JP2018074253A - Encryption key sharing system via unmanned aircraft, signal transmission system by unmanned aircraft, and unmanned aircraft - Google Patents

Abstract

PROBLEM TO BE SOLVED: To have a plurality of unmanned aircrafts relay broadcast encryption communication when performing the broadcast encryption communication with high confidentiality between a satellite or large aircraft and a plurality of ground stations.SOLUTION: A signal transmission system by unmanned aircrafts for transmitting a radio signal transmitted by another aircraft via a plurality of unmanned aircrafts 40 includes the plurality of unmanned aircrafts 40 that come close to each other to a range in which the radio signal with directivity transmitted by the other aircraft or the like can be received, and transmit the radio signal by departing from the range and flying separated from each other after receiving the radio signal.SELECTED DRAWING: Figure 8

Description

  The present invention relates to encryption key sharing via an unmanned aerial vehicle for sharing a common encryption key necessary for performing highly confidential broadcast encryption communication between a satellite or a large aircraft and a plurality of ground stations. The present invention relates to a system, a signal transmission system using an unmanned aerial vehicle for transmitting a signal for broadcast encryption communication by the unmanned aircraft, and an unmanned aircraft applied to the system.

  In recent years, unmanned aerial vehicles such as drones (multicopters) and unmanned helicopters that are small and capable of unmanned flight are becoming popular. This unmanned aerial vehicle is being used in various industries such as surveying, disaster relief, natural environment research, sports relaying, delivery, and agricultural chemical application. As the technology for unmanned aerial vehicles continues to advance, further expansion of their usage is expected.

  In particular, this unmanned aircraft has a wide range of flight distances and flight altitudes, and can continue to stop at almost a fixed position in the air, so that it has excellent characteristics in terms of mobility. In addition, unmanned aerial vehicles that can stay in the stratosphere for more than a few years using solar cells have also appeared. By connecting these unmanned aerial vehicles to satellite communications while using them as base stations and relay stations, it is expected that a flexible and dynamic wireless communication network can be constructed in the space, stratosphere, high altitude troposphere, and the ground. Efforts to improve communication connectivity are progressing.

  In addition to this, in a wireless communication network including unmanned aircraft as a relay node, it is needless to say that improvement of information security of the entire system is required in addition to improvement of convenience and connectivity. When an unmanned aerial vehicle is used as a relay node for wireless communication, it may naturally occur that highly confidential information such as medical information, finance, and personal information is relayed from a satellite or a large aircraft. Regardless of whether manned or unmanned, various air traffic control communication networks need to prevent unauthorized access and control signal tampering as well as highly confidential information. In many cases, a GPS (Global Positioning System) signal is acquired from a satellite during navigation of an unmanned aerial vehicle. However, if an unmanned aircraft is hijacked and illegally operated by misrepresenting this GPS signal, the wireless communication network itself Leading to the collapse of

  Therefore, when a wireless communication network including this unmanned aerial vehicle is used for important applications where information leakage, falsification, and unauthorized access are not permitted, it is required to construct a system with extremely high security in terms of security. Various cryptographic techniques have been studied in the past to improve the security of wireless communication. Common cryptographic techniques currently used are public key cryptography and common key cryptography. Public key cryptography issues an electronic signature to authenticate and prevent tampering (ensure integrity) and exchange keys between necessary senders and receivers. Common key encryption encrypts data communication at high speed based on the key (ensuring confidentiality). They ensure security based on some sort of mathematical algorithm that requires enormous computations to decipher. However, cryptanalysis technology has continued to advance to the present and is expected to make remarkable progress in the future. For this reason, even if confidential information is encrypted with a sufficiently strong encryption method and wireless communication is performed, the intercepted ciphertext is stored for a long period of time. When a high-performance computer can be obtained, there is a risk that the ciphertext will be decrypted retroactively.

  For this reason, in order to improve the information security of a wireless communication network including an unmanned aerial vehicle as a relay node, it is necessary to perform wireless communication based on an encryption technique that cannot be decrypted as much as possible. For this purpose, it is necessary to improve information security by applying a cryptographic technique that satisfies at least computational security. And in communications dealing with important information, no matter how much computing power an attacker has, the so-called information-theoretic safety can prove that in principle it is impossible to decrypt plaintext from ciphertext. It is strongly desired to use a cryptographic technique that meets the characteristics.

  Conventionally, disclosed techniques of Patent Documents 1 and 2 and Non-Patent Document 1 have been proposed as methods for performing cryptographic communication between a satellite or an aircraft and a plurality of ground stations. In the disclosed technique of Patent Document 1, a public key cryptosystem is used between a broadcast station and a receiver so that only a receiver who has viewing qualification can decrypt information broadcasted by a broadcast station using a satellite. There has been proposed a key distribution method for performing key sharing using. Further, Patent Document 2 provides a seed value for generating a pseudorandom number using noise included in observation data that can be acquired from a sensor mounted on a satellite, and enables encryption to be performed safely within the satellite. Communication technology has been proposed. Non-Patent Document 1 proposes a method for exchanging and managing encryption keys between an unmanned aerial vehicle and a plurality of ground mobile units based on public key cryptography. However, these disclosed technologies are based on cryptographic technology based on computational security, and cannot prevent security from being compromised with the progress of decryption technology.

  In addition, from the viewpoint of the network configuration method, even if ground stations are dispersed, relaying by multiple unmanned aircraft between the satellite and multiple ground stations is performed in multiple steps in a hierarchical manner. It becomes possible to perform ultra-secret encryption communications to individual ground stations. The encryption communication techniques proposed in Patent Documents 1 and 2 and Non-Patent Document 1 are not techniques based on such a flexible and hierarchical network configuration.

  For this reason, there has been a demand for a technique for performing cryptographic communication that is secure in terms of information theory by relaying a plurality of unmanned aircraft between a satellite and a plurality of ground stations.

Japanese Patent Laid-Open No. 11-340962 JP 2014-62941 A

K.-H. Rhee, Y.-H. Park, and G. Tsudik, "A Group Key Management Architecture for Mobile Ad-hoc Wireless Networks," J. Inform. Sci. Eng., 21, 415-428 (2005 ). M. Bloch and J. Barros, "Physical-Layer Security," Cambridge University Press, 2011. O. Gungor, F. Chen, and C. E. Koksal, "Secret Key Generation Via Localization and Mobility," IEEE Trans. Vehicular Tech. 64 (6), 2214-2230 (June 2015). H. Liu, J. Yang, Y. Wang, Y. Chen, and CE Koksal, "Group Secret Key Generation via Received Signal Strength: Protocols, Achievable Rates, and Implementation," IEEE Trans. Mobile Computing, 13 (12), pp. 2820--2835 December 2014.

  One-time pad encryption based on ground key sharing has been proposed as a conventional cryptographic communication technique that can guarantee information theoretical security. In this proposed technique, a large number of common intrinsic random numbers are shared in advance between a satellite or a large aircraft before flight and a ground station and stored. The plaintext is encrypted between the satellite or large aircraft after launch or takeoff and the ground station by using the one-time pad encryption based on the stored true random number. Since the encryption key is one-time-use, the information theoretical security can be guaranteed if even the encryption key can be safely shared.

  However, in this encryption communication technology based on this one-time pad cipher, a large amount of true random number data that will not be exhausted for a long time is stored in advance on the satellite side, and this is maintained and managed in the space environment after launch. It's not easy. It is ideal to install a physical random number source on the satellite side and always generate true random numbers within the satellite, but how to use the true random number data between unmanned aircraft and ground stations while ensuring information theoretical safety. The question of whether to share them still remains.

  As another encryption communication technique for ensuring information-theoretic security, a method using physical layer encryption has been proposed in the past (for example, see Non-Patent Documents 2, 3, and 4).

  However, the disclosed technology described in Non-Patent Document 2 relates to pure mathematical research that is a proof of the theorem of information theory, and is specific to constructing a wireless communication network between a satellite or an aircraft and a plurality of ground stations. It does not present a method. In addition, the disclosed technology described in Non-Patent Document 3 implements a secret key exchange method by wireless communication between one-to-one vehicles, and is not intended for one-to-many broadcast encryption communication. On the other hand, Non-Patent Document 4 discloses information relating to a protocol and verification experiment for sharing an encryption key that is secure in terms of information theory by incorporating a relay operation while cooperating between a plurality of wireless communication devices. However, this technology uses noise (random fluctuations in received signal strength) in radio wave propagation channels as the source of cryptographic key generation, and since the source fluctuation rate is limited to at most about kHz, the key generation rate is extremely high. There is the difficulty of being slow. In addition, it is extremely difficult to secure such a random noise source between satellites and high altitude aircraft. Further, this Non-Patent Document 4 does not present a hierarchical network configuration utilizing the navigation function of an aircraft.

  In particular, since it is inevitably required to transmit and receive information to and from a plurality of ground stations instead of a single ground station for a single satellite or aircraft, in realizing the effects expected in the present invention. The technical configuration has not yet been disclosed.

  Accordingly, the present invention has been devised in view of the above-described problems, and its purpose is to perform highly confidential broadcast communication between a satellite or a large aircraft and a plurality of ground stations. Above, an encryption key sharing system via unmanned aerial vehicle that can be relayed via a plurality of unmanned aircraft and share a common encryption key that can guarantee information-theoretic safety, as well as this An object of the present invention is to provide a signal transmission system using an unmanned aerial vehicle for safely transmitting a signal for broadcast encryption communication without being intercepted by another unmanned aircraft, and an unmanned aircraft applied to the system.

  A signal transmission system using an unmanned aerial vehicle according to a first aspect of the present invention is a signal transmission system using an unmanned aerial vehicle for transmitting a radio signal transmitted from another aircraft or other equipment via a plurality of unmanned aircraft. A plurality of transmitters that approach each other up to a range where radio signals having directivity transmitted from other aircraft can be received, and transmit the radio signals by flying away from the range after the radio signals are received. It is characterized by having an unmanned aircraft.

An encryption key sharing system via an unmanned aerial vehicle according to a second invention includes a satellite, a large aircraft flying at a lower altitude than the satellite, and a plurality of unmanned aircraft flying at a lower altitude than the large aircraft. An unmanned aircraft layer of a hierarchy or higher and a plurality of ground stations are generated, and an initial random number R ₀ for an encryption key is generated by the satellite, and this is encrypted and communicated to the large aircraft. Based on the initial random number R ₀ A random number R _ST common to each other can be obtained by transmitting and receiving information on the relationship between the initial random number R ₀ and the random number R ₀ ′ between the large aircraft that has received the random number R ₀ ′ and the satellite. The random number R _LA ^(k) based on the random number R _ST is encrypted and communicated to the ground station by relaying the unmanned aerial vehicle layer from the large aircraft to the large station, and the random number R _LA ^(k) based random number R _n receive ^(k) was This generates a common random number R to each other by sending and receiving information about the mutual association among the random numbers R _n ^(k) and the R _ST, each held between each ground station and the satellites It is characterized by sharing.

An encryption key sharing system via an unmanned aerial vehicle according to a third invention includes a large aircraft, one or more unmanned aircraft layers each including a plurality of unmanned aircraft flying at a lower altitude than the large aircraft, and a plurality of ground stations with the door, the large aircraft by generating an initial random number R _ST of encryption key, which encrypts communication toward the unmanned aircraft layer consisting of one or more hierarchies, the random number R _ST ^(k based on the initial random number R _ST the initial random number R _ST and the random number R _ST ^(k) common random number R _HA each other by sending and receiving information about the mutual association of between ^between) and the plurality of unmanned aircraft and the large aircraft, which has received the Is generated, shared, and relayed through the unmanned aircraft layer, whereby the random number R _LA ^(k) based on the random number R _HA is encrypted and communicated to the ground station, and the random number based on the random number R _LA ^(k) Each ground station receiving R _n ^(k) and the above A common random number R is generated and shared by transmitting / receiving information on the mutual relation between the random number R _n ^(k) and the R _HA between each large aircraft. Features.

  An encryption key sharing system via an unmanned aerial vehicle according to a fourth aspect of the present invention is the encryption key sharing system according to any one of the second and third aspects, wherein the large aircraft or the unmanned aircraft in the unmanned aircraft layer The communication characteristic is evaluated, and it is determined whether or not to transmit the random number based on the evaluation result of the communication characteristic.

  An unmanned aerial vehicle according to a fifth aspect of the present invention is applied to the encryption key sharing system according to any one of the second to fourth aspects of the present invention, and includes communication means for receiving and relaying the random number. To do.

An encryption key sharing system via a mobile unit according to a sixth aspect of the present invention includes a central control station and one or more mobile unit layers each including a plurality of mobile units capable of wireless communication with the central control station. The mobile station generates an initial random number R _ST for the encryption key, _performs encryption communication to a mobile layer composed of one or more layers, and receives the random number R _ST ^(k) based on the initial random number R _ST A common random number R _HA is generated by transmitting and receiving information on the relationship between the initial random number R _ST and the random number R _ST ^(k) between the mobile body in the body layer and the central control station. Then, by sharing this and relaying the mobile layer, the random number R _LA ^(k) based on the random number R _HA is encrypted and communicated to the terminal mobile at the end of the mobile layer, and the random number R _LA ⁽ between each terminal mobile unit that has received a random number R _n ^(k) based on ^k) and the central control station A common random number R is generated and shared by transmitting and receiving information on the mutual relationship between the random number R _n ^(k) and the R _HA held by each other.

Further, regarding the second invention, more specifically, a satellite, a large aircraft flying at a lower altitude than the satellite, and a plurality of unmanned aircraft each including a plurality of unmanned aircraft flying at a lower altitude than the large aircraft. A stratospheric link having an aircraft layer and a ground station and transmitting a random number for a cryptographic key from the satellite to the large aircraft; a relay link transmitting the random number from the large aircraft to the unmanned aircraft layer; and the unmanned A ground link for transmitting the random number from the aircraft layer to the ground station, and generating an initial random number R ₀ for an encryption key by the satellite, performing encrypted communication with the large aircraft, and transmitting the initial random number R ₀ By transmitting and receiving information on the mutual relationship between the initial random number R ₀ and the random number R ₀ ′ between the large aircraft and the satellite that have received the random number R ₀ ′ based on A stratospheric link step for generating and sharing a common random number R _ST , and performing cryptographic communication of the random number R _ST from the large aircraft to a plurality of first unmanned aircraft in a first unmanned aircraft layer, between the random number R _ST ^(k) the first respective unmanned aircraft and the large aircraft that receives the based on R _ST information about each other relevancy between the random number R _ST and the random number R _ST ^(k) a high altitude link step of sharing this generates a common random number R _HA each other by sending and receiving, low altitude than the one the first of the above from the unmanned aircraft random number R _HA said first unmanned aircraft layer A plurality of second unmanned aerial vehicles that have received a random number R _HAk ⁽ⁱ⁾ based on the random number R _HA and that have been encrypted and communicated to a plurality of second unmanned aircraft in a second unmanned aircraft layer Random number R _HA with the first unmanned aerial vehicle And the random number R common to each other by transmitting and receiving information on the mutual relation between the random numbers R _HAk ^(i).
_LA and the low altitude link step of sharing this generates a ^(k), the random number R _LA ^(k) from the second unmanned aircraft to encrypted communication with respect to the ground station, the random number R _LA ^(k) the transmitting and receiving information about the association of each other between the random number R _n ^(k) and the R _ST, each held between each ground station and the satellite, which has received the random number R _n ^(k) based on And a ground link step for generating a common random number R and sharing it.

  According to the present invention having the above-described configuration, a radio signal transmitted from another aircraft is transmitted through a plurality of unmanned aircraft, and a radio having directivity transmitted from another aircraft flying over the aircraft. A plurality of unmanned aerial vehicles approach each other to a range where signals can be received, and after receiving a radio signal, depart from the above range and fly away from each other.

  As a result, even if ground stations are dispersed, unmanned aircraft can fly to individual ground stations by relaying multiple unmanned aircraft between the satellite and multiple ground stations. It becomes possible to perform encrypted communication without omission. According to the present invention having the above-described configuration, since the random numbers held by the satellite and each ground station are generated based on the initial random number, there are of course bits that are common to each other. There are random numbers that are highly related to each other. For this reason, it is possible to find common bits through simple transmission / reception of metadata and generate common random numbers. For this reason, the satellite and the ground station can perform cryptographic communication that guarantees information theoretical safety by creating and transmitting and receiving a one-time pad cipher using a common random number as an encryption key. In particular, since the initial random number can be generated infinitely via the initial random number generation unit on the satellite side, there is no possibility of exhaustion. Once a satellite is launched, it is almost impossible to replenish random numbers along the way. However, according to the present invention, a common encryption key is shared between the satellite and each ground station based on the initial random number generated from the satellite. As a result, it is possible to continuously generate new random numbers. Furthermore, according to the present invention, it is possible to continue encryption communication based on the one-time pad encryption that can guarantee the information theoretical safety for the entire system by using the above-described physical layer encryption for the encryption communication between the links. It becomes. Furthermore, the satellite can continue the encryption communication based on a so-called one-to-many one-time pad encryption with a plurality of ground stations spread over the ground.

It is a figure which shows the whole structure of the encryption key sharing system to which this invention is applied. It is a figure which shows the system configuration | structure of a satellite. 1 is a diagram showing a system configuration of a large aircraft. It is a figure which shows the system configuration | structure of an unmanned aerial vehicle. It is a figure for demonstrating the processing operation method in a stratosphere link. It is a figure for demonstrating the processing operation method in a high-altitude link. It is a figure for demonstrating the flight operation | movement of each unmanned aerial vehicle of the 1st unmanned aerial vehicle layer at the time of transfering to a low-altitude link. It is a figure for demonstrating the processing operation method in a low-altitude link. It is a figure for demonstrating the flight operation | movement of each unmanned aircraft of the 2nd unmanned aircraft layer at the time of transfering to a ground link. It is a figure for demonstrating the metadata produced | generated in each ground station. It is a figure for demonstrating the example which transmits the last metadata to a satellite via a central base station from each ground station. It is a figure which shows the example transmitted by broadcasting final metadata with respect to all the ground stations from a satellite. It is a figure which shows the example which applies this invention to the wireless encryption communication on the ground or near the ground.

  Hereinafter, an embodiment for implementing an encryption key sharing system to which the present invention is applied will be described in detail with reference to the drawings.

  FIG. 1 shows the overall configuration of an encryption key sharing system 1 to which the present invention is applied. The encryption key sharing system 1 includes a satellite 2, a large aircraft 3 flying at a lower altitude than the satellite 2, an unmanned aircraft layer 4 composed of one or more layers flying at a lower altitude than the large aircraft 3, and a plurality of ground stations. 5 and a central base station 6 connected to each ground station 5. This encryption key sharing system 1 is intended to share a common encryption key necessary for performing one-time pad encryption that can guarantee information theoretical security between the satellite 2 and each ground station 5. Yes.

  The satellite 2 orbits the earth-synchronous orbit (GEO: Geostationary Earth Orbit) having an orbital period that coincides with the rotation period of the earth, or is on an orbit located about 500 to 2000 km above the ground. It is an artificial satellite that orbits the LEO (Low Earth Orbit) or the like that rotates independently of its rotation period. The satellite 2 may be launched based on any application. FIG. 2 shows the system configuration of the satellite 2. The satellite 2 includes an initial random number generation unit 21, an encoding processing unit 22 connected to the initial random number generation unit 21, and a satellite communication unit 23 connected to the encoding processing unit 22.

The initial random number generation unit 21 is a random number source that randomly generates a random number as an encryption key necessary for encrypted communication. Hereinafter, the initial random number generated by the initial random number generation unit 21 is referred to as a random number R ₀ . In the following description, the initial random number generation unit 21 will be described by taking as an example the case of generating a random number R ₀ as a physical random number sequence for an encryption key. However, the present invention is not limited to this and is used for encryption. Any random number sequence for the encryption key may be used. The initial random number generation unit 21 outputs the generated random number R ₀ to the encoding processing unit 22.

The encoding processing unit 22 performs appropriate encoding for the random number R ₀ sent from the initial random number generating unit 21 to prevent error correction and leakage to an eavesdropper. That is, the encoding processing unit 22 converts the random number R _{0 serving} as the base of the encryption key to be shared with the ground station 5 into plaintext, performs appropriate encryption processing on this, and sends this to the satellite communication unit 23. And send. The encryption processing performed in the encoding processing unit 22 may be based on any conventional encryption method that can ensure information theoretical safety.

The satellite communication unit 23 converts the encoded random number _R0 sent from the encoding processing unit 22 into a radio signal by superimposing the encoded random number _R0 on radio waves, laser light, etc. Send to. The satellite communication unit 23 receives a radio signal composed of radio waves and laser light transmitted from the large aircraft 3 and the central base station 6.

  The large aircraft 3 is a manned or unmanned aircraft such as a passenger aircraft, a transport aircraft, a military aircraft, and various observation aircraft. The large aircraft 3 is not limited to the actual large size but is a concept that includes a small aircraft. However, the large aircraft 3 flies in the stratosphere or troposphere and is superimposed on radio waves or laser light with the satellite 2. Send and receive wireless signals.

  As shown in FIG. 3, the large aircraft 3 flies based on the flight control unit 30, and besides this, the satellite communication unit 31, the encoding / decoding unit 32 connected to the satellite communication unit 31, and the encoding / decoding A radio communication unit 33 connected to the encoding unit 32, and an arithmetic processing unit 34 connected to the encoding / decoding unit 32. Further, a surveillance camera 35 connected to the flight control unit 30 and the arithmetic processing unit 34 is further provided.

  The satellite communication unit 31 receives a radio signal transmitted from the satellite 2 and transmits it to the encoding / decoding unit 32. The satellite communication unit 31 superimposes the signal transmitted from the encoding / decoding unit 32 on the radio wave or the laser beam and transmits the signal to the satellite 2.

  The encoding / decoding unit 32 decodes a signal transmitted from the satellite communication unit 31 or the wireless communication unit 33 and transmits the decoded signal to the arithmetic processing unit 34. In addition, the encoding / decoding unit 32 performs appropriate encoding / encryption processing to prevent error correction and leakage to an eavesdropper on the random number sequence transmitted from the arithmetic processing unit 34, and performs wireless communication on the random number sequence. To the unit 33.

  The arithmetic processing unit 34 decodes a signal such as a random number sequence from the encoding / decoding unit 32 and performs various controls.

  The wireless communication unit 33 converts the random number sequence from the encoding / decoding unit 32 into a radio signal by superimposing the random number sequence on radio waves, laser light, or the like, and transmits this to the unmanned aircraft layer 4. The wireless communication unit 33 receives a radio signal including radio waves and laser light transmitted from the unmanned aircraft layer 4.

  The monitoring camera 35 confirms the visual field of the communication path by taking an image with the shooting direction directed toward the communication path. Data captured by the monitoring camera 35 is sent to the flight control unit 30 and the arithmetic processing unit 34 and used for various determinations.

  As shown in FIG. 1, a first unmanned aircraft layer 4-1 and a second unmanned aircraft layer 4-2 are assigned to the unmanned aircraft layer 4 in order from a high altitude. However, this unmanned aircraft layer 4 should just be comprised by at least 1 layer, and may be allocated over 3 layers or more. In the following example, a case where the unmanned aircraft layer 4-1 and 4-2 are configured as two layers will be described as an example.

  A plurality of unmanned aerial vehicles 40 are respectively arranged in the unmanned aircraft layers 4-1 and 4-2. The unmanned aerial vehicle 40 here is a so-called small and capable of unmanned flight, and a typical one is a drone (multi-copter). However, the unmanned aircraft 40 is not limited to this, and is embodied by an unmanned helicopter. It may be made.

  The unmanned aerial vehicle 40-1 assigned to the first unmanned aerial vehicle layer 4-1 located at the highest altitude transmits and receives various information to and from the large aircraft 3 flying at a higher altitude than itself. The unmanned aerial vehicle 40-1 transmits and receives various information to and from the unmanned aerial vehicle 40-2 in the second unmanned aerial vehicle layer 4-2 flying at a lower altitude than itself. In addition, the unmanned aircraft 40-2 assigned to the second unmanned aircraft layer 4-2 is in contact with the unmanned aircraft 40-1 in the first unmanned aircraft layer 4-1 flying at a higher altitude than itself. Send and receive various information. The unmanned aerial vehicle 40-2 transmits / receives various information to / from the ground station 5.

  FIG. 4 shows a block configuration of a control unit 45 for controlling the unmanned aerial vehicle 40. The control unit 45 is supplied with electric power from the connected battery 44 and is centered on the flight controller 50. The encoding / decoding unit 52, the radio communication unit 51, and the ESC (Electronic Speed Controller) are connected to the control unit 45, respectively. 54.

  The unmanned aerial vehicle 40 can obtain buoyancy by rotating a plurality of rotors. The rotor can be rotated based on the rotation of the rotor motor 42. The rotor motor 42 can rotate based on the electric power supplied from the battery 44. By rotating the rotor motor 42, the rotor can be rotated, and the unmanned aircraft 40 can be immediately raised or lowered in the vertical direction, or can be stopped on the spot. In addition, when the unmanned aircraft 40 is moved back and forth and left and right, the rotational speed of the rotor motor 42 in the traveling direction is decreased, and the rotational speed of the rotor motor 42 on the side opposite to the traveling direction is increased. As a result, the unmanned aerial vehicle 40 has a forward leaning posture with respect to the traveling direction, and can move in the traveling direction. Further, by adjusting the output according to the rotation direction of the rotor motor 42, the unmanned aircraft 40 itself can be rotated. The rotation speed of the rotor motor 42 is controlled through the ESC 54 under the control of the flight controller 50 in the control unit 45.

  The wireless communication unit 51 performs frequency conversion and other various conversion processes necessary for wireless communication with the large aircraft 3 and other unmanned aircraft 40, and further with ground stations, and converts electrical signals into radio waves. Alternatively, an antenna that converts radio waves into electrical signals is also included. The wireless communication unit 51 also includes a converter that converts laser light into an electric signal or converts an electric signal into a laser light. The wireless communication unit 51 converts an electric wave transmitted from the outside or a signal superimposed on a laser beam into an electric signal and outputs the electric signal to the encoding / decoding unit 52. The wireless communication unit 51 transmits the signal transmitted from the encoding / decoding unit 52 to the outside by superimposing the signal on radio waves or laser light.

  The encoding / decoding unit 52 decodes the signal transmitted from the wireless communication unit 51 and transmits it to the flight controller 50. The encoding / decoding unit 52 performs appropriate encoding / encryption processing on the random number sequence sent from the flight controller 50 to prevent error correction and leakage to an eavesdropper, and outputs this to the wireless communication unit. To 51.

  The flight controller 50 includes a control unit 57, a flight control sensor group 55 and a GPS reception unit 56 connected to the control unit 57.

  The control unit 57 is a so-called central processing unit for controlling all the components. The control unit 57 reads out a program stored in a memory (not shown) and notifies each component of an instruction for performing various operations. For example, if the program stored in the memory is related to the encryption processing method and the flight method in the unmanned aircraft 40, the encryption processing is performed based on the program, or various instructions for flying are statically set for each configuration. Send to element.

  The flight control sensor group 55 includes at least an acceleration sensor, an angular velocity sensor, an atmospheric pressure sensor (altitude sensor), a geomagnetic sensor (direction sensor), an altimeter for detecting a flight altitude, and a wind direction anemometer for detecting a wind speed and a wind direction. It is composed of various sensors such as an acceleration sensor and a gyro sensor for detecting the tilt angle and tilt direction of the airframe. The flight control sensor group 55 transmits each detected data to the control unit 57.

  The GPS receiving unit 56 acquires real-time position information at the time of flight of the unmanned aircraft 40 based on a satellite positioning signal sent from an artificial satellite. The GPS receiving unit 56 transmits the acquired position information to the control unit 57.

  Of the above-described components, the flight controller 50, the ESC 54, etc. are all connected to the battery 44 and supplied with power.

  The ground stations 5 are base stations for wireless communication scattered on the ground. The ground station 5 is not limited to a base station that is completely fixed on the ground, but also includes a mobile base station that is mounted on a vehicle or the like. The ground station 5 is configured to be capable of wireless communication with the unmanned aircraft 40 in the second unmanned aircraft layer 4-2. In addition, the central base station 6 connected to each ground station 5 enables satellite communication with the satellite 2.

  Next, an encryption key sharing processing operation method by the encryption key sharing system 1 having the above-described configuration will be described. As shown in FIG. 1, the encryption key sharing processing operation is a stratospheric link performed between the satellite 2 and the large aircraft 3, and the high altitude performed between the large aircraft 3 and the first unmanned aircraft layer 4-1. Link, low altitude link between the first unmanned aircraft layer 4-1 and the second unmanned aircraft layer 4-2, between the second unmanned aircraft layer 4-2 and the ground station 5 Can be classified as a ground link.

The stratospheric link generates a common random number R _ST with the large aircraft 3 based on the initial random number R ₀ transmitted from the satellite 2, and the high altitude link based on the R _ST transmitted from the large aircraft 3. A common random number R _HA is generated with the first unmanned aircraft layer 4-1. In the low altitude link, a common random number R _LA is generated between the second unmanned aircraft layer 4-2 based on R _HA transmitted from the first unmanned aircraft layer 4-1, and in the ground link, A common random number R is generated between each ground station 5 and the satellite 2 based on R _LA transmitted from the second unmanned aircraft layer 4-2. The random number R ′ initially acquired by the ground station 5 from the second unmanned aircraft layer 4-2 is based on the initial random number R ₀ , but the generated random numbers R _ST , R _HA , R _LA , R ′ has a high ratio of being linked to each other. The ground station 5 transmits / receives metadata to / from the satellite 2 via the central base station 6, and generates a common random number R from random numbers R _ST and R ′ that are held and linked to each other. This is shared as an encryption key.

  Hereinafter, processing operations will be described in order from the stratospheric link. In the stratosphere link, first, as shown in FIG. 5, the large aircraft 3 performs communication path characteristic evaluation on the communication path with the satellite 2. In this communication path characteristic evaluation, for example, the surveillance camera 35 in the large aircraft 3 is used to check the field of view of the communication path to the satellite 2 and there is no suspicious eavesdropper flying between the satellite 2 and the like. Check. In this communication path characteristic evaluation, the large aircraft 3 may transmit the probe signal by directing the probe signal to the communication path via the satellite communication unit 31, for example. The channel characteristics may be estimated through the probe signal, and the characteristic evaluation may be performed by comparing with the communication characteristic evaluation data based on the past probe signal.

Through such communication path characteristic evaluation, it was confirmed that there was no eavesdropping vehicle between the large aircraft 3 and the satellite 2, or that even if there was an eavesdropping flight vehicle, this was considerably away from the communication path. Thereafter, the satellite 2 generates an initial random number R ₀ . The initial random number R ₀ is generated in the initial random number generation unit 21, sent to the encoding processing unit 22, and then subjected to error correction and the like. At this time, in the stratospheric link, the initial random number R ₀ as plain text may be encrypted by any conventional encryption technology that can ensure information theoretical safety. The encrypted initial random number R ₀ is transmitted to the large aircraft 3 via the satellite communication unit 23.

Data composed of ciphertext including the random number R ₀ transmitted to the large aircraft 3 as plaintext is received by the satellite communication unit 31 in the large aircraft 3 and decrypted by the encoding / decoding unit 32. Here, a random number obtained by being received and decrypted by the large aircraft 3 is set as a random number R ₀ ′. The random number R ₀ ′ may be completely the same as the initial random number R ₀ , but may not necessarily be the same depending on the wireless communication environment.

In the process of transmitting the initial random number R ₀ in the stratospheric link, for example, encryption may be performed by physical layer encryption. As the physical layer encryption, an appropriate one may be selected and used from the two methods of secret message transmission and secret key exchange.

In the secret message transmission, a message is transmitted in one direction through one communication path. When the communication path is relatively good, in other words, it is used when it can be determined that the SN ratio of the large aircraft 3 as a regular receiver is superior to the SN ratio of the eavesdropper 83. In such a case, it can be assumed that the large aircraft 3 can receive the data of the initial random number R _{0 with} a small error rate.

When confidential message transmission is employed, an initial random number R ₀ is transmitted in one direction from the satellite 2 to the large aircraft 3. At this time, in order to perform more reliable transmission, the satellite 2 may prepare a plurality of copies of the initial random number R ₀ and transmit them to the large aircraft 3 by interleaving. The encoding / decoding unit 32 in the large aircraft 3 can obtain a plurality of random numbers after performing error correction. One of them is a random number R ₀ ′.

Since the initial random number R ₀ and the random number R ₀ ′ may be different from each other, the satellite 2 and the large aircraft 3 are common to each other as shown in FIG. A processing operation for obtaining the random number R _ST is executed.

In the secret message transmission, a common random number R _ST may be extracted by discarding bits that are different from each other between the initial random number R ₀ and the random number R ₀ ′, that is, trimming a so-called residual error. . The satellite 2 and the large aircraft 3 may perform these negotiations via a public communication path. In such a case, the relevance of each other's data such as what bit position is common or different between the satellite 2 and the large aircraft 3 may be mutually confirmed. Examples of negotiations that take place between these satellites 2 and large aircraft 3 include how many bit positions are used, how many bits are averaged, and how much error is generated. The transmission / reception of only the information related to the sex is always started, and the mutual relations are confirmed only by the fragmented attribute information without disclosing or suggesting the random numbers R ₀ , R ₀ ′ on the public communication path. . As a result, specific numerical values of the initial random number R ₀ and the random number R ₀ ′ are not leaked to the outside only by transmitting / receiving such bit positions.

Through these confirmations, the arithmetic processing unit 34 in the large aircraft 3 finally determines the bit position to be left out of the random number R ₀ ′ and the bit position to be discarded. This remaining bit position is common to the initial random number R ₀ , and the discarded bit position is considered to be different from the initial random number R ₀ . The large aircraft 3 notifies the satellite 2 of what bit position to discard via the public communication path, and the satellite 2 discards the bit at the notified bit position. Similarly, the large aircraft 3 discards the bit at the bit position notified to the satellite 2 to be discarded. As a result, the satellite 2 and the large aircraft 3, so that the mutually leaving a random number R _ST as a common encryption key. In order to create a state in which the SN ratio of the large aircraft 3 as a regular receiver is better than the SN ratio of the eavesdropper 83, the distance between the satellite 2 and the large aircraft 3 is measured, or the communication distance in advance. And the signal intensity of the satellite communication unit 23 of the satellite 2 may be adjusted so that the error rate defined in advance in the satellite communication unit 31 of the large aircraft 3 is obtained for these distances.

By the way, when the communication path is relatively poor, the error rate of received data in the large aircraft 3 is large, and in the above-described secret message transmission, there are too many bit positions that are different from each other under a poor communication environment, and the initial random number R _A considerable bit position from ₀ must be discarded and a random number R _ST as an encryption key must be extracted. As a result, the size of the random number R _ST as a common encryption key is greatly reduced from the initial random number R ₀ . In particular, depending on the conditions of the communication path, the random number R _ST as a common encryption key may not be shared.

  For this reason, when the communication path is relatively inferior, if it is determined that the SN ratio of the eavesdropper 83 is superior to the SN ratio of the large aircraft 3 of the authorized receiver, the secret key exchange in the physical layer encryption is performed. Do. In this secret key exchange, in addition to a communication channel that shares a random number, a public communication channel for key distillation is prepared. An encryption key that secures information-theoretic safety is generated by appropriately combining a communication channel that shares this random number and a public communication channel for key distillation.

  On the contrary, this secret key exchange method can be adopted even when the SN ratio of the eavesdropper 83 is inferior to that of the large aircraft 3 of the authorized receiver. However, in this secret key exchange method, it is necessary to prepare another public communication path in addition to the path for sharing the random number as described above, and thus consumes extra power and communication time. For this reason, when selecting one of the methods, the priority of the confidential message transmission is increased, and the secret signal is secret only when the SN ratio of the eavesdropper 83 is superior to the SN ratio of the large aircraft 3 of the authorized receiver. It is desirable to select a key exchange method.

In this secret key exchange, the initial random number R ₀ is regarded as a transmission message (plain text) from the satellite 2 side as described above, and appropriate encoding is performed to prevent error correction and leakage to an eavesdropper to the large aircraft 3. Send. The random number R ₀ ′ acquired by the large aircraft 3 is further subjected to an appropriate key distillation process. As a result, in this key distillation step as well, the random numbers R ₀ and R ₀ ′ are never disclosed or suggested on the public communication path, and only the information indicating the fragmentary association is confirmed. This makes it possible to generate a common random number R _ST without leaking specific numerical values of the initial random number R ₀ and the random number R ₀ ′ to the outside.

