WO2023236551A1 - 一种面向蜂窝基站的去中心化可信接入方法 - Google Patents
一种面向蜂窝基站的去中心化可信接入方法 Download PDFInfo
- Publication number
- WO2023236551A1 WO2023236551A1 PCT/CN2023/073754 CN2023073754W WO2023236551A1 WO 2023236551 A1 WO2023236551 A1 WO 2023236551A1 CN 2023073754 W CN2023073754 W CN 2023073754W WO 2023236551 A1 WO2023236551 A1 WO 2023236551A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- block
- base station
- cellular base
- identification information
- information
- Prior art date
Links
- 230000001413 cellular effect Effects 0.000 title claims abstract description 343
- 238000000034 method Methods 0.000 title claims abstract description 94
- 230000008569 process Effects 0.000 claims abstract description 39
- 230000004044 response Effects 0.000 claims abstract description 19
- 238000012795 verification Methods 0.000 claims description 92
- 230000001360 synchronised effect Effects 0.000 claims description 8
- 238000004891 communication Methods 0.000 abstract description 3
- 101150096310 SIB1 gene Proteins 0.000 description 16
- 230000007246 mechanism Effects 0.000 description 9
- 230000005540 biological transmission Effects 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 5
- 238000009826 distribution Methods 0.000 description 4
- 238000004458 analytical method Methods 0.000 description 3
- 238000007726 management method Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000002452 interceptive effect Effects 0.000 description 2
- 230000006855 networking Effects 0.000 description 2
- 238000004806 packaging method and process Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 230000001186 cumulative effect Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000005315 distribution function Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000005065 mining Methods 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 238000013468 resource allocation Methods 0.000 description 1
- 230000001568 sexual effect Effects 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000009897 systematic effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
- H04W12/122—Counter-measures against attacks; Protection against rogue devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W56/00—Synchronisation arrangements
- H04W56/0005—Synchronisation arrangements synchronizing of arrival of multiple uplinks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W74/00—Wireless channel access
- H04W74/08—Non-scheduled access, e.g. ALOHA
- H04W74/0833—Random access procedures, e.g. with 4-step access
Definitions
- This application belongs to the field of communications, and specifically relates to a decentralized trusted access method for cellular base stations.
- pseudo base station attacks are a typical attack method. Attackers often pretend to be the base stations of legitimate operators and send signaling to nearby target mobile devices according to relevant protocols or attract users to be forced to access the base stations, thereby achieving network fraud, obtaining private information and other purposes.
- methods such as network two-way authentication and 5G encryption of user permanent identifiers can reduce the impact of pseudo base stations to a certain extent.
- the information transmitted between the user and the cellular base station is directly exposed to the wireless environment.
- the non-confidential broadcast of system information which is the basic information for users to access the base station, is an important issue.
- 3GPP proposed several encryption algorithm-based solutions for the existing problem of non-encrypted broadcast of system information, including digital signature-based, certificate-based, and identity-based solutions.
- the above three solutions have the following problems: 1) For encryption solutions based on digital signatures, facing the rise of multi-party governance and decentralized wireless networks (such as the Internet of Things, edge computing, and industrial Internet), there is a lack of unified key management. Trust transfer, that is, there is a problem of mutual distrust in key management between different suppliers; 2) For certificate-based encryption solutions, because the root certificate is written into the user terminal during the production stage, operators cannot update and recover the old root in a timely manner Certificate; 3) For identity-based encryption solutions, user terminals must first trust an authorized third party. The role of this third party is to generate and manage user keys. When the third party fails, there is a single point of failure risk in system information encryption. .
- Blockchain has the unique characteristics of decentralization and immutability. It can establish trust between independent network entities and enhance secure interaction between network participants.
- Blockchain can provide system information A new distributed security protection method.
- the system information protection solution based on the blockchain does not require the help of any authorized third party, but still has the functions and advantages of cryptography and can have Effectively solve the above-mentioned dilemmas faced by centralized management solutions based on cryptography.
- Process matching mechanism, and analysis plan for improving energy efficiency of system information security protection based on blockchain are examples of a blockchain network.
- this application aims to Utilize the distributed, decentralized, network-wide consensus and tamper-proof characteristics of blockchain technology to provide a decentralized trusted access method for cellular base stations to achieve the following purposes: 1) In the absence of decentralized trust Under the environment, the entire network consensus is used to ensure that the system information broadcast by the base station is true, valid and not tampered with, improving the security of system information; 2) Enables cellular users to resist attacks such as pseudo base stations capturing system information to achieve tampering and replay; 3) This enables cellular users to verify the authenticity, reliability and freshness of system information during the initial access stage, freeing them from dependence on core network-assisted verification.
- the registration information including the public key pair and certificate of the cellular base station; and based on the public key pair and the certificate, add the cellular base station as a member to the block in the chain network;
- the main information block is used to indicate the basic information required by cellular users within the coverage of the cellular base station to access the cellular base station;
- the block identification information is information generated by executing a consensus algorithm on the block, and after meeting the consensus algorithm conditions, the block is stored and generated on the chain;
- the block is a data block that is packaged and formed by the blockchain network after authenticating the main information block;
- the access request includes the cellular user based on the The cellular base station to be accessed determined by the main information block and the block identification information;
- uplink synchronization is performed with the cellular user that issued the access request based on a random access process.
- this application also provides a decentralized trusted access method for cellular base stations, applied to blockchain networks, and the method includes:
- main information block uploaded by the cellular base station, where the main information block is used to indicate the basic information required by cellular users within the coverage of the cellular base station to access the cellular base station;
- the main information block In response to the main information block, after the main information block is authenticated, it is packaged to form a block; a consensus algorithm is executed on the block, and after the consensus algorithm conditions are met, the block is stored on the chain and generated Block identification information;
- the cellular base station broadcasts the main information block and the block identification information to cellular users within the coverage area, so that the cellular users within the coverage area are based on the
- the main information block and the block identification information determine the cellular base station to be accessed, and are uplink synchronized with the cellular base station to be accessed based on a random access process.
- this application also provides a decentralized trusted access method for cellular base stations, which is applied to cellular users.
- the method includes:
- the main information block is used to indicate the basic information required for cellular users within the coverage of the cellular base station to access the cellular base station.
- Information; the block identification information is the information generated by executing the consensus algorithm on the block, and after meeting the consensus algorithm conditions, the block is stored and generated on the chain; the block is the information generated by the blockchain network After authenticating the main information block, package the formed data block;
- the block identification information is verified. If the If the block identification information is verified, continue to verify the block corresponding to the block identification information. If the block is verified, it is determined that the cellular base station is the cellular base station to be accessed;
- Uplink synchronization with the cellular base station to be accessed is based on a random access process.
- the application also provides a decentralized trusted access method for cellular base stations, which is applied to the first aspect, the second aspect or/and the third aspect of the application.
- the method also includes: defining the probability that the cellular user determines the pseudo base station as the cellular base station to be accessed as the access failure probability; calculating the access failure probability of the cellular user; and comparing the calculated access failure probability with the precalculated access failure probability.
- the failure probability is compared to calculate the security gain of the blockchain network; the block threshold of the blockchain network is deployed according to the security gain, and the verification threshold of the block depth in the blockchain network is updated.
- This application designs a system information security protection scheme based on the decentralized anti-tampering characteristics of the blockchain network.
