CN117997516A

CN117997516A - Bidirectional authentication and secure communication method and system for lightweight Internet of things equipment

Info

Publication number: CN117997516A
Application number: CN202410035198.0A
Authority: CN
Inventors: 肖鹏; 张振红; 胡健; 白彪; 王海林; 尹君; 谢林江; 唐旭玥; 赵毅涛; 颜颖
Original assignee: Information Center of Yunnan Power Grid Co Ltd
Current assignee: Information Center of Yunnan Power Grid Co Ltd
Priority date: 2024-01-10
Filing date: 2024-01-10
Publication date: 2024-05-07

Abstract

The invention discloses a bidirectional authentication and safety communication method and a system for lightweight Internet of things equipment, which relate to the technical field of bidirectional authentication and safety communication of the level Internet of things equipment and comprise the following steps: the registration equipment performs initialization setting, acquires data information and generates a session key by utilizing ECDHE; signing the data by using an SM9 encryption algorithm, and outputting an encryption key of AES by using a dynamic algorithm; transmitting the key to a server for decryption, checking and storing a database for manual verification; and (5) performing two-way authentication by using the terminal and the server, and performing encryption by using an sm9 algorithm to finish encryption communication. The invention has higher calculation efficiency and smaller key length, can work more efficiently on the equipment with limited resources, and has forward security. Compared with the traditional PKI and CPK systems, the public key password authentication mechanism based on the IBC user identity identification greatly reduces the certificate management cost and is a lightweight identity authentication mechanism.

Description

Bidirectional authentication and secure communication method and system for lightweight Internet of things equipment

Technical Field

The invention relates to the technical field of mutual authentication and secure communication of Internet of things equipment, in particular to a method and a system for mutual authentication and secure communication of lightweight Internet of things equipment.

Background

In recent years, the development of the technology of the internet of things is very rapid, various products of the internet of things emerge like spring bamboo shoots after rain, great convenience and comfort are brought to the life of people, but the safety problems of the products of the internet of things also bring about wide attention to people, such as that a plurality of devices run in a white box environment, lack of identity verification, plaintext encryption and the like, so that the safety of the devices is greatly compromised, and once the devices are intercepted and utilized by attackers, great economic losses are brought to enterprises and society. The security challenge of the internet of things is mainly focused on the perception layer, namely the security management of a plurality of terminal devices. Such devices as sensors, gateways, RFID readers, etc., face multiple security threats. On the one hand, the equipment on the physical level is huge in quantity and difficult to monitor; on the other hand, the communication layer is also vulnerable to attacks such as impersonation, interception, DDoS, replay, etc. Therefore, authentication and communication safety of the terminal equipment are enhanced, and the terminal equipment becomes a core link of the safety construction of the Internet of things. Meanwhile, most of the internet of things equipment is limited in calculation and resources and huge in data, so that the traditional authentication and encryption mechanism is difficult to deal with. Therefore, a lightweight edge authentication mechanism needs to be innovated, so that the internet of things equipment has an authentication function and can be used in an environment with limited resources, and the efficiency of equipment authentication and data transmission is improved.

Disclosure of Invention

The present invention has been made in view of the above-described problems.

Therefore, the technical problems solved by the invention are as follows: how to adopt a public key encryption system, combine algorithm signature and encryption algorithm, ensure that only legal equipment can access the network, and how to adopt a high-efficiency key negotiation mechanism and a communication scheme based on two-way authentication so as to reduce communication overhead and improve security, and prevent common replay attack, data tamper attack and ARP spoofing attack through various verification measures.

In order to solve the technical problems, the invention provides the following technical scheme: a bidirectional authentication and safety communication method for lightweight Internet of things equipment, which comprises the following steps,

The registration equipment performs initialization setting, acquires data information and generates a session key by utilizing ECDHE;

Signing the data by using an SM9 encryption algorithm, and outputting an encryption key of AES by using a dynamic algorithm;

Transmitting the key to a server for further decryption, checking and storing the database for manual verification;

and (5) performing two-way authentication by using the terminal and the server, and performing encryption by using an sm9 algorithm to finish encryption communication.

As a preferable scheme of the bidirectional authentication and safety communication method of the lightweight Internet of things equipment, the invention comprises the following steps: the initialization setting of the registration equipment is that when a terminal wants to register to a service end, the equipment is initialized firstly, IP and MAC addresses of the service end are configured and bound with the terminal in a static ARP binding mode, ARP request source verification is started, if the source MAC address of the ARP request is not matched with the MAC address of a corresponding IP address in an ARP cache table, the ARP request is judged to be forged and discarded, when the equipment detects that a certain equipment end sends a large number of ARP messages in a short time through ARP speed limiting setting, the ARP message speed limiting based on the source MAC address or the source IP address limits the ARP message sending speed of the current equipment end, ARP table item aging time is configured, and when the aging time, interface failure or non-activation state is reached, the corresponding dynamic ARP table item is deleted.

The data information acquisition is to acquire a terminal IP, a MAC, a current time stamp Ms, a serial number, generate a self-encryption public key Pu and a decryption private key Pr.

The generation of the session key by ECDHE is to define a base point of an elliptic curve algorithm as Q (x, y), construct a model to calculate the session key Pa (x, y), and the expression is as follows:

Pa(x，y)＝R×Q(x，y)

wherein R is a random number produced.

As a preferable scheme of the bidirectional authentication and safety communication method of the lightweight Internet of things equipment, the invention comprises the following steps: the signing of the data by using the SM9 encryption algorithm is to combine Pa (x, y), IP, MAC, pu, ms and a serial number to define data D, and to carry out SM9 digital signature on the D, define R-ate pairs on elliptic curves, the cyclic group GT and groups G1 and G2 are of the same order, the linear pair e is a mapping of G1×G2→G3, and the hash function H is used for calculation to generate the signature.

Calculation of g=e (P1, QA) in G3 group

w＝gR

h＝H(M||w，N)

L＝(R-h)*mod_n

Where GT is the target group where the output of the linear map e is located, G1 is the group of one point on the elliptic curve, G2 is the group of another point on the elliptic curve, P1 is the one point on the G1 group, QA is the one point on the G2 group, e is a linear pair, it is a bilinear map, w is the value calculated in the G3 group, H is the hash value, H is a hash function that accepts messages M and w and other parameters N as inputs, G is an element calculated in the G3 group, R is a random number, mod _n represents modulo N.

If the calculation result L is equal to 0, the random number needs to be regenerated, and s= [ L ] dA is calculated in the G1 group, so that the signature of D is (h, S).

The encryption key for outputting AES through the dynamic algorithm is that an input key S ₁ of AES is divided into two parts, a first part is G _i, a second part is OR _i, a hash calculation session key is performed by using SM9 to obtain H _a, and S _{i_1}＝{a1,a2,a3,…,a16},S_{i_2} = { a17, a18, a19, …, a32}, where a1, a2, a3, a16, a32 are respectively 1 st, 2 nd, 3 rd, 16 th, 32 th bytes, and the plaintext stream F _i of S _{i_1} and the last communication is subjected to exclusive-OR operation, and then hashed to obtain G _i+1, and if the first communication is performed, the session key is used as the plaintext stream, the expression is:

G_i+1＝Hash(S_{i_1}⊕F_i)(i＝0，1，2，...，n)

Wherein, hash is to perform Hash operation, G _i is a first segment of character of the input key (S ₁), OR _i is a second segment of character of the input key (S ₁), F _i is plaintext of last communication, and G _i+1 is a result of hashing F _i.

Right-shifting S _{i_2} to obtain OR _i+1,OR_i+1＝(m>>>S_{i_2}), and performing hash computation on G _i+1 and OR _i+1 to obtain an AES input key, where the expression is:

S_i+1＝Hash(G_i+1+OR_i+1)

After the terminal submits the registration information to the server, the server calculates an AES input key through a session key, encrypts data through the AES, sends ciphertext and the session key to the server for registration, and after the server checks, replies a message to complete registration and simultaneously completes key exchange.

As a preferable scheme of the bidirectional authentication and safety communication method of the lightweight Internet of things equipment, the invention comprises the following steps: when the terminal submits the registration information, a session key submitted by the terminal is obtained from the message, the input key of the AES is calculated to finish decrypting the data, whether the verification of the time stamp Ms is in a receivable range or not is extracted, the data with the encrypted speed is extracted to carry out signature verification, and whether the verification serial number is received or not is judged.

After the verification serial number is received and the terminal data D and the digital signature thereof (H, S) are received by the server, verifying the signature of the information submitted by the terminal, checking whether H belongs to the range [1, n-1], if not, checking whether S belongs to G1, if S does not belong to G1, checking whether the signature fails, when both H and S meet the condition, calculating g=e (P1, QA) in the GT group, t=gh, calculating h1=h (ida|hit, n), calculating p= [ H1] p2+qa in the G2 group, calculating u=e (S, P) and w=u·t in the GT group, calculating h2=h (d|w, n), judging whether H2 and H are equal, if equal, checking the signature is successful, if the time stamp is not equal, checking the signature verification and the serial number verification are all passed, storing the information in the sequence queue, and waiting for manual checking.

Where IDA is the terminal identifier, t is another calculated value in the GT group, which is derived by the product of G and h, hid is another identifier or hash value, u is another intermediate calculated value in the GT group, whose calculation depends on bilinear mapping or linear pair e, and a part of the digital signature S and the point P calculated in the G2 group, w is the intermediate calculated value, which is the product of u and t, D is the terminal data.

As a preferable scheme of the bidirectional authentication and safety communication method of the lightweight Internet of things equipment, the invention comprises the following steps: after manual auditing, configuring static ARP binding between the terminal IP and the MAC at the server, enabling ARP request source verification, speed limit setting and ARP aging time configuration by the server, storing the ARP request source verification, speed limit setting and ARP aging time configuration in a persistence database, obtaining a self-increasing sequence as a terminal unique identifier, carrying out validity caching on a terminal public key, responding to the terminal, and responding to the public key and the session key of the server to the terminal.

When the server generates the self-encrypting public key Pu and the decrypting private key Pr, the current time stamp Ms, the unique self-increasing sequence identification ID of the terminal equipment and the serial number are obtained, the ECDHE is used for generating a session key again, digital signature is carried out, the terminal public key response data is used for encrypting the encrypted text, and the encrypted text and the session key are responded to the terminal.

After the terminal receives the registration response of the server, the session key submitted by the terminal is obtained from the message, the session key is generated by ECDHE and verified, whether the time stamp Ms is in a receivable range is verified, whether replay attack exists or not is judged, signature verification is carried out on the responded data by a signature verification algorithm, whether the attack of a man-in-the-middle is detected, whether the message is received or not is checked by a verification sequence number, and the public key of the server is cached.

If any one of the messages is judged to be not trusted, the communication is judged to be untrusted, the terminal cannot cache the public key of the server and the subsequent two-way authentication, and the message is discarded until correct data are received.

As a preferable scheme of the bidirectional authentication and safety communication method of the lightweight Internet of things equipment, the invention comprises the following steps: in the authentication communication stage, a method of using challenge response before communication is adopted to perform bidirectional authentication, in the challenge response authentication, a system or equipment sends a random challenge to a user or equipment, the user or equipment provides a specific response challenge, the system or equipment verifies the response, if the response is correct, access rights are granted, in the challenge process, both parties exchanging during registration use a public key of a lightweight encryption algorithm SM9, the terminal uses the public key of the server to encrypt communication data, the server uses the public key of the terminal to encrypt the communication data, and the server and the terminal use own private keys to decrypt the responded data.

The terminal sends a request parameter in an authentication request, wherein the request parameter comprises a terminal unique identifier ID, a serial number, a current timestamp, a signature and a challenge character string, the authentication parameter is encrypted by using a public key of the server, the authentication request is sent again, after the authentication request is received by the server, decryption verification, timestamp verification, signature verification and serial number verification are carried out on data by using a private key of the server, and whether verification equipment is registered or not is judged, after verification, the server generates a new challenge random character string, the current timestamp, the serial number, challenge content of the terminal and challenge content of the server are signed, and after the challenge response parameter is encrypted by using the public key of the terminal, the challenge response parameter is responded to the terminal.

After receiving the challenge response of the server, the terminal decrypts the challenge content by using the private key of the terminal, verifies the signature, the serial number, the time stamp and verifies whether the challenge content of the response is correct.

After verification, signing the challenge content, the serial number, the timestamp and the unique identifier of the terminal equipment of the server, encrypting by using the public key of the server, sending the encrypted challenge content to the server again, after the server receives the challenge response, decrypting the challenge content by using the private key of the server, verifying the signature, the timestamp and the serial number, judging whether the challenge content accords with the sent challenge content, and if the matching is successful, ending the bidirectional authentication and starting formal communication.

As a preferable scheme of the bidirectional authentication and safety communication method of the lightweight Internet of things equipment, the invention comprises the following steps: the encryption communication is completed by using the sm9 algorithm, communication data is encrypted by using a public key exchanged during multiplexing registration, the public key is replaced periodically and dynamically, if the public key is stored to be out of date due to the fact that communication is not carried out within a specified time, the AES algorithm is used again for carrying out first encryption communication, the serial number, the time stamp, the unique equipment identifier and the signature are continuously submitted to the server, and the server updates the public key and responds after verification is passed.

Another object of the present invention is to provide a bidirectional authentication and secure communication system for lightweight internet of things devices, which can solve the problems of insufficient security and low authentication efficiency caused by resource limitation in the prior art by adopting static ARP binding and source authentication, ECDHE key exchange, SM9 digital signature and dynamic AES key generation. The system is particularly suitable for environments with limited computing capacity, storage space and energy supply, provides a safe and efficient communication method, ensures the integrity and confidentiality of data transmission, optimizes the authentication flow, improves the overall communication efficiency, and meets the double requirements of lightweight Internet of things equipment on safety and efficiency in modern network environments.

In order to solve the technical problems, the invention provides the following technical scheme: a lightweight internet of things device mutual authentication and secure communication system, comprising: the system comprises an initialization and registration module, a key negotiation module, a data signing and verification module, a two-way authentication module and an encrypted communication module.

The initialization and registration module prevents ARP deception and man-in-the-middle attack through static ARP binding and ARP request source verification, ensures the network environment safety of equipment, and collects the basic information of the equipment to generate a key pair required by encryption.

The key negotiation module uses ECDHE algorithm to negotiate a temporary session key between the equipment and the server, dynamically generates an AES key through a complex algorithm flow, and uses random number generation and multiple hash operations to improve the unpredictability and security of the key.

The data signing and verifying module performs digital signing on key information by using an SM9 algorithm, and the server performs multiple verifications on the received data, including decryption, timestamp verification, signature verification and serial number check, so as to ensure the authenticity of the data and prevent replay attack.

Before communication, the two parties confirm the identity of the other party through a challenge response mode, and after the two-way authentication is successful, the two parties exchange public keys.

The encryption communication module encrypts data by combining an SM9 algorithm and an AES algorithm, periodically updates a public key, and if the two communication parties do not communicate for a long time, re-performs key negotiation and exchange to keep the communication security.

A computer device comprising a memory and a processor, said memory storing a computer program, characterized in that the processor, when executing said computer program, implements the steps of a method for two-way authentication and secure communication of a lightweight internet of things device as described above.

A computer readable storage medium having stored thereon a computer program, characterized in that the computer program when executed by a processor implements the steps of a lightweight internet of things device mutual authentication and secure communication method as described above.

The invention has the beneficial effects that: based on ECDHE key agreement protocol, the invention has higher calculation efficiency and smaller key length compared with traditional Diffie-Hellman key exchange, can work more efficiently on resource-limited equipment, and has forward security. Compared with the traditional PKI and CPK systems, the public key password authentication mechanism based on the user Identity identification of the IBC (Identity-based cryptography Identity password system) greatly reduces the certificate management cost and is a lightweight Identity authentication mechanism. In the first communication process, the invention can calculate the decryption key under the condition that the two communication ends do not need to know the input key in advance by unique dynamic algorithm design, so that the whole communication process not only ensures the data security, but also reduces encryption steps, and meanwhile, common attacks in registration, bidirectional authentication and formal communication processes, such as replay attack, data tamper attack, ARP spoofing attack and the like, are solved by a series of policy measures.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art. Wherein:

fig. 1 is an overall flowchart of a bidirectional authentication and secure communication method for a lightweight internet of things device according to a first embodiment of the present invention;

Fig. 2 is a flowchart of registration and public key exchange in a bidirectional authentication and secure communication method for a lightweight internet of things device according to a first embodiment of the present invention;

fig. 3 is a bidirectional authentication flow of a bidirectional authentication and secure communication method for a lightweight internet of things device according to a first embodiment of the present invention;

Fig. 4 is a block diagram of a bidirectional authentication and security communication system for a lightweight internet of things device according to a second embodiment of the present invention.

Detailed Description

So that the manner in which the above recited objects, features and advantages of the present invention can be understood in detail, a more particular description of the invention, briefly summarized above, may be had by reference to the embodiments, some of which are illustrated in the appended drawings. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments of the present invention without making any inventive effort, shall fall within the scope of the present invention.

Example 1

Referring to fig. 1 to 3, in one embodiment of the present invention, a bidirectional authentication and secure communication method for a lightweight internet of things device is provided, which is characterized in that:

The invention generates a session key by using the same algorithm at the terminal and the service based on ECDHE key negotiation protocol, and signs the submitted registration information based on SM9 when the terminal registers to ensure the data integrity, and prevents replay attack by adding time stamp verification. Based on the dynamic algorithm design of the AES input key, the problem of data encryption at the first communication of two ends is solved, namely, after the terminal encrypts the input key designed by the dynamic algorithm, the server can calculate the decrypted key according to the same algorithm, in the process, the registration information and the terminal public key I are simultaneously sent to the server, so that public key exchange and registration can be simultaneously carried out, and after the server passes the verification, the public key encryption response parameter of the terminal is utilized, and the terminal is responded by ciphertext, so that the first communication can be encrypted and the public key exchange can be completed together, the communication efficiency is greatly improved, and the safety of data is ensured. In the authentication stage, the invention uses the challenge response mode to realize the mutual authentication, compared with other mutual authentication strategies, the invention can finish the mutual authentication in fewer steps, namely, the terminal initiates the authentication request, the challenge parameter encrypted by the public key of the server initiates the challenge request to the server, the server receives the challenge and decrypts the challenge request by using the private key of the terminal, the terminal initiates the challenge request and responds to the challenge content of the terminal after verification, the terminal needs to decrypt by using the private key data of the terminal after receiving the request and completes a series of verification, after the verification is passed, the challenge content of the server is encrypted by using the public key of the server and then responds to the server for verification, and the mutual authentication can be finished after a series of verification passes on both sides. In the formal data communication stage, the invention uses the previously exchanged public key, encrypts the data by using the lightweight encryption algorithm SM9, and designs a public key dynamic replacement strategy (expiration replacement), so that the encryption key is not required to be repeatedly calculated or exchanged every time in the communication process, thereby improving the communication efficiency. In order to prevent the fake IP communication, the invention also binds the IP and the MAC of the terminal and the server by configuring a series of strategies for ARP, so that an attacker cannot fake the IP to communicate with any one end.

The registration equipment performs initialization setting, acquires data information and generates a session key by utilizing ECDHE; signing the data by using an SM9 encryption algorithm, and outputting an encryption key of AES by using a dynamic algorithm; transmitting the key to a server for further decryption, checking and storing the database for manual verification; and (5) performing two-way authentication by using the terminal and the server, and performing encryption by using an sm9 algorithm to finish encryption communication.

In the invention, the method is divided into the stages of device registration, device authentication and encrypted communication, whether the terminal device or the server device, the random number generation algorithm is uniformly defined as follows:

the formula x_ (n+1) = (x_n X a+b) mod M, x_n represents the nth random number, A, B and M are preset constants, and this is set to R.

In the device registration stage, based on the improvement of the ECDHE key negotiation protocol of the elliptic curve and the advantages of the key negotiation protocol, the key exchange protocol is designed to be far lower than the traditional SH key exchange and SM9 key exchange protocol in calculation amount and key issuing, and the key exchange protocol also meets the requirements in the aspect of security. The functions realized at this stage include device information auditing, device unique identification generation, public key exchange completion, two-way authentication, encrypted communication and the like. The method is concretely realized by the following steps (terminal steps):

As shown in fig. 2, in the terminal registration stage, the terminal needs to perform initialization setting, in the present invention, when the terminal submits registration data, the session key and the terminal public key need to be generated together, and the AES input key needs to be generated by unique dynamic algorithm design for encryption. When submitting, the terminal registration and the key exchange are combined together, so that the key exchange time is saved, and the communication efficiency is improved.

Step 1: when a terminal wants to register to a service end, an initial setting is needed to be performed manually to prevent an attacker from forging an IP (Internet protocol) to communicate with the service end, specifically, the IP and MAC address of the service end are configured and bound with the terminal in a static ARP binding mode, ARP request source verification is started, if the source MAC address of the ARP request is not matched with the MAC address of a corresponding IP address in an ARP cache table, the ARP request is considered to be forged and discarded, and setting is performed through ARP speed limit, when equipment detects that a certain equipment end sends a large number of ARP messages in a short time, ARP message sending speed limit based on a source MAC address or a source IP address is configured to limit the ARP message sending speed of the equipment end, a certain ARP table item aging time is configured, and when the aging time and an interface down are reached, the corresponding dynamic ARP table item is deleted.

Step 2: the method comprises the steps of acquiring a terminal IP, a MAC, a current time stamp Ms (in milliseconds), a serial number, and generating a self-encryption public key Pu and a decryption private key Pr.