If the size of the random number R _ST of the common encryption key is greatly reduced from the size of the initial random number R ₀ as a result of adopting the physical layer encryption described above, in other words, the size (key length) L of the random number R _ST If only a key length L ₀ ′ shorter than that can be distilled with respect to the _ST , means for expanding the key to L _ST / L ₀ ′ times may be implemented by the method described below. In this key expansion, Rs ₂ ... Is sequentially generated from the initial random number R ₀ by random shuffling to generate another random number Rs ₁ and the random number Rs _{1 in a} similar process. Then, the generated random numbers Rs ₁ to Rs _X may be sequentially connected and extended to the required size L _ST to extend the key. At this time, instead of performing random shuffle, the key expansion of L _ST / L ₀ ′ times may be performed by a simple calculation using a random number generated on the spot.

  Further, in this stratospheric link, the communication path characteristic evaluation result initially performed may be reflected in the parameters of the physical layer encryption. Examples of parameters to be reflected are redundancy for error correction, code length, message rate, compression rate for increasing confidentiality, and the like.

Satellite 2 and large aircraft 3, holds each common random number R _ST produced in the stratosphere link as described above. The large aircraft 3 uses the generated random number _RST to shift to a high altitude link described below.

  When the transition to the high altitude link is made, the plurality of unmanned aircraft 40-1 in the first unmanned aircraft layer 4-1, as shown in FIG. Are close to each other to the extent that signals can be broadcast. This signal is premised on being transmitted with directivity in either direction as shown in FIG. In such a case, the large aircraft 3 also descends to lower the altitude to near the altitude at which each of these unmanned aircraft 40-1 stands. At this time, each unmanned aerial vehicle 40-1 may also be raised in height so as to be closer to the large aircraft 3.

  At this time, there is a high possibility that the laser beam or radio wave broadcast from the large aircraft 3 is captured by the flying body of another eavesdropper 83 when the radiation angle is wide. For this reason, by narrowing the beam of laser light broadcast from the large aircraft 3 as much as possible, or by reducing the directivity of radio waves as much as possible, a range including a so-called secure zone in which the unmanned aircraft 40-1 can receive signals is formed. Even when the beam or the like broadcast from the large aircraft 3 is actually narrowed, if a drone is used as the unmanned aerial vehicle 40-1, a plurality of unmanned aircraft 40-1 is, for example, a secure zone area having a diameter of about 10 m. It is also possible to fly while substantially stopping in the state of being close to each other.

  Also in this high altitude link, the large aircraft 3 and / or the unmanned aircraft 40-1 perform communication path characteristic evaluation for each communication path. In this communication path characteristic evaluation, for example, the surveillance camera 35 in the large aircraft 3 and the flight control sensor group 55 of the unmanned aircraft 40-1 are used to confirm the visual field of each other's communication path. Make sure you are not flying. Further, in the channel characteristic evaluation in this high altitude link, the channel characteristic may be evaluated via a probe signal.

Through such communication path characteristic evaluation, there is no wiretapping vehicle between the large aircraft 3 and the plurality of unmanned aircraft 40-1, or even if there is a wiretap vehicle, it is considerably separated from the communication channel. After confirming the above, the large aircraft 3 _converts the generated _RST into plain text, and encodes and encrypts the generated RST in the encoding / decoding unit 32, and a plurality of unmanned aircraft in the secure zone via the wireless communication unit 33. Broadcast to 40-1. This broadcast includes any concept as long as a signal is wirelessly transmitted from the wireless communication unit 33 to the plurality of unmanned aircraft 40-1 in the secure zone. Note that the present invention is not limited to the case where it is determined whether or not to transmit a random number according to the communication path characteristic evaluation result, and this step may be omitted.

Comprising data from the ciphertext that includes a plurality of unmanned aircraft 40-1 broadcast random number R _ST toward the plaintext, is received by the wireless communication unit 51 of each unmanned aircraft 40-1, decodes the encoding decoding portion 52 It becomes. Here, a random number obtained by being received and decrypted by each unmanned aircraft 40-1 is assumed to be a random number R _ST ⁽ⁿ⁾ . The random number R _ST ⁽ⁿ⁾ may be completely the same as the random number R _ST , but may not necessarily be the same depending on the wireless communication environment. Further, since the communication environments may be different between the plurality of unmanned aircraft 40-1, the received random numbers R _ST ⁽ⁿ⁾ may be different from one another. Hereinafter, the random numbers received by the k unmanned aircraft 40-1 are R _ST ⁽¹⁾ , R _ST ⁽²⁾ , R _ST ⁽³⁾ ,..., R _ST ^(k) , respectively.

In the process of transmitting the random number _RST on this high altitude link, it may be encrypted based on any encryption method that can ensure information theoretical safety, but may be encrypted by physical layer encryption, for example. As the physical layer cipher, an appropriate one is selected from the two methods of secret message transmission and secret key exchange based on the SN ratio of the unmanned aircraft 40-1 of the legitimate receiver and the SN ratio of the eavesdropper 83. May be used.

  The secret message transmission is used when it can be determined that the SN ratio of the unmanned aircraft 40-1 as a regular receiver is superior to the SN ratio of the eavesdropper 83.

When the secret message transmission is employed, the random number _RST is transmitted in one direction from the large aircraft 3 toward the unmanned aircraft 40-1. Large aircraft 3 this time, for more secure transmission, a copy of the random number R _ST preparing a plurality may be transmitted toward the unmanned aircraft 40-1 these by interleaving. The encoding / decoding unit 52 in the unmanned aerial vehicle 40-1 performs error correction and then performs random numbers R _ST ⁽¹⁾ , R _ST ⁽²⁾ , R _ST ⁽³⁾ ,..., R _ST ^{(k )} Can be obtained.

Random number R _ST and the random number ^{_{R ST (1), R ST}} (2), R ST (3), ····, even while mutually associativity and R _ST ^(k) is to some extent present, are different from each other Since there is a possibility, the large aircraft 3 and each unmanned aircraft 40-1 execute processing operations for obtaining a common random number R _HA as shown in FIG. To do.

This confidential message transmission, after restoring multiple copies of interleaved random number R _ST, performs Reaper residual error, to extract the random number data. However, the random number data that can be actually acquired by each unmanned aerial vehicle 40-1 due to the difference in the channel characteristics among the plurality of unmanned aircraft 40-1 are random numbers R _ST ⁽¹⁾ , R _ST ⁽²⁾ , R _ST ⁽³⁾ ,..., R _ST ^(k) . The large aircraft 3 and each unmanned aircraft 40-1 confirm the mutual relation between the random number R _ST and the random numbers R _ST ⁽¹⁾ , R _ST ⁽²⁾ , ..., R _ST ^(k). By negotiating, a negotiation is performed to obtain a common subset R _HA of random numbers. This negotiation is carried out through the transmission and reception of the metadata D _HA in the public communication path. The metadata D _HA to be transmitted / received should include only information relating to the mutual relationship of data such as what bit position is used and how much error is caused by averaging what bit. Thus, the random numbers R _ST and R _ST ⁽ⁿ⁾ are never disclosed or suggested on the public communication channel, and only the pieces of information relating to the fragmentary association are confirmed. As a result, specific random numbers R _ST and R _ST ⁽ⁿ⁾ do not leak to the outside.

In the large aircraft 3, the random number R _ST and the random numbers R _ST ⁽¹⁾ , R _ST ⁽²⁾ , R _ST ⁽²⁾ in all the unmanned aircraft 40-1, based on the metadata D _HA sent from each unmanned aircraft 40-1. Bit positions common to R _ST ⁽³⁾ ,..., R _ST ^(k) are determined. And the metadata DHA which newly included the information regarding this determined bit position is produced _| generated, and this is transmitted with respect to each unmanned aircraft 40-1. Each unmanned aircraft 40-1 which has received the metadata D _HA is common bit position to each other is described in the meta data D _HA (left bit position), or based on the discarded bit position information, the bits discarded I do. Similarly, the large aircraft 3 leaves bits in bit positions common to each other and discards bits in other bit positions. As a result, random number data R _HA as a common encryption key is generated between the large aircraft 3 and all the unmanned aircraft 40-1.

  In order to create a state in which the SN ratio of the unmanned aircraft 40-1 as a regular receiver is better than the SN ratio of the eavesdropper 83, the distance between the large aircraft 3 and the unmanned aircraft 40-1 is measured, Alternatively, the communication distance is defined in advance, and the signal strength of the radio communication unit 33 of the large aircraft 3 is adjusted so that the error rate defined in advance in the radio communication unit 51 in the unmanned aircraft 40-1 is set for these distances. Also good.

Also, in this high altitude link, when the communication path is relatively poor, it is determined that the SN ratio of the eavesdropper 83 is superior to the SN ratio of the unmanned aircraft 40-1 of the authorized receiver. The secret key exchange in the physical layer encryption is performed. In this secret key exchange is regarded as a large aircraft 3 transmits the random number R _ST in the same manner as described above from the side message (plain text), unmanned aerial vehicle is subjected to appropriate encoding in order to prevent leakage of the error correction and eavesdroppers 40- Send to 1. Each unmanned aerial vehicle 40-1 performs a key distillation process on the acquired random numbers R _ST ⁽¹⁾ , R _ST ⁽²⁾ ,..., R _ST ^(k) . As a result, in this key distillation step, the random number R _ST , R _ST ⁽ⁿ⁾ is never disclosed or suggested on the public communication channel, and only the fragment attribute information is confirmed through the metadata D _HA. Fit. As a result, only by transmitting and receiving such bit positions, specific random numbers R _ST and R _ST ⁽ⁿ⁾ are not leaked to the outside, and a common random number R _HA can be generated.