- the blockchain network verifies and stores the main information block broadcast by the legal base station, overcoming the problem of The security risks of existing unencrypted broadcasts and the single point of failure risk of centralized encryption schemes reduce the threat of tampering, improve system security performance, and enable cellular users to verify the reliability of the system during the initial access phase.
- Figure 1 is a schematic diagram of the decentralized trusted access architecture for cellular base stations in the embodiment of this application;
- Figure 2 is a flow chart of a decentralized trusted access method for cellular base stations in an embodiment of the present application
- Figure 3 is a flow chart of a decentralized trusted access method for cellular base stations in another embodiment of the present application.
- Figure 4 is a flow chart of a decentralized trusted access method for cellular base stations in yet another embodiment of the present application.
- Figure 5 is a verification flow chart for determining the cellular base station to be accessed in the embodiment of the present application.
- Figure 6 is a verification flow chart for determining the cellular base station to be accessed in the embodiment of the present application.
- Figure 7 is a flow chart of the decentralized trusted access method for cellular base stations in the preferred embodiment of the present application.
- system information consists of a Master Information Block (MIB) and a series of System Information Blocks (System Information Block, SIB), which can be divided into minimum system information and other system information.
- MIB Master Information Block
- SIB System Information Block
- Minimum system information includes the Master Information Block and SIB1, which are usually broadcast periodically by cellular base station nodes. Other system information can be sent or broadcast regularly according to user terminal needs.
- System information broadcast is the first step for user terminals to obtain basic business information.
- the user terminal can obtain the basic information required to access the cellular network.
- the main information block in the minimum system information contains the most basic information for the user to access the cell and the guidance information for SIB1.
- SIB1 the guidance information for SIB1.
- Blockchain consists of a growing set of blocks authorized by a consensus mechanism, connected through cryptographic algorithms into a chain. Each block securely records a certain number of transactions. Each block is hashed by containing metadata about the hash value of the previous block. Changes in one block will cause changes in all blocks in the chain after it. Blocks are changed, which makes it possible to protect the data contained in the block from modification.
- Blocks recognized by the consensus mechanism can be added to the blockchain as new blocks, where the blockchain selects the longest chain as the effective chain based on the "longest chain” principle. This application is based on this principle to introduce blockchain into trusted and secure access.
- Merk tree uses Merk tree for data storage.
- Merk tree is a tree structure in which leaf nodes store transaction data, and non-leaf nodes store the hash values of their child nodes, and the Merk tree is stored one by one.
- the layer-by-layer upward operation generates new hash nodes, and finally the Merk tree root is obtained and stored in the block header information. Therefore, any change in the underlying data will cause the Merkle tree root to change. Therefore, the integrity of the entire block body can be judged by comparing the Merkle tree root in the block header information, and rapid positioning can be performed based on the hash path. .
- FIG 1 is a schematic diagram of the decentralized trusted access architecture for cellular base stations in the embodiment of this application.
- this application mainly includes two types of entities, including cellular base stations and cellular users.
- the cellular base stations and The cellular users are connected through a wireless network, and the cellular base station interacts with the blockchain network as a blockchain member; when the cellular user accesses the cellular base station, the cellular base station will upload the main information block to the blockchain network,
- the blockchain network processes the main information block as transaction information. After generating a new block and passing consensus, this new block will be stored on the chain and generate block identification information.
- the block identification information is consistent with the above Block correspondence; the cellular base station will broadcast the main information block and block identification information to all cellular users within its coverage area; the cellular user will verify the obtained main information block and block identification information. After the verification is passed, the cellular user Specific system information can be obtained from the block corresponding to the block identification information, and initial connection can be made with the cellular base station.
- Figure 2 is a flow chart of a decentralized trusted access method for cellular base stations in the first embodiment of the present application. As shown in Figure 2, the method is applied to cellular base stations and includes:
- the cellular base station will initiate a registration request to the blockchain network, requesting that the cellular base station be added to the blockchain network as a member node; by uploading registration information to the blockchain network, the district
- the blockchain network will complete the registration of the cellular base station based on the registration information; the registration information includes the public key pair and certificate of the cellular base station.
- the public key pair and certificate can be provided in advance by the equipment manufacturer, and A public key certificate signed by the device vendor is installed.
- a cellular base station uploads its public key pair and certificate to the blockchain network for registration; the blockchain network verifies the cellular base station's registration request based on the root certificate.
- the certificate authentication mechanism can use the certification authority certificate mechanism based on 3GPP33.310 (R17 version) to solve the subject identity trust problem of blockchain nodes.
- the cellular base station initiates a registration request to the blockchain network.
- the blockchain network verifies the identity of the base station based on the equipment vendor's root certificate and equipment vendor signature certificate. If the verification is passed, a registration certificate is issued to the cellular base station and a certificate response is returned.
- the cellular base station will Replace the certificate before registration with the registration certificate to complete base station registration.
- the cellular base station joins the blockchain network as a member node, and the member node may include a client node and a computing node; that is, the cellular base station may serve as a client of the blockchain network.
- the node can also serve as a computing node.
- the cellular base station serves as a computing node, it jointly maintains the blockchain network; that is, it can complete traditional computing functions, including but not limited to packaging blocks and verification; when the cellular base station serves as a When working as client nodes, these client nodes send master information blocks to the blockchain network in the form of transactions; in the blockchain network, at the same time, some cellular base stations serve as computing nodes, and other cellular base stations serve as client nodes. Jointly maintain the operation of the entire blockchain network to achieve the purpose of cellular user access.
- the main information block is used to indicate the basic information required by cellular users within the coverage of the cellular base station to access the cellular base station;
- the master information block MIB includes the decoded information of SIB1.
- SIB1 contains the scheduling information of other system information (OSI, Other system information). Therefore, the main information block can be used to indicate the basic information required by cellular users within the coverage of the cellular base station to access the cellular base station.
- the cellular base station in order to reduce the overhead of request authentication, is not allowed to send requests repeatedly within a certain period of time.
- the request transaction information can include the following parts ⁇ MIB, Cell_ID, Dowlink_Frequency, Time_Counter ⁇ , where the transaction information can be based on the actual scenario. and system security evolution requirements.
- the block identification information is obtained by executing a consensus algorithm on the block. After meeting the consensus algorithm conditions, the block is stored and stored on the chain. Generated information; the block is a data block formed by packaging after the blockchain network authenticates the main information block;
- the cellular base station receives the block identification information corresponding to the main information block uploaded by the cellular base station.
- the block identification information corresponds to the blocks in the blockchain network one-to-one, that is, the block
- the identification information can identify the corresponding block in the blockchain network. For example, assume that the block identification information The information is 000000000019d6689c, then the block identification information 000000000019d6689c can identify a unique block in the blockchain network; therefore, the cellular base station only needs to obtain the corresponding block according to the block identification information, thus ensuring that each Information security of cellular base stations and their corresponding cellular users.
- the base station publishes transaction information containing system information to the blockchain network for consensus verification.
- the blockchain network reaches a consensus, new blocks containing system information blocks will be added to the blockchain network.
- the consensus mechanism is optional. This embodiment uses PoW as an example to illustrate:
- the base station publishes transaction information containing system information to the blockchain transaction pool, and the consensus node verifies its validity and integrity. Afterwards, the consensus node will select transactions and package them into blocks according to the release order, and use a Merkle tree to summarize all transactions and obtain the Merkle root. Then continuously modify the random number and calculate the hash value of the block header information until a random value that meets the conditions is found. When the mining node successfully finds a solution, it fills the solution into the random number field of the block header information. The block will then be added to the local ledger and broadcast to peers, which will also be performed by other blockchain miners once they verify that it is a valid block.