Step 3: the session key S is generated by ECDHE, specifically, the base point of an elliptic curve algorithm is defined as Q (x, y), and the session key Pa (x, y) is calculated by the following formula:

formula Pa (x, y) =r×q (x, y), where R is the random number produced as described above.

Step 4: signature generation, specifically, pa (x, y), IP, MAC, pu, ms, serial number, other information of the device, and the like are combined and defined as data D, and SM9 digital signature is performed on D, specifically as follows:

The R-ate pair is defined on the elliptic curve, which is a special mathematical operation for pairing between points on the elliptic curve. In this environment, there are three cyclic groups, GT, G1 and G2, respectively, whose orders are identical. Meaning that they have the same number of elements. The linear pair e is a mapping that maps points in G1 and G2 to an element in G3. Such mapping has important applications in cryptography.

To generate a digital signature, a hash value of the message is first calculated using a hash function H. The hash function takes as input the message M and possibly other parameters N and outputs a hash value of fixed length.

Next, a value G is calculated in the G3 group. This value is calculated by a linear pair e, which depends on a point P1 in G1 and a point QA in G2. Specifically, G is the result of P1 and QA being mapped to G3 by e. Then, a new value w is obtained by calculating the product of g and another value R. Where R is a random number used to increase the security of the signature. Then, using the previously calculated hash function H, the messages M and w are concatenated and taken as input together with another parameter N, a new hash value H is calculated. Finally, the final value L is obtained by a specific operation (R minus h, then modulo n) using the values of R and h.

The R-ate pair defined on the elliptic curve, the cyclic group GT is of the same order as groups G1, G2 as n, and the bilinear pair e is a mapping of G1×G2→G3, the calculation process uses a hash function H, the signature generation algorithm is as follows:

1. calculation of g=e (P1, QA) in G3 group

2. Calculating w=gr in group G3, R being the random number generated as described above

3.h＝H(M||w，N)；

4. Calculating l= (R-h) mod n, and if the calculation result is l=0, returning to regenerate the random number.

5. Calculating in G1 group to obtain S= [ L ] dA, to obtain signature of D as (h, S)

Where GT is the target group where the output of the linear mapping e is located, G1 is the group of one point on the elliptic curve, G2 is the group of another point on the elliptic curve, P1 is the one point on the G1 group, QA is the one point on the G2 group, e is a linear pair, it is a bilinear mapping, w is the value calculated in the G3 group, H is the hash value, H is a hash function accepting messages M and w and other parameters N as inputs, G is an element calculated in the G3 group, and R is a random number.

Step 5: dynamic algorithm design based on AES encryption key (input key) is specifically as follows:

The input key S ₁ of AES is composed of two parts, the first part is G _i, the second part is OR _i, specifically, the current session key is subjected to hash calculation by using SM9 to obtain H _a, since the hash value obtained by hash calculation of SM9 is 32 bytes, the hash value H _a is equally divided, S _{i_1}＝{a1,a2,a3,…,a16},S_{i_2} = { a17, a18, a19, …, a32}, S _{i_1} and the plaintext stream F _i of the last communication are subjected to exclusive-OR operation, and then the hash is performed to obtain G _i+1, and if the first communication is performed, the session key is used as the plaintext stream, and the formula is G _i+1＝Hash(S_{i_1}⊕F_i) (i=0, 1, 2. Right-shifting S _{i_2} to obtain OR _i+1,OR_i+1＝(m>>>S_{i_2}), and performing hash computation on G _i+1 and OR _i+1 to obtain an AES input key, where the formula is: s _i+1＝Hash(G_i+1+OR_i+1). Through the algorithm design, after the terminal submits the registration information to the server, the server can also calculate the input key of the AES through the session key, because the algorithms at the two ends are consistent.

Step 6: after data is encrypted by AES, ciphertext and a session key are sent to a server for registration, and after the server passes the verification, the server replies a message to complete registration and performs key exchange.

The server side processing comprises the following specific steps:

step 1: when the terminal submits the registration information, the session key submitted by the terminal is obtained from the message, the input key of AES is calculated through the same algorithm in the step 5 of the terminal to finish decrypting the data, the time stamp Ms is extracted from the data to verify whether the data is in a receivable range, the encrypted data is extracted to perform signature verification, and the verification sequence number is verified to see whether the data has been received, and the specific steps are as follows:

after receiving the terminal data D and the digital signature (h, S), the server verifies the signature of the terminal submitted information by the following steps:

1: checking whether h belongs to the range of [1, N-1], if not, failing to check the signature;

2: checking whether S belongs to G1 or not, if S does not belong to G1, checking the signature to fail;

3: both steps are in accordance with the condition, g=e (P1, QA), t=gh is calculated in the GT group;

4: calculate h1=h (ida||hide, n);

5: calculating p= [ h1] p2+qa in G2 group;

6: calculating u=e (S, P) and w=u·t in the GT group;

7: calculating h2=H (D||w, n), judging whether H2 is equal to H, if so, checking the signature successfully, and if not, checking the signature failed

Step 2: if the time stamp verification, signature verification, serial number verification and the like are all passed, the information is stored in a sequence queue, and the manual verification is waited.

Step 3: after the manual verification is passed, configuring the terminal IP and the MAC at the server side in a terminal step 1, storing the terminal IP and the MAC in a persistence database, obtaining a self-increment sequence as a terminal unique Identifier (ID), caching the terminal IP and the MAC in a memory database by taking a terminal: equivalent: ID as a key, and caching the terminal public key for a valid period.

After the above steps are completed, the public key, session key and related information of the terminal are obtained, and the terminal needs to be responded to the session key, and the public key and session key of the server are responded to the terminal for subsequent encryption.

Step 1: the server generates an encryption public key Pu and a decryption private key Pr of the server, and obtains a current time stamp Ms (in milliseconds), a unique self-increasing sequence identifier ID of the terminal equipment, a serial number and the like.

Step 2: the session key S is generated with the same algorithm of terminal step 3.

Step 3: digital signature by using same algorithm of terminal step 4

Step 4: and encrypting the terminal public key response data into a ciphertext, and responding the ciphertext and the session key to the terminal.

After the terminal receives the registration response of the server, the following steps are executed to finish

Step 1: and acquiring a session key submitted by the terminal from the message, and verifying the session key through the same algorithm as the step 3 of the terminal.

Step 2: verifying whether the time stamp Ms is within acceptable range, discriminating whether there is a replay attack

Step 3: and (3) carrying out signature verification on the responded data by using the same signature verification algorithm of the step 1 of the server, detecting whether the data is attacked by a man-in-the-middle, verifying the serial number to check whether the message is received, and preventing replay attack.

Step 4: and caching the public key of the server.

As shown in fig. 3, in the authentication communication phase: to enhance secure communication between a terminal and a server, the present invention implements two-way authentication by using a Challenge response before communication, and Challenge response authentication (Challenge-Response Authentication) is an authentication method based on the principle of challenging a user or device to prove its identity, where a system or device sends a Challenge to the user or device. The user or device needs to provide a specific response to respond to the challenge. The system or device verifies the response and grants access if the response is correct. This makes it more difficult for an attacker to gain access to the system or device, since challenge-responsive authentication requires the user to make a specific response to the challenge, rather than a simple password or password. Even if an attacker somehow gets the user's information, they still cannot pass authentication because they do not know the specific challenge content, and each time the challenge is random, they cannot replicate it to get re-access to the system or device even if the attacker records a valid authentication. This bidirectional authentication scheme has forward security. In the challenge process, the public key of the lightweight encryption algorithm SM9 which is shared by both parties in registration, namely the public key of the terminal is used for encrypting communication data, the public key of the terminal is used for encrypting and responding the communication data by the server, and the server and the terminal respectively use own private keys for decrypting the responded data, wherein the specific steps are as follows.

Step 1: the terminal sends an authentication request, the request parameters include a terminal unique identifier ID, a serial number, a current timestamp, a signature, a challenge character string and the like, and the authentication request is sent after the authentication parameter is encrypted by using a public key of the server.

Step 2: after receiving the authentication request, the server receives the authentication request, uses the private key of the server to carry out decryption authentication, timestamp authentication, signature authentication and serial number authentication on the data, and verifies whether the equipment is registered, after the authentication is passed, the server generates a new challenge random character string, signs the current timestamp, the serial number, the challenge content of the terminal and the challenge content of the server, encrypts the challenge response parameter by using the public key of the terminal, and then responds to the terminal.

Step 3: after receiving the challenge response of the server, the terminal decrypts the challenge content by using the private key of the terminal, verifies the signature, the serial number, the time stamp and verifies whether the challenge content of the response is correct.

Step 4: after the verification is passed, the challenge content, the serial number, the time stamp and the unique identifier of the terminal equipment of the server are signed, encrypted by using the public key of the server, and then sent to the server again.

Step 5: after receiving the challenge response, the server decrypts the challenge content by using the private key of the server, verifies the signature, verifies the time stamp and verifies the serial number, judges whether the challenge content accords with the content of the issued challenge, and if the matching is successful, the two-way authentication is finished, and the formal communication can be started.

The invention multiplexes the public keys exchanged during registration to encrypt communication data, and adopts periodic dynamic replacement to improve communication efficiency, the public key update strategy, because the public keys are stored in the memory database, the acquisition time of each communication public key is reduced, and the expiration deletion strategy is used, therefore, the validity period is refreshed once every time of communication, if the public key storage is expired due to long-time communication, the AES algorithm of the terminal step 5 is used for first encryption communication, the serial number, the time stamp, the unique identification of the equipment, the signature and the like are still submitted to the server, and the server updates the public key again and responds after verification. The specific steps of public key efficient communication are as follows.

Step 1: the communication needs to add additional parameters such as a time stamp, a serial number, a unique identifier of the equipment and the like, the terminal uses a public key of the server to encrypt the data after digitally signing the data by using the same algorithm of the terminal step 4, and then the data is sent to the server.

Step 2: after receiving the data, the server decrypts the data by using the public key of the terminal, verifies the signature, verifies the timestamp, verifies the self-increasing sequence of the terminal and stores the data.

Example 2

Referring to fig. 4, for one embodiment of the present invention, a system for a bidirectional authentication and secure communication method for a lightweight internet of things device is provided, where: the system comprises an initialization and registration module, a key negotiation module, a data signing and verification module, a two-way authentication module and an encryption communication module;

the initialization and registration module is used for preventing ARP deception and man-in-the-middle attack through static ARP binding and ARP request source verification, ensuring the network environment safety of the equipment, and collecting the basic information of the equipment to generate a key pair required by encryption.

The key negotiation module uses ECDHE algorithm to negotiate a temporary session key between the equipment and the server, dynamically generates AES key through complex algorithm flow, and uses random number generation and multiple hash operation to improve unpredictability and security of the key.

The data signing and verifying module performs digital signing on the key information by using an SM9 algorithm, and the server performs multiple verifications on the received data, including decryption, timestamp verification, signature verification and serial number check, so as to ensure the authenticity of the data and prevent replay attack.