  In the description of the physical layer encryption in the high altitude link, it is needless to say that any of the other processing operation methods may be the method described in the stratosphere link.

The large aircraft 3 and each unmanned aircraft 40-1 hold the common random number R _HA generated by the high altitude link as described above. The unmanned aerial vehicle 40-1 uses the generated random number R _HA to shift to a low altitude link described below.

  When the transition is made to the low altitude link, as shown in FIG. 7, each of the plurality of unmanned aircraft 40-1 in the first unmanned aircraft layer 4-1 deviates from the range of the secure zone set in the high altitude link, They are separated from each other and descend to the flight altitude of the second unmanned aircraft layer 4-2. Instead, the unmanned aircraft 40-2 in the second unmanned aircraft layer 4-2 may rise to the flight altitude of the first unmanned aircraft layer 4-1. Further, the unmanned aircraft 40-1 may descend and the unmanned aircraft 40-2 may rise.

  The plurality of unmanned aerial vehicles 40-1 descend in respective airspaces at low altitudes. It is assumed that a plurality of unmanned aircraft 40-2 are flying in each airspace in the second unmanned aircraft layer 4-2 at a low altitude. It is assumed that a plurality of unmanned aircraft 40-2 are assigned in advance to each unmanned aircraft 40-1 that has descended to each airspace. The plurality of unmanned aerial vehicles 40-2 in each airspace approach each other up to a range where a signal such as a laser beam or a radio wave superimposed with a random number sequence from the unmanned aerial vehicle 40-1 can be broadcast.

  Laser light and radio waves broadcast from the unmanned aerial vehicle 40-1 form a secure zone by further narrowing the radiation angle, and a plurality of unmanned aircraft 40-2 can be connected to each other even in the secure zone region formed in this narrow region. Fly while stopping in close proximity. The broadcast described above includes any concept as long as the signal is wirelessly transmitted to a plurality of unmanned aircraft 40-2 in the secure zone. This wirelessly transmitted signal is assumed to be transmitted with directivity in any direction as shown in FIG.

  Also in this low-altitude link, the unmanned aircraft 40-1 and / or the unmanned aircraft 40-2 perform the communication path characteristic evaluation on the communication path as shown in FIG. This channel characteristic evaluation method is the same as that for the high altitude link.

After confirming that there is no eavesdropping vehicle between the unmanned aircraft 40-1 and the plurality of unmanned aircraft 40-2 through the communication path characteristic evaluation, the unmanned aircraft 40-1 uses the generated R _HA as plaintext. Is encoded and encrypted by the encoding / decoding unit 52 and broadcast to the plurality of unmanned aircraft 40-2 in the secure zone via the wireless communication unit 51.

Data composed of ciphertext including the random number R _HA broadcasted to a plurality of unmanned aircraft 40-2 as plaintext is received by the wireless communication unit 51 in each unmanned aircraft 40-2 and decrypted by the encoding / decoding unit 52. It becomes. Here, a random number obtained by being received and decrypted by each unmanned aerial vehicle 40-2 is set as a random number R _HAk ⁽ⁿ⁾ . The random number R _HAk ⁽ⁿ⁾ may be completely the same as the random number R _HA , but may not necessarily be the same depending on the wireless communication environment. Further, since the communication environments may be different between the plurality of unmanned aircraft 40-2, the received random numbers R _HAk ⁽ⁿ⁾ may be different from one another. Hereinafter, the random numbers received by the k unmanned aircraft 40-2 are R _HAk ⁽¹⁾ , R _HAk ⁽²⁾ ,..., R _HAk ^(k) , respectively.

In the process of transmitting the random number R _HA on this low-altitude link, any encryption communication method that can ensure information theoretical security may be applied, but encryption may be performed by physical layer encryption, for example. As the physical layer cipher, an appropriate one is selected from the two methods of secret message transmission and secret key exchange based on the SN ratio of the unmanned aircraft 40-2 of the legitimate receiver and the SN ratio of the eavesdropper 83. May be used. The specific method of secret message transmission and secret key exchange is the same as that of the high altitude link, and thus the description thereof will be omitted. In any method, the random number R _HA transmitted from the unmanned aerial vehicle 40-1 and each unmanned aircraft 40 -2 received random numbers R _HAk ⁽¹⁾ , R _HAk ⁽²⁾ , R _HAk ⁽³⁾ ,..., R _HAk ^(k) may be related to each other but may be different from each other. For this reason, in order to obtain a match between them, the unmanned aircraft 40-1 and each unmanned aircraft 40-2 perform processing operations for obtaining a common random number R _LA ^(k) as shown in FIG. Execute. This processing operation obtains a subset R _LA ^(k) of random numbers common to the unmanned aerial vehicle 40-1 and each unmanned aerial vehicle 40-2 in the same manner as the high altitude link, so that the relevance can be confirmed. Negotiate This negotiation may be performed through transmission / reception of the metadata D _LAk in the public communication path. The metadata D _LAk to be transmitted / received is disclosed by including only information relating to relevance such as what bit position is used and how much error is caused by averaging what bit. It is _{assumed that the} random numbers R _HA and R _HAk ⁽ⁿ⁾ are never disclosed or suggested on the communication _channel , and only the pieces of information relating to the fragmentary association are confirmed. As a result, the specific random numbers R _HA and R _HAk ⁽ⁿ⁾ are not leaked to the outside.

Unmanned aerial vehicle 40-1 is negotiating with all unmanned aerial vehicles 40-2 under its control, or receives metadata D _LAk. Between the random number R _HA and the random numbers R _HAk ⁽¹⁾ , R _HAk ⁽²⁾ , R _HAk ⁽³⁾ ,..., R _HAk ^(k) in all unmanned aircraft 40-2 Bit positions that are common to each other can be determined. Then, metadata D _HAk ^{(k) in} which information relating to the determined bit position is newly included is generated and transmitted to each unmanned aircraft 40-2. Each unmanned aircraft 40-2 which has received the metadata D _HAk ^(k) is a common bit position to each other is described in the meta data D _HAk ^(k) (left bit position), or information of bit positions to be discarded Based on the above, the bits are discarded. Similarly, unmanned aerial vehicle 40-1 leaves bits in bit positions common to each other and discards bits in other bit positions. As a result, random number data R _LA ^(k) as a common encryption key is generated between the unmanned aerial vehicle 40-1 and all the unmanned aerial vehicles 40-2.

  In order to create a state in which the SN ratio of the unmanned aircraft 40-2 as a regular receiver is better than the SN ratio of the eavesdropper 83, the distance between the unmanned aircraft 40-1 and the unmanned aircraft 40-2 is measured. Alternatively, the communication distance is defined in advance, and the signal strength of the wireless communication unit 51 of the unmanned aircraft 40-1 is adjusted so that the error rate defined in advance in the wireless communication unit 51 of the unmanned aircraft 40-2 is obtained for these distances. You may make it do.

  Also, in this low altitude link, if the communication path is relatively poor, it is determined that the SN ratio of the eavesdropper 83 is superior to the SN ratio of the unmanned aircraft 40-2 of the authorized receiver. The secret key exchange in the physical layer encryption is performed. The specific method of this secret key exchange is the same as that of the high altitude link.

  In the description of the physical layer cipher in the low altitude link, it is needless to say that any of the other processing operation methods may apply the method described in the stratospheric link and the high altitude.

By executing the above-described processing between the unmanned aircraft 40-1 and the plurality of unmanned aircraft 40-2 for each airspace, random data as an encryption key common to the unmanned aircraft 40-2 in each airspace R _LA ^(k) is generated.

The unmanned aircraft 40-1 and the plurality of unmanned aircraft 40-2 each hold a common random number R _LA ^(k) generated by the low-altitude link as described above. Each unmanned aerial vehicle 40-2 uses the generated random number R _LA ^(k) to shift to a ground link described below.

  When moving to the ground link, as shown in FIG. 9, each of the plurality of unmanned aircraft 40-2 in the second unmanned aircraft layer 4-2 deviates from the range of the secure zone set in the low altitude link, and It is separated and descends to the flight altitude of the ground station 5. Each unmanned aerial vehicle 40-2 is assigned with a ground station 5 that it has jurisdiction over. Therefore, the plurality of unmanned aircraft 40-2 that are close to each other in the low-altitude link are separated from each other and fly to the ground stations 5 under their jurisdiction. In addition, it is not necessarily limited to the case where one ground station 5 is assigned to one unmanned aircraft 40-2, and a plurality of ground stations 5 are assigned to one unmanned aircraft 40-2. It may be a thing.

  Each unmanned aerial vehicle 40-2 approaches each other to the extent that a signal such as a laser beam or a radio wave on which a random number sequence is superimposed can be broadcast.

  Also in this ground link, the unmanned aerial vehicle 40-2 and / or the ground station 5 performs communication path characteristic evaluation for each communication path. This channel characteristic evaluation method is the same as the high altitude link and the low altitude link. Incidentally, the communication path characteristic evaluation may be omitted in the ground link.