- the base station broadcasts the block header information of the new block and the Merk verification path containing the main information block transaction to form the block identification information. Due to the limitations of physical channel coding, the system's new block proof can be placed in new_SIB and broadcast together with SIB1. In addition, new_SIB guide information is also stored in SIB1.
- the cellular base station broadcasts the main information block and block identification information received from the blockchain network to the cellular users within its coverage area.
- the broadcast can be carried out according to a certain period.
- the purpose of the broadcast is to allow the cellular users to Users obtain basic business information.
- the main information block contained in the block corresponding to the block identification information is based on the tamper-proof nature of the blockchain, which can prevent malicious modification, improves system security performance, and enables cellular users to The reliability of the system can be verified at this stage.
- 105 Receive an access request from a cellular user, where the access request includes the cellular base station to be accessed determined by the cellular user based on the main information block and the block identification information;
- the cellular user will issue an access request to the determined cellular base station to be accessed. Since the access request is specific, the access request determines the cellular base station to be accessed. Therefore, once the cellular base station receives the access request, it indicates that the cellular base station that received the access request is the cellular base station to be accessed determined by the cellular user.
- the cellular base station to be accessed determined by the cellular user based on the main information block and the block identification information specifically includes:
- the cellular user verifies the block identification information received from the cellular base station, and if the block identification information exists, continues to verify the block identification information received from the cellular base station. Verify, if the block identification information passes verification, continue to verify the block corresponding to the block identification information, and if the following conditions are met at the same time, determine that the cellular base station broadcasting the block is to be received into the cellular base station; the conditions are as follows:
- the timestamp in the block identification information is legal or the timestamp of the block is legal; the Merkle tree root calculated through the block identification information is the same as the Merkle tree stored in the blockchain network The roots are consistent; the block depth of the block corresponding to the block identification information is not less than the verification threshold.
- the Merkel tree root calculated through the block identification information must be consistent with the blockchain network.
- the Merkel tree roots stored in are consistent, and the block depth of the block must not be less than the verification threshold.
- the cellular user after the cellular user obtains the corresponding physical cell identity, main information block and corresponding block identification information, based on the information in the main information block MIB, it detects the physical downlink shared channel to obtain SIB1, and further obtains other information required by the terminal.
- SIB1 System information and random access information.
- the cellular base station that receives the access request issued by the cellular user is also the cellular base station to be accessed by the cellular user.
- the cellular base station issues the access request.
- Access requesting cellular users perform uplink synchronization based on a random access procedure.
- the process of trusted access in this application includes:
- Cellular users obtain the cell identification, master information block and verify the blockchain identification information. Cellular users verify the master information block based on the blockchain identification information. Cellular users perform downlink synchronization. The cellular user obtains the time-frequency domain position of SIB1. Cellular users obtain the required random access information from SIB1. A random access procedure is performed over the uplink with cellular users. The cellular user conducts subsequent initial access procedures with the cellular base station.
- the cellular user issuing the access request can obtain the random access process information (such as uplink frequency and physical random channel configuration) through SIB1, and implement uplink synchronization through the random access process. Then, start the initial registration process.
- a two-step random access scheme can be used for random access.
- the first step includes uplink MSGA transmission, including preamble and payload, and MsgA preamble needs to be sent first, and then MsgA payload.
- the second step of two-step random access is downlink MSGB transmission (sent by the base station to the user), including MsgB PDCCH and MsgB PDSCH. If MsgB is not received within the MsgB Response Window, MsgA will be retransmitted.
- Figure 3 is a flow chart of a decentralized trusted access method for cellular base stations in another embodiment of the present application. As shown in Figure 3, the method is applied to a blockchain network and includes:
- the cellular base station will initiate a registration request to the blockchain network, requesting that the cellular base station be added to the blockchain network as a member node; the cellular base station uploads the registration to the blockchain network information.
- the blockchain network After receiving the registration information, the blockchain network will complete the registration of the cellular base station according to the registration information; the registration information includes the public key pair and certificate of the cellular base station.
- the public key pair and certificate can be provided in advance by the equipment manufacturer, and the public key certificate signed by the equipment manufacturer is pre-installed.
- the blockchain network responds to the registration information uploaded from the cellular base station, and registers the cellular base station into the blockchain network according to the registration information; it can be registered based on the root certificate.
- the registration information of the cellular base station is verified. If the verification is passed, the cellular base station is added to the blockchain network as a member. Otherwise, the cellular base station is refused to join the blockchain network as a member.
- the blockchain network can receive the main information block uploaded from the cellular base station regularly or in real time.
- the main information block MIB includes the decoding information of SIB1
- SIB1 includes the decoding information of other system information. Scheduling information, therefore, the main information block can be used to indicate basic information required by cellular users within the coverage area of a cellular base station to access the cellular base station.
- the main information block and the block identification information determine the cellular base station to be accessed, and are uplink synchronized with the cellular base station to be accessed based on a random access process.
- Figure 4 is a flow chart of a decentralized trusted access method for cellular base stations in yet another embodiment of the present application; as shown in Figure 4, the method is applied to cellular users and includes:
- the verification includes whether the first Merkel tree root calculated through the block identification information is consistent with the second Merkel tree root in the block stored in the blockchain network.
- the block header information obtains the second Merkle tree root; the first Merkle tree root is compared with the second Merkle tree root. If the comparison is inconsistent, the block identifier information is broadcast.
- Cell towers are malicious cell towers.
- the verification is passed, then verify the block corresponding to the block identification information; when only judging whether the timestamp of the block is legal, then you need to verify the first Merkel tree calculated by the block identification information.
- the root is the same as the second Merkle tree root in the block stored in the blockchain network.
- verify whether the timestamp of the block is legal that is, the order of legality judgment of the block timestamp and the judgment order of the block depth can be exchanged.
- the first Merkel tree root is consistent with the second Merkel tree root in the block stored in the blockchain network, it means that the block identification information has been verified. At this time, the block identification is verified. Blocks corresponding to the information, so that the verification method can be flexibly applied to different scenarios. Wherein, when either the block identification information or the timestamp of the block is illegal, it indicates that the cellular base station broadcasting the block identification information is an invalid cellular base station.
- the cellular base station corresponding to the information is not the cellular base station to be accessed, and the verification ends; if the first Merkel tree root and the second Merkel tree root are consistent, the block identification information is verified and continues.
- the Merkel path and block header information are obtained from the block identification information; the hash value of the main information block is calculated and based on the Calculate the first Merkle tree root using the main information block hash value and the Merkle path; synchronize the main chain block header information and search for the block in the synchronized main chain block header information
- the cellular base station of the information is a malicious cellular base station; if the calculated first Merkel tree root is consistent with the saved second Merkel tree root, then continue to perform the processing on the block corresponding to the block identification information.
- Verify determine whether the depth of the block is not less than the verification threshold; if the depth of the block is not greater than the verification threshold, mark the cellular base station that broadcasts the block identification information as a malicious invalid base station; if If the depth of the block is not less than the verification threshold, it is determined that the block of the main information block is available, and the cellular base station broadcasting the block identification information is determined to be the cellular base station to be accessed.