The encryption communication module encrypts data by combining an SM9 algorithm and an AES algorithm, periodically updates a public key, and if the two communication parties do not communicate for a long time, re-performs key negotiation and exchange, and keeps the communication security.

The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a usb disk, a removable hard disk, a Read-only memory (ROM), a random access memory (RAM, randomAccessMemory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.

Logic and/or steps represented in the flowcharts or otherwise described herein, e.g., a ordered listing of executable instructions for implementing logical functions, can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.

More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). In addition, the computer readable medium may even be paper or other suitable medium on which the program is printed, as the program may be electronically captured, via, for instance, optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner, if necessary, and then stored in a computer memory.

It is to be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above-described embodiments, the various steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, may be implemented using any one or combination of the following techniques, as is well known in the art: discrete logic circuits having logic gates for implementing logic functions on data signals, application specific integrated circuits having suitable combinational logic gates, programmable Gate Arrays (PGAs), field Programmable Gate Arrays (FPGAs), and the like.

Example 3

In this embodiment, in order to verify the beneficial effects of the present invention, scientific demonstration is performed through economic benefit calculation and simulation experiments. The present embodiment has been conducted by the conventional method and the method of the present embodiment.

Table 1 step presents table

Table 2 data comparison table

According to the table, the beneficial effects of the bidirectional authentication and safety communication method of the lightweight Internet of things equipment in actual operation can be obtained. Each operation from initializing the device to encrypting the communication is completed successfully and the actual results of each step are consistent with the expected results, indicating the reliability and validity of the method. The response time varies from 30 milliseconds to 100 milliseconds, showing the efficiency of the system, especially in critical initialization and authentication steps, which is kept low, which is particularly important for internet of things devices that require fast response. The security verification comprehensively proves the security of the method, and ensures the integrity and confidentiality of data transmission. The resource consumption is kept at a low-middle level in the whole process, which shows that the method effectively manages the equipment resources on the premise of not sacrificing the performance, and is a remarkable advantage for the equipment of the Internet of things with limited resources. Overall, these data demonstrate the overall advantages of the method in terms of efficiency, security and resource management, being an ideal choice for lightweight internet of things devices.

It should be noted that the above embodiments are only for illustrating the technical solution of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that the technical solution of the present invention may be modified or substituted without departing from the spirit and scope of the technical solution of the present invention, which is intended to be covered in the scope of the claims of the present invention.

Claims

1. The bidirectional authentication and safety communication method for the lightweight Internet of things equipment is characterized by comprising the following steps of:

2. The method for bidirectional authentication and secure communication of lightweight internet of things equipment according to claim 1, wherein the method comprises the steps of: initializing equipment when a terminal wants to register to a service end, binding IP and MAC address configuration of the service end with the terminal in a static ARP binding mode, starting ARP request source verification, judging that an ARP request is forged and discarded if a source MAC address of the ARP request is not matched with an MAC address of a corresponding IP address in an ARP cache table, configuring ARP message speed limit based on a source MAC address or a source IP address to limit the ARP message sending rate of the current equipment end when the equipment detects that a certain equipment end sends a large number of ARP messages in a short time through ARP speed limit setting, configuring ARP table item aging time, and deleting corresponding dynamic ARP table items when the aging time, interface failure or the state is not activated;

the data information acquisition is to acquire a terminal IP, a MAC, a current time stamp Ms, a serial number, generate a self-encryption public key Pu and a decryption private key Pr;

Pa(x，y)＝R×Q(x，y)

wherein R is a random number produced.

3. The method for bidirectional authentication and secure communication of lightweight internet of things equipment according to claim 2, wherein: the signing of the data by using the SM9 encryption algorithm is to combine Pa (x, y), IP, MAC, pu, ms and a serial number to define data D, and to carry out SM9 digital signature on the D, R-ate pairs are defined on an elliptic curve, cyclic groups GT and groups G1 and G2 are of the same order, linear pair e is the mapping of G1 xG 2- & gtG 3, and a hash function H is used for calculation to generate a signature;

calculation of g=e (P1, QA) in G3 group

w＝gR

h＝H(M||w，N)

L＝(R-h)*mod_n

Wherein GT is a target group where the output result of the linear mapping e is located, G1 is a group made up of one point on the elliptic curve, G2 is a group made up of another point on the elliptic curve, P1 is a point on the G1 group, QA is a point on the G2 group, e is a linear pair, and is a bilinear mapping, w is a value calculated in the G3 group, H is a hash value, H is a hash function accepting messages M and w and other parameters N as inputs, G is an element calculated in the G3 group, R is a random number, mod _n represents modulo N;

if the calculation result L is equal to 0, the random number is required to be regenerated, and S= [ L ] dA is calculated in the G1 group, so that the signature of D is (h, S);

G_i+1＝Hash(S_{i_1}⊕F_i)(i＝0，1，2，...，n)

Wherein, hash is to perform Hash operation, G _i is the first segment of character of the input key (S ₁), OR _i is the second segment of character of the input key (S ₁), F _i is the plaintext of the last communication, and G _i+1 is the result of hashing F _i;

S_i+1＝Hash(G_i+1+OR_i+1)

4. A method of bidirectional authentication and secure communication for lightweight internet of things devices as recited in claim 3 wherein: when a terminal submits registration information, a session key submitted by the terminal is obtained from the message, AES input key completion decryption data is calculated, whether the time stamp Ms is verified in a receivable range or not is extracted, encrypted fast data is extracted for signature verification, and whether a verification serial number is received or not is judged;

After the verification serial number is received and the terminal data D and the digital signature (H, S) thereof are received by the server, verifying whether the signature submitted by the terminal belongs to the range [1, N-1], checking whether H belongs to G1 or not if H does not belong to the range, checking whether S belongs to G1 or not if S does not belong to G1, calculating g=e (P1, QA) in a GT group, t=gh, calculating h1=H (IDA|hit, n) in a G2 group, calculating P=h 1] P2+QA in a GT group, calculating u=e (S, P) and w=u·t, calculating h2=H (D|w, n), judging whether H2 and H are equal or not, if the checking is successful and the checking is not equivalent, if the time stamp and the signature verification and the serial number verification are all met, storing the information in a sequential queue, waiting for manual verification;

5. The method for bidirectional authentication and secure communication of lightweight internet of things equipment according to claim 4, wherein: after manual auditing, configuring static ARP binding of the terminal IP and the MAC at the server, enabling ARP request source verification, speed limit setting and ARP aging time configuration by the server, storing the ARP request source verification, speed limit setting and ARP aging time configuration in a persistence database, obtaining a self-increasing sequence as a terminal unique identifier, carrying out validity caching on a terminal public key, responding to the terminal, and responding the public key and the session key of the server to the terminal;

When a server generates a self-encryption public key Pu and a decryption private key Pr, acquiring a current time stamp Ms, a unique self-increasing sequence identifier ID of a terminal device and a serial number, generating a session key again by ECDHE, performing digital signature, encrypting the response data of the terminal public key into a ciphertext, and responding the ciphertext and the session key to the terminal;

After receiving the registration response of the server, the terminal acquires a session key submitted by the terminal from the message, generates the session key by utilizing ECDHE and verifies the session key, verifies whether the time stamp Ms is in a receivable range, distinguishes whether replay attack exists or not, performs signature verification on the responded data by a signature verification algorithm, detects whether the response data is attacked by a man-in-the-middle, verifies the sequence number to check whether the message is received, and caches the public key of the server;

6. The method for bidirectional authentication and secure communication of lightweight internet of things equipment according to claim 5, wherein: in the authentication communication stage, a method of using challenge response before communication is adopted to perform bidirectional authentication, in the challenge response authentication, a system or equipment sends a random challenge to a user or equipment, the user or equipment provides a specific response challenge, the system or equipment verifies the response, if the response is correct, access rights are granted, in the challenge process, both parties exchanging during registration use a public key of a lightweight encryption algorithm SM9, the terminal uses the public key of the server to encrypt communication data, the server uses the public key of the terminal to encrypt and respond to the communication data, and the server and the terminal respectively use own private keys to decrypt the responded data;

The method comprises the steps that a terminal sends a request parameter in an authentication request, wherein the request parameter comprises a terminal unique identifier ID, a serial number, a current timestamp, a signature and a challenge character string, the authentication parameter is encrypted by using a public key of a server, the authentication request is sent again, after the authentication request is received by the server, decryption verification, timestamp verification, signature verification and serial number verification are carried out on data by using a private key of the server, and whether verification equipment is registered or not is judged, after verification, the server generates a new challenge random character string, the current timestamp, the serial number, challenge content of the terminal and challenge content of the server are signed, and after the challenge response parameter is encrypted by using the public key of the terminal, the challenge response parameter is responded to the terminal;

after receiving the challenge response of the server, the terminal decrypts the challenge content by using the private key of the terminal, verifies the signature, the serial number, the time stamp and verifies whether the challenge content of the response is correct;

7. The method for bidirectional authentication and secure communication of lightweight internet of things equipment according to claim 6, wherein: the encryption communication is completed by using the sm9 algorithm, communication data is encrypted by using a public key exchanged during multiplexing registration, the public key is replaced periodically and dynamically, if the public key is stored to be out of date due to the fact that communication is not carried out within a specified time, the AES algorithm is used again for carrying out first encryption communication, the serial number, the time stamp, the unique equipment identifier and the signature are continuously submitted to the server, and the server updates the public key and responds after verification is passed.

8. A system employing a bidirectional authentication and secure communication method for lightweight internet of things devices according to any one of claims 1-7, characterized in that: the device comprises an initialization and registration module, a key negotiation module, a data signing and verification module, a two-way authentication module and an encryption communication module;

the initialization and registration module is used for preventing ARP deception and man-in-the-middle attack through static ARP binding and ARP request source verification, ensuring the network environment safety of equipment, and collecting the basic information of the equipment to generate a key pair required by encryption;

The key negotiation module uses ECDHE algorithm to negotiate a temporary session key between the equipment and the server, dynamically generates an AES key through a complex algorithm flow, and uses random number generation and multiple hash operations to improve the unpredictability and security of the key;

The data signing and verifying module performs digital signing on key information by using an SM9 algorithm, and the server performs multiple verifications on the received data, including decryption, timestamp verification, signature verification and serial number check, so as to ensure the authenticity of the data and prevent replay attack;

Before communication, the two parties confirm the identity of the other party in a challenge response mode, and after the two-way authentication is successful, the two parties exchange public keys;

9. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor, when executing the computer program, implements the steps of a lightweight internet of things device mutual authentication and secure communication method as claimed in any one of claims 1 to 7.

10. A computer readable storage medium having stored thereon a computer program, characterized in that the computer program when executed by a processor implements the steps of a lightweight internet of things device mutual authentication and secure communication method as claimed in any one of claims 1 to 7.