After confirming that there is no eavesdropping aircraft between the unmanned aerial vehicle 40-2 and the ground station 5 through the channel characteristic evaluation, the unmanned aerial vehicle 40-2 uses the generated R _LA ^(k) as plaintext. The data is encoded and encrypted by the encoding / decoding unit 52 and broadcast to the ground station 5 via the wireless communication unit 51. This broadcast includes any concept as long as the signal is wirelessly transmitted to the ground station 5. This

Data composed of ciphertext including the random number R _LA ^(k) broadcasted to the plurality of unmanned aircraft 40-2 as plaintext is received by the ground station 5 and decrypted. In the process of transmitting the random number R _LA ^(k) on this terrestrial link, for example, encryption may be performed by physical layer encryption. As the physical layer cipher, an appropriate one is selected from the two methods of secret message transmission and secret key exchange based on the SN ratio of the ground station 5 as a legitimate receiver and the SN ratio of the eavesdropper 83. It may be used. The specific methods of secret message transmission and secret key exchange are the same as those for the high altitude link and the low altitude link, and thus description thereof is omitted.

Here, a random number obtained by being received and decoded by each ground station 5 is set as a random number R _n ^(k) . The superscript ^(k) in the random number R _n ^(k) is a number corresponding to each airspace of the unmanned aircraft 40-2. The subscript n is a number assigned to each ground station 5. When there are i ground stations 5 in k airspaces, as shown in FIG. 10, the random numbers R _n ^(k) are R ₁ ⁽¹⁾ , R _i ^{(1), respectively. _{, R 1 (2), ··}} , R i (2), R 1 (k), ··, the R _i ^(k). The random number R _n ^(k) may be completely the same as the random number R _LA ^(k) , but may not necessarily be the same depending on the wireless communication environment. Further, since the communication environments may be different between the ground stations 5, the received random numbers R _n ^(k) may be different between the ground stations 5. However, these ^{_{R 1 (1), ··,}} R i (1), R 1 (2), ··, R i (2), R 1 (k), ··, R i (k) is only It is based on the random number R _LA ^(k) , but is at least partially related to each other, and is also related to the random number R _LA ^(k) .

Each ground station 5 generates metadata as shown in FIG. In each ground station 5, metadata corresponding to R ₁ ⁽¹⁾ is set to D ₁ ⁽¹⁾ , metadata corresponding to R ₂ ⁽¹⁾ is set to D ₂ ^(1), and metadata corresponding to R _i ⁽¹⁾ is set. The data is D _i ^(1), and the metadata corresponding to R _n ^(k) is D _n ^(k) . The ground station 5 generates each metadata D ₁ ⁽¹⁾ , D _i ⁽¹⁾ , D ₁ ⁽²⁾ , D _i ⁽²⁾ , D ₁ ^{(k )} generated as shown in FIG. ^), and transmits · ·, D _i ^(k) to the central base station 6. Similarly, the metadata D _n ^(k) is also disclosed by including only information such as what bit position is used and how much error is caused by averaging what bit. It is assumed that the random numbers R _n ^(k) are never disclosed or suggested on the communication channel, and are confirmed only with fragmented attribute information. Similarly, the central base station 6 transmits metadata to the ground stations 5 in the same manner, thereby mutually confirming bit positions common to each other. Since the central base station 6 can receive the metadata D _n ^(k) from all the ground stations, the central base station 6 grasps the positions of the bits common to all the ground stations 5 and the positions of the bits different from each other. can do.

As shown in FIG. 11, the central base station 6 creates final metadata D _final based on the metadata D _n ^(k) sucked up between all these ground stations 5, and sends this to the satellite 2. Send. This final metadata D _final reflects information on the bit position common to all the ground stations 5, but as the specific data content, what bit position is used as described above. By disclosing only the information on the mutual relations such as how many bits are averaged and how much error is generated, the random number R _n ^(k) is never disclosed on the public communication channel. Do not suggest.

The satellite 2 receives such final metadata D _final via the satellite communication unit 23 and collates with the random number data _RST held by itself. The final metadata D _final is the random number R ₁ each ground station 5 acquires _{^{(1), ··, R i}} (1), R 1 (2), ··, R i (2), R 1 (k) ,..., R _i ^(k) are reflected in the bit positions of the common bits. For this reason, the satellite 2 acquires the final metadata D _final , whereby the random number data R _ST and the random numbers R ₁ ⁽¹⁾ ,..., R _i ⁽¹⁾ , R ₁ ^{(2 )} acquired by each ground station 5 are obtained. ^{_{), ··, R i (2}} ), R 1 (k), ··, it is possible to verify the commonly has a bit position of the bit with the R _i ^(k), and thus mutual relevancy Can be confirmed.

The satellite 2 finally generates metadata D _final ′ to be transmitted to the ground station 5. The metadata D _final 'is a random number R ₁ R _ST and the ground station 5 acquires _{^{(1), ··, R i}} (1), R 1 (2), ··, R i (2), R Information on the bit positions of bits common to ₁ ^(k) ,..., R _i ^(k) is reflected. This metadata D _final 'also contains only information relating to the relevance such as what bit position is used as in the above, how many bits are averaged and how much error occurs. Of course. The satellite 2 newly generates a random number R from the random number R _ST based on the contents included in the generated metadata D _final ′. The satellite 2 transmits the broadcast data by broadcasting the metadata D _final 'to all the ground stations 5 via the satellite communication unit 23 as shown in FIG.

All the ground stations 5 receive the metadata D _final ′ broadcasted from the satellite 2 and newly generate a random number R based on the metadata D _final ′. Metadata D _final 'is a random number R ₁ ⁽¹⁾ where R _ST and the ground station 5 ^{_{obtains, ··, R i (1)}} , R 1 (2), ··, R i (2), R 1 ^(k) ,..., R _i ^(k) is reflected in the information on the bit position of the common bit, and based on this, the satellite 2 and all the ground stations 5 It is possible to match the random number R as an encryption key common to each other. In particular, the generation of the random number R can be realized by leaving only the bits that are common to R _ST and R _i ^(k) and deleting different bits. By performing the process of leaving only the common bits, the common random number R described above is generated. As a result, the satellite 2 and each ground station 5 eventually share the common random number data R. Note metadata D _final, through transmission and reception of D _final ', the random number R ₁ R _ST and the ground station 5 acquires _{^{(1), ··, R i}} (1), R 1 (2), ··, R i ⁽²⁾ Any other method may be used as long as it is possible to confirm the relationship between R ₁ ^(k) ,..., R _i ^(k) .

In particular, since R _ST and R _i ^(k) are originally generated based on the initial random number R ₀ , they are associated with each other, and of course there is a common bit. It is a highly random number sequence. For this reason, there is a high possibility that common bits can be found through simple transmission and reception of metadata.

For this reason, the satellite 2 and each ground station 5 can perform encrypted communication that guarantees information theoretical safety by creating and transmitting and receiving a one-time pat code using the random number R as an encryption key. In particular, since the initial random number R ₀ can be generated infinitely via the initial random number generation unit 21 on the satellite 2 side, there is no possibility that it will be exhausted. Once the satellite 2 is launched, it is almost impossible to replenish random numbers along the way. However, according to the present invention, between the satellite 2 and each ground station 5 based on the initial random number R ₀ generated from the satellite 2. Thus, it is possible to continuously generate new random numbers R as common encryption keys. Furthermore, according to the present invention, it is possible to continue encryption communication based on the one-time pad encryption that can guarantee the information theoretical safety for the entire system by using the above-described physical layer encryption for the encryption communication between the links. It becomes. Furthermore, the satellite 2 can also continue encryption communication based on a so-called one-to-many one-time pad encryption with a plurality of ground stations 5 spread over the ground.

  As a method for enhancing the information theoretical safety in actual operation, the finally shared random number data R is appropriately divided to prepare R ′ and R ″, and the Fisher-Yates using the random number R ′. R '' 'is a random permutation called R' '' that may be used as an encryption key.

  Although the present invention aims to generate and share a common random number R between the satellite 2 and the ground station 5, it is not limited to this. A common random number R may be generated between the large aircraft 3 and the ground station 5 and shared with each other.

In such a case, the configuration of the satellite 2 and the stratospheric link are omitted in the encryption key sharing system 1, and the initial random number R _ST is generated in the large aircraft 3 instead of generating the initial random number R ₀ on the satellite 2 side. Thereafter, the random number R _HA is acquired in the large aircraft 3 by executing the processing operation in the high altitude link in the same manner. The low-altitude link and the ground link are the same as described above, but the central base station 6 creates final metadata D _final based on the metadata D _n ^(k) sucked from all the ground stations 5, This is transmitted to the large aircraft 3.

The large aircraft 3 receives the final metadata D _final via the wireless communication unit 33 and collates with the random number data R _HA held by itself. The large aircraft 3 obtains the final metadata D _final , so that the random number data R _HA and the random numbers R ₁ ⁽¹⁾ ,..., R _i ⁽¹⁾ , R ₁ ⁽²⁾ , .., R _i ⁽²⁾ , R ₁ ^(k) ,..., R _i ^(k) can be checked for the bit positions of the common bits.

The large aircraft 3 generates metadata D _final 'to be transmitted to the ground station 5 at the end. This metadata D _final ′ includes R _HA and random numbers R ₁ ⁽¹⁾ , R _i ⁽¹⁾ , R ₁ ⁽²⁾ , R _i ⁽²⁾ , R acquired by each ground station 5. Information on the bit positions of bits common to ₁ ^(k) ,..., R _i ^(k) is reflected. The large aircraft 3 newly generates a random number R from the random number R _HA based on the contents included in the generated metadata D _final ′. The large aircraft 3 transmits the metadata D _final 'to all the ground stations 5 via the wireless communication unit 33.

All the ground stations 5 receive the metadata D _final ′ transmitted from the large aircraft 3. In the same manner as described above, it is possible to share a random number R as a common encryption key between the large aircraft and all the ground stations 5.

  In the embodiment described above, the unmanned aerial vehicle layer 4 has been described by taking as an example a case where the unmanned aircraft layer 4 is configured to cover two layers of the first unmanned aircraft layer 4-1 and the second unmanned aircraft layer 4-2. However, the present invention is not limited to this. One or more unmanned aircraft layers 4 for relay may be inserted between the first unmanned aircraft layer 4-1 and the second unmanned aircraft layer 4-2. The processing operation method of the unmanned aerial vehicle layer 4 for relaying is the same as that of the low-altitude link described above.

  Further, according to the present invention, the unmanned aerial vehicle layer 4 may be constituted by one layer of the first unmanned aircraft layer 4. In such a case, the unmanned aerial vehicle 40-1 in the first unmanned aerial vehicle layer 4 descends to a position directly above the ground station 5 after finishing the high altitude link, and performs the processing operation on the ground link to the second unmanned aerial vehicle. An unmanned aerial vehicle 40-1 will be used as an alternative to 40-2.

  Further, according to the present invention, it is embodied as a signal transmission system by an unmanned aerial vehicle for transmitting a radio signal transmitted from another aircraft via a plurality of unmanned aircraft 40 in a high altitude link and a low altitude link. It may be a thing.

  In the high altitude link, a plurality of unmanned aircraft 40-1 are brought close to each other up to a secure zone range in which a radio signal having directivity transmitted from a large aircraft 3 flying over the sky can be received. The unmanned aerial vehicle 40-1 that has received the radio signal from the large aircraft 3 in the secure zone transmits the radio signal by flying away from the range of the secure zone.

  Similarly, in the low-altitude link, the plurality of unmanned aircraft 40-2 are brought close to each other up to the range of a secure zone in which a radio signal having directivity transmitted from the unmanned aircraft 40-1 flying in the sky can be received. The unmanned aerial vehicle 40-2 that has received the radio signal from the unmanned aerial vehicle 40-1 in the secure zone transmits the radio signal by flying away from the range of the secure zone.

  That is, in both the high altitude link and the low altitude link, a secure wireless signal capable of receiving a radio signal having directivity transmitted from another plane (unmanned aircraft 40, large aircraft 3) flying above the unmanned aircraft 40. It may be embodied in any form as long as it is close to each other up to the zone.

  At this time, the radio signal to be transmitted is not limited to the above-described random number, and may be any signal. The transmitted radio signal is not limited to being encrypted, and includes a state where the signal is not encrypted.

  Of course, it is possible to transmit a normal radio signal by realizing the operation of the unmanned aerial vehicle 40 as described above. Further, even in the high altitude link and the low altitude link of the encryption key sharing system 1 to which the present invention is applied, the unmanned aerial vehicle 40 is made to fly in a secure zone narrowed down by giving directivity to beams and radio waves, thereby performing wireless communication. It is possible to transmit safely without being intercepted by other unmanned aircraft.

Further, the present invention can be similarly applied to wireless encryption communication on or near the ground as shown in FIG. The central control station 103 as another facility installed on the ground plays a role as the satellite 2, generates an initial random number R _ST, and performs encrypted communication toward the mobile layer 104 composed of one or more layers. The moving body 141 in the moving body layer 104 that has received the random number R _ST ^(k) based on the initial random number R _ST may be the above-described unmanned aircraft 40, a vehicle traveling on the ground, or traveling on the sea. It is a concept that includes any object that can move, including ships and even humans.

The mobile unit 141 generates a common random number R _HA by transmitting and receiving information on the association between the initial random number R _ST and the random number R _ST ^{(k) to} and from the central control station. Share

The mobile layer 104 performs cryptographic communication of the random number R _LA ^(k) based on the random number R _HA to the terminal mobile unit 105 by relaying the random number R _HA in the same manner as described above. Similarly to the moving body 141, the terminal moving body 105 is a concept including any object that can move.

The terminal mobile unit 105 receives a random number R _n ^(k) based on the random number R _LA ^(k) . Then, like the satellite 2 and the ground station 5 described above, the terminal mobile unit 105 and the central control station 103 transmit and receive information on the mutual relationship between the random numbers R _n ^(k) and R _HA held by each of them. Do. Information regarding this association may be transmitted / received between the metadata D _final and D _final ′, similar to the satellite 2 and the ground station 5. As a result, a common random number R can be generated and shared.

DESCRIPTION OF SYMBOLS 1 Encryption key sharing system 2 Satellite 3 Large aircraft 4 Unmanned aircraft layer 5 Ground station 6 Central base station 21 Initial random number generation part 22 Encoding processing part 23 Satellite communication part 30 Flight control part 31 Satellite communication part 32 Encoding / decoding part 33 Wireless communication unit 34 Arithmetic processing unit 35 Surveillance camera 40 Unmanned aircraft 42 Rotor motor 44 Battery 45 Control unit 50 Flight controller 51 Wireless communication unit 52 Encoding / decoding unit 54 ESC
55 Flight Control Sensor Group 56 GPS Receiver 57 Controller 83 Eavesdropper

Claims (6)

In a signal transmission system by an unmanned aerial vehicle for transmitting a radio signal transmitted from another aircraft or other equipment via a plurality of unmanned aircraft,
By approaching each other to a range where radio signals with directivity transmitted from other aircraft or other equipment can be received, and by flying away from the above range and separating from each other after receiving the radio signals, A signal transmission system using an unmanned aerial vehicle comprising a plurality of unmanned aerial vehicles for transmission. A satellite, a large aircraft flying at a lower altitude than the satellite, a one or more unmanned aircraft layer each including a plurality of unmanned aircraft flying at a lower altitude than the large aircraft, and a plurality of ground stations,
By the satellite to generate an initial random number R ₀ of the encryption key, which encrypts communication toward the large aircraft, with the large aircraft and the satellite, which has received the random number R ₀ 'based on the initial random number R ₀ Generate and share a common random number R _ST by transmitting and receiving information about the mutual relationship between the initial random number R ₀ and the random number R ₀ ′,
By relaying the unmanned aircraft layer from the large aircraft, the random number R _LA ^(k) based on the random number R _ST is encrypted and communicated to the ground station,
Mutual association among the random numbers R _n ^(k) and the R _ST, respectively between each ground station and the satellite, which has received the random number R _n ^(k) based on the random number R _LA ^(k) is held An encryption key sharing system via an unmanned aerial vehicle characterized by generating and sharing a common random number R by transmitting and receiving information on A large aircraft, one or more unmanned aircraft layers each including a plurality of unmanned aircraft flying at a lower altitude than the large aircraft, and a plurality of ground stations,
An initial random number R _ST for the encryption key is generated by the large aircraft, and is encrypted and _transmitted to the unmanned aircraft layer composed of one or more layers, and a random number R _ST ^(k) based on the initial random number R _ST is received. A common random number R _HA is generated between the plurality of unmanned aircraft and the large aircraft by transmitting and receiving information regarding the mutual relationship between the initial random number R _ST and the random number R _ST ^(k). Share this,
By relaying the unmanned aircraft layer, the random number R _LA ^(k) based on the random number R _HA is encrypted and communicated to the ground station,
The mutual relationship between the random number R _n ^(k) and the R _HA held by each ground station and the large aircraft received from the random number R _n ^(k) based on the random number R _LA ^(k) An encryption key sharing system via an unmanned aerial vehicle characterized by generating and sharing a common random number R by transmitting and receiving information on sex. The unmanned aerial vehicle in the large aircraft or the unmanned aerial vehicle layer evaluates the communication characteristics in the communication path before transmitting random numbers, and determines whether to transmit the random numbers based on the evaluation results of the communication characteristics. An encryption key sharing system via an unmanned aerial vehicle according to claim 2 or 3. Applied to the encryption key sharing system according to any one of claims 2 to 4,
An unmanned aerial vehicle comprising a communication means for receiving the random number and relaying it. A central control station and one or more mobile layers each including a plurality of mobile bodies capable of wireless communication with the central control station,
The central control station generates an initial random number R _ST for the encryption key, _performs encrypted communication to a mobile layer composed of one or more layers, and receives a random number R _ST ^(k) based on the initial random number R _ST A random number R common to each other by transmitting and receiving information on the mutual relation between the initial random number R _ST and the random number R _ST ^(k) between the mobile body in the mobile body layer and the central control station. Generate _HA and share it,
By relaying the mobile layer, the random number R _LA ^(k) based on the random number R _HA is encrypted and communicated to the terminal mobile at the end of the mobile layer,
Between each of the terminal mobile units that have received the random number R _n ^(k) based on the random number R _LA ^(k) and the central control station, the random number R _n ^(k) and the R _HA held by each terminal mobile unit An encryption key sharing system via a mobile unit, which generates and shares a common random number R by transmitting and receiving information relating to the association of each other.

Images