- the physical downlink shared channel can also be detected to obtain SIB1.
- the timestamp is legal, then continue to verify the block corresponding to the block identification information, and determine whether the depth of the block is not less than the verification threshold; if the depth of the block is less than the verification threshold, mark the block for broadcast
- the cellular base station that identifies the information is a malicious invalid base station; if the depth of the block is not less than the verification threshold, the block is deemed available, and the cellular base station that broadcasts the block identification information is determined to be the cell to be accessed. base station.
- the cellular user obtains the cell identification and main information block, and verifies the block identification information.
- the cellular user verifies the master information block based on the block identification information.
- Cellular users perform downlink synchronization.
- the cellular user obtains the time-frequency domain position of SIB1.
- Cellular users obtain the required random access information from SIB1.
- a random access procedure is performed over the uplink with cellular users.
- uplink synchronization with the to-be-accessed cellular base station based on the random access process is a conventional technical means adopted by those skilled in the art. This application does not specifically limit this. The above embodiment is only a reference and does not Subject to the limitations of this application, those skilled in the art can actually perform the above random access process and uplink synchronization process.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
本申请属于通信领域,具体涉及一种面向蜂窝基站的去中心化可信接入方法;所述方法包括向区块链网络上传注册信息,以将蜂窝基站作为成员加入所述区块链网络中;向区块链网络上传主信息块,接收来自所述区块链网络的区块标识信息;广播所述主信息块和所述区块标识信息至覆盖范围内的蜂窝用户;接收来自蜂窝用户的接入请求,响应于所述接入请求,基于随机接入过程与发出所述接入请求的所述蜂窝用户上行同步;本申请基于区块链网络所具备的去中心化防篡改特性,设计了系统信息安全保护方案,克服了现有非密广播安全隐患和集中式加密方案的单点故障风险,降低了篡改的威胁,提升了系统安全性能,并使蜂窝用户能够在初始接入阶段即可验证系统的可靠性。
Description
本申请属于通信领域,具体涉及一种面向蜂窝基站的去中心化可信接入方法。
在5G移动网络通信的众多攻击行为中,伪基站攻击是一种典型的攻击方式。攻击者常伪装成合法运营商的基站,依据相关协议向附近的目标移动设备发送信令或吸引用户被迫接入基站,从而达到网络诈骗、隐私信息获取等目的。虽然通过网络双向认证鉴权以及5G对用户永久标识符加密等方法能在一定程度上降低伪基站影响。但是,在完成双向认证及安全模式加密步骤之前,用户与蜂窝基站之间的传输信息却是直接暴露在无线环境中。尤其是作为用户接入基站的基本信息,即系统信息的非密广播是一个重要的问题。
3GPP在TR 33.809中针对现存的系统信息非加密广播的问题,提出了几种基于加密算法的解决方案,包括基于数字签名、基于证书、基于身份的解决方案。以上三种方案如下问题:1)对于基于数字签名的加密方案,面对现今兴起的多方治理和去中心化的无线网络(例如:物联网、边缘计算、工业互联网),密钥管理缺乏统一的信任传递,即不同供应商之间的密钥管理存在互不信任问题;2)对于基于证书的加密方案,由于根证书在生产阶段写入用户终端生产,运营商无法及时更新和收回老旧根证书;3)对于基于身份的加密方案,用户终端必须首先相信一个授权的第三方,该第三方作用是产生和管理用户密钥,而当该第三方失效时,系统信息加密存在单点故障风险。
区块链作为一种新兴技术,具有去中心化和不可变性的独特特性,可以在独立的网络实体之间建立信任,增强网络参与者之间的安全交互,通过区块链可以为系统信息提供一种新的分布式安全保护方法。基于区块链的系统信息保护方案无需任何授权的第三方的帮助,但仍然具有密码学的功能和优势,可有
效解决上述基于密码学的集中式管理方案面临的困境。然而,虽然众多研究者致力于探索区块链网络在无线接入网中应用模式,但是大多集中于资源分配与多方协作,仍缺乏在面向系统信息安全性保护领域的区块链与无线接入流程匹配机制,以及面向基于区块链的系统信息安全保护能效提升分析方案。
发明内容
针对现阶段5G R16版本系统信息的非密广播带来的伪基站攻击威胁,以及基于中心化加密等安全保护模式存在的单点故障风险与依赖于核心网辅助验证的性能限制,本申请旨在利用区块链技术的分布式、去中心化、全网共识与防篡改特性,提供一种面向蜂窝基站的去中心化可信接入方法,以实现以下目的:1)在去中心化信任缺乏环境下利用全网共识保障基站广播的系统信息真实有效、不被篡改,提升系统信息安全性;2)使得蜂窝用户对伪基站捕获系统信息进而实现篡改、重放等攻击具备抵抗能力;3)使得蜂窝用户在初始接入阶段验证系统信息真实性、可靠性与新鲜性,摆脱核心网辅助验证依赖。
基于如上技术目的,在本申请的第一方面,本申请提供了一种面向蜂窝基站的去中心化可信接入方法,其应用于蜂窝基站,所述方法包括:
向区块链网络上传注册信息,所述注册信息包括所述蜂窝基站的公钥对和证书;并基于所述公钥对和所述证书,以将所述蜂窝基站作为成员加入所述区块链网络中;
向区块链网络上传主信息块,所述主信息块用于指示蜂窝基站覆盖范围内的蜂窝用户接入所述蜂窝基站所需的基本信息;
接收来自所述区块链网络的区块标识信息,所述区块标识信息是通过对区块执行共识算法,在满足共识算法条件后,对所述区块进行上链存储并生成的信息;所述区块是所述区块链网络通过对所述主信息块进行认证后,打包形成的数据块;
广播所述主信息块和所述区块标识信息至覆盖范围内的蜂窝用户;
接收来自蜂窝用户的接入请求,所述接入请求中包括所述蜂窝用户基于所
述主信息块和所述区块标识信息确定出的待接入的蜂窝基站;
响应于所述接入请求,基于随机接入过程与发出所述接入请求的所述蜂窝用户上行同步。
在本申请的第二方面,本申请还提供了一种面向蜂窝基站的去中心化可信接入方法,应用于区块链网络,所述方法包括:
接收蜂窝基站上传的注册信息,所述注册信息包括所述蜂窝基站的公钥对和证书;
响应于所述公钥对和所述证书,针对所述蜂窝基站进行注册处理,以将所述蜂窝基站作为成员加入所述区块链网络中;
接收所述蜂窝基站上传的主信息块,所述主信息块用于指示蜂窝基站覆盖范围内的蜂窝用户接入所述蜂窝基站所需的基本信息;
响应于所述主信息块,对所述主信息块进行认证后,打包形成区块;对所述区块执行共识算法,在满足共识算法条件后,对所述区块进行上链存储并生成区块标识信息;
向所述蜂窝基站返回所述区块标识信息,以供所述蜂窝基站广播所述主信息块和所述区块标识信息至覆盖范围内的蜂窝用户,使得覆盖范围内的蜂窝用户基于所述主信息块和所述区块标识信息确定待接入的蜂窝基站,并基于随机接入过程与所述待接入的蜂窝基站上行同步。
在本申请的第三方面,本申请还提供了一种面向蜂窝基站的去中心化可信接入方法,应用于蜂窝用户,所述方法包括:
获取蜂窝基站广播的主信息块和区块标识信息,对所述区块标识信息进行验证;所述主信息块用于指示蜂窝基站覆盖范围内的蜂窝用户接入所述蜂窝基站所需的基本信息;所述区块标识信息是通过对区块执行共识算法,在满足共识算法条件后,对所述区块进行上链存储并生成的信息;所述区块是所述区块链网络通过对所述主信息块进行认证后,打包形成的数据块;
若验证所述区块标识信息存在,则对所述区块标识信息进行验证,若所述
区块标识信息验证通过,则继续对所述区块标识信息对应的所述区块进行验证,若对所述区块验证通过,则确定该蜂窝基站为待接入的蜂窝基站;
基于随机接入过程与所述待接入的蜂窝基站上行同步。
在本申请的第四方面,本申请还提供了一种面向蜂窝基站的去中心化可信接入方法,其应用于本申请的第一方面、第二方面或/和第三方面,所述方法还包括:定义蜂窝用户确定伪基站为待接入的蜂窝基站的概率为接入失败概率;计算蜂窝用户的接入失败概率;将计算所得的所述接入失败概率与预计算的接入失败概率进行比较,计算出区块链网络的安全增益;根据所述安全增益部署区块链网络的块门限,更新区块链网络中区块深度的验证阈值。
本申请的有益效果:本申请基于区块链网络所具备的去中心化防篡改特性,设计系统信息安全保护方案,区块链网络对由合法基站广播的主信息块进行验证和存储,克服了现有非密广播安全隐患以及集中式加密方案的单点故障风险,降低了篡改的威胁,提升了系统安全性能,并使蜂窝用户能够在初始接入阶段即可验证系统的可靠性。
图1是本申请实施例中面向蜂窝基站的去中心化可信接入架构示意图;
图2是本申请一实施例中面向蜂窝基站的去中心化可信接入方法流程图;
图3是本申请另一实施例中面向蜂窝基站的去中心化可信接入方法流程图;
图4是本申请还一实施例中面向蜂窝基站的去中心化可信接入方法流程图;
图5是本申请实施例中确定待接入的蜂窝基站的验证流程图;
图6是本申请实施例中确定待接入的蜂窝基站的验证流程图;
图7是本申请优选实施例中面向蜂窝基站的去中心化可信接入方法流程图。
下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造
性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。
为了便于理解本申请提供的方法,对本申请涉及到的术语进行解释:
系统信息:根据第三代合作伙伴计划(3GPP)发布的标准化技术规范TS38.331的定义,系统信息由一个主信息块(Master Information Block,MIB)和一系列的系统信息块(System Information Block,SIB)共同构成,可分为最小系统信息和其他系统信息。最小系统信息包括主信息块和SIB1,通常由蜂窝基站节点进行定期广播。其他系统信息可根据用户终端需求发送或者定期广播。
系统信息广播是用户终端获取基本业务信息的第一步。通过系统信息广播流程,用户终端可以得到接入蜂窝网络所需基础信息,尤其是最小系统信息中主信息块包含了用户接入小区的最基本信息以及对SIB1的指引信息,在用户初始接入过程中具有重要作用。因此,本申请实施例设计了一种基于区块链技术保护最小系统信息中主信息块传输的可信接入方式。
区块链:区块链由一组越来越多的区块组成,这些区块由共识机制授权的区块组成,通过密码学算法连接起来成为链状。每个区块安全地记录了一定数量的事务,每个区块通过包含有关前一个区块的哈希值的元数据进行哈希处理,一个区块的改变会导致链在其后的所有区块发生改变,这使得保护区块中包含的数据不被修改成为可能。
由于区块链的本质是一个分布式系统,通过共识机制维护区块链的安全和效率,解决了多个节点之间如何达成一致的协调问题。被共识机制认可的区块可以作为新的区块被添加到区块链中,其中,区块链根据“最长链”原则,选择最长链作为有效链。本申请正是基于此原理将区块链引入可信安全接入。
默尔克树:区块链采用默尔克树进行数据存储,默尔克树是一种树形结构,其中,叶子节点存储交易数据,非叶子节点存储其子节点的哈希值,并逐层向上运算产生新的哈希节点,最终得到默尔克树根存入区块头部信息中。因此,底层数据的任何变动都会导致默尔克树根改变,从而可通过比对区块头部信息中的默尔克树根判断整个区块体的完整性,并基于哈希路径进行快速定位。
图1是本申请实施例中面向蜂窝基站的去中心化可信接入架构示意图,如图1所示,在本申请中主要包括两类实体,包括蜂窝基站和蜂窝用户,所述蜂窝基站和所述蜂窝用户通过无线网络连接,所述蜂窝基站作为区块链成员与区块链网络交互;在蜂窝用户接入蜂窝基站的过程中,蜂窝基站会将主信息块上传至区块链网络,区块链网络将主信息块作为交易信息进行处理,生成新的区块并经过共识后,这个新的区块会上链存储,并生成区块标识信息,所述区块标识信息与所述区块对应;蜂窝基站会向其覆盖范围内的所有蜂窝用户广播主信息块和区块标识信息;蜂窝用户会对获取到的主信息块和区块标识信息进行验证,验证通过后,蜂窝用户可以从基于所述区块标识信息对应的所述区块中获取具体的系统信息,并与蜂窝基站进行初始连接。
图2是本申请第一实施例中面向蜂窝基站的去中心化可信接入方法流程图,如图2所示,所述方法应用于蜂窝基站,包括:
101、向区块链网络上传注册信息,所述注册信息包括所述蜂窝基站的公钥对和证书;并基于所述公钥对和所述证书,以将所述蜂窝基站作为成员加入所述区块链网络中;
在本申请实施例中,蜂窝基站会向所述区块链网络发起注册请求,请求将所述蜂窝基站作为成员节点加入所述区块链网络中;通过向区块链网络上传注册信息,区块链网络会根据所述注册信息完成对所述蜂窝基站的注册;所述注册信息包括所述蜂窝基站的公钥对和证书,所述公钥对和证书可以由设备商预先提供,并且预先安装了由设商签名的公钥证书。
例如,蜂窝基站上传其公钥对和证书至区块链网络用于注册;区块链网络依据根证书验证蜂窝基站的注册请求。其中,证书认证机制可以采用基于3GPP33.310(R17版本)的认证机构证书机制来解决区块链节点的主体身份信任问题。蜂窝基站向区块链网络发起注册请求,区块链网络根据设备商根证书和设备商签名证书对基站身份进行验证,若验证通过,则给蜂窝基站签发注册证书并返回证书响应,蜂窝基站将注册前的证书替换为注册证书,完成基站注册。
可以理解的是,所述蜂窝基站作为成员节点加入所述区块链网络中,所述成员节点可以包括客户端节点和计算节点;也即是所述蜂窝基站可以作为区块链网络的客户端节点也可以作为计算节点,当所述蜂窝基站作为计算节点时,共同维护区块链网络;也即是可以完成传统计算功能,即包括但不限于打包区块和验证;当所述蜂窝基站作为客户端节点时,这些客户端节点将主信息块以交易的形式发送给区块链网络;在区块链网络中,同一时间,一部分蜂窝基站作为计算节点,另一部分蜂窝基站作为客户端节点,共同维护整个区块链网络的运行,以达到蜂窝用户接入的目的。
102、向区块链网络上传主信息块,所述主信息块用于指示蜂窝基站覆盖范围内的蜂窝用户接入所述蜂窝基站所需的基本信息;
在本申请实施例中,蜂窝基站向区块链网络注册后,才有资格作为区块链成员验证上传至所述区块链网络的主信息块,所述主信息块MIB包括SIB1的解码信息,而SIB1包含了其他系统信息(OSI,Other system information)的调度信息,因此,所述主信息块可以用于指示蜂窝基站覆盖范围内的蜂窝用户接入所述蜂窝基站所需的基本信息。
在本申请实施例中,为了减少请求认证的开销,蜂窝基站在一定时间内不允许重复发送请求,请求事务信息可以包括以下部分{MIB,Cell_ID,Dowlink_Frequency,Time_Counter},其中事务信息可以根据实际场景和系统安全演进需求进行更改。
103、接收来自所述区块链网络的区块标识信息,所述区块标识信息是通过对所述区块执行共识算法,在满足共识算法条件后,对所述区块进行上链存储并生成的信息;所述区块是所述区块链网络通过对所述主信息块进行认证后,打包形成的数据块;
在本申请实施例中,蜂窝基站接收本蜂窝基站上传的主信息块对应的区块标识信息,该区块标识信息与所述区块链网络中的区块一一对应,即所述区块标识信息可以标识区块链网络中的对应区块,举个例子,假设所述区块标识信
息为000000000019d6689c,那么该区块标识信息000000000019d6689c在所述区块链网络中即可标识唯一的区块;因此,蜂窝基站只需要按照区块标识信息即可获得相应的区块,这样保证了每个蜂窝基站及其对应的蜂窝用户的信息安全。
在本申请实施例中,基站将包含系统信息的事务信息发布至区块链网络进行共识验证,当区块链网络达成共识时,含有系统信息块的新区块将被添加至区块链网络中。其中共识机制是可选的,本实施例以PoW为实例进行说明:
基站将包含系统信息的事务信息发布至区块链事务池,共识节点进行验证其有效性与完整性。之后共识节点将根据发布顺序选择事务打包进区块,其中用默克尔树汇总全部的事务,并得到默克尔根。然后不断修改随机数并计算区块头部信息的哈希值,直到找到一个满足条件的随机数值。当挖矿节点成功求出一个解后把解填入区块头部信息的随机数字段。随后块将被添加到本地分类账中,并广播给对等点,其他区块链矿工一旦验证它是一个有效的块,也将执行该操作。之后,基站广播新区块的区块头部信息和包含主信息块交易的默尔克验证路径,组成区块标识信息。由于物理信道编码的限制,可将系统新的区块证明被放入new_SIB中并且和SIB1共同广播。此外new_SIB guide information也被存入SIB1中。
104、广播所述主信息块和所述区块标识信息至覆盖范围内的蜂窝用户;
在本申请实施例中,蜂窝基站向其覆盖范围内的蜂窝用户广播从区块链网络接收到的主信息块和区块标识信息,可以按照一定的周期进行广播,广播的目的是为了让蜂窝用户获取基本业务信息,其中,区块标识信息对应的区块中包含的主信息块基于区块链防篡改性,可防止被恶意修改,提升了系统安全性能,并使蜂窝用户能够在初始接入阶段即可验证系统的可靠性。
105、接收来自蜂窝用户的接入请求,所述接入请求中包括所述蜂窝用户基于所述主信息块和所述区块标识信息确定出的待接入的蜂窝基站;
在本申请实施例中,所述蜂窝用户会向其确定出的待接入的蜂窝基站发出接入请求,由于接入请求具有专属性,所以所述接入请求就决定了蜂窝用户发
起的对象,因此,一旦蜂窝基站接收到所述接入请求,那么就表明接收到所述接入请求的所述蜂窝基站为所述蜂窝用户确定出的待接入的蜂窝基站。
其中,所述蜂窝用户基于所述主信息块和所述区块标识信息确定出的待接入的蜂窝基站的具体包括:
蜂窝用户对接收到的从所述蜂窝基站广播的所述区块标识信息进行验证,若所述区块标识信息存在,则继续对接收到的从所述蜂窝基站广播的所述区块标识信息进行验证,若所述区块标识信息通过验证,则继续对所述区块标识信息对应的所述区块进行验证,若同时满足以下条件,则确定广播所述区块的蜂窝基站为待接入的蜂窝基站;所述条件如下:
所述区块标识信息中的时间戳合法或者所述区块的时间戳合法;通过所述区块标识信息计算得到的默克尔树根与所述区块链网络中存储的默克尔树根一致;所述区块标识信息对应的所述区块的区块深度不小于验证阈值。
其中,上述三个条件中,区块标识信息的时间戳合法或者区块的时间戳合法只需要满足其一即可,而通过区块标识信息计算的默克尔树根必须与区块链网络中存储的默克尔树根一致,且所述区块的区块深度必须不小于验证阈值,这些条件满足后,即表明区块标识信息验证通过,且区块验证通过,那么验证通过的区块/和区块标识信息所对应的蜂窝基站就是待接入的蜂窝基站。
基于上述判断因素,可保障所述区块标识信息对应的所述主信息块的有效性、存在性与安全性。
106、响应于所述接入请求,基于随机接入过程与发出所述接入请求的所述蜂窝用户上行同步。
在本申请实施例中,蜂窝用户获取对应物理小区标识、主信息块以及对应区块标识信息后,根据主信息块MIB中的信息,检测物理下行共享信道得到SIB1,进一步获取终端所需的其他系统信息及随机接入信息。
因此,本申请中接收到所述蜂窝用户发出的接入请求的所述蜂窝基站也即蜂窝用户的待接入的蜂窝基站,该蜂窝基站响应于所述接入请求,对发出所述
接入请求的蜂窝用户基于随机接入过程进行上行同步。本申请中可信接入的过程包括:
蜂窝用户获取小区标识、主信息块并验证区块链标识信息。蜂窝用户基于区块链标识信息验证主信息块。蜂窝用户进行下行链路同步。蜂窝用户获取SIB1的时频域位置。蜂窝用户从SIB1中获得所需随机接入信息。用蜂窝用户通过上行链路执行随机接入过程。蜂窝用户与蜂窝基站进行后续初始接入流程。
在本申请优选实施例中,发出接入请求的蜂窝用户可通过SIB1获取随机接入过程信息(例如上行频率和物理随机信道配置),并通过随机接入过程实行上行同步。而后,启动初始注册程序。其中,针对现阶段R16版本协议,联系本实施例中面向的独立组网场景,随机接入可采用两步随机接入方案。第一步包括上行MSGA传输,包含了preamble和payload,且需要先发送MsgA preamble,再发送MsgA payload。两步随机接入的第二步是下行MSGB传输(由基站向用户发送),包含MsgB PDCCH和MsgB PDSCH。如果在MsgB Response Window内没收到MsgB,则重传MsgA。
图3是本申请另一实施例中面向蜂窝基站的去中心化可信接入方法流程图,如图3所示,所述方法应用于区块链网络,包括:
201、接收蜂窝基站上传的注册信息,所述注册信息包括所述蜂窝基站的公钥对和证书;
在本申请实施例中,蜂窝基站会向所述区块链网络发起注册请求,请求将所述蜂窝基站作为成员节点加入所述区块链网络中;所述蜂窝基站向区块链网络上传注册信息,所述区块链网络接收到所述注册信息后,会根据所述注册信息完成对所述蜂窝基站的注册;所述注册信息中包括所述蜂窝基站的公钥对和证书,所述公钥对和证书可以由设备商预先提供,并且预先安装了由设备商签名的公钥证书。
202、响应于所述公钥对和所述证书,针对所述蜂窝基站进行注册处理,以将所述蜂窝基站作为成员加入所述区块链网络中;
在本申请实施例中,所述区块链网络响应于从所述蜂窝基站上传的注册信息,根据所述注册信息将所述蜂窝基站注册到所述区块链网络中;可以根据根证书对蜂窝基站的注册信息进行验证,若验证通过,则将所述蜂窝基站作为成员加入所述区块链网络中,否则,拒绝所述蜂窝基站作为成员加入所述区块链网络中。
基站由供应商预先提供一个公钥对,并且预先安装了由供应商签名的公钥证书;基站上传其公钥对和证书至区块链网络用于注册;区块链网络依据根证书验证基站的注册请求;其中,证书认证机制可以采用基于3GPP 33.310(R17版本)的认证机构证书机制来解决区块链节点的主体身份信任问题。基站向区块链网络发起注册请求,区块链网络根据设备商根证书和设备商签名证书对基站身份进行验证,若验证通过,则给基站签发注册证书并返回证书相应,基站证书替换为注册证书,完成基站注册。
203、接收所述蜂窝基站上传的主信息块,所述主信息块用于指示蜂窝基站覆盖范围内的蜂窝用户接入所述蜂窝基站所需的基本信息;
在本申请实施例中,所述区块链网络可以定期也可以实时接收来自所述蜂窝基站上传的主信息块,所述主信息块MIB包括SIB1的解码信息,而SIB1包含了其他系统信息的调度信息,因此,所述主信息块可以用于指示蜂窝基站覆盖范围内的蜂窝用户接入所述蜂窝基站所需的基本信息。
204、响应于所述主信息块,对所述主信息块进行认证后,打包形成区块;对所述区块执行共识算法,在满足共识算法条件后,对所述区块进行上链存储并生成区块标识信息;
在本申请实施例中,所述区块链网络响应于从所述蜂窝基站接收到的所述主信息块,响应于所述主信息块,对所述主信息块进行认证,若认证通过则打包成区块,否则丢弃。对包含认证通过的主信息块的区块执行共识算法,如PoW或DAG等,当区块链网络中的各个节点达成共识时,对所述区块进行上链存储,同时对所述区块生成区块标识信息。
可以理解的是,本申请实施例中对所述主信息块的区块所执行的共识算法可以是现有技术中存在的任何共识算法,只要能够完成对区块的共识即可,本申请对此不做具体的限定。
205、向所述蜂窝基站发送所述区块标识信息,以供所述蜂窝基站广播所述主信息块和所述区块标识信息至覆盖范围内的蜂窝用户,使得覆盖范围内的蜂窝用户基于所述主信息块和所述区块标识信息确定待接入的蜂窝基站,并基于随机接入过程与所述待接入的蜂窝基站上行同步。
在本申请实施例中,所述区块链网络会向蜂窝基站发送相应的区块标识信息,蜂窝基站也会向其覆盖范围内的蜂窝用户广播所述主信息块和所述区块标识信息;所述蜂窝用户会根据接收到的所述主信息块和所述区块标识信息计算出待接入的蜂窝基站,当确定好待接入的蜂窝基站后,所述蜂窝用户会向所述待接入的蜂窝基站发出接入请求,所述待接入的蜂窝基站响应于所述接入请求,将基于随机接入过程与所述待接入的蜂窝基站上行同步。
图4是本申请还一实施例中面向蜂窝基站的去中心化可信接入方法流程图;如图4所示,所述方法应用于蜂窝用户,包括:
301、获取蜂窝基站广播的主信息块和区块标识信息,对所述区块标识信息进行验证;
在本申请实施例中,所述主信息块用于指示蜂窝基站覆盖范围内的蜂窝用户接入所述蜂窝基站所需的基本信息;所述蜂窝基站广播的区块标识信息是由区块链网络向其注册的所述蜂窝基站发送的,所述区块标识信息是通过对所述区块执行共识算法,在满足共识算法条件后,对所述区块进行上链存储并生成的信息;所述区块是所述区块链网络通过对所述主信息块进行认证后,打包形成的数据块;
302、若对所述区块标识信息验证通过,则继续对所述区块进行验证,若对所述区块验证通过,则确定该蜂窝基站为待接入的蜂窝基站;
在本申请实施例中,所述蜂窝用户首先对所述区块标识信息进行验证,若
所述区块标识信息存在,则继续对所述区块标识信息进行验证,若验证通过,则继续对所述区块进行验证,若同时满足以下条件,则确定广播所述区块标识信息对应的所述区块包含的蜂窝基站为待接入的蜂窝基站;
对所述区块标识信息进行验证,若所述区块标识信息验证通过,则继续对所述区块标识信息对应的所述区块进行验证的过程中,所采用的验证条件包括:
验证通过所述区块标识信息计算得到的第一默克尔树根与所述区块链网络中存储的区块中第二默克尔树根是否一致;验证所述区块标识信息的时间戳是否合法,或者所述区块标识信息对应的区块的时间戳是否合法;验证所述区块标识信息对应区块的区块深度是否不小于验证阈值。
在本申请实施例中,所述验证通过所述区块标识信息计算得到的第一默克尔树根与所述区块链网络中存储的区块中第二默克尔树根是否一致包括:
从所述区块标识信息中获取默克尔路径和区块头部信息;计算所述主信息块哈希值,并根据所述主信息块哈希值和所述默克尔路径计算出第一默克尔树根;同步主链区块链头信息,并在同步后的主链区块头部信息中搜索所述区块标识信息对应的区块头部信息;通过保存的主链区块头部信息获取第二默克尔树根;将所述第一默克尔树根与所述第二默克尔树根进行比较,若比较不一致,则标记广播所述区块标识信息的蜂窝基站为恶意的蜂窝基站。
可以理解的是,在本申请实施例中,只需要判断区块标识信息的时间戳或者区块的时间戳是否合法即可,不需要同时判断区块标识信息的时间戳和区块的时间戳是否合法;当只判断区块标识信息的时间戳是否合法时,那么需要在所述区块标识信息对应区块的区块深度是否不小于验证阈值之前,验证所述区块标识信息的时间戳是否合法,也即是,区块标识信息的时间戳的合法性判断和区块标识信息的默克尔树根的判断顺序可以交换,当这两者同时通过验证时,才表示区块标识信息的验证通过,此时再去验证区块标识信息对应的区块;当只判断区块的时间戳是否合法时,那么需要在验证通过所述区块标识信息计算得到的第一默克尔树根与所述区块链网络中存储的区块中第二默克尔树根是否
一致之后,验证所述区块的时间戳是否合法,也即是,区块的时间戳的合法性判断和区块的区块深度的判断顺序可以交换,当通过所述区块标识信息计算得到的第一默克尔树根与所述区块链网络中存储的区块中第二默克尔树根一致时,这时候就表明区块标识信息验证通过,此时再去验证区块标识信息对应的区块,这样验证方式能够灵活适用不同场景。其中,无论是区块标识信息还是区块的时间戳不合法时,都表明广播所述区块标识信息的蜂窝基站为无效的蜂窝基站。
在本申请实施例中,验证所述区块标识信息对应区块的区块深度是否不小于验证阈值包括:若所述区块的区块深度小于所述验证阈值,则标记广播所述区块标识信息的蜂窝基站为恶意的无效基站;若所述区块的区块深度不小于所述验证阈值,则标记广播所述区块标识信息的蜂窝基站为待接入的蜂窝基站。
在一些实施例中,对于验证是否同时满足以下条件所采用的验证过程,本申请实施例可以采用如下过程:
验证所述区块标识信息的时间戳是否合法;若所述区块标识信息的时间戳合法,继续验证通过所述区块标识信息计算得到的第一默克尔树根与所述区块链网络中存储的区块中第二默克尔树根是否一致;若所述区块标识信息的时间戳不合法,则所述区块标识信息验证未通过,确定该验证未通过的区块标识信息所对应的蜂窝基站不是待接入的蜂窝基站,结束验证;若所述第一默克尔树根和所述第二默克尔树根一致,则所述区块标识信息验证通过,继续验证该通过验证的区块标识信息所对应区块的区块深度是否不小于验证阈值;若所述第一默克尔树根和所述第二默克尔树根不一致,则所述区块标识信息验证未通过,确定该验证未通过的区块标识信息所对应的蜂窝基站不是待接入的蜂窝基站,结束验证;若所述区块的区块深度不小于验证阈值,则所述区块验证通过,确定出该验证通过的区块所对应的蜂窝基站为待接入的蜂窝基站;若所述区块的区块深度小于验证阈值,则所述区块验证未通过,确定该验证未通过的区块所对应的蜂窝基站不是待接入的蜂窝基站,结束验证;
其中,在另一些实施例中,对于验证是否同时满足以下条件所采用的验证
过程,本申请实施例可以采用如下过程:
验证通过所述区块标识信息计算得到的第一默克尔树根与所述区块链网络中存储的区块中第二默克尔树根是否一致;若所述第一默克尔树根和所述第二默克尔树根一致,则继续验证所述区块标识信息的时间戳是否合法;若所述第一默克尔树根和所述第二默克尔树根不一致,则所述区块标识信息验证未通过,确定该验证未通过的区块标识信息所对应的蜂窝基站不是待接入的蜂窝基站,结束验证;若所述区块标识信息的时间戳合法,则所述区块标识信息验证通过,继续验证该通过验证的区块标识信息所对应区块的区块深度是否不小于验证阈值;若所述区块标识信息的时间戳不合法,则所述区块标识信息验证未通过,确定该验证未通过的区块标识信息所对应的蜂窝基站不是待接入的蜂窝基站,结束验证;若所述区块的区块深度不小于验证阈值,则所述区块验证通过,确定出该验证通过的区块所对应的蜂窝基站为待接入的蜂窝基站;若所述区块的区块深度小于验证阈值,则所述区块验证未通过,确定该验证未通过的区块所对应的蜂窝基站不是待接入的蜂窝基站,结束验证。
可以理解的是,在本申请实施例中,验证是否同时满足以下条件的核心在于首先确定出区块标识信息是否能够验证通过,若区块标识信息能够验证通过,其次才会对该验证通过的区块标识信息所对应的区块进行验证,由于区块标识信息和区块是唯一对应的,所以能够根据区块标识信息确定出唯一对应的区块,若该区块标识信息唯一对应的区块也验证通过,由于每个蜂窝基站也只会从区块链网络中获取本蜂窝基站的主信息块所对应的区块标识信息,所以一个区块标识信息只能对应一个蜂窝基站,则表明广播该区块标识信息的蜂窝基站是待接入的蜂窝基站。
在本申请优选实施例中,如图5所示,所述蜂窝用户对所述区块标识信息进行验证的过程可以包括:
在获取主信息块后,首先判断区块标识信息是否存在;若所述区块标识信息不存在,则标记广播所述区块标识信息的蜂窝基站为未受保护的蜂窝基站;
若所述区块标识信息存在,则继续对所述区块标识信息进行验证;检查所述区块标识信息对应的时间戳,若所述时间戳不合法,则标记广播所述区块标识信息的蜂窝基站为无效的蜂窝基站,若所述时间戳合法,则从所述区块标识信息中获取默克尔路径和区块头部信息;计算所述主信息块哈希值,并根据所述主信息块哈希值和所述默克尔路径计算出第一默克尔树根;同步主链区块头部信息并在同步后的主链区块头部信息中搜索所述区块标识信息对应的区块头部信息;若计算得到的第一默克尔树根与保存的主链区块头部信息中第二默克尔树根不一致时,则标记广播所述区块标识信息的蜂窝基站为恶意的蜂窝基站;若计算得到的第一默克尔树根与保存的第二默克尔树根一致时,则继续对所述区块标识信息对应的所述区块进行验证,判断所述区块的深度是否不小于验证阈值;若所述区块的深度不大于所述验证阈值,则标记广播所述区块标识信息的蜂窝基站为恶意的无效基站;若所述区块的深度不小于所述验证阈值,则认定所述主信息块的区块可用,确定广播所述区块标识信息的蜂窝基站为待接入的蜂窝基站,同时还可以检测物理下行共享信道以获取SIB1。
在本申请优选实施例中,如图6所示,所述蜂窝用户仍然对所述区块标识信息进行验证:
在获取主信息块后,首先判断区块标识信息是否存在;对所述主信息块和所述区块标识信息进行查验,判断所述区块标识信息是否存在;若所述区块标识信息不存在,则标记广播所述主信息块的蜂窝基站为未受保护的蜂窝基站;若所述区块标识信息存在,则从所述区块标识信息中获取默克尔路径和区块头部信息区块头部信息;计算所述主信息块哈希值,并根据所述主信息块哈希值和所述默克尔路径计算出第一默克尔树根;同步主链区块链头信息并在同步后的主链区块头部信息中搜索所述区块标识信息对应的区块头部信息;若计算得到的第一默克尔树根与保存的主链区块头部信息中第二默克尔树根不一致,则标记广播所述区块标识信息的蜂窝基站为恶意的蜂窝基站;若计算得到的第一默克尔树根与保存的主链区块头部信息中第二默克尔树根一致,则继续对所述
区块标识信息的时间戳进行验证,确定所述时间戳是否合法;若所述时间戳不合法,则标记广播所述区块标识信息的蜂窝基站为无效的蜂窝基站,若所述时间戳合法,则继续对所述区块标识信息对应的区块进行验证,确定所述区块的深度是否不小于验证阈值;若所述区块的深度小于所述验证阈值,则标记广播所述区块标识信息的蜂窝基站为恶意的无效基站;若所述区块的深度不小于所述验证阈值,则认定所述区块可用,确定广播所述区块标识信息的蜂窝基站为待接入的蜂窝基站。
可以理解的是,蜂窝用户在收到蜂窝基站广播的主信息块和区块标识信息后,可以从主信息块中获取主链区块头部信息的调度信息,然后同步主链区块头部信息,为后续验证区块标识信息对应的区块深度信息、默克尔树根以及时间戳做准备;同时对区块标识信息进行解析,获取时间戳、区块头部信息以及包含主信息块的默克尔路径。
303、基于随机接入过程与所述待接入的蜂窝基站上行同步。
在本申请实施例中,接收到所述蜂窝用户发出的接入请求的所述蜂窝基站也即蜂窝用户的待接入的蜂窝基站,该蜂窝基站响应于所述接入请求,对发出所述接入请求的蜂窝用户