WO2011023129A1 - Method and equipment for ensuring communication security - Google Patents

Method and equipment for ensuring communication security Download PDF

Info

Publication number
WO2011023129A1
WO2011023129A1 PCT/CN2010/076417 CN2010076417W WO2011023129A1 WO 2011023129 A1 WO2011023129 A1 WO 2011023129A1 CN 2010076417 W CN2010076417 W CN 2010076417W WO 2011023129 A1 WO2011023129 A1 WO 2011023129A1
Authority
WO
WIPO (PCT)
Prior art keywords
bits
channel information
information
shared
party
Prior art date
Application number
PCT/CN2010/076417
Other languages
French (fr)
Chinese (zh)
Inventor
戎璐
梁文亮
吴建军
卢磊
黄罡
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2011023129A1 publication Critical patent/WO2011023129A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic

Definitions

  • the application is submitted to the Chinese Patent Office on August 27, 2009, and the application number is 200910171251. 5.
  • the invention name is "Method and Equipment for Secure Communication", and submitted on October 16, 2009.
  • the priority of the present invention is the priority of the Chinese Patent Application, which is incorporated herein by reference.
  • TECHNICAL FIELD The present invention relates to communication technologies, and in particular, to a method and device for ensuring communication security.
  • the wireless communication system has a broadcast characteristic due to its electromagnetic propagation, and the security problem is more prominent.
  • the security problem is more prominent.
  • people's dependence on wireless communication and its security will be further enhanced. Therefore, it is necessary to find a more powerful wireless communication security solution.
  • the academic community is studying the physical layer security in wireless communication, and expects to provide additional security for the wireless link through the signal processing technology of the physical layer to prevent the user's wireless signal from being eavesdropped.
  • the basic scheme is to use the multi-antenna air separation capability to suppress the detection of user signals by eavesdroppers to improve the security of the wireless link.
  • Embodiments of the present invention provide a method and a device for ensuring communication security, which improve the security of a wireless communication system without relying on assumptions such as predicting eavesdropper information.
  • Embodiments of the present invention provide a method for ensuring communication security, including:
  • the two sides of the communication of the wireless link perform wireless channel estimation separately;
  • the communication parties respectively extract a predetermined number of channel information from respective channel estimation results; the communication parties or one of the parties encodes part or all of the locally extracted channel information, and transmits the encoded channel information to the other party. ;
  • the communication party or one of the two parties corrects the locally extracted channel information according to the received coded channel information, and obtains channel information that is consistent with the other party;
  • the communication parties respectively generate the shared key by using the locally extracted channel information and the channel information obtained after error correction, or one of the parties uses the locally extracted channel information to generate a shared key, and the other party obtains the local error correction.
  • Channel information generates a shared key
  • Encrypted communication is performed using the shared key.
  • the embodiment of the invention provides a wireless communication device, including:
  • a channel estimation unit configured to perform wireless channel estimation
  • An information extracting unit configured to extract a predetermined number of channel information from the channel estimation result
  • a key generating unit configured to generate a shared key by using the extracted channel information
  • An encryption unit configured to perform encrypted communication by using the shared key.
  • FIG. 1 is a flowchart of a method for ensuring communication security according to an embodiment of the present invention
  • FIG. 2 is a schematic structural diagram of a wireless communication device according to an embodiment of the present invention.
  • FIG. 3 is another schematic structural diagram of a wireless communication device according to an embodiment of the present invention.
  • FIG. 4 is another schematic structural diagram of a wireless communication device according to an embodiment of the present invention.
  • FIG. 5 is another structural schematic diagram of a wireless communication device according to an embodiment of the present invention. DETAILED DESCRIPTION OF THE EMBODIMENTS In order to make those skilled in the art better understand the solutions of the embodiments of the present invention, the embodiments of the present invention are further described in detail below with reference to the accompanying drawings and embodiments.
  • Step 101 A communication channel of a wireless link separately performs wireless channel estimation.
  • Both sides of the communication of the wireless link can perform wireless channel estimation at the same or similar time-frequency positions, and support as much independent channel information as possible in order to consume as little time-frequency resources as possible, according to coherent bandwidth and coherence.
  • Time optimizes the selection of the time-frequency position. Specifically, the selected adjacent time-frequency locations may be made larger than the coherence bandwidth and the coherence time.
  • the coherence bandwidth is a specific frequency range within which the channel response at two different frequencies has a strong amplitude dependence.
  • the coherence time is a specific time range in which channel responses at two different times have a strong amplitude dependence.
  • the system may perform appropriate radio resource scheduling, such as periodically allocating uplink sounding reference signal resources in the cellular network, so that the communication parties perform channel estimation according to the reference signal.
  • radio resource scheduling such as periodically allocating uplink sounding reference signal resources in the cellular network, so that the communication parties perform channel estimation according to the reference signal.
  • the signal transmitted by the two parties can also be used to complete the channel estimation, thereby saving radio resource overhead.
  • the specific channel estimation process may use some existing algorithms, such as LS (Least Square) channel estimation algorithm, MMSE (Minimum Mean Square Error) channel estimation algorithm, and the like.
  • LS Least Square
  • MMSE Minimum Mean Square Error
  • Step 102 The communication parties respectively extract a predetermined amount of channel information from respective channel estimation results.
  • a certain number of quantization bits can be extracted from the result of the channel estimation, and the format of the quantization bits can be a binary hard bit or a real bit or a fixed-point type soft bit.
  • the soft bits are distinguished from the hard bits of the value ⁇ 0, 1 ⁇ . In the theoretical analysis, the value is an infinitely accurate real number. In the engineering implementation, the value is a sufficiently accurate fixed point type.
  • the real number on which soft bits are based is related to the specific method of soft decision.
  • a positive number is used to represent 1 and a negative number is used to represent 0.
  • the larger the positive number the greater the probability that the bit is 1 and the absolute value of the negative number is greater.
  • Codewords that can be iteratively decoded such as convolutional codes, are used The soft bit is decoded to obtain better performance than hard bit decoding.
  • the channel information may be extracted from any one or more of the following variables: channel phase, channel fading amplitude, higher order moment of the frequency selective channel, or parameters after discrete cosine transform.
  • the ideal channel information is changed rapidly with geographic location and time to prevent the eavesdropper from getting a channel channel that is closely related to the user.
  • Step 103 The two or one of the communication parties encode part or all of the locally extracted channel information, and send the encoded channel information to the other party.
  • Step 104 The communication parties or the parties perform error correction on the locally extracted channel information according to the received coded channel information, to obtain channel information consistent with the other party.
  • the communication party or one of the parties encodes part or all of the locally extracted channel information, and transmits the encoded channel information to the other party, so that the other party corrects the locally extracted channel information according to the received coded channel information. .
  • parameters required for quantifying channel information (refer to relevant parameters used when quantifying channel information extracted from the physical layer), coding parameters, chiseling
  • the hole parameter, the shared secret information generation matrix parameter, and the like are sent to the other party, so that the other party performs correct decoding on the received coded bits according to the parameters.
  • the two parties can pre-agreed these parameters.
  • the channel information may be encoded by using an existing system code encoder, and only some transformation of the encoded non-system bits or non-system bits may be output.
  • the system code encoder is an encoder that includes all input bits in the output bits, that is, an encoder that directly inputs the input bits as part of the output bits. For example, input 3 bits bb 2 , b 3 , output 6 bits bb 2 , b 3 , b, +b 2 , b 2 + b 3 , b, +b 2 + b 3 at a coding rate of 1/2
  • a linear block code encoder is a system code encoder. .
  • the encoded bit information sent through the wireless channel can be used as a layer of data, and the corresponding layer is encapsulated and processed, for example, as MAC (Media Access Control) layer data, via CRC (Cycl)
  • MAC Media Access Control
  • CRC Cycl
  • the ical Redundancy Check, the checksum supplement and the physical layer channel coding are sent and processed, and HARQ (Hybrid-Auto Repeat Request) retransmission can be used to protect the other party. Can receive it correctly.
  • the quantized bits extracted by the local and the encoded bit information received from the other party may be decoded to obtain the same quantized bits.
  • Step 105 The communication parties respectively generate a shared key by using the locally extracted channel information and the channel information obtained after error correction, or one of the nodes uses the channel information extracted by the wood ground to generate a shared key, and the other party utilizes the local The channel information obtained after error correction generates a shared key.
  • Step 106 Perform encrypted communication by using the shared key.
  • the communication channel may first generate and extract the channel information and correct the error by using the extracted channel information and/or the channel information obtained after the error correction.
  • the obtained channel information independently shares the private information, so that the eavesdropper cannot obtain any useful information about sharing the private information between the two communicating parties from the encoded bit information transmitted by the wireless channel. information.
  • the so-called shared private information is independent of the channel information, which means that the cross-correlation between the two sets of information is zero.
  • the group information consists of the bit sequence a 3 ⁇ 4, . . .
  • the group information consists of the bit sequence 1 ⁇ , 13 2 , . . . , 13
  • any i (wide m) and j ( ⁇ ) are independent of each other between ai and 1 ⁇ .
  • all the required shared private information can be obtained by performing the above steps 101 to 104, that is, the channel information extracted by one of the parties is performed.
  • the party only needs to generate the shared private information according to the locally extracted channel information, and the other party needs to correct the locally extracted channel information according to the received encoded channel information, and obtain channel information consistent with the other party. Then, the error-corrected channel information is used to generate shared private information.
  • the communication parties can also decompose the extracted channel information into multiple parts, and by performing the processes of steps 101 to 104 multiple times, each time using the different channel information parts that are decomposed, different private information is obtained. Part, then combine multiple different pieces of private information into complete shared private information. If the processes of the above steps 101 to 104 are performed a plurality of times, different encoding/decoding/shared private information generating methods may be used each time, and the different channel information portions that are decomposed may be error-corrected by the communication parties respectively. For example, let the communication parties A and B transmit the encoded bit information through the wireless channel in turn. After generating the complete shared private information, the communication parties respectively use the shared private information to independently generate the shared key.
  • the shared private information may be directly used as the shared key; the shared private information may also be used as a random number input, an initialization vector input, or a numerical input in the key update algorithm (ie, using Add one number of 1 at a time), etc., to synthesize some other auxiliary information, such as upper key or existing key, record value, MAC address, serial number of data packet, cell identity, link-related identifier, historical data record Etc., generate a shared key. These auxiliary information can be saved locally.
  • Appropriate values of the initialization vector can ensure that the generated shared key does not overlap with the historical shared key.
  • the initialization vector can be generated in various ways, one of which is a counter that is incremented by one use, and the NAS used in key generation in the existing LTE (Long Term Evolution) system. (Non-Access Stratum, non-access stratum) Upstream value NAS Uplink Counter is similar.
  • the method further includes the following steps: the two communicating parties respectively verify the shared key generated by the other party; and after performing the verification, step 106 is performed.
  • the communication parties respectively generate the shared key the generated shared keys can mutually confirm each other through a certain handshake signaling.
  • the handshake confirmation is successful, the shared key can be used for secure encrypted communication.
  • the specific handshake confirmation process is similar to that in the prior art and will not be described in detail herein. If the handshake confirmation fails, the communicating parties need to return to step 101 to re-establish the key establishment process from the wireless channel estimation to the signaling handshake acknowledgement.
  • the communication parties can respectively treat the shared private information bits locally generated in the last key establishment process, or an equal number of locally extracted bits, as part of the obtained channel information bits.
  • the communication parties can respectively treat the shared private information bits locally generated in the last key establishment process, or an equal number of locally extracted bits, as part of the obtained channel information bits.
  • the method for ensuring communication security can utilize the reciprocity of the wireless channel without relying on the assumption of the information of the eavesdropper, that is, when the two sides of the wireless communication perform two-way wireless communication, the two sides receive the signal.
  • the experienced channel has a strong correlation.
  • the process of correcting channel information and generating shared private information may be implemented based on a plurality of methods, for example, based on a convolutional code and based on a linear block code.
  • the above two processes can also be implemented by merging simplification: using the bit value in the puncturing matrix P as a switching switch for two-way shunting, one way corresponding to the element equal to 1 in the matrix P, and the bit information d to be sent to B after output encoding U (m) , the other 'channel corresponds to the element equal to 0 in P, and the output shares the private information d, . (m).
  • the K bits received by B are d' A1 .
  • the soft information of the received K bits d' A1 is de-punctured using the puncturing matrix P to obtain L soft bits d' A .
  • B combines the L soft bits b B extracted by the local physical layer and the L soft bits d′ after de-puncturing, according to the system bit of the systematic convolutional code encoder and the output order of the non-system bits.
  • Bits b' , , (m) , m l, 2,..., L.
  • Example 2 A linear block code based implementation process, in this embodiment, b B is a hard bit.
  • G sys [I, G] , where I
  • G [g, g 2 ... g x - J , gi is a column vector with L elements, N ⁇ 2L.
  • A takes the L bits b A extracted by the local physical layer as input, encodes with a linear block code encoder whose generation matrix is G, and outputs the encoded NL bits d A (m), m-1, 2, -, ⁇ -L, then send d A (m) to B over the wireless channel.
  • the L bits b extracted by the local physical layer are used as input, and the code is obtained by using a linear block code encoder whose generation matrix is R.
  • B is the L bits b B extracted by the wood physical layer and the NL bits d′ received by the solution, as two inputs of the decoder, first according to the output order of the system bits and non-system bits of the system linear block code encoder , merged into N encoded bits. Then, the N coded bits are used as the input of the system linear block code decoder, and the (N, L) system linear block code decoder with the generator matrix is G sys is decoded, and the L decoded bits are output.
  • b' A (m), m l, 2, ⁇ , L.
  • Example 3 Implementation process based on Turbo code.
  • the generator matrix is [11]
  • the output of the inner interleaver is 13 ⁇ 4 ⁇ +1), b, (l), b, (W+2), b, (2), ⁇ , b, (2W), b, (W)
  • the generator matrix of the second component encoder is [1 1]
  • the encoder output is truncated, then the two outputs of the Turbo encoder can be represented as b, (l), b, (l)+b,(2), b,(2)+b,(3), ⁇ , b,(2W-l)+b,(2W) and b,(W+l), b , (W+l)+b, (l), b, (l) +b, (W+2) , b A (W+2) +b A (2), ⁇ ⁇ ⁇ , b A (2W)
  • the chiseling matrix P [1 0; 0 0] of 2 rows and 2 columns is used for puncturing, and the W bits obtained after the puncturing are b, (l), b, (2) + b , (3), b, (4) + b, (5), ..., b A (2W-2) + b A (2W - 1) are sent to B.
  • the puncturing matrices P and Q are matrixes of M rows and D columns (if in application, the number of columns of P and the number of columns of Q are different, the same number of columns can be obtained by cyclic expansion.
  • the sum of all elements of matrix P, plus the sum of all elements of matrix Q, is equal to D.
  • Conventional encoders are used extensively for channel coding with proven error correction capabilities. Specifically, for k input bits, the encoders of n output bits have their input bits bb 2 , ⁇ , b k , and the output bits are dd 2 ,..., d infrastructure, after passing through the channel, due to noise And the influence of detection errors, etc., the received bits d ' noir d ' 2 , ..., d 'iques may have multiple bit errors and errors with dd 2 , ..., d cela incomplete, and the receiving end translates
  • the code can correct most of the errors and recover the original input bits, ie the output of the decoder b ' noir b ' 2 , ⁇ , b ' k can, in most cases, be implemented with the transmitting end bb 2 , ..., b k consistent.
  • the corresponding bits received by the receiving end are d ' k+1 , d' k+2 , ⁇ , d'êt There may be multiple bits due to an error and d k+1 , d k +2 , ..., dcate are not completely consistent.
  • the receiving end shares the same physical channel with the transmitting end, the locally extracted physical layer channel information b is affected by non-ideal factors such as noise and channel estimation error.
  • '"b' 2, ⁇ , b 'k transmitting side physical layer extracted channel information bb 2, ⁇ , b k is not exactly the same.
  • the embodiment of the present invention utilizes the error correction capability of the conventional codec to enable the receiving end to Correct most of the errors and recover the original input bits, ie the output b ' réelle b ' 2 , ..., b ' k of the decoder can, in most cases, be implemented with the transmitting terminals bb 2 , ..., b k Zhizhi.
  • the information of K bits obtained by puncturing the extracted L bits is transmitted over the air, and the information of LK bits is generated when generating the private information, that is, the shared secret generated by the communication parties.
  • the key information is completely independent of the error correction information transmitted over the air to help the two parties obtain the reciprocal information, thereby ensuring the security of the shared key.
  • the selection of R has the feature: [G, R] constitutes a full rank square matrix.
  • This feature guarantees that each column of G and R is linearly independent, and the L NL L-dimensional column vectors of G and the 2L-N L-dimensional column vectors of R together form L mutual mates of L-dimensional space. Independent coordinate axis. Therefore, any L input bits can be represented by the L column vectors as coordinate axes and represented as an L-dimensional coordinate. For an eavesdropper, even if he knows the NL coordinate values in the L-dimensional coordinate system, he cannot know any information about calculating the coordinate values on the 2L-N coordinate axes.
  • the method of the embodiment of the present invention fully considers the non-ideality of the actual system in the utilization of the reciprocity of the wireless channel, such as a large number of channel information estimation errors, by clever coding, decoding, and sharing of the private information generation process.
  • it can correct the inconsistent channel reciprocity information obtained by most of the links, thereby ensuring the availability of the technical solution of the present invention in the actual system environment;
  • the shared key information generated by the communication parties can be guaranteed. It is completely independent of the error correction information transmitted through the air to help the two parties obtain the reciprocal information, thereby ensuring the security of the technical solution of the present invention in the actual system environment.
  • the embodiment of the invention further provides a wireless communication device, as shown in FIG. 2, which is a schematic structural diagram of the device.
  • the device includes:
  • the channel estimation unit 201 is configured to perform wireless channel estimation. Specifically, the wireless channel estimation may be performed at the same or similar multiple time-frequency positions, and the selected adjacent time-frequency positions are greater than the coherence bandwidth and the coherence time.
  • the information extracting unit 202 is configured to extract a predetermined number of channel information from the channel estimation result.
  • the channel information may be extracted from any one or more of the following information: channel phase, channel fading amplitude, and frequency selectivity.
  • the higher order moment of the channel or the discrete cosine transformed parameter, the channel information may be expressed as: a binary hard bit, or a real number, or a soft bit of a fixed point type.
  • the key generation unit 203 is configured to generate a shared key by using the extracted channel information.
  • the encryption unit 204 is configured to perform encrypted communication by using the shared key.
  • a preferred structure of the key generation unit includes: a shared private information generation subunit 231 and a shared key generation subunit 232. among them:
  • the shared private information generating subunit 231 is configured to generate shared private information, where the shared private information is independent of the channel information;
  • the shared key generation subunit 232 is configured to generate a shared key by using the shared secret information.
  • the key generation subunit 232 may directly use the shared private information as a shared secret.
  • the key may also generate the shared key by using the shared private information and some auxiliary information.
  • the auxiliary information may be one or more of the following information stored in the wood: an upper layer key, a recorded value, a cell identifier, a link related identifier, and a historical data record.
  • the device may be any party of the communication parties.
  • the device may further include: an encoding unit 301 and a sending unit 302.
  • the encoding unit 301 is configured to encode part or all of the locally extracted channel information
  • the sending unit 302 is configured to send the encoded channel information to the other party, so that the other party can receive the encoded channel according to the received channel.
  • the information corrects the locally extracted channel information.
  • the transmitting unit 302 may further transmit information such as channel information quantization parameter, coding and decoding parameter, puncturing parameter, and shared private information generation matrix parameter to the other party, so that the other party performs correct decoding and the like by using the parameter.
  • the device further includes: a receiving unit 401 and an error correcting unit 402.
  • the receiving unit 401 is configured to receive the encoded channel information sent by the other party
  • the error correcting unit 402 is configured to perform error correction on the locally extracted channel information according to the encoded channel information received by the receiving unit 401. , get the channel information consistent with the other party.
  • the key generation unit 203 is further configured to generate a sharing key according to the channel information obtained after the error correction.
  • the wireless communication device of the embodiment of the present invention may further have various modifications.
  • the device may further include the foregoing coding unit 301, the sending unit 302, and the receiving unit. 401 and error correction unit 402.
  • the process of correcting the channel information and generating the shared secret information may be implemented based on a plurality of methods, for example, based on a convolutional code, a linear block code based, and a Turbo code based.
  • the coding unit is specifically configured to encode part or all of the locally extracted channel information by using a 1/1 convolutional encoder, and use the punctured matrix P for the encoded bits.
  • the puncturing the bit obtained after the puncturing is sent to the other party;
  • the error correcting unit is specifically configured to use the puncturing matrix P to perform the puncturing on the received bit, and extract the locally extracted bit, and after the puncturing
  • the bits are decoded by a 1/2 convolutional decoder to obtain decoded bits, and the decoded bits are used as channel information that is consistent with the other party;
  • the shared private information generation subunit is specifically used
  • the bit coded by the coding unit is punctured by using a puncturing matrix 1-P, and the bit obtained after puncturing is used as shared secret information; or the decoded bit obtained by the error correction unit is utilized 1/
  • a convolutional encoder performs coding, and the coded bits are punctured using a puncturing matrix 1-P, and bits obtained after puncturing are used
  • the column vector of the element, the linear block code encoder of N ⁇ 2L is encoded, and the encoded NL bits are sent to the other party; the error correction unit is specifically configured to use the locally extracted L bits and the NL received by the solution.
  • the coding unit is specifically configured to encode the locally extracted L bits by using a 1/M convolutional encoder or a Turbo encoder, and chisel the matrix P by using the coded bits.
  • the transmitting unit is configured to send the T bits obtained after the puncturing to the other party, where T ⁇ L; the error correcting unit is specifically configured to use the puncturing matrix P to solve the received bit.
  • the locally extracted bits and the de-punctured bits are decoded by a 1/(M+1) convolutional decoder to obtain decoded bits, and the decoded bits are used as
  • the shared secret information is generated by the unit, and is configured to perform puncturing using the punctured matrix Q for the bits encoded by the coding unit, and use the LT bits obtained after the puncturing as the shared private information;
  • the decoded bits obtained by the error correction unit are encoded by a 1/M convolutional encoder, and the coded bits are punctured by using a puncturing matrix Q, and the bits obtained after puncturing are used as shared secrets.
  • FIG. 5 is another schematic structural diagram of a wireless communication device according to an embodiment of the present invention.
  • the device further includes:
  • the verification unit 205 is configured to: before the encryption unit 204 performs the encrypted communication by using the shared key, verify the shared key generated by the other party, and after the verification is passed, instruct the encryption unit 204 to use the shared secret
  • the key is encrypted and communicated, so that the accuracy of the shared key generated by both parties can be further ensured.
  • the verification unit 205 can confirm whether the shared key generation is successful through a certain handshake signaling and calculation; if successful, Transmitting the shared key to the encryption unit 204; if unsuccessful, obtaining the shared private information or an equal number of woodland extracted channel information as part of the predetermined number of channel information The channel information is notified, and the channel estimation unit 201 is notified to reacquire the channel information of the remaining portion through the new radio channel estimation.
  • the wireless communication device in the embodiment of the present invention fully considers the non-ideal factors existing in the actual system such as the estimation error of the channel information in the wireless channel reciprocity utilization, and generates the private information through smart coding, decoding, and sharing.
  • the process, 'the aspect can correct the channel reciprocal information obtained by the majority of the links, thereby ensuring the availability of the technical solution of the present invention in the actual system environment; on the other hand, the sharing generated by the communication parties can be guaranteed
  • the key information is completely independent of the error correction information transmitted over the air to help the two parties obtain consistent reciprocal information, thereby ensuring the security of the technical solution of the present invention in an actual system environment.

Abstract

A method and equipment for ensuring communication security are provided. The method includes: both sides of communication of a wireless link estimating wireless channel respectively; extracting scheduled quantity of channel information respectively from the respective estimated result of channel; both sides of communication or either side coding a part or all of the locally extracted channel information, and sending the coded channel information to the other side; both sides of communication or either side performing error correcting on the locally extracted channel information according to the received coded channel information, and obtaining the channel information correspond to the other side; both sides of communication generating a shared cryptographic key utilizing the locally extracted channel information and the obtained channel information by error correcting respectively, or either side generating the shared cryptographic key utilizing the locally extracted channel information, the other side generating the shared cryptographic key utilizing the obtained channel information by local error correcting; utilizing the shared cryptographic key to carry out encrypted communication. Utilizing the method may improve the security of wireless communication system.

Description

保证通信安全的方法及设备 本申请要求于 2009年 8月 27日提交中国专利局、 申请号为 200910171251. 5、发明 名称为 "保证通信安全的方法及设备", 以及 2009年 10月 16日提交中国专利局、 申请 号为 200910178333. 2、发明名称为 "保证通信安全的方法及设备"的中国专利申请的优 先权, 其全部内容通过引用结合在本申请中。 技术领域 本发明涉及通信技术, 具体涉及一种保证通信安全的方法及设备。  Method and device for ensuring communication security The application is submitted to the Chinese Patent Office on August 27, 2009, and the application number is 200910171251. 5. The invention name is "Method and Equipment for Secure Communication", and submitted on October 16, 2009. The Chinese Patent Office, Application No. 200910178333. 2. The priority of the present invention is the priority of the Chinese Patent Application, which is incorporated herein by reference. TECHNICAL FIELD The present invention relates to communication technologies, and in particular, to a method and device for ensuring communication security.
背景技术 现有通信系统的安全体系大多是建立在现代密码学的基础之上,利用运算的复杂度 来避免密钥在有限时间内被破译, 实现相对的安全。 但是, 密码学研究的发展, 使密钥 算法中的安全漏洞不断被发现, 破译密钥所需的计算复杂度逐渐降低; 与此同时, 网络 计算能力的增强, 使得破译密钥所需的时间越来越短。 因此, 人们不得不寻求更加安全 可靠的技术解决方案。 BACKGROUND OF THE INVENTION The security systems of existing communication systems are mostly based on modern cryptography, and the complexity of the operation is used to prevent the key from being deciphered in a limited time, thereby achieving relative security. However, the development of cryptography has led to the discovery of security vulnerabilities in key algorithms, and the computational complexity required to decipher keys has gradually decreased. At the same time, the increased computing power of the network has made it necessary to decipher the keys. It is getting shorter and shorter. Therefore, people have to find more secure and reliable technical solutions.
无线通信系统因其电磁传播具有广播特性, 安全性问题更为突出。随着无线通信的 广度、 深度、 个性化程度的进一步发展, 人们对无线通信及其安全的依赖性将进一步增 强。 因此, 有必要寻求更加强有力的无线通信安全解决方案。  The wireless communication system has a broadcast characteristic due to its electromagnetic propagation, and the security problem is more prominent. With the further development of the breadth, depth and personalization of wireless communication, people's dependence on wireless communication and its security will be further enhanced. Therefore, it is necessary to find a more powerful wireless communication security solution.
当前,学术界正在研究无线通信中的物理层安全,期望通过物理层的信号处理技术, 为无线链路提供额外的安全保障, 以防止用户无线信号被窃听。 其基本方案是利用多天 线的空分能力, 抑制窃听者对用户信号的检测, 以提高无线链路的安全性。  At present, the academic community is studying the physical layer security in wireless communication, and expects to provide additional security for the wireless link through the signal processing technology of the physical layer to prevent the user's wireless signal from being eavesdropped. The basic scheme is to use the multi-antenna air separation capability to suppress the detection of user signals by eavesdroppers to improve the security of the wireless link.
但是, 目前物理层安全文献中提出的各种解决方案, 基本都是建立在系统能够预知 窃听者信道的前提假设之上,但在实际系统中,难以获知窃听者的位置、接收天线数量、 信道信息, 甚至难以知道窃听者是否存在, 因此在实际系统中难以实现。 而且, 现有解 决方案是假设窃听者在低信噪比下, 采用一般的硬件复杂度难以有效地解调解码, 而没 有充分考虑到专业窃听者可以拥有比一般用户更加强大的终端软硬件处理能力,有能力 在比一般用户低得多的信噪比下实现信号检测, 因此这类解决方案所提供的安全性较 低。 发明内容 本发明实施例提供一种保证通信安全的方法及设备, 在不依赖预知窃听者信息等 假设的前提下, 提高无线通信系统的安全性。 However, the various solutions proposed in the current physical layer security literature are basically based on the premise that the system can predict the eavesdropper channel, but in actual systems, it is difficult to know the location of the eavesdropper, the number of receiving antennas, and the channel. Information, even difficult to know whether the eavesdropper exists, so it is difficult to achieve in the actual system. Moreover, the existing solution assumes that the eavesdropper is difficult to demodulate and decode effectively at a low SNR, using general hardware complexity, without fully considering that the professional eavesdropper can have more powerful terminal hardware and software processing than the average user. The ability to achieve signal detection at a much lower signal-to-noise ratio than the average user, so this type of solution provides less security. SUMMARY OF THE INVENTION Embodiments of the present invention provide a method and a device for ensuring communication security, which improve the security of a wireless communication system without relying on assumptions such as predicting eavesdropper information.
本发明实施例提供一种保证通信安全的方法, 包括:  Embodiments of the present invention provide a method for ensuring communication security, including:
无线链路的通信双方分别进行无线信道估计;  The two sides of the communication of the wireless link perform wireless channel estimation separately;
所述通信双方分别从各自的信道估计结果中提取出预定数量的信道信息; 所述通信双方或其中一方对本地提取的信道信息的部分或全部进行编码, 并将编 码后的信道信息发送给对方;  The communication parties respectively extract a predetermined number of channel information from respective channel estimation results; the communication parties or one of the parties encodes part or all of the locally extracted channel information, and transmits the encoded channel information to the other party. ;
所述通信双方或其中一方根据收到的编码后的信道信息对本地提取出的信道信息 进行纠错, 得到与对方一致的信道信息;  The communication party or one of the two parties corrects the locally extracted channel information according to the received coded channel information, and obtains channel information that is consistent with the other party;
所述通信双方分别利用所述本地提取出的信道信息和纠错后得到的信道信息生成 共享密钥, 或者其中一方利用本地提取出的信道信息生成共享密钥, 另一方利用本地纠 错后得到的信道信息生成共享密钥;  The communication parties respectively generate the shared key by using the locally extracted channel information and the channel information obtained after error correction, or one of the parties uses the locally extracted channel information to generate a shared key, and the other party obtains the local error correction. Channel information generates a shared key;
利用所述共享密钥进行加密通信。  Encrypted communication is performed using the shared key.
本发明实施例提供一种无线通信设备, 包括:  The embodiment of the invention provides a wireless communication device, including:
信道估计单元, 用于进行无线信道估计;  a channel estimation unit, configured to perform wireless channel estimation;
信息提取单元, 用于从信道估计结果中提取出预定数量的信道信息;  An information extracting unit, configured to extract a predetermined number of channel information from the channel estimation result;
密钥生成单元, 用于利用所述提取出的信道信息生成共享密钥;  a key generating unit, configured to generate a shared key by using the extracted channel information;
加密单元, 用于利用所述共享密钥进行加密通信。  And an encryption unit, configured to perform encrypted communication by using the shared key.
本发明实施例提供的保证通信安全的方法及设备, 在不依赖预知窃听者信息等假 设的前提下, 利用无线信道的互易性, 在链路两端产生无法被窃听者获知的私密信息, 建立安全性高的共享密钥, 从而提高了无线通信系统的安全性。 附图说明 图 1是本发明实施例保证通信安全的方法的流程图;  The method and device for ensuring communication security provided by the embodiments of the present invention use the reciprocity of the wireless channel to generate private information that is not known to the eavesdropper on both ends of the link without relying on the assumption of the eavesdropper information. Establishing a secure shared key enhances the security of the wireless communication system. BRIEF DESCRIPTION OF DRAWINGS FIG. 1 is a flowchart of a method for ensuring communication security according to an embodiment of the present invention;
图 2是本发明实施例无线通信设备的一种结构示意图;  2 is a schematic structural diagram of a wireless communication device according to an embodiment of the present invention;
图 3是本发明实施例无线通信设备的另一种结构示意图;  3 is another schematic structural diagram of a wireless communication device according to an embodiment of the present invention;
图 4是本发明实施例无线通信设备的另一种结构示意图;  4 is another schematic structural diagram of a wireless communication device according to an embodiment of the present invention;
图 5是本发明实施例无线通信设备的另一种结构不意图。 具体实施方式 为了使本技术领域的人员更好地理解本发明实施例的方案, 下面结合附图和实施 方式对本发明实施例作进一步的详细说明。 FIG. 5 is another structural schematic diagram of a wireless communication device according to an embodiment of the present invention. DETAILED DESCRIPTION OF THE EMBODIMENTS In order to make those skilled in the art better understand the solutions of the embodiments of the present invention, the embodiments of the present invention are further described in detail below with reference to the accompanying drawings and embodiments.
如图 1所示, 是本发明实施例保证通信安全的方法的流程图, 包括以下步骤: 步骤 101 , 无线链路的通信双方分别进行无线信道估计。  As shown in FIG. 1 , it is a flowchart of a method for ensuring communication security according to an embodiment of the present invention, which includes the following steps: Step 101: A communication channel of a wireless link separately performs wireless channel estimation.
无线链路的通信双方, 可以在相同或相近的一些时频位置, 进行无线信道估计, 而且, 为了消耗尽可能少的时频资源, 支持尽可能多的独立信道信息, 可以根据相干带 宽和相干时间对时频位置的选取进行优化。 具体地, 可以使选取的相邻的时频位置大于 相干带宽和相干时间。 所述相干带宽是一特定频率范围, 在该范围内, 两个不同频率上 的信道响应具有很强的幅度相关性。 所述相干时间是一特定时间范围, 在该范围内, 两 个不同时间上的信道响应具有很强的幅度相关性。  Both sides of the communication of the wireless link can perform wireless channel estimation at the same or similar time-frequency positions, and support as much independent channel information as possible in order to consume as little time-frequency resources as possible, according to coherent bandwidth and coherence. Time optimizes the selection of the time-frequency position. Specifically, the selected adjacent time-frequency locations may be made larger than the coherence bandwidth and the coherence time. The coherence bandwidth is a specific frequency range within which the channel response at two different frequencies has a strong amplitude dependence. The coherence time is a specific time range in which channel responses at two different times have a strong amplitude dependence.
对于某些具有无线资源管理功能的通信系统, 可以由系统进行适当的无线资源调 度, 比如在蜂窝网络中周期性地分配上行探测参考信号资源, 使通信双方根据该参考信 号进行信道估计。 另外, 如果双方进行通信, 则还可以利用双方通信发送的信号来完成 信道估计, 以节省无线资源开销。  For some communication systems with radio resource management functions, the system may perform appropriate radio resource scheduling, such as periodically allocating uplink sounding reference signal resources in the cellular network, so that the communication parties perform channel estimation according to the reference signal. In addition, if the two parties communicate, the signal transmitted by the two parties can also be used to complete the channel estimation, thereby saving radio resource overhead.
在实际应用中, 具体信道估计过程可以采用现有的一些算法, 比如 LS ( Least Square , 最小平方) 信道估计算法、 MMSE (Minimum Mean Square Error, 最小均方误 差) 信道估计算法等。  In practical applications, the specific channel estimation process may use some existing algorithms, such as LS (Least Square) channel estimation algorithm, MMSE (Minimum Mean Square Error) channel estimation algorithm, and the like.
步骤 102 , 所述通信双方分别从各自的信道估计结果中提取出预定数量的信道信 息。  Step 102: The communication parties respectively extract a predetermined amount of channel information from respective channel estimation results.
从信道估计的结果中可以提取得到 ·定数量的量化比特, 该量化比特的格式可以 是二进制的硬比特, 也可以是实数或定点类型的软比特。  A certain number of quantization bits can be extracted from the result of the channel estimation, and the format of the quantization bits can be a binary hard bit or a real bit or a fixed-point type soft bit.
所述定点类型是一种数据类型, 比如实数 π =3. 14159265……, 在实际系统中不可 能精确存储, 在无线通信系统中更不允许为了传输这个实数而耗费大量空中资源, 所以 必须用尽可能少的比特 (比如 16位、 10位、 8为等) 来表示这个实数。 具体多少位比 特足够, 取决于定点仿真结果。 软比特区别于 {0, 1}取值的硬比特, 在理论分析中其取 值为无限精确的实数, 在工程实现中其取值为足够精确的定点类型。 软比特所基于的实 数, 与软判决的具体方法有关, 比如一般用正数表示 1 , 用负数表示 0, 正数越大, 表 示比特为 1的概率越大, 负数的绝对值越大, 表示比特为 0的概率越大, 如果软比特为 0 , 则该比特为 1和为 0的概率各占 ·半。 对卷积码等可以进行迭代译码的码字, 使用 软比特进行译码, 可以获得优于硬比特译码的性能。 The fixed point type is a data type, such as a real number π = 3. 14159265......, it is impossible to store accurately in an actual system, and in a wireless communication system, it is not allowed to consume a large amount of air resources in order to transmit the real number, so it is necessary to use Use as few bits as possible (such as 16 bits, 10 bits, 8 bits, etc.) to represent this real number. The exact number of bits is sufficient, depending on the results of the fixed-point simulation. The soft bits are distinguished from the hard bits of the value {0, 1}. In the theoretical analysis, the value is an infinitely accurate real number. In the engineering implementation, the value is a sufficiently accurate fixed point type. The real number on which soft bits are based is related to the specific method of soft decision. For example, a positive number is used to represent 1 and a negative number is used to represent 0. The larger the positive number, the greater the probability that the bit is 1 and the absolute value of the negative number is greater. The greater the probability that the bit is 0, if the soft bit is 0, the probability that the bit is 1 and 0 is half. Codewords that can be iteratively decoded, such as convolutional codes, are used The soft bit is decoded to obtain better performance than hard bit decoding.
所述信道信息可以从以下任意一种或多种变量中提取: 信道相位、 信道衰落幅度、 频率选择性信道的高阶矩或者离散余弦变换后的参数等。理想的信道信息是随地理位置 和时间较快变化的, 以防止窃听者得到与用户密切相关的信道信道。  The channel information may be extracted from any one or more of the following variables: channel phase, channel fading amplitude, higher order moment of the frequency selective channel, or parameters after discrete cosine transform. The ideal channel information is changed rapidly with geographic location and time to prevent the eavesdropper from getting a channel channel that is closely related to the user.
步骤 103, 所述通信双方或其中一方对本地提取的信道信息的部分或全部进行编 码, 并将编码后的信道信息发送给对方。  Step 103: The two or one of the communication parties encode part or all of the locally extracted channel information, and send the encoded channel information to the other party.
步骤 104,所述通信双方或其中 ·方根据收到的编码后的信道信息对本地提取出的 信道信息进行纠错, 得到与对方一致的信道信息。  Step 104: The communication parties or the parties perform error correction on the locally extracted channel information according to the received coded channel information, to obtain channel information consistent with the other party.
通信双方或其中一方对本地提取的信道信息的部分或全部进行编码, 并将编码后 的信道信息发送给对方, 以使对方根据接收到的编码后的信道信息对本地提取的信道信 息进行纠错。  The communication party or one of the parties encodes part or all of the locally extracted channel information, and transmits the encoded channel information to the other party, so that the other party corrects the locally extracted channel information according to the received coded channel information. .
为了增加本发明实施例的方法的灵活性, 还可以将信道信息量化所需的参数 (指 在对从物理层提取的信道信息进行量化时, 所要用到的有关参数)、 编译码参数、 凿孔 参数、 共享私密信息生成矩阵参数等发送给对方, 以使对方根据这些参数对收到的编码 比特进行正确的译码等操作。 当然, 为了简化实现过程, 可以双方预先约定这些参数。  In order to increase the flexibility of the method of the embodiment of the present invention, parameters required for quantifying channel information (refer to relevant parameters used when quantifying channel information extracted from the physical layer), coding parameters, chiseling The hole parameter, the shared secret information generation matrix parameter, and the like are sent to the other party, so that the other party performs correct decoding on the received coded bits according to the parameters. Of course, in order to simplify the implementation process, the two parties can pre-agreed these parameters.
在具体实现时, 可以利用现有的系统码编码器对所述信道信息进行编码, 只输出 编码后的非系统位或非系统位的某种变换。所述系统码编码器是一种输出比特中包含全 部输入比特的编码器, 即将输入比特直接作为输出比特的一部分的编码器。 例如, 输入 3个比特 b b2, b3, 输出 6个比特 b b2, b3, b,+b2, b2+b3, b,+b2+b3的编码速率为 1/2的线性 块码编码器, 即为一种系统码编码器。。 In a specific implementation, the channel information may be encoded by using an existing system code encoder, and only some transformation of the encoded non-system bits or non-system bits may be output. The system code encoder is an encoder that includes all input bits in the output bits, that is, an encoder that directly inputs the input bits as part of the output bits. For example, input 3 bits bb 2 , b 3 , output 6 bits bb 2 , b 3 , b, +b 2 , b 2 + b 3 , b, +b 2 + b 3 at a coding rate of 1/2 A linear block code encoder is a system code encoder. .
通过无线信道发送的编码后的比特信息, 可以作为某一层的数据, 进行该层相应 的封装和处理后发送, 比如作为 MAC (Media Access Control , 媒体接入控制) 层数据, 经 CRC (Cycl ical Redundancy Check, 循环冗余码校验) 校验位补充和物理层信道编码 等处理后发送, 并可以使用 HARQ (Hybrid-Auto Repeat Request , 混合自动重传请求) 重传等技术, 以保障对方能够正确接收到。  The encoded bit information sent through the wireless channel can be used as a layer of data, and the corresponding layer is encapsulated and processed, for example, as MAC (Media Access Control) layer data, via CRC (Cycl) The ical Redundancy Check, the checksum supplement and the physical layer channel coding are sent and processed, and HARQ (Hybrid-Auto Repeat Request) retransmission can be used to protect the other party. Can receive it correctly.
通信双方或其中一方在对本地提取出的信道信息进行纠错时, 可以根据自己在本 地提取的量化比特、 以及从对方接收到的编码后的比特信息, 经过译码, 取得相一致的 量化比特。  When both sides of the communication perform error correction on the locally extracted channel information, the quantized bits extracted by the local and the encoded bit information received from the other party may be decoded to obtain the same quantized bits. .
相应地, 可以采用一个系统译码器, 将本地提取的量化比特作为编码后的系统位, 将从对方接收到的编码后的比特信息作为非系统位,通过译码得到与对方相一致的量化 比特, 具体过程将在后面举例详细说明。 步骤 105,所述通信双方分别利用所述本地提取出的信道信息和纠错后得到的信道 信息生成共享密钥, 或者其中一方利用木地提取出的信道信息生成共享密钥, 另一方利 用本地纠错后得到的信道信息生成共享密钥。 Correspondingly, a system decoder may be used, and the locally extracted quantization bits are used as the encoded system bits, and the encoded bit information received from the other party is used as a non-system bit, and the quantization corresponding to the other party is obtained through decoding. Bits, the specific process will be described in detail later. Step 105: The communication parties respectively generate a shared key by using the locally extracted channel information and the channel information obtained after error correction, or one of the nodes uses the channel information extracted by the wood ground to generate a shared key, and the other party utilizes the local The channel information obtained after error correction generates a shared key.
步骤 106, 利用所述共享密钥进行加密通信。  Step 106: Perform encrypted communication by using the shared key.
在上述步骤 105中, 在生成共享密钥时, 可以首先由所述通信双方分别利用所述提 取出的信道信息和 /或纠错后得到的信道信息, 生成与提取出的信道信息和纠错后得到 的信道信息相独立的共享私密信息, 以使窃听者不可能从其侦听到的经无线信道传输的 编码后的比特信息中, 得到任何有关所述通信双方之间共享私密信息的有用信息。  In the above step 105, when generating the shared key, the communication channel may first generate and extract the channel information and correct the error by using the extracted channel information and/or the channel information obtained after the error correction. The obtained channel information independently shares the private information, so that the eavesdropper cannot obtain any useful information about sharing the private information between the two communicating parties from the encoded bit information transmitted by the wireless channel. information.
所谓共享私密信息与信道信息相独立, 是指这两组信息之间的互相关性为零。 比 如, 其中 ·组信息由比特序列 a ¾,. . ., 组成, 另 ·组信息由比特序列 1^,132,. . .,13„ 组成, 那么对任意 i (广 m)与 j (Γη)均有 ai与 1^之间相互独立。 The so-called shared private information is independent of the channel information, which means that the cross-correlation between the two sets of information is zero. For example, where the group information consists of the bit sequence a 3⁄4, . . . , and the group information consists of the bit sequence 1^, 13 2 , . . . , 13„, then for any i (wide m) and j ( Γη) are independent of each other between ai and 1^.
如果从数学上对上述相独立的概念来定义, 可以定义如下: 设随机变量 a 的取值 空间为 A, 随机变量 b的取值空间为 B, 如果条件概率 P {a=a' | b=b' } =P {a=a' }对任意 a' 属于 A和 b'属于 B的取值均成立, 且条件概率 P {b=b' I a=a' } =P {b=b' }对任意 a'属于 A 和 b'属于 B的取值均成立, 那么随机变量 a和随机变量 b相互独立。 比如, 第一次丢硬 币的结果是正反面概率各半: P {a=0} =0. 5, P {a=l} =0. 5, 如果不知道第 ·次丢硬币的结 果, 而仅知道第二次丢硬币的结果是 b=0还是 b=l, 那么则无法据此猜测第一次丢硬币 的结果: P {a=0 | b=0} =P {a=0 | b=l} =0. 5=P {a=0}, P {a=l | b=0} =P {a=l | b=l} =0. 5=P {a=l}。  If you mathematically define the above independent concept, you can define it as follows: Let the value space of the random variable a be A, and the value space of the random variable b be B, if the conditional probability P {a=a' | b= b' } =P {a=a' } for any a' belonging to A and b' to B, the conditional probability P {b=b' I a=a' } =P {b=b' } For any a' belonging to A and b' to B, the values are equal, then the random variable a and the random variable b are independent of each other. For example, the result of the first coin drop is half the probability of the front and the back: P {a=0} =0. 5, P {a=l} =0. 5, if you don't know the result of the first coin, but only Knowing that the result of the second coin drop is b=0 or b=l, then the result of the first coin drop cannot be guessed accordingly: P {a=0 | b=0} =P {a=0 | b= l} =0. 5=P {a=0}, P {a=l | b=0} =P {a=l | b=l} =0. 5=P {a=l}.
需要说明的是, 在通信双方生成共享私密信息时, 可以通过执行 ·次上述步骤 101 至步骤 104的过程, 取得所有所需的共享私密信息, 也就是说, 由其中一方将提取的信 道信息进行编码并将编码后的信道信息以及信道信息量化参数等(还可以包括编译码参 数、 凿孔参数、 共享私密信息生成矩阵参数等)信息发送给另 ·方。 这样, 其中 ·方只 需根据本地提取的信道信息生成共享私密信息,而另一方需要根据接收到的编码后的信 道信息对本地提取的信道信息进行纠错, 得到与对方相一致的信道信息, 然后再利用纠 错后的信道信息生成共享私密信息。  It should be noted that when the communication partners generate the shared private information, all the required shared private information can be obtained by performing the above steps 101 to 104, that is, the channel information extracted by one of the parties is performed. The encoding and transmitting the encoded channel information, the channel information quantization parameter, and the like (including a coding code parameter, a puncturing parameter, a shared private information generation matrix parameter, etc.) information to the other party. In this way, the party only needs to generate the shared private information according to the locally extracted channel information, and the other party needs to correct the locally extracted channel information according to the received encoded channel information, and obtain channel information consistent with the other party. Then, the error-corrected channel information is used to generate shared private information.
除此之外, 通信双方也可以将所提取的信道信息分解为多个部分, 通过执行多次 步骤 101至步骤 104的过程, 每次使用分解出的不同的信道信息部分, 得到不同的私密 信息部分, 然后再将多个不同的私密信息部分合成为完整的共享私密信息。 如果执行多 次上述步骤 101至步骤 104的过程,那么每次都可以采用不同的编码 /译码 /共享私密信 息生成方法, 而且可以由通信双方分别对分解出的不同的信道信息部分进行纠错, 比如 让通信双方 A和 B依次轮流地通过无线信道发送编码后的比特信息。 在生成完整的共享私密信息后, 通信双方再各自利用所述共享私密信息, 独立地 生成共享密钥。 In addition, the communication parties can also decompose the extracted channel information into multiple parts, and by performing the processes of steps 101 to 104 multiple times, each time using the different channel information parts that are decomposed, different private information is obtained. Part, then combine multiple different pieces of private information into complete shared private information. If the processes of the above steps 101 to 104 are performed a plurality of times, different encoding/decoding/shared private information generating methods may be used each time, and the different channel information portions that are decomposed may be error-corrected by the communication parties respectively. For example, let the communication parties A and B transmit the encoded bit information through the wireless channel in turn. After generating the complete shared private information, the communication parties respectively use the shared private information to independently generate the shared key.
具体地, 为了降低运算的复杂度, 可以直接采用共享私密信息作为共享密钥; 也 可以将共享私密信息作为 ·些密钥更新算法中的随机数输入、初始化向量输入或者记数 值输入 (即使用一次就增加 1的一个数)等, 综合一些其他辅助信息, 比如, 上层密钥 或现有密钥、 记数值、 MAC地址、 数据包的序列号、 小区标识、 链路相关标识、 历史数 据记录等, 生成共享密钥。 这些辅助信息可以是保存在本地的。  Specifically, in order to reduce the complexity of the operation, the shared private information may be directly used as the shared key; the shared private information may also be used as a random number input, an initialization vector input, or a numerical input in the key update algorithm (ie, using Add one number of 1 at a time), etc., to synthesize some other auxiliary information, such as upper key or existing key, record value, MAC address, serial number of data packet, cell identity, link-related identifier, historical data record Etc., generate a shared key. These auxiliary information can be saved locally.
所述初始化向量的适当取值可以保证生成的共享密钥不会与历史共享密钥重复。 所述初始化向量的生成可有多种方式, 其中一种是每使用一次就增加一的记数器, 与现 有 LTE (Long Term Evolution, 长期演进)系统中的密钥生成中用到的 NAS (Non-Access Stratum, 非接入层) 上行记数值 NAS Uplink Counter类似。  Appropriate values of the initialization vector can ensure that the generated shared key does not overlap with the historical shared key. The initialization vector can be generated in various ways, one of which is a counter that is incremented by one use, and the NAS used in key generation in the existing LTE (Long Term Evolution) system. (Non-Access Stratum, non-access stratum) Upstream value NAS Uplink Counter is similar.
需要说明的是, 在上述步骤 105和步骤 106之间, 还可以进一步包括以下步骤: 所述通信双方分别对对方生成的共享密钥进行验证; 验证通过后再执行步骤 106。 具体 地, 通信双方在各自生成了共享密钥之后, 可以通过一定的握手信令, 对所生成的共享 密钥进行互相确认。 握手确认成功后, 即可使用该共享密钥进行安全的加密通信。 具体 的握手确认过程与现有技术中类似, 在此不再详细描述。 如果握手确认失败, 那么通信 双方需要返回步骤 101 , 重新进行从无线信道估计到信令握手确认的密钥建立过程。 但 是在新的密钥建立过程中,通信双方可以分别将在上一次密钥建立过程中本地生成的共 享私密信息比特, 或者同等数量的本地提取的比特, 当作 ·部分已经获得的信道信息比 特使用, 只对缺少的剩余部分的信道信息比特数量, 通过新的无线信道估计进行补充, 从而可以显著减少新的密钥建立过程中所需要的无线信道估计的次数。  It should be noted that, between the foregoing steps 105 and 106, the method further includes the following steps: the two communicating parties respectively verify the shared key generated by the other party; and after performing the verification, step 106 is performed. Specifically, after the communication parties respectively generate the shared key, the generated shared keys can mutually confirm each other through a certain handshake signaling. After the handshake confirmation is successful, the shared key can be used for secure encrypted communication. The specific handshake confirmation process is similar to that in the prior art and will not be described in detail herein. If the handshake confirmation fails, the communicating parties need to return to step 101 to re-establish the key establishment process from the wireless channel estimation to the signaling handshake acknowledgement. However, in the new key establishment process, the communication parties can respectively treat the shared private information bits locally generated in the last key establishment process, or an equal number of locally extracted bits, as part of the obtained channel information bits. With the use, only the missing number of channel information bits is supplemented by the new radio channel estimate, so that the number of radio channel estimates required in the new key establishment process can be significantly reduced.
可见, 本发明实施例提供的保证通信安全的方法, 可以在不依赖预知窃听者信息 等假设的前提下, 利用无线信道的互易性, 即无线通信双方进行双向无线通信时, 双方 接收信号所经历的信道具有很强的相关性, 在理想的情况下, 可以假设两个方向的信道 完全相等, 在链路两端产生无法被窃听者获知的私密信息, 建立安全性高的共享密钥, 从而提高了无线通信系统的安全性。 在本发明实施例中, 可以基于多种方法实现对信道 信息进行纠错并生成共享私密信息的过程, 比如可以基于卷积码和基于线性块码来实 现。  It can be seen that the method for ensuring communication security provided by the embodiment of the present invention can utilize the reciprocity of the wireless channel without relying on the assumption of the information of the eavesdropper, that is, when the two sides of the wireless communication perform two-way wireless communication, the two sides receive the signal. The experienced channel has a strong correlation. In an ideal situation, it can be assumed that the channels in the two directions are completely equal, and private information that cannot be learned by the eavesdropper is generated at both ends of the link, and a secure shared key is established. Thereby improving the security of the wireless communication system. In the embodiment of the present invention, the process of correcting channel information and generating shared private information may be implemented based on a plurality of methods, for example, based on a convolutional code and based on a linear block code.
下面假设通信双方分别为 A和 B,设 A和 B从本地物理层提取出的无线信道信息量 化比特中, 需要处理的部分分别为 l¾ (m)和 bB (m) , m=l, 2,…, L, 其中, 1¾为硬比特, bB 分别为软比特和硬比特的情况, 对上述过程进行详细说明。 例 1: 基于卷积码的实现过程, 在该实施例中, bB为软比特。 The following assumes that the two sides of the communication are A and B respectively, and the parts of the radio channel information quantization bits extracted by the local physical layer from A and B are respectively required to be processed: l3⁄4 (m) and b B (m), m=l, 2 , ..., L, where 13⁄4 is a hard bit, and b B is a soft bit and a hard bit, respectively, and the above process will be described in detail. Example 1: Based on the implementation process of a convolutional code, in this embodiment, b B is a soft bit.
A以木地物理层提取的 L个比特 bA作为输入, 首先采用生成矩阵为 G= [g, g2… gj 的 1/1卷积编码器进行编码, 得到编码后的 L个比特 0^ , m=l) 2, - , L o 然后, 对编 码后的 L 个比特 d,、, 采用凿孔矩阵 P 进行凿孔, 将凿孔后所得的 K 个比特 dA1 (m), m=l, 2, -, Κ, 作为输出, Α通过无线信道将 dU (m)发送给 Β。 A takes the L bits b A extracted from the physical layer of the wood as input, first encodes the 1/1 convolutional encoder with the generator matrix G=[g, g 2 ... gj, and obtains the encoded L bits 0^ , m=l ) 2, - , L o Then, for the encoded L bits d, ,, use the puncturing matrix P to punctify, and the K bits obtained after puncturing d A1 (m), m= l, 2, -, Κ, as output, d send d U (m) to Α over the wireless channel.
Α以编码后的 L个比特^0^作为输入, 使用凿孔矩阵 1-P进行凿孔, 将凿孔后所 得的 L-K个比特 d,、。 (m), m=l,2,〜,L-K, 作为共享私密信息输出。  Α Using the encoded L bits ^0^ as input, use the puncturing matrix 1-P to punctify, and obtain the L-K bits d, after the puncturing. (m), m=l, 2, ~, L-K, output as shared private information.
上述两个过程还可以通过合并简化实现: 利用凿孔矩阵 P 中的比特值作为切换开 关进行两路分流, 一路对应于矩阵 P中等于 1的元素, 输出编码后需要发送给 B的比特 信息 dU (m) , 另 '路对应于 P中等于 0的元素, 输出共享私密信息 d,、。(m)。 考虑到传输误差, 假设 B收到的 K个比特为 d' A1。 首先, 对接收到的 K个比特 d' A1 的软信息, 采用凿孔矩阵 P进行解凿孔, 得到 L个软比特 d' A。然后, B将本地物理层提 取的 L个软比特 bB, 以及解凿孔后的 L个软比特 d' ,、, 依照系统卷积码编码器的系统位 与非系统位的输出次序, 合并为 2L个编码后的软比特, 作为系统卷积码译码器的输入, 采用生成矩阵为 G'= 1 ° " ' ° 的 1/2卷积码译码器进行译码,输出 L个译码后 … The above two processes can also be implemented by merging simplification: using the bit value in the puncturing matrix P as a switching switch for two-way shunting, one way corresponding to the element equal to 1 in the matrix P, and the bit information d to be sent to B after output encoding U (m) , the other 'channel corresponds to the element equal to 0 in P, and the output shares the private information d, . (m). Considering the transmission error, assume that the K bits received by B are d' A1 . First, the soft information of the received K bits d' A1 is de-punctured using the puncturing matrix P to obtain L soft bits d' A . Then, B combines the L soft bits b B extracted by the local physical layer and the L soft bits d′ after de-puncturing, according to the system bit of the systematic convolutional code encoder and the output order of the non-system bits. 2L encoded soft bits, as input to the system convolutional code decoder, are decoded by a 1/2 convolutional code decoder whose generator matrix is G'= 1 ° "' °, and output L translations. After the code...
比特 b' ,、(m) , m=l, 2,…, L。 Bits b' , , (m) , m=l, 2,..., L.
B以 L个译码后比特 b' A作为输入, 首先采用生成矩阵为 G= [gl g2 … gj的 1/1 卷积编码器进行编码, 得到编码后的 L个比特 d' A (m) , m=l,2,"*,L。 然后, 对其编码后 的 L个比特 d' ,、, 使用凿孔矩阵 1-P进行凿孔, 将凿孔后所得的 L-K个比特 d' ,、。 (m), m-1, 2, -, L-K, 作为共享私密信息输出。 B takes the L decoded bits b' A as input, first encodes with a 1/1 convolutional encoder whose generator matrix is G=[ gl g 2 ... gj, and obtains the encoded L bits d' A (m ), m=l, 2, "*, L. Then, after encoding the L bits d', , use the perforation matrix 1-P to punctify, and the LK bits d' obtained after the puncturing , (m), m-1, 2, -, LK, output as shared private information.
例 2: 基于线性块码的实现过程, 在该实施例中, bB为硬比特。 Example 2: A linear block code based implementation process, in this embodiment, b B is a hard bit.
设 A使用的编码器所对应的 (N, L)系统线性块码编码器 (即编码器输入 L个比特, 输出 N个比特) 的生成矩阵为: Gsys= [I, G] , 其中 I为 L维单位矩阵, G= [g, g2… gx—J , gi为具有 L个元素的列向量, N<2L。 Let the generator matrix of the (N, L) system linear block code encoder corresponding to the encoder used by A (that is, the encoder input L bits, output N bits) be: G sys = [I, G] , where I For the L-dimensional unit matrix, G = [g, g 2 ... g x - J , gi is a column vector with L elements, N < 2L.
A以本地物理层提取的 L个比特 bA作为输入,采用生成矩阵为 G的线性块码编码器 进行编码, 输出编码后的 N-L个比特 dA (m) , m-1, 2, -, Ν-L, 然后通过无线信道将 dA (m) 发送给 B。 A takes the L bits b A extracted by the local physical layer as input, encodes with a linear block code encoder whose generation matrix is G, and outputs the encoded NL bits d A (m), m-1, 2, -, Ν-L, then send d A (m) to B over the wireless channel.
A在 k维空间中选取与§1 g2… 线性独立的 2L-N个列向量1^ r2… r 构成 密钥生成矩阵 R= [r, r2… r 使得 [G R]构成 L维满秩矩阵。 然后, 以本地物理层提 取的 L个比特 b,、作为输入, 采用生成矩阵为 R的线性块码编码器进行编码, 将编码后的 2L-N个比特 q,、(m) , m=l, 2, ···, 2L_N, 作为共享私密信息输出。 A selects 2L-N column vectors 1^ r 2 ... r which are linearly independent from §1 g 2 ... in the k-dimensional space to form a key generation matrix R = [r, r 2 ... r such that [GR] constitutes L-dimensional full Rank matrix. Then, the L bits b extracted by the local physical layer are used as input, and the code is obtained by using a linear block code encoder whose generation matrix is R. 2L-N bits q,, (m), m=l, 2, ···, 2L_N, are output as shared private information.
B以木地物理层提取的 L个比特 bB和解接收到的 N-L个比特 d'、作为译码器的两个 输入, 首先依照系统线性块码编码器的系统位与非系统位的输出次序, 合并为 N个编码 后比特。 然后, 将这 N个编码后比特作为系统线性块码译码器的输入, 采用生成矩阵为 Gsys的 (N, L)系统线性块码译码器进行译码, 输出 L个译码后比特 b' A(m), m=l, 2, ···, L。 B is the L bits b B extracted by the wood physical layer and the NL bits d′ received by the solution, as two inputs of the decoder, first according to the output order of the system bits and non-system bits of the system linear block code encoder , merged into N encoded bits. Then, the N coded bits are used as the input of the system linear block code decoder, and the (N, L) system linear block code decoder with the generator matrix is G sys is decoded, and the L decoded bits are output. b' A (m), m=l, 2, ···, L.
然后, B以 L个译码后比特 b' A作为输入, 采用生成矩阵为 R的线性块码编码器进 行编码, 将编码后的 2L-N个比特 q' Λ(ηι) , m=l, 2, ···, 2L_N, 作为共享私密信息输出。 Then, B takes L decoded bits b' A as input, and encodes with a linear block code encoder whose generation matrix is R, and encodes 2L-N bits q' Λ (ηι), m=l, 2, ···, 2L_N, output as shared private information.
作为一种特例, 当构成密钥生成矩阵 R 的列向量满足如下关系时: (1) 每个列向 量 ri的所有元素之和均等于 1; (2)任意两个列向量 ^和 r」都满足 ι· ·」=0, 所生成的共 享密钥 q,、 (m)和 q' Λ (m) ,即为通信双方分别从本地提取的 L个比特 1¾和 bB中的 2L_N个比 特。 As a special case, when the column vectors constituting the key generation matrix R satisfy the following relationship: (1) the sum of all the elements of each column vector ri is equal to 1; (2) any two column vectors ^ and r" Satisfying ι··”=0, the generated shared keys q,, (m), and q′ Λ (m) are 2L_N bits of the L bits 126 and b B extracted locally by the communication parties.
例 3: 基于 Turbo码的实现过程。  Example 3: Implementation process based on Turbo code.
假设 A对本地提取的 L=2W个比特 b,、(l), b,(2), ···, b,、(2W)利用 1/2 Turbo编码 器进行编码,第一个分量编码器的生成矩阵为 [11], 内交织器的输出为1¾^+1), b,(l), b,(W+2), b,(2), ···, b,(2W), b,(W), 第二个分量编码器的生成矩阵为 [1 1], 对编码器 输出进行截尾, 则该 Turbo 编码器的两路输出可以表示为 b,、(l), b,(l)+b,(2), b,(2)+b,(3), ···, b,(2W-l)+b,(2W) 禾口 b、(W+l), b、(W+l)+b、(l), b,(l) +b,(W+2) , bA (W+2) +bA (2), · · ·, bA (2W) +bA (W)。 对编码后的比特采用 2行 2列的凿孔矩阵 P= [ 1 0; 0 0]进行凿孔, 将凿孔后得到的 W 个比特 b,、(l), b,(2)+b,(3), b,(4)+b,(5), …, bA (2W-2) +bA (2W- 1)发送给 B。 Suppose A is locally extracted L=2W bits b,, (l), b, (2), ···, b,, (2W) are encoded by 1/2 Turbo encoder, the first component encoder The generator matrix is [11], and the output of the inner interleaver is 13⁄4^+1), b, (l), b, (W+2), b, (2), ···, b, (2W), b, (W), the generator matrix of the second component encoder is [1 1], and the encoder output is truncated, then the two outputs of the Turbo encoder can be represented as b, (l), b, (l)+b,(2), b,(2)+b,(3), ···, b,(2W-l)+b,(2W) and b,(W+l), b , (W+l)+b, (l), b, (l) +b, (W+2) , b A (W+2) +b A (2), · · ·, b A (2W) +b A (W). For the coded bits, the chiseling matrix P=[1 0; 0 0] of 2 rows and 2 columns is used for puncturing, and the W bits obtained after the puncturing are b, (l), b, (2) + b , (3), b, (4) + b, (5), ..., b A (2W-2) + b A (2W - 1) are sent to B.
A对编码后的比特采用凿孔矩阵 Q=[0 0; 1 0]进行凿孔, 将凿孔后得到的 W个比 特 b,、 (W+1), b,、(1) +b,、 (W+2), b,、 (2) +b,、 (W+3), ···, b,、 (W-l) +b,、 (2W)作为共享私密信息。  A uses the puncturing matrix Q=[0 0; 1 0] to punctify the encoded bits, and the W bits obtained after puncturing, (W+1), b, and (1) +b, , (W+2), b,, (2) +b, (W+3), ···, b,, (Wl) +b, and (2W) are shared private information.
B对接收到的比特采用凿孔矩阵 P进行解凿孔;将本地提取的比特以及解凿孔后的 比特, 利用 1/3卷积译码器进行译码, 得到译码后的比特, 将所述译码后的比特作为与 对方一致的信道信息。 然后, 将得到的译码后的比特利用 1/2卷积编码器进行编码, 并 对编码后的比特采用凿孔矩阵 Q进行凿孔, 将凿孔后得到的比特作为共享私密信息。 其 中, 所述凿孔矩阵 P和 Q均为 M行 D列的矩阵 (如果在应用中, P的列数 DP和 Q的列数 不同, 则可以通过循环扩展得到等效的相同列数的凿孔矩阵 P, =[P P〜P]和 Q, =[Q Q … Q], 其列数 D为 ¾和¾的最小公倍数), 并满足如下关系:  B de-puncturing the received bits with the puncturing matrix P; decoding the locally extracted bits and the punctured bits by a 1/3 convolution decoder to obtain decoded bits, The decoded bit acts as channel information consistent with the other party. Then, the obtained decoded bits are encoded by a 1/2 convolutional encoder, and the coded bits are punctured using a puncturing matrix Q, and bits obtained after puncturing are used as shared secret information. Wherein, the puncturing matrices P and Q are matrixes of M rows and D columns (if in application, the number of columns of P and the number of columns of Q are different, the same number of columns can be obtained by cyclic expansion. The hole matrix P, = [PP~P] and Q, = [QQ ... Q], the number of columns D is the least common multiple of 3⁄4 and 3⁄4, and satisfies the following relationship:
对任意 i和 j, 满足 P(i, j)*Q(i, j)=0;  For any i and j, satisfy P(i, j)*Q(i, j)=0;
矩阵 P的所有元素之和, 加上矩阵 Q的所有元素之和, 等于 D。 传统的编码器大量地用于信道编码, 具备已经验证的纠错能力。 具体而言, 对于 k 个输入比特, n个输出比特的编码器, 设其输入比特为 b b2, ···, bk, 输出比特为 d d2,…, d„, 经过信道后, 由于噪声及检测误差等的影响, 接收到的比特 d ' „ d ' 2, …, d ' „中可能有多个比特冈发生错误而与 d d2, …, d„不完全 ·致, 而接收端的译码, 能够纠正大部份的错误并恢复出原始输入比特, 即译码器的输出 b ' „ b ' 2, ···, b ' k 在大部份情况下, 能够实现与发射端 b b2, …, bk的一致。 The sum of all elements of matrix P, plus the sum of all elements of matrix Q, is equal to D. Conventional encoders are used extensively for channel coding with proven error correction capabilities. Specifically, for k input bits, the encoders of n output bits have their input bits bb 2 , ···, b k , and the output bits are dd 2 ,..., d„, after passing through the channel, due to noise And the influence of detection errors, etc., the received bits d ' „ d ' 2 , ..., d ' „ may have multiple bit errors and errors with dd 2 , ..., d „ incomplete, and the receiving end translates The code can correct most of the errors and recover the original input bits, ie the output of the decoder b ' „ b ' 2 , ···, b ' k can, in most cases, be implemented with the transmitting end bb 2 , ..., b k consistent.
本发明实施例中采用系统码, 假如使用的是与之同样的 (n, k)编码器, 那么在 n 个输出比特 d d2, ···, dn中, 有 k个比特与输入比特 b b2, ···, bk完全相同, 不失一 般性, 设 d b,, d2=b2, …, dk=bk。 在空中传输出去的是除去系统位输出 d d2, …, dk 后的另外 n-k个编码后比特 dk+1, dk+2, …, d„。 经过空中传输后, 由于无线传输中非理 想因素的影响, 接收端收到的相应比特为 d ' k+1, d' k+2, ···, d' „中可能有多个比特因 发生错误而与 dk+1, dk+2, …, d„不完全一致。 与此同时, 接收端虽然与发射端共享相同 的物理信道, 但是由于受到噪声和信道估计误差等非理想因素的影响, 本地提取的物理 层信道信息 b ' „ b ' 2, ···, b ' k与发射端提取的物理层信道信息 b b2, ···, bk不完全 一致。接收端组织的译码器输入比特 d ' „ d' 2,…, d ' „ (其中, d, ,=b ' „ d ' 2=h' 2,…: d, k=b, k),受到无线通信中非理想因素的影响,与发射端编码器输出比特 d d2, ···, dn 不完全一致。 本发明实施例利用传统编译码器所具备的纠错能力, 使接收端能够纠正大 部份的错误并恢复出原始输入比特, 即译码器的输出 b ' „ b ' 2, …, b ' k在大部份情 况下, 能够实现与发射端 b b2, …, bk的 ·致。 In the embodiment of the present invention, the system code is used. If the same (n, k) encoder is used, then among the n output bits dd 2 , ···, d n , there are k bits and input bits bb. 2 , ···, b k is exactly the same, without loss of generality, let db,, d 2 =b 2 , ..., d k =b k . What is transmitted in the air is the additional nk coded bits d k+1 , d k+2 , ..., d„ after removing the system bit outputs dd 2 , ..., d k . After over-the-air transmission, due to wireless transmission Under the influence of ideal factors, the corresponding bits received by the receiving end are d ' k+1 , d' k+2 , ···, d' „ There may be multiple bits due to an error and d k+1 , d k +2 , ..., d„ are not completely consistent. At the same time, although the receiving end shares the same physical channel with the transmitting end, the locally extracted physical layer channel information b is affected by non-ideal factors such as noise and channel estimation error. '"b' 2, ···, b 'k transmitting side physical layer extracted channel information bb 2, ···, b k is not exactly the same. The decoder input bits d ' „ d' 2 ,..., d ' „ (where d, , =b ' „ d ' 2 =h' 2 ,...: d, k =b, k ), It is not completely consistent with the output of the encoder encoder output bits dd 2 , ···, d n by the non-ideal factors in the wireless communication. The embodiment of the present invention utilizes the error correction capability of the conventional codec to enable the receiving end to Correct most of the errors and recover the original input bits, ie the output b ' „ b ' 2 , ..., b ' k of the decoder can, in most cases, be implemented with the transmitting terminals bb 2 , ..., b k Zhizhi.
在上述例 1中, 在空中传输的是对提取的 L个比特凿孔后所得的 K个比特的信息, 而生成私密信息时利用的是 L-K个比特的信息, 即通信双方所生成的共享密钥信息, 与 通过空中传输的旨在帮助双方获得 '致的互易信息的纠错信息完全独立,从而保证了所 述共享密钥的安全性。  In the above example 1, the information of K bits obtained by puncturing the extracted L bits is transmitted over the air, and the information of LK bits is generated when generating the private information, that is, the shared secret generated by the communication parties. The key information is completely independent of the error correction information transmitted over the air to help the two parties obtain the reciprocal information, thereby ensuring the security of the shared key.
在上述例 2中, R的选取具有特征: [G, R]构成满秩方阵。 该特征保证了 G与 R的 每列之间都线性独立, 并由 G的 N-L个 L维列向量, 和 R的一共 2L-N个 L维列向量, 共同构成了 L维空间的 L个相互独立的座标轴。 因此, 任意的 L个输入比特, 都可以用 这 L个列向量作为坐标轴, 表示为一个 L维的坐标。 对于窃听者, 即使他知道 L维坐标 系中的 N-L个坐标值, 也无法获知有关计算 2L-N个座标轴上坐标值的任何信息。 这就 如同在三维空间中有一个点(N=3 ) ,将其映射到三维坐标系中,得到一组坐标值 {x, y, z} , 然后将其中两个坐标值 {y,z}在发送给对方 (L=l, N-L=2 ) , 虽然窃听者可以听到空中传 输的 {y, z}, 但是他不可能据此获得有关另一个坐标值 X的任何信息。 在上述例 3中, 在空中传输的是对提取的 L个比特经编码和凿孔后所得的 L/2个 比特 b、(l) , b, (2) +b, (3) , b、(4) +b、(5) , ···, b、(2W-2) +b、(2W_ l)的信息, 而生成私密信 息时利用的是与之不同的 L/2 个比特 bA (W+l) , bA (l) +bA (W+2) , bA (2) +bA (W+3) , ···, b,、(W-l) +b,、(2W)的信息, 且容易推知这共计 L个比特之间完全独立, 从而保证了所述共 享密钥的安全性。 In the above example 2, the selection of R has the feature: [G, R] constitutes a full rank square matrix. This feature guarantees that each column of G and R is linearly independent, and the L NL L-dimensional column vectors of G and the 2L-N L-dimensional column vectors of R together form L mutual mates of L-dimensional space. Independent coordinate axis. Therefore, any L input bits can be represented by the L column vectors as coordinate axes and represented as an L-dimensional coordinate. For an eavesdropper, even if he knows the NL coordinate values in the L-dimensional coordinate system, he cannot know any information about calculating the coordinate values on the 2L-N coordinate axes. This is like having a point (N=3) in 3D space, mapping it into a 3D coordinate system, getting a set of coordinate values {x, y, z}, and then taking two of the coordinate values {y, z} While sending to the other party (L=l, NL=2), although the eavesdropper can hear the {y, z} of the air transmission, it is impossible for him to obtain any information about another coordinate value X accordingly. In the above example 3, the L/2 bits b, (l), b, (2) + b, (3), b, which are obtained by encoding and puncturing the extracted L bits, are transmitted over the air. (4) +b, (5), ···, b, (2W-2) +b, (2W_ l) information, and the private information is generated using a different L/2 bits b A (W+l) , b A (l) +b A (W+2) , b A (2) +b A (W+3) , ···, b,, (Wl) +b,, (2W The information, and it is easy to infer that the total of L bits are completely independent, thereby ensuring the security of the shared key.
可见, 本发明实施例的方法, 充分考虑了无线信道互易性利用中, 存在大量信道 信息估计误差等实际系统中存在的非理想冈素, 通过巧妙的编码、 译码、 共享私密信息 生成过程, 一方面能够纠正绝大部分链路双方所获得的不一致信道互易信息, 从而保障 了本发明技术方案在实际系统环境下的可用性;另一方面能够保障通信双方所生成的共 享密钥信息, 与通过空中传输的旨在帮助双方获得 ·致的互易信息的纠错信息完全独 立, 从而保障了本发明技术方案在实际系统环境下的安全性。  It can be seen that the method of the embodiment of the present invention fully considers the non-ideality of the actual system in the utilization of the reciprocity of the wireless channel, such as a large number of channel information estimation errors, by clever coding, decoding, and sharing of the private information generation process. On the one hand, it can correct the inconsistent channel reciprocity information obtained by most of the links, thereby ensuring the availability of the technical solution of the present invention in the actual system environment; on the other hand, the shared key information generated by the communication parties can be guaranteed. It is completely independent of the error correction information transmitted through the air to help the two parties obtain the reciprocal information, thereby ensuring the security of the technical solution of the present invention in the actual system environment.
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分步骤是可以通 过程序来指令相关的硬件来完成, 所述的程序可以存储于 ·计算机可读取存储介质中, 所述的存储介质, 如: R0M/RAM、 磁碟、 光盘等。  A person skilled in the art can understand that all or part of the steps of implementing the above embodiments can be completed by a program instructing related hardware, and the program can be stored in a computer readable storage medium, the storage. Media, such as: R0M/RAM, disk, CD, etc.
本发明实施例还提供一种无线通信设备, 如图 2 所示, 是该设备的一种结构示意 图。  The embodiment of the invention further provides a wireless communication device, as shown in FIG. 2, which is a schematic structural diagram of the device.
在该实施例中, 所述设备包括:  In this embodiment, the device includes:
信道估计单元 201 , 用于进行无线信道估计, 具体地, 可以在相同或相近的多个时 频位置进行无线信道估计, 并且选取的相邻的时频位置大于相干带宽和相干时间。  The channel estimation unit 201 is configured to perform wireless channel estimation. Specifically, the wireless channel estimation may be performed at the same or similar multiple time-frequency positions, and the selected adjacent time-frequency positions are greater than the coherence bandwidth and the coherence time.
信息提取单元 202, 用于从信道估计结果中提取出预定数量的信道信息, 具体地, 可以从以下任意一种或多种信息中提取所述信道信息: 信道相位、 信道衰落幅度、 频率 选择性信道的高阶矩或者离散余弦变换后的参数, 所述信道信息可以表示为: 二进制的 硬比特, 或者实数, 或者定点类型的软比特。  The information extracting unit 202 is configured to extract a predetermined number of channel information from the channel estimation result. Specifically, the channel information may be extracted from any one or more of the following information: channel phase, channel fading amplitude, and frequency selectivity. The higher order moment of the channel or the discrete cosine transformed parameter, the channel information may be expressed as: a binary hard bit, or a real number, or a soft bit of a fixed point type.
密钥生成单元 203 , 用于利用所述提取出的信道信息生成共享密钥。  The key generation unit 203 is configured to generate a shared key by using the extracted channel information.
加密单元 204, 用于利用共享密钥进行加密通信。  The encryption unit 204 is configured to perform encrypted communication by using the shared key.
所述密钥生成单元的一种优选结构包括: 共享私密信息生成子单元 231 和共享密 钥生成子单元 232。 其中:  A preferred structure of the key generation unit includes: a shared private information generation subunit 231 and a shared key generation subunit 232. among them:
共享私密信息生成子单元 231 , 用于生成共享私密信息, 该共享私密信息与所述信 道信息相独立;  The shared private information generating subunit 231 is configured to generate shared private information, where the shared private information is independent of the channel information;
共享密钥生成子单元 232, 用于利用所述共享私密信息生成共享密钥。  The shared key generation subunit 232 is configured to generate a shared key by using the shared secret information.
在实际应用中, 所述密钥生成子单元 232, 可以直接将所述共享私信息作为共享密 钥, 也可以利用所述共享私密信息和 ·些辅助信息生成共享密钥。 所述辅助信息可以是 木地保存的以下一种或多种信息: 上层密钥、 记数值、 小区标识、 链路相关标识、 历史 数据记录。 In an actual application, the key generation subunit 232 may directly use the shared private information as a shared secret. The key may also generate the shared key by using the shared private information and some auxiliary information. The auxiliary information may be one or more of the following information stored in the wood: an upper layer key, a recorded value, a cell identifier, a link related identifier, and a historical data record.
在本发明实施例中, 所述设备可以作为通信双方的任何 ·方。  In the embodiment of the present invention, the device may be any party of the communication parties.
如图 3所示, 在本发明的另一实施例中, 所述设备还可进一步包括: 编码单元 301 和发送单元 302。 其中, 所述编码单元 301用于对本地提取的信道信息的部分或全部进 行编码; 所述发送单元 302用于将编码后的信道信息发送给对方, 以使对方根据接收到 的编码后的信道信息对本地提取的信道信息进行纠错。 另外, 所述发送单元 302, 还可 进一步将信道信息量化参数、 编译码参数、 凿孔参数、 共享私密信息生成矩阵参数等信 息发送给对方, 以使对方利用这些参数进行正确的解码等操作。  As shown in FIG. 3, in another embodiment of the present invention, the device may further include: an encoding unit 301 and a sending unit 302. The encoding unit 301 is configured to encode part or all of the locally extracted channel information, and the sending unit 302 is configured to send the encoded channel information to the other party, so that the other party can receive the encoded channel according to the received channel. The information corrects the locally extracted channel information. In addition, the transmitting unit 302 may further transmit information such as channel information quantization parameter, coding and decoding parameter, puncturing parameter, and shared private information generation matrix parameter to the other party, so that the other party performs correct decoding and the like by using the parameter.
如图 4所示, 在本发明的另一实施例中, 所述设备还包括: 接收单元 401和纠错 单元 402。 其中, 所述接收单元 401用于接收对方发送的编码后的信道信息; 所述纠错 单元 402用于根据所述接收单元 401接收到的编码后的信道信息对本地提取的信道信息 进行纠错, 得到与对方一致的信道信息。  As shown in FIG. 4, in another embodiment of the present invention, the device further includes: a receiving unit 401 and an error correcting unit 402. The receiving unit 401 is configured to receive the encoded channel information sent by the other party, and the error correcting unit 402 is configured to perform error correction on the locally extracted channel information according to the encoded channel information received by the receiving unit 401. , get the channel information consistent with the other party.
在该实施例中, 所述密钥生成单元 203, 还用于根据纠错后得到的信道信息生成共 享密钥。  In this embodiment, the key generation unit 203 is further configured to generate a sharing key according to the channel information obtained after the error correction.
当然, 本发明实施例的的无线通信设备, 还可以有多种变形, 比如, 在本发明的 另一实施例中, 所述设备还可以同时包括上述编码单元 301和发送单元 302、 以及接收 单元 401和纠错单元 402。  Certainly, the wireless communication device of the embodiment of the present invention may further have various modifications. For example, in another embodiment of the present invention, the device may further include the foregoing coding unit 301, the sending unit 302, and the receiving unit. 401 and error correction unit 402.
在本发明实施例的无线通信设备中, 可以基于多种方法实现对信道信息进行纠错 并生成共享私密信息的过程, 比如可以基于卷积码、 基于线性块码和基于 Turbo码来实 现。  In the wireless communication device of the embodiment of the present invention, the process of correcting the channel information and generating the shared secret information may be implemented based on a plurality of methods, for example, based on a convolutional code, a linear block code based, and a Turbo code based.
在基于卷积码实现时, 所述编码单元, 具体用于对本地提取的信道信息的部分或 全部比特利用 1/1卷积编码器进行编码, 并对编码后的比特采用凿孔矩阵 P进行凿孔, 将凿孔后得到的比特发送给对方; 所述纠错单元, 具体用于对接收到的比特采用凿孔矩 阵 P进行解凿孔, 并将本地提取的比特, 以及解凿孔后的比特, 利用 1/2卷积译码器进 行译码, 得到译码后的比特, 将所述译码后的比特作为与对方一致的信道信息; 所述共 享私密信息生成子单元,具体用于对所述编码单元编码后的比特采用凿孔矩阵 1-P进行 凿孔, 将凿孔后得到的比特作为共享私密信息; 或者将所述纠错单元得到的译码后的比 特利用 1/1卷积编码器进行编码, 并对编码后的比特采用凿孔矩阵 1-P进行凿孔, 将凿 孔后得到的比特作为共享私密信息。 详细过程可参照前面例 1中的描述。 在基于线性块码实现时, 所述编码单元, 具体用于对本地提取的信道信息的部分 或全部比特比如 L个比特利用生成矩阵为0= [g, g2 … g , gi为具有 L个元素的列向 量, N〈2L的线性块码编码器进行编码, 并将编码后的 N-L个比特发送给对方; 所述纠错 单元,具体用于将本地提取的 L个比特和解接收到的 N-L个比特合并为 N个编码后比特; 将所述 N个编码后比特作为系统线性块码译码器的输入, 利用生成矩阵为 Gsys= [I, G]的 系统线性块码译码器进行译码, 输出 L个译码后比特, 将所述译码后的 L个比特作为与 对方 '致的信道信息; 所述共享私密信息生成子单元, 具体用于以本地提取的 L个比特 作为输入, 采用生成矩阵为 R= [r, r2 … r -、]的线性块码编码器进行编码, 将编码后的 2L-N个比特作为共享私密信息;或者以所述纠错单元输出的所述 L个译码后比特作为输 入, 采用生成矩阵为 R= [r, r2 … r 的线性块码编码器进行编码, 将编码后的 2L_N 个比特作为共享私密信息。 详细过程可参照前面例 2中的描述。 When the implementation is based on a convolutional code, the coding unit is specifically configured to encode part or all of the locally extracted channel information by using a 1/1 convolutional encoder, and use the punctured matrix P for the encoded bits. The puncturing, the bit obtained after the puncturing is sent to the other party; the error correcting unit is specifically configured to use the puncturing matrix P to perform the puncturing on the received bit, and extract the locally extracted bit, and after the puncturing The bits are decoded by a 1/2 convolutional decoder to obtain decoded bits, and the decoded bits are used as channel information that is consistent with the other party; the shared private information generation subunit is specifically used The bit coded by the coding unit is punctured by using a puncturing matrix 1-P, and the bit obtained after puncturing is used as shared secret information; or the decoded bit obtained by the error correction unit is utilized 1/ A convolutional encoder performs coding, and the coded bits are punctured using a puncturing matrix 1-P, and bits obtained after puncturing are used as shared private information. For the detailed process, refer to the description in the previous example 1. When the implementation is based on a linear block code, the coding unit is specifically configured to use a generation matrix for some or all bits of the locally extracted channel information, such as L bits, to be 0=[g, g 2 ... g , gi for having L The column vector of the element, the linear block code encoder of N<2L is encoded, and the encoded NL bits are sent to the other party; the error correction unit is specifically configured to use the locally extracted L bits and the NL received by the solution. Combining the bits into N coded bits; using the N coded bits as the input of the system linear block code decoder, using a system linear block code decoder whose generator matrix is G sys = [I, G] Decoding, outputting L decoded bits, using the decoded L bits as channel information of the other party; the shared private information generating sub-unit is specifically used for locally extracting L bits as Input, encoding using a linear block code encoder whose generator matrix is R=[r, r 2 ... r -, ], using the encoded 2L-N bits as shared secret information; or outputting by the error correction unit The L decoded bits are used as inputs Is the generator matrix R = [r, r 2 ... r of the linear block code encoder for encoding the encoded bits 2L_N as the shared secret information. For the detailed process, refer to the description in the previous example 2.
在基于 Turbo码实现时, 所述编码单元, 具体用于对本地提取的 L个比特利用 1/M 卷积编码器或 Turbo编码器进行编码, 并对编码后的比特采用凿孔矩阵 P进行凿孔; 所 述发送单元, 具体用于将凿孔后得到的 T个比特发送给对方, 其中, T<L; 所述纠错单 元, 具体用于对接收到的比特采用凿孔矩阵 P进行解凿孔, 将本地提取的比特以及解凿 孔后的比特, 利用 1/ (M+1)卷积译码器进行译码, 得到译码后的比特, 将所述译码后的 比特作为与对方一致的信道信息; 所述共享私密信息生成于单元, 具体用于对所述编码 单元编码后的比特采用凿孔矩阵 Q进行凿孔,将凿孔后得到的 L-T个比特作为共享私密 信息; 或者将所述纠错单元得到的译码后的比特利用 1/M卷积编码器进行编码, 并对编 码后的比特采用凿孔矩阵 Q进行凿孔, 将凿孔后得到的比特作为共享私密信息; 所述凿 孔矩阵 P和 Q都是 M行 D列的矩阵(如果在应用中, P的列数 DP和 Q的列数 不同, 则 可以通过循环扩展得到等效的相同列数的凿孔矩阵 P, = [P P〜P]和 Q, = [Q Q ··· Q] , 其列数 D 为 DP和 DQ的最小公倍数), 并满足如下关系: 对任意 i 和 j, 满足 P (i, j) *Q (i, j) =0 ; 矩阵 P的所有元素之和, 加上矩阵 Q的所有元素之和, 等于 D。详细 过程可参照前面例 3中的描述。 When the implementation is based on the Turbo code, the coding unit is specifically configured to encode the locally extracted L bits by using a 1/M convolutional encoder or a Turbo encoder, and chisel the matrix P by using the coded bits. The transmitting unit is configured to send the T bits obtained after the puncturing to the other party, where T<L; the error correcting unit is specifically configured to use the puncturing matrix P to solve the received bit. By puncturing, the locally extracted bits and the de-punctured bits are decoded by a 1/(M+1) convolutional decoder to obtain decoded bits, and the decoded bits are used as The shared secret information is generated by the unit, and is configured to perform puncturing using the punctured matrix Q for the bits encoded by the coding unit, and use the LT bits obtained after the puncturing as the shared private information; Or the decoded bits obtained by the error correction unit are encoded by a 1/M convolutional encoder, and the coded bits are punctured by using a puncturing matrix Q, and the bits obtained after puncturing are used as shared secrets. Information; The hole matrices P and Q are matrixes of M rows and D columns (if, in application, the number of columns of P and the number of columns of P are different, a perforation matrix P of equivalent identical number of columns can be obtained by cyclic expansion, = [PP~P] and Q, = [QQ ··· Q] , whose number of columns D is the least common multiple of D P and D Q ), and satisfy the following relationship: For any i and j, satisfy P (i, j) *Q (i, j) =0 ; The sum of all elements of matrix P, plus the sum of all elements of matrix Q, equals D. For the detailed process, refer to the description in the previous example 3.
如图 5所示, 是本发明实施例无线通信设备的另一种结构示意图。  FIG. 5 is another schematic structural diagram of a wireless communication device according to an embodiment of the present invention.
与图 2所示实施例的区别在于, 在该实施例中, 所述设备还包括:  The difference from the embodiment shown in FIG. 2 is that, in this embodiment, the device further includes:
验证单元 205 , 用于在所述加密单元 204利用所述共享密钥进行加密通信之前, 对 对方生成的共享密钥进行验证, 并在验证通过后, 指示所述加密单元 204利用所述共享 密钥进行加密通信, 从而可以进一步保证双方生成的共享密钥的准确性。 具体地, 所述 验证单元 205可以通过一定的握手信令及计算,确认共享密钥生成是否成功;如果成功, 则将所述共享密钥发送给所述加密单元 204; 如果不成功, 则将所述共享私密信息或者 同等数量的木地提取的信道信息,作为所述预定数量的信道信息中的一部分已经获得的 信道信息, 并通知所述信道估计单元 201重新通过新的无线信道估计获取其中剩余部分 的信道信息。 The verification unit 205 is configured to: before the encryption unit 204 performs the encrypted communication by using the shared key, verify the shared key generated by the other party, and after the verification is passed, instruct the encryption unit 204 to use the shared secret The key is encrypted and communicated, so that the accuracy of the shared key generated by both parties can be further ensured. Specifically, the verification unit 205 can confirm whether the shared key generation is successful through a certain handshake signaling and calculation; if successful, Transmitting the shared key to the encryption unit 204; if unsuccessful, obtaining the shared private information or an equal number of woodland extracted channel information as part of the predetermined number of channel information The channel information is notified, and the channel estimation unit 201 is notified to reacquire the channel information of the remaining portion through the new radio channel estimation.
可见, 本发明实施例的无线通信设备, 充分考虑了无线信道互易性利用中, 存在 大量信道信息估计误差等实际系统中存在的非理想因素, 通过巧妙的编码、 译码、 共享 私密信息生成过程, '方面能够纠正绝大部分链路双方所获得的不 ·致信道互易信息, 从而保障了本发明技术方案在实际系统环境下的可用性; 另一方面能够保障通信双方所 生成的共享密钥信息, 与通过空中传输的旨在帮助双方获得一致的互易信息的纠错信息 完全独立, 从而保障了本发明技术方案在实际系统环境下的安全性。 以上对本发明实施例进行了详细介绍,本文中应用了具体实施方式对本发明进行了 阐述, 以上实施例的说明只是用于帮助理解本发明的方法及设备; 同时, 对于本领域的 -般技术人员, 依据本发明的思想, 在具体实施方式及应用范围上均会有改变之处, 综 上所述, 本说明书内容不应理解为对本发明的限制。  It can be seen that the wireless communication device in the embodiment of the present invention fully considers the non-ideal factors existing in the actual system such as the estimation error of the channel information in the wireless channel reciprocity utilization, and generates the private information through smart coding, decoding, and sharing. The process, 'the aspect can correct the channel reciprocal information obtained by the majority of the links, thereby ensuring the availability of the technical solution of the present invention in the actual system environment; on the other hand, the sharing generated by the communication parties can be guaranteed The key information is completely independent of the error correction information transmitted over the air to help the two parties obtain consistent reciprocal information, thereby ensuring the security of the technical solution of the present invention in an actual system environment. The embodiments of the present invention have been described in detail above, and the present invention has been described with reference to the specific embodiments thereof. The description of the above embodiments is only for facilitating understanding of the method and device of the present invention. Meanwhile, it is generally known to those skilled in the art. The present invention is not limited by the scope of the present invention.

Claims

权利要求 Rights request
1、 一种保证通信安全的方法, 其特征在于, 包括: A method for ensuring communication security, characterized in that it comprises:
A、 无线链路的通信双方分别进行无线信道估计;  A. The two sides of the wireless link perform wireless channel estimation separately;
B、 所述通信双方分别从各自的信道估计结果中提取出预定数量的信道信息; C, 所述通信双方或其中一方对本地提取的信道信息的部分或全部进行编码, 并将 编码后的信道信息发送给对方;  B. The communication parties respectively extract a predetermined number of channel information from respective channel estimation results; C. the communication parties or one of the parties encodes part or all of the locally extracted channel information, and encodes the channel. The information is sent to the other party;
D、 所述通信双方或其中 ·方根据收到的编码后的信道信息对本地提取出的信道信 息进行纠错, 得到与对方一致的信道信息;  D. The communication parties or the parties perform error correction on the locally extracted channel information according to the received coded channel information, to obtain channel information that is consistent with the other party;
E、 所述通信双方分别利用所述本地提取出的信道信息和本地纠错后得到的信道信 息生成共享密钥, 或者其中一方利用本地提取出的信道信息生成共享密钥, 另一方利用 本地纠错后得到的信道信息生成共享密钥;  E. The communication parties respectively generate the shared key by using the locally extracted channel information and the channel information obtained by local error correction, or one of the parties uses the locally extracted channel information to generate a shared key, and the other party uses the local correction The channel information obtained after the error generates a shared key;
F、 利用所述共享密钥进行加密通信。  F. Perform encrypted communication by using the shared key.
2、 根据权利要求 1所述的方法, 其特征在于, 所述通信双方分别进行无线信道估 计包括: 所述通信双方分别在相同或相近的多个时频位置进行无线信道估计, 并且选取 的相邻的时频位置大于相干带宽和相干时间。  2. The method according to claim 1, wherein the performing wireless channel estimation by each of the communication parties comprises: performing, by the communication parties, wireless channel estimation at the same or similar multiple time-frequency positions, respectively, and selecting the phase The time-frequency position of the neighbor is greater than the coherence bandwidth and coherence time.
3、 根据权利要求 1所述的方法, 其特征在于, 所述信道信息包括以下任意一种或 多种:  3. The method according to claim 1, wherein the channel information comprises any one or more of the following:
信道相位、 信道衰落幅度、 频率选择性信道的高阶矩或者离散余弦变换后的参数。 Channel phase, channel fading amplitude, higher order moment of frequency selective channel or discrete cosine transformed parameters.
4、 根据权利要求 1所述的方法, 其特征在于, 所述信道信息的格式为: 二进制的 硬比特, 或者实数或定点类型的软比特。 4. The method according to claim 1, wherein the format of the channel information is: a binary hard bit, or a real bit or a fixed bit type soft bit.
5、 根据权利要求 1所述的方法, 其特征在于,  5. The method of claim 1 wherein:
所述通信双方分别利用所述本地提取出的信道信息和本地纠错后得到的信道信息 生成共享密钥包括:所述通信双方分别利用所述本地提取出的信道信息和本地纠错后得 到的信道信息生成共享私密信息, 并将所述共享私密信息作为所述共享密钥;  The generating, by using the locally extracted channel information and the channel information obtained by the local error correction, the shared key includes: the communication parties respectively use the locally extracted channel information and the local error correction. The channel information generates shared private information, and the shared private information is used as the shared key;
所述其中一方利用本地提取出的信道信息生成共享密钥, 另一方利用本地纠错后 得到的信道信息生成共享密钥包括:所述其中一方利用本地提取出的信道信息生成共享 私密信息, 并将所述共享私密信息作为所述共享密钥, 另一方利用本地纠错后得到的信 道信息生成共享私密信息, 并将所述共享私密信息作为所述共享密钥。 The one party generates the shared key by using the locally extracted channel information, and the other party generates the shared key by using the channel information obtained by the local error correction, including: the one party generates the shared secret information by using the locally extracted channel information, and The shared private information is used as the shared key, and the other party generates shared private information by using channel information obtained by local error correction, and uses the shared private information as the shared key.
6、 根据权利要求 1所述的方法, 其特征在于, 6. The method of claim 1 wherein:
所述通信双方分别利用所述本地提取出的信道信息和本地纠错后得到的信道信息 生成共享密钥包括:  The generating, by using the locally extracted channel information and the channel information obtained after the local error correction, the shared key includes:
所述通信双方分别利用所述本地提取出的信道信息和本地纠错后得到的信道信息 生成共享私密信息; 利用所述共享私密信息和本地保存的辅助信息生成共享密钥; 所述其中一方利用本地提取出的信道信息生成共享密钥, 另一方利用本地纠错后 得到的信道信息生成共享密钥包括:  The communication party generates the shared private information by using the locally extracted channel information and the channel information obtained by the local error correction respectively; generating the shared key by using the shared private information and the locally saved auxiliary information; The locally extracted channel information generates a shared key, and the other party generates the shared key by using the channel information obtained by the local error correction, including:
所述其中 '方利用本地提取出的信道信息生成共享私密信息, 并利用所述共享私 密信息和本地保存的辅助信息生成共享密钥; 另一方利用本地纠错后得到的信道信息生 成共享私密信息, 并利用所述共享私密信息和本地保存的辅助信息生成共享密钥。  The method uses the locally extracted channel information to generate shared private information, and generates the shared key by using the shared private information and the locally saved auxiliary information; and the other party generates the shared private information by using the channel information obtained by the local error correction. And generating the shared key by using the shared private information and the locally saved auxiliary information.
7、根据权利要求 6所述的方法, 其特征在于, 所述辅助信息包括以下一种或多种: 上层密钥、 初始向量、 记数值、 MAC地址、 数据包的序列号、 小区标识、 链路相关标识、 历史数据记录。  The method according to claim 6, wherein the auxiliary information comprises one or more of the following: an upper layer key, an initial vector, a value, a MAC address, a serial number of the data packet, a cell identifier, and a chain. Road related signs, historical data records.
8、 根据权利要求 5或 6所述的方法, 其特征在于,  8. Method according to claim 5 or 6, characterized in that
所述对本地提取的信道信息进行编码, 并将编码后的信道信息发送给对方包括: 对本地提取的比特利用 1/1 卷积编码器进行编码, 并对编码后的比特采用凿孔矩 阵 P进行凿孔, 将凿孔后得到的比特发送给对方;  The encoding the locally extracted channel information, and transmitting the encoded channel information to the counterpart includes: encoding the locally extracted bits by using a 1/1 convolutional encoder, and using the perforation matrix P for the encoded bits. Perform a boring to send the bits obtained after the boring to the other party;
所述根据接收到的编码后的信道信息对本地提取的信道信息进行纠错, 得到与对 方一致的信道信息包括:  And performing error correction on the locally extracted channel information according to the received encoded channel information, to obtain channel information consistent with the opposite party, including:
对接收到的比特采用凿孔矩阵 P进行解凿孔;  Using the puncturing matrix P for the received bits to perform the puncturing;
将本地提取的比特, 以及解凿孔后的比特, 利用 1/2 卷积译码器进行译码, 得到 译码后的比特, 将所述译码后的比特作为与对方一致的信道信息;  The locally extracted bits and the de-punctured bits are decoded by a 1/2 convolution decoder to obtain decoded bits, and the decoded bits are used as channel information that is consistent with the other party;
所述其中一方利用本地提取出的信道信息生成共享密钥, 另一方利用本地纠错后 得到的信道信息生成共享私密信息包括:  The one party generates the shared key by using the locally extracted channel information, and the other party generates the shared private information by using the channel information obtained by the local error correction, including:
所述其中 ·方对编码后的比特采用凿孔矩阵 1-P 进行凿孔, 将凿孔后得到的比特 作为共享私密信息;  The square side uses the puncturing matrix 1-P to punctify the coded bits, and uses the bits obtained after puncturing as the shared secret information;
所述另一方将得到的译码后的比特利用 1/1 卷积编码器进行编码, 并对编码后的 比特采用凿孔矩阵 1-P进行凿孔, 将凿孔后得到的比特作为共享私密信息。  The other party encodes the obtained decoded bits by a 1/1 convolutional encoder, and punctured the encoded bits by using a puncturing matrix 1-P, and uses the bits obtained after puncturing as a shared secret. information.
9、 根据权利要求 5或 6所述的方法, 其特征在于, 所述对本地提取的信道信息进行编码, 并将编码后的信道信息发送给对方包括: 对本地提取的 L个比特利用生成矩阵为0= [g, g2… g^] , gi为具有 L个元素的列 向量, N〈2L的线性块码编码器进行编码, 并将编码后的 N-L个比特发送给对方; 9. A method according to claim 5 or claim 6 wherein: The encoding the locally extracted channel information, and transmitting the encoded channel information to the other party includes: using a generation matrix for the locally extracted L bits, 0 = [g, g 2 ... g^], and gi is L Column vector of elements, N<2L linear block code encoder encodes, and sends the encoded NL bits to the other party;
所述根据接收到的编码后的信道信息对本地提取的信道信息进行纠错, 得到与对 方一致的信道信息包括:  And performing error correction on the locally extracted channel information according to the received encoded channel information, to obtain channel information consistent with the opposite party, including:
将本地提取的 L个比特和解接收到的 N-L个比特合并为 N个编码后比特; 将所述 N个编码后比特作为译码器的输入, 利用生成矩阵为 Gsys= [I, G]的系统线 性块码译码器进行译码, 输出 L个译码后比特, 将所述译码后的 L个比特作为与对方 - 致的信道信息; Combining the locally extracted L bits and the NL bits received by the solution into N coded bits; using the N coded bits as the input of the decoder, using the generator matrix as G sys = [I, G] The system linear block code decoder performs decoding, outputs L decoded bits, and uses the decoded L bits as channel information corresponding to the other party;
所述其中一方利用本地提取出的信道信息生成共享密钥, 另一方利用本地纠错后 得到的信道信息生成共享私密信息包括- 所述其中一方以本地提取的 L个比特作为输入, 采用生成矩阵为 R= [r, r2
Figure imgf000018_0001
的线性块码编码器进行编码, 将编码后的 2L-N个比特作为共享私密信息; The one of the ones generates the shared key by using the locally extracted channel information, and the other party generates the shared private information by using the channel information obtained by the local error correction, including: the one of the locally extracted L bits is used as an input, and the generation matrix is used. For R = [r, r 2 ...
Figure imgf000018_0001
The linear block code encoder performs encoding, and the encoded 2L-N bits are used as shared private information;
所述另 '方以所述 L个译码后比特作为输入, 采用生成矩阵为 R= [r, r2… r2L-x] 的线性块码编码器进行编码, 将编码后的 2L-N个比特作为共享私密信息。 The other side uses the L decoded bits as an input, and uses a linear block code encoder whose generation matrix is R=[r, r 2 ... r 2 Lx] to encode, and 2L-N codes are encoded. Bits are used as shared private information.
10、 根据权利要求 5或 6所述的方法, 其特征在于,  10. Method according to claim 5 or 6, characterized in that
所述对本地提取的信道信息进行编码, 并将编码后的信道信息发送给对方包括: 对本地提取的 L个比特利用 1/M卷积编码器或 Turbo编码器进行编码, 并对编码 后的比特采用凿孔矩阵 P进行凿孔, 将凿孔后得到的 T个比特发送给对方, 其中, T〈L;  The encoding the locally extracted channel information, and transmitting the encoded channel information to the counterpart includes: encoding the locally extracted L bits by using a 1/M convolutional encoder or a Turbo encoder, and encoding the encoded The bit is punctured by the puncturing matrix P, and the T bits obtained after the puncturing are sent to the other party, where T<L;
所述根据接收到的编码后的信道信息对本地提取的信道信息进行纠错, 得到与对 方一致的信道信息包括:  And performing error correction on the locally extracted channel information according to the received encoded channel information, to obtain channel information consistent with the opposite party, including:
对接收到的比特采用凿孔矩阵 P进行解凿孔;  Using the puncturing matrix P for the received bits to perform the puncturing;
将本地提取的比特以及解凿孔后的比特, 利用 1/ (M+1)卷积译码器进行译码, 得到 译码后的比特, 将所述译码后的比特作为与对方一致的信道信息;  The locally extracted bits and the de-punctured bits are decoded by a 1/(M+1) convolutional decoder to obtain decoded bits, and the decoded bits are matched with each other. Channel information
所述其中 ·方利用本地提取出的信道信息生成共享密钥, 另 ·方利用本地纠错后 得到的信道信息生成共享私密信息包括:  The method uses the locally extracted channel information to generate a shared key, and the other party generates the shared private information by using the channel information obtained by the local error correction, including:
所述其中一方对编码后的比特采用凿孔矩阵 Q进行凿孔, 将凿孔后得到的 L-T个 比特作为共享私密信息;  One of the bits punctured the coded bit by using a puncturing matrix Q, and the L-T bits obtained after puncturing are used as shared private information;
所述另一方将得到的译码后的比特利用 1/M卷积编码器进行编码, 并对编码后的 比特采用凿孔矩阵 Q进行凿孔, 将凿孔后得到的比特作为共享私密信息; 所述凿孔矩阵 P和 Q均为 M行 D列的矩阵, 并满足如下关系: The other party obtains the decoded bits by using a 1/M convolutional encoder, and encodes the encoded bits. The bit is punctured by the puncturing matrix Q, and the bits obtained after the puncturing are used as the shared secret information; the puncturing matrices P and Q are matrixes of M rows and D columns, and satisfy the following relationship:
对任意 i和 j, 满足 P (i, j) *Q (i, j) =0;  For any i and j, satisfy P (i, j) *Q (i, j) =0;
矩阵 P的所有元素之和, 加上矩阵 Q的所有元素之和, 等于 D。  The sum of all elements of matrix P, plus the sum of all elements of matrix Q, is equal to D.
11、 根据权利要求 5或 6所述的方法, 其特征在于, 还包括:  The method according to claim 5 or 6, further comprising:
在利用所述共享密钥进行加密通信之前, 所述通信双方通过握手信令对对方生成 的共享密钥进行验证;  Before performing the encrypted communication by using the shared key, the two communication parties verify the shared key generated by the other party through handshake signaling;
验证通过后再利用所述共享密钥进行加密通信。  After the verification is passed, the shared key is used for encrypted communication.
12、 根据权利要求 11所述的方法, 其特征在于, 还包括:  12. The method according to claim 11, further comprising:
如果验证未通过, 则将所述共享私密信息或者同等数量的本地提取的信道信息, 作为所述预定数量的信道信息中的一部分已经获得的信道信息, 并重新通过新的无线信 道估计提取所述预定数量的信道信息中的剩余部分的信道信息, 然后返回步骤 (。  If the verification fails, the shared private information or an equal amount of locally extracted channel information is used as channel information that has been obtained as part of the predetermined number of channel information, and the new wireless channel estimation is re-extracted by the new wireless channel estimation. The channel information of the remaining portion of the predetermined number of channel information is then returned to the step (.
13、 一种无线通信设备, 其特征在于, 包括:  13. A wireless communication device, comprising:
信道估计单元, 用于进行无线信道估计;  a channel estimation unit, configured to perform wireless channel estimation;
信息提取单元, 用于从信道估计结果中提取出预定数量的信道信息;  An information extracting unit, configured to extract a predetermined number of channel information from the channel estimation result;
密钥生成单元, 用于利用所述提取出的信道信息生成共享密钥;  a key generating unit, configured to generate a shared key by using the extracted channel information;
加密单元, 用于利用所述共享密钥进行加密通信。  And an encryption unit, configured to perform encrypted communication by using the shared key.
14、 根据权利要求 13所述的设备, 其特征在丁 ·, 所述信道估计单元, 具体用丁-在 相同或相近的多个时频位置进行无线信道估计, 并且选取的相邻的时频位置大于相干带 宽和相干时间。  14. The apparatus according to claim 13, wherein the channel estimation unit specifically performs wireless channel estimation at the same or similar plurality of time-frequency positions, and selects adjacent time-frequency. The location is greater than the coherence bandwidth and coherence time.
15、 根据权利要求 13所述的设备, 其特征在于, 所述密钥生成单元包括: 共享私密信息生成子单元, 用于生成共享私密信息;  The device according to claim 13, wherein the key generation unit comprises: a shared private information generation subunit, configured to generate shared private information;
共享密钥生成子单元, 用于利用所述共享私密信息生成共享密钥。  a shared key generation subunit, configured to generate a shared key by using the shared secret information.
16、 根据权利要求 15所述的设备, 其特征在于, 所述共享密钥生成子单元, 具体 用于将所述共享私信息作为共享密钥,或者利用所述共享私密信息和本地保存的辅助信 息生成共享密钥。  The device according to claim 15, wherein the shared key generation subunit is specifically configured to use the shared private information as a shared key, or use the shared private information and locally saved auxiliary The information generates a shared key.
17、 根据权利要求 15所述的设备, 其特征在于, 所述设备还包括:  The device according to claim 15, wherein the device further comprises:
编码单元, 用于对本地提取的信道信息的部分或全部进行编码;  a coding unit, configured to encode part or all of the locally extracted channel information;
发送单元, 用于将所述编码单元编码后的信道信息发送给对方, 以使对方根据接 收到的编码后的信道信息对本地提取的信道信息进行纠错。 a sending unit, configured to send the channel information encoded by the coding unit to the other party, so that the other party is connected The received coded channel information corrects the locally extracted channel information.
18、 根据权利要求 17所述的设备, 其特征在于,  18. Apparatus according to claim 17 wherein:
所述编码单元, 具体用于对本地提取的信道信息的部分或全部比特利用 1/1 卷积 编码器进行编码, 并对编码后的比特采用凿孔矩阵 P进行凿孔;  The coding unit is specifically configured to encode part or all of the locally extracted channel information by using a 1/1 convolutional encoder, and use the puncturing matrix P to punctify the encoded bits;
所述发送单元, 具体用于将凿孔后得到的比特发送给对方;  The sending unit is specifically configured to send the bit obtained after the puncturing to the other party;
所述共享私密信息生成子单元, 具体用于对所述编码单元编码后的比特采用凿孔 矩阵 1-P进行凿孔, 将凿孔后得到的比特作为共享私密信息。  The shared private information generating sub-unit is specifically configured to perform puncturing using the punctured matrix 1-P for the coded bits of the coding unit, and use the bits obtained after puncturing as shared private information.
19、 根据权利要求 17所述的设备, 其特征在于,  19. Apparatus according to claim 17 wherein:
所述编码单元, 具体用于对本地提取的 L个比特利用生成矩阵为 G= [g, g2… gx-J , gi为具有 L个元素的列向量, N〈2L的线性块码编码器进行编码; The coding unit is specifically configured to use a generation matrix for the locally extracted L bits as G=[g, g 2 ... g x -J , gi is a column vector with L elements, and a linear block code of N<2L Encoding
所述发送单元, 具体用于将编码后的 N-L个比特发送给对方;  The sending unit is specifically configured to send the encoded N-L bits to the other party;
所述共享私密信息生成子单元, 具体用于以本地提取的 L个比特作为输入, 采用 生成矩阵为 R= [r, r2… r2l -、]的线性块码编码器进行编码, 将编码后的 2L_N个比特作为 共享私密信息。 The shared private information generating sub-unit is specifically configured to use the locally extracted L bits as an input, and encode using a linear block code encoder whose generating matrix is R=[r, r 2 ... r 2l −, ], and encode The latter 2L_N bits are used as shared private information.
20、 根据权利要求 17所述的设备, 其特征在于,  20. Apparatus according to claim 17 wherein:
所述编码单元, 具体用于对本地提取的 L个比特利用 1/M卷积编码器或 Turbo编 码器进行编码, 并对编码后的比特采用凿孔矩阵 P进行凿孔;  The coding unit is specifically configured to encode the locally extracted L bits by using a 1/M convolutional encoder or a Turbo encoder, and perform puncturing using the punctured matrix P for the encoded bits;
所述发送单元, 具体用 将凿孔后得到的 T个比特发送给对方, 其中, T〈L;  The sending unit specifically sends the T bits obtained after the puncturing to the other party, where T<L;
所述共享私密信息生成子单元, 具体用于对所述编码单元编码后的比特采用凿孔 矩阵 Q进行凿孔, 将凿孔后得到的 L-T个比特作为共享私密信息。  The shared private information generating sub-unit is specifically configured to perform puncturing using the punctured matrix Q for the bits encoded by the coding unit, and use the L-T bits obtained after puncturing as the shared private information.
21、 根据权利要求 15或 17所述的设备, 其特征在于, 所述设备还包括: 接收单元, 用于接收对方发送的编码后的信道信息;  The device according to claim 15 or 17, wherein the device further comprises: a receiving unit, configured to receive the encoded channel information sent by the other party;
纠错单元, 用于根据所述接收单元接收到的编码后的信道信息对本地提取的信道 信息进行纠错, 得到与对方一致的信道信息;  An error correction unit, configured to perform error correction on the locally extracted channel information according to the encoded channel information received by the receiving unit, to obtain channel information that is consistent with the other party;
所述密钥生成单元, 还用于根据纠错后得到的信道信息生成共享密钥。  The key generation unit is further configured to generate a shared key according to the channel information obtained after the error correction.
22、 根据权利要求 21所述的设备, 其特征在于,  22. Apparatus according to claim 21 wherein:
所述纠错单元, 具体用于对所述接收单元接收到的比特采用凿孔矩阵 P 进行解凿 孔, 并将本地提取的比特, 以及解凿孔后的比特, 利用 1/2卷积译码器进行译码, 得到 译码后的比特, 将所述译码后的比特作为与对方一致的信道信息; 所述共享私密信息生成子单元, 具体用于将所述纠错单元得到的译码后的比特利 用 1/1卷积编码器进行编码, 并对编码后的比特采用凿孔矩阵 1-P进行凿孔, 将凿孔后 得到的比特作为共享私密信息。 The error correction unit is specifically configured to perform puncturing using the puncturing matrix P for the bits received by the receiving unit, and extract the locally extracted bits and the punctured bits by using the 1/2 volume translation Decoding, obtaining a decoded bit, and using the decoded bit as channel information consistent with the other party; The shared private information generating sub-unit is specifically configured to encode the decoded bits obtained by the error correcting unit by using a 1/1 convolutional encoder, and perform the coded bits by using the puncturing matrix 1-P. The hole is cut, and the bit obtained after the hole is used as the shared secret information.
23、 根据权利要求 21所述的设备, 其特征在于,  23. Apparatus according to claim 21 wherein:
所述纠错单元, 具体用于将本地提取的 L个比特和所述接收单元解接收到的 N-L 个比特合并为 N个编码后比特;将所述 N个编码后比特作为系统线性块码译码器的输入, 利用生成矩阵为 Gsys= [I, G]的系统线性块码译码器进行译码, 输出 L个译码后比特, 将 所述译码后的 L个比特作为与对方 '致的信道信息; The error correction unit is specifically configured to combine the locally extracted L bits and the NL bits received by the receiving unit into N coded bits; and the N coded bits are used as system linear block codes. The input of the coder is decoded by a system linear block code decoder whose generation matrix is G sys = [I, G], and L decoded bits are output, and the decoded L bits are used as the counterpart. 'Channel information;
所述共享私密信息生成子单元, 具体用于以所述纠错单元输出的所述 L个译码后 比特作为输入, 采用生成矩阵为 R= [r, r2 … r 的线性块码编码器进行编码, 将编码 后的 2L-N个比特作为共享私密信息。 The shared private information generating sub-unit is specifically configured to use the L decoded bits output by the error correcting unit as an input, and adopt a linear block code encoder whose generating matrix is R=[r, r 2 ... r Encoding is performed, and the encoded 2L-N bits are used as shared private information.
24、 根据权利要求 21所述的设备, 其特征在于,  24. Apparatus according to claim 21 wherein:
所述纠错单元, 具体用于对接收到的比特采用凿孔矩阵 P 进行解凿孔, 将本地提 取的比特以及解凿孔后的比特,利用 1/ (M+1)卷积译码器进行译码,得到译码后的比特, 将所述译码后的比特作为与对方一致的信道信息;  The error correction unit is specifically configured to perform puncturing on the received bits by using a puncturing matrix P, and locally extracting bits and de-punctured bits by using a 1/(M+1) convolution decoder. Decoding, obtaining decoded bits, and using the decoded bits as channel information that is consistent with the other party;
所述共享私密信息生成子单元, 具体用于将所述纠错单元得到的译码后的比特利 用 1/M卷积编码器进行编码, 并对编码后的比特采用凿孔矩阵 Q进行凿孔, 将凿孔后得 到的比特作为共享私密信息; 所述凿孔矩阵 P和 Q均为 M行 D列的矩阵, 并满足如下关 系: 对任意 i和 j , 满足 P (i, j) *Q (i, j) =0; 矩阵 P的所有元素之和, 加上矩阵 Q的所 有元素之和, 等于 D。  The shared private information generating sub-unit is specifically configured to encode the decoded bit obtained by the error correcting unit by using a 1/M convolutional encoder, and perform puncturing using the puncturing matrix Q for the encoded bit. The bits obtained after the puncturing are used as shared private information; the puncturing matrices P and Q are matrixes of M rows and D columns, and satisfy the following relationship: For any i and j, satisfy P (i, j) *Q (i, j) =0; the sum of all elements of matrix P, plus the sum of all elements of matrix Q, equal to D.
25、 根据权利要求 15所述的设备, 其特征在于, 所述设备还包括:  The device according to claim 15, wherein the device further comprises:
验证单元, 用于在所述加密单元利用所述共享密钥进行加密通信之前, 对对方生 成的共享密钥进行验证, 并在验证通过后, 指示所述加密单元利用所述共享密钥进行加 密通信。  a verification unit, configured to: after the encryption unit performs encrypted communication by using the shared key, verify the shared key generated by the other party, and after the verification is passed, instruct the encryption unit to perform encryption by using the shared key Communication.
26、 根据权利耍求 25所述的设备, 其特征在于,  26. Apparatus according to claim 25, characterized in that
所述验证单兀, 还用于在验证未通过后, 将所述共享私密信息或者同等数量的本地 提取的信道信息, 作为所述预定数量的信道信息中的一部分已经获得的信道信息, 并通 知所述信道估计单元重新通过新的无线信道估计提取所述预定数量的信道信息中的剩 余部分的信道信息。  The verification unit is further configured to: after the verification fails, use the shared private information or an equal amount of locally extracted channel information as channel information that has been obtained as part of the predetermined number of channel information, and notify The channel estimation unit re-acquires channel information of the remaining portion of the predetermined number of channel information by new radio channel estimation.
PCT/CN2010/076417 2009-08-27 2010-08-27 Method and equipment for ensuring communication security WO2011023129A1 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
CN200910171251.5 2009-08-27
CN200910171251 2009-08-27
CN200910178333.2 2009-10-16
CN200910178333.2A CN101998390B (en) 2009-08-27 2009-10-16 Method and device for ensuring communication security

Publications (1)

Publication Number Publication Date
WO2011023129A1 true WO2011023129A1 (en) 2011-03-03

Family

ID=43627281

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2010/076417 WO2011023129A1 (en) 2009-08-27 2010-08-27 Method and equipment for ensuring communication security

Country Status (2)

Country Link
CN (1) CN101998390B (en)
WO (1) WO2011023129A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9002011B2 (en) 2011-06-30 2015-04-07 Beijing University Of Posts And Telecommunications Method for generating consistent cryptographic key based on wireless channel features
CN110830396A (en) * 2019-10-29 2020-02-21 西安交通大学 Physical layer key-based IMSI privacy protection method and device
WO2020068261A1 (en) 2018-09-28 2020-04-02 Massachusetts Institute Of Technology Collagen-localized immunomodulatory molecules and methods thereof
WO2021183207A1 (en) 2020-03-10 2021-09-16 Massachusetts Institute Of Technology COMPOSITIONS AND METHODS FOR IMMUNOTHERAPY OF NPM1c-POSITIVE CANCER

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2976431B1 (en) * 2011-06-07 2014-01-24 Commissariat Energie Atomique SECRET KEY GENERATION METHOD FOR WIRELESS COMMUNICATION SYSTEM
CN103167486B (en) * 2011-12-09 2017-04-19 国民技术股份有限公司 Radio frequency link circuit working parameter configuration method and wireless communication device
US9124580B1 (en) * 2014-02-07 2015-09-01 The Boeing Company Method and system for securely establishing cryptographic keys for aircraft-to-aircraft communications
CN103825725B (en) * 2014-02-26 2016-12-28 西安电子科技大学 A kind of efficient random physical layer key generation method based on vector quantization
CN105790818B (en) * 2016-04-14 2017-06-06 西安交通大学 A kind of safe transmission method of physical layer for resisting eavesdropping node steal information
CN106789038A (en) * 2017-01-25 2017-05-31 济南浪潮高新科技投资发展有限公司 A kind of method and system of subsurface communication, a kind of free running device under water
CN110896317B (en) * 2019-11-06 2021-09-28 南京邮电大学 Frequency hopping sequence generation method and device based on wireless channel physical layer secret key
CN111294353B (en) * 2020-02-04 2021-05-28 西安交通大学 IMSI/SUPI physical layer key protection method without channel estimation
CN113141674A (en) * 2021-04-08 2021-07-20 成都极米科技股份有限公司 Link configuration method, device, system and storage medium in multi-link system
CN114268946B (en) * 2021-12-31 2023-07-25 中国人民解放军陆军工程大学 Poisson data stream-oriented probability retransmission hidden wireless communication method

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1993925A (en) * 2004-08-04 2007-07-04 松下电器产业株式会社 Radio communication method, radio communication system, and radio communication device
CN1993923A (en) * 2004-07-29 2007-07-04 松下电器产业株式会社 Wireless communication apparatus and wireless communication method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20080083176A (en) * 2005-12-20 2008-09-16 인터디지탈 테크날러지 코포레이션 Method and system for generating a secret key from joint randomness

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1993923A (en) * 2004-07-29 2007-07-04 松下电器产业株式会社 Wireless communication apparatus and wireless communication method
CN1993925A (en) * 2004-08-04 2007-07-04 松下电器产业株式会社 Radio communication method, radio communication system, and radio communication device

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9002011B2 (en) 2011-06-30 2015-04-07 Beijing University Of Posts And Telecommunications Method for generating consistent cryptographic key based on wireless channel features
WO2020068261A1 (en) 2018-09-28 2020-04-02 Massachusetts Institute Of Technology Collagen-localized immunomodulatory molecules and methods thereof
CN110830396A (en) * 2019-10-29 2020-02-21 西安交通大学 Physical layer key-based IMSI privacy protection method and device
CN110830396B (en) * 2019-10-29 2021-05-28 西安交通大学 Physical layer key-based IMSI privacy protection method and device
WO2021183207A1 (en) 2020-03-10 2021-09-16 Massachusetts Institute Of Technology COMPOSITIONS AND METHODS FOR IMMUNOTHERAPY OF NPM1c-POSITIVE CANCER

Also Published As

Publication number Publication date
CN101998390A (en) 2011-03-30
CN101998390B (en) 2015-03-25

Similar Documents

Publication Publication Date Title
WO2011023129A1 (en) Method and equipment for ensuring communication security
US11212089B2 (en) Methods for secure data storage
US9130693B2 (en) Generation of perfectly secret keys in wireless communication networks
JP4272663B2 (en) Communication receiver
JP5392102B2 (en) Apparatus and method for reducing overhead in a wireless network
JP4346929B2 (en) Quantum key distribution method and communication apparatus
Tyagi et al. When is a function securely computable?
US8023513B2 (en) System and method for reducing overhead in a wireless network
CN108696867B (en) Lightweight group key distribution method based on wireless channel characteristics
CN110086616B (en) Forward one-time pad secret communication method based on wireless channel
WO2020135616A1 (en) Polar coded modulation method and apparatus
CN109361492B (en) High-performance decoding method combining physical layer network coding and polarization code
CN109257743B (en) Method for constructing WTC-I through stable BSBC (binary-coded binary-block-code) without channel state information
CN111641500B (en) Encryption and decryption method for wireless video transmission safety of unmanned aerial vehicle
JP2012257248A (en) Method of generating shared key for wireless communication system
CN111246460B (en) Low-complexity and low-time-delay secure transmission method
Khisti et al. The streaming-DMT of fading channels
JP4231926B2 (en) Quantum key distribution method and communication apparatus
Lin et al. On two-pair two-way relay channel with an intermittently available relay
Lu et al. Efficiently sphere-decodable physical layer transmission schemes for wireless storage networks
WO2018137544A1 (en) Data transmission method and apparatus
CN116667861A (en) Encoding method and encoding device based on polarization code
CN115883071A (en) Encrypted communication and key error correction method and device
Kao et al. Efficient network coding at relay for relay-assisted network-coding ARQ protocols

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10811289

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10811289

Country of ref document: EP

Kind code of ref document: A1