice by a user due to old space-based information network slice identity authentication method and large calculation amount are solved by the agent re-encryption mechanism and the slice identity authentication flow, and the space-based information network slice identity authentication efficiency and the security level are further improved.
Referring to fig. 5, fig. 5 is a schematic diagram of a communication system structure based on network slicing according to an embodiment of the present invention, and as shown in fig. 5, a communication system based on network slicing includes a user terminal 100, a space-based network terminal 200 and a ground-based network terminal 300.
The client 100 is configured to encrypt the network slice identifier by using a preset encryption key and a preset encryption algorithm to obtain a slice identifier ciphertext;
the space-based network end 200 is configured to update an account ciphertext based on the re-encryption key identifier N in the account ciphertext;
the user terminal 100 is further configured to send the slice identifier ciphertext and the account ciphertext corresponding to the user to the space-based network terminal 200;
the base network end 300 is configured to decrypt to obtain a network slice identifier, and return the network slice that meets the user request to the user end 100 through the space-based network end;
the space-based network end 200 is further configured to send the updated account ciphertext and the slice identifier ciphertext to the ground-based network end 300.
More specifically, the client 100 is configured to encrypt a network slice identifier requested by a user by using a preset encryption key and a preset encryption algorithm to obtain a slice identifier ciphertext; encrypting the account information of the user and a preset encryption key by using a public key and a private key of the user to obtain an account ciphertext, wherein the account ciphertext comprises a first part of ciphertext C A Re-encryption key identification N, second partial ciphertext h A Elliptic curve public key cryptographic algorithm signature r A And private key signature S A The method comprises the steps of carrying out a first treatment on the surface of the Transmitting the slice identification ciphertext and the account ciphertext to a space-based network terminal;
the space-based network end 200 is configured to obtain a re-encryption key corresponding to the user from a preset re-encryption key list based on the re-encryption key identifier; based on re-encryption key pair first partial ciphertext C A Re-encrypting and based on the re-encrypted first partial ciphertext C T Updating the account ciphertext, and sending the updated account ciphertext and the slice identification ciphertext to the foundation network terminal; setting communication key k of network slice based on security level of user side and foundation network side x And will communicate the key k x Distributed to the user end and the foundation network end so as to ensure thatThe user terminal and the foundation network terminal are based on the call key k x Directly communicating with the network slice;
a ground network 300 for receiving the second partial ciphertext h A Elliptic curve public key cryptographic algorithm signature r A Private key signature S A And the public key of the user to the first partial ciphertext C T Decrypting to obtain a preset encryption key and account information; based on the account information and the identification information of the user, calculating a second partial ciphertext h A ' and elliptic curve public key cryptographic algorithm signature r A 'A'; in the second part of ciphertext h A Signature r of elliptic curve public key cryptographic algorithm A And a second part of ciphertext h A ' and elliptic curve public key cryptographic algorithm signature r A When the encrypted piece identification ciphertext is consistent, decrypting the piece identification ciphertext based on a preset encryption key to obtain a network piece identification; and returning the network slice meeting the user request to the user terminal through the space-based network terminal based on the network slice identifier.
It can be understood that, in the network slice-based communication system provided by the present invention, corresponding to the network slice-based communication method provided in the foregoing embodiments, relevant technical features of the network slice-based communication system may refer to relevant technical features of the network slice-based communication method, which are not described herein.
Referring to fig. 6, fig. 6 is a schematic diagram of an embodiment of an electronic device according to an embodiment of the invention. As shown in fig. 6, an embodiment of the present invention provides an electronic device, including a memory 1310, a processor 1320, and a computer program 1311 stored in the memory 1310 and capable of running on the processor 1320, where the processor 1320 implements a network slice-based communication method according to any of the above solutions when executing the computer program 1311.
Referring to fig. 7, fig. 7 is a schematic diagram of an embodiment of a computer readable storage medium according to the present invention. As shown in fig. 7, the present embodiment provides a computer-readable storage medium 1400 on which a computer program 1411 is stored, which computer program 1411, when executed by a processor, implements a network slice-based communication method as in any of the above-described technical solutions.
Computer-readable storage media may include any medium that can store or transfer information. Examples of a computer readable storage medium include an electronic circuit, a semiconductor memory device, a ROM, a flash memory, an Erasable ROM (EROM), a floppy disk, a CD-ROM, an optical disk, a hard disk, a fiber optic medium, a Radio Frequency (RF) link, and the like. The code segments may be downloaded via computer networks such as the internet, intranets, etc.
The invention discloses a communication method and a communication system based on network slicing, wherein the communication method comprises the following steps: step S10, a user side encrypts a network slice identifier requested by the user by using an encryption key and a preset encryption algorithm to obtain a slice identifier ciphertext; step S20, the user sends the slice identification ciphertext and the account ciphertext of the corresponding user to the space-based network; step S30, the space-based network terminal updates the account ciphertext based on the re-encryption key identifier N in the account ciphertext, and sends the updated account ciphertext and the slice identifier ciphertext to the ground-based network terminal; step S40, the foundation network end decrypts to obtain the network slice identifier, the network slice meeting the user request is returned to the user end through the space-based network end, and the problems of low communication safety, large resource occupation amount and the like in the process of accessing the space-based information network slice by the user due to old space-based information network slice identity authentication method and large calculation amount are solved through the proxy re-encryption mechanism and the slice identity authentication flow, so that the space-based information network slice identity authentication efficiency and the safety level are further improved.
Furthermore, it should be noted that the present invention can be provided as a method, an apparatus, or a computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the invention may take the form of a computer program product on one or more computer-usable storage media having computer-usable program code embodied therein.
Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, embedded processor, or other programmable data processing terminal device to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal device, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks. These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It should also be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or terminal device comprising the element.
It is finally pointed out that the above description of the preferred embodiments of the invention, it being understood that although preferred embodiments of the invention have been described, it will be obvious to those skilled in the art that, once the basic inventive concepts of the invention are known, several modifications and adaptations can be made without departing from the principles of the invention, and these modifications and adaptations are intended to be within the scope of the invention. It is therefore intended that the following claims be interpreted as including the preferred embodiment and all such alterations and modifications as fall within the scope of the embodiments of the invention.

Claims (10)

1. A network slice-based communication method, comprising the steps of:
step S10, a user side encrypts a network slice identifier requested by the user by using an encryption key and a preset encryption algorithm to obtain a slice identifier ciphertext;
step S20, the user sends the slice identification ciphertext and the account ciphertext of the corresponding user to a space-based network terminal;
step S30, the space-based network terminal updates the account ciphertext based on the re-encryption key identifier N in the account ciphertext, and sends the updated account ciphertext and the slice identifier ciphertext to a ground-based network terminal;
And step S40, the foundation network end decrypts to obtain the network slice identifier, and the network slice meeting the user request is returned to the user end through the space-based network end.
2. The network slice-based communication method according to claim 1, wherein the space-based network side sets the communication key k of the network slice based on the security levels of the user side and the ground-based network side before performing the step S10 x And the communication key k is used for x Distributing to the user terminal and the foundation network terminal so that the user terminal and the foundation network terminal are based on the call key k x And the network slice directly communicates.
3. The network slice-based communication method according to claim 1, further comprising, before performing the step S10:
performing basic parameter initialization, wherein the basic parameters comprise the scale p of a finite field F ∈, elliptic curve parameters a and b, a base point G= (x, y) of an elliptic curve and an order n of G;
initializing the user terminal, the space-based network terminal and the foundation network terminal based on the finite field F so as to finish respective public key and private key distribution;
defining two anti-collision hash functions H within the finite field F ≡ - 1 And H 2
4. A network slice based communication method according to claim 3, wherein in said step S20, specifically comprising:
step S201, the account information of the user and the preset encryption key k are processed AES Combining to obtain plaintext M 1
Step S202, based on the public key P of the user A For the plaintext M 1 Encryption, computing a first portion of ciphertext C A And a second part of ciphertext h A
Step S203, based on the base point G of the elliptic curve and the second partial ciphertext h A Calculating the signature r of the elliptic curve public key cryptographic algorithm A
Step S204, based on the private key d of the user A Calculating the private key signature S A
The plaintext M 1 The method comprises the following steps:
M 1 =(id A account password k AES );
Wherein, id A The method comprises the steps of using the user identity as an identity mark, and using the identity mark to uniquely determine a public key of the user, wherein an account and a password are account information of the user;
the first partial ciphertext C A The method comprises the following steps:
wherein M is 1 In plaintext, H 1 Id, a collision-resistant hash function A For user identification, k is a random number generated within the finite field F ∈, P A Is the public key of the user;
the second partial ciphertext h A The method comprises the following steps:
h A =H 2 (K||M 1 ||id A );
wherein H is 2 As a collision-resistant hash function, k=kg= (x) 1 ,y 1 ) K is a random number generated in the finite field F ∈, G is the base point of the elliptic curve, (x) 1 ,y 1 ) Is a point on the elliptic curve, M 1 Is in plaintext, id A The identification of the user;
signature r of elliptic curve public key cryptographic algorithm A The method comprises the following steps:
r A =x 1 +h A
wherein, (x) 1 ,y 1 ) Is a point on the elliptic curve, h A Is the second partial ciphertext;
the private key signature S A The method comprises the following steps:
S A =(1+d A ) -1 (k-r A d A );
wherein d A K is a random number generated in the finite field F ∈r, which is the private key of the user A Signed for elliptic curve public key cryptography.
5. The network slice-based communication method according to claim 4, wherein in the step S30, specifically comprising:
step S301, the space-based network side obtains a re-encryption key corresponding to the user from a preset re-encryption key list based on the re-encryption key identifier;
step S302, based on the re-encryption key, the first partial ciphertext C A Re-encrypting and based on the re-encrypted first partial ciphertext C T Updating the account ciphertext, and sending the updated account ciphertext and the slice identification ciphertext to a ground network terminal;
the re-encrypted first partial ciphertext C T The method comprises the following steps:
wherein C is A For the first portion of ciphertext, rk AT And encrypting the key again.
6. The network slice-based communication method according to claim 5, wherein in the step S40, specifically comprising:
Step S401, the foundation network end is based on the second partial ciphertext h A Signature r of elliptic curve public key cryptographic algorithm A The private key signature S A And the public key of the user is applied to the first partial ciphertext C T Decrypting to obtain the preset encryption key and the account information;
step S402, calculating a second partial ciphertext h based on the account information and the user identification information A ' and elliptic curve public key cryptographic algorithm signature r A ';
Step S403, in the second partial ciphertext h A And the elliptic curve public key cryptographic algorithm signature r A And the second partial ciphertext h A ' and elliptic curve public key cryptographic algorithm signature r A When the encrypted content is consistent, decrypting the slice identification ciphertext based on the preset encryption key to obtain the network slice identification;
and step S404, returning the network slice conforming to the user request to the user terminal through the space-based network terminal based on the network slice identifier.
7. The network slice-based communication method according to claim 6, wherein in the step S402, specifically comprising:
the foundation network terminal signs r based on the elliptic curve public key cryptographic algorithm A The private key signature S A And the userPublic key P A Calculating a point K' on the elliptic curve;
based on the point K' on the elliptic curve, the private key d of the foundation network end T Identification information id of the user A And a collision-resistant hash function H 1 The first partial ciphertext C after re-encryption T Decryption to obtain plaintext M 1 ';
Based on the plaintext M 1 ' calculate the second partial ciphertext h A ' and elliptic curve public key cryptographic algorithm signature r A ';
The point K' on the elliptic curve is:
K'=S A P+(r A +S A )P A
wherein P is generator of group G, G is addition cyclic group with order n, S A For private key signature, r A Signing for elliptic curve public key cryptographic algorithm, P A Is the public key of user a;
the plaintext M 1 ' is:
wherein C is T The first part of ciphertext after being encrypted, id A For user A's identification, H 1 D is a collision-resistant hash function T K 'is a private key of the foundation network end, and K' is a point on the elliptic curve.
8. The network slice-based communication method according to claim 7, wherein in step S404, specifically comprising:
the ground-based network terminal combines a plurality of network slices conforming to the user request into a slice identifier Fu Shuzu, and transmits the slice identifier array to the user terminal, so that the user selects one of the plurality of network slices.
9. The network slice based communication method of claim 8, wherein the re-encryption key is generated by:
the user side is based on a random number k generated by the user in the finite field F & lt, and the anti-collision hash function H 1 Identification id of the user A Identification id of the foundation network end T Public key P of the user A And the public key P of the foundation network end T Calculating the re-encryption key rk of the user AT And re-encrypting the key rk AT Transmitting to the space-based network terminal;
the space-based network end encrypts the re-encryption key rk AT Storing the encrypted data into a preset re-encryption key list, and storing the re-encryption key rk AT Returning a corresponding key number N in the preset re-encryption key list to the user side;
the re-encryption key rk AT The method comprises the following steps:
10. a network slice-based communication system, comprising:
the user end is used for encrypting the network slice identifier by using a preset encryption key and a preset encryption algorithm to obtain a slice identifier ciphertext;
the space-based network end is used for updating the account ciphertext based on the re-encryption key identifier N in the account ciphertext;
the user end is also used for sending the slice identification ciphertext and the account ciphertext of the corresponding user to the space-based network end;
The foundation network end is used for decrypting to obtain the network slice identifier, and returning the network slice meeting the user request to the user end through the space-based network end;
the space-based network end is also used for sending the updated account ciphertext and the slice identification ciphertext to the ground-based network end.
CN202311560460.5A 2023-11-21 2023-11-21 Communication method and system based on network slice Pending CN117676559A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311560460.5A CN117676559A (en) 2023-11-21 2023-11-21 Communication method and system based on network slice

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311560460.5A CN117676559A (en) 2023-11-21 2023-11-21 Communication method and system based on network slice

Publications (1)

Publication Number Publication Date
CN117676559A true CN117676559A (en) 2024-03-08

Family

ID=90078077

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311560460.5A Pending CN117676559A (en) 2023-11-21 2023-11-21 Communication method and system based on network slice

Country Status (1)

Country Link
CN (1) CN117676559A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111787533A (en) * 2020-06-30 2020-10-16 中国联合网络通信集团有限公司 Encryption method, slice management method, terminal and access and mobility management entity
CN113079016A (en) * 2021-03-23 2021-07-06 中国人民解放军国防科技大学 Identity-based authentication method facing space-based network
WO2023158459A2 (en) * 2021-07-14 2023-08-24 General Electric Company System and method for implementing quantum-secure wireless networks
CN117042064A (en) * 2023-06-29 2023-11-10 中国人民解放军战略支援部队信息工程大学 Mobile management method, module and system of heaven-earth cooperative network

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111787533A (en) * 2020-06-30 2020-10-16 中国联合网络通信集团有限公司 Encryption method, slice management method, terminal and access and mobility management entity
CN113079016A (en) * 2021-03-23 2021-07-06 中国人民解放军国防科技大学 Identity-based authentication method facing space-based network
WO2023158459A2 (en) * 2021-07-14 2023-08-24 General Electric Company System and method for implementing quantum-secure wireless networks
CN117042064A (en) * 2023-06-29 2023-11-10 中国人民解放军战略支援部队信息工程大学 Mobile management method, module and system of heaven-earth cooperative network

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
QIZE GUO 等: "SDN-Based End-to-End Fragment-Aware Routing for Elastic Data Flows in LEO Satellite-Terrestrial Network", 《IEEE ACCESS》, 4 January 2019 (2019-01-04), pages 396 - 407 *
SEONGHOON KIM 等: "DRL-Based Satellite Network Slice Planning and Handover in the Korean Peninsula Scenarios", 《2023 14TH INTERNATIONAL CONFERENCE ON INFORMATION AND COMMUNICATION TECHNOLOGY CONVERGENCE (ICTC)》, 13 October 2023 (2023-10-13), pages 132 - 133, XP034523595, DOI: 10.1109/ICTC58733.2023.10393845 *
管莹莹 等: "空天地海一体化网络切片研究综述", 《移动通信》, 31 October 2022 (2022-10-31), pages 20 - 24 *
魏肖 等: "基于5G 技术的卫星端到端网络切片技术", 《中国电子科学研究院学报》, 30 June 2022 (2022-06-30), pages 583 - 584 *

Similar Documents

Publication Publication Date Title
US10903991B1 (en) Systems and methods for generating signatures
Xue et al. A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture
US7657037B2 (en) Apparatus and method for identity-based encryption within a conventional public-key infrastructure
US8930704B2 (en) Digital signature method and system
KR20190073472A (en) Method, apparatus and system for transmitting data
CN111277412B (en) Data security sharing system and method based on block chain key distribution
CN106549858B (en) Instant messaging encryption method based on identification password
CN107925578B (en) Key agreement method, device and system
Wang Analysis and enhancement of a password authentication and update scheme based on elliptic curve cryptography
US7360238B2 (en) Method and system for authentication of a user
Castiglione et al. An efficient and transparent one-time authentication protocol with non-interactive key scheduling and update
US20210044435A1 (en) Method for transmitting data from a motor vehicle and method for another vehicle to receive the data through a radio communication channel
JP2019526205A (en) System and method for obtaining a common session key between devices
CN114070549B (en) Key generation method, device, equipment and storage medium
CN116318739B (en) Electronic data exchange method and system
CN115941180B (en) Key distribution method and system based on post quantum security and identity identification
CN109412815B (en) Method and system for realizing cross-domain secure communication
CN114070550B (en) Information processing method, device, equipment and storage medium
CN117676559A (en) Communication method and system based on network slice
Kinastowski Signing cloud: Towards qualified electronic signature service in cloud
Hsu et al. A dynamic identity end-to-end authentication key exchange protocol for IoT environments
CN114095151B (en) Encryption and decryption method, authentication method, device, equipment and storage medium
Mulkey et al. Towards an efficient protocol for privacy and authentication in wireless networks
CN118018310B (en) Revocable identity-based key encryption method, storage medium and device
Cai et al. A Multi-Group-Supporting Policy Hidden Fine-Grained Data Sharing Scheme in 5G-Enabled IoT With Edge Computing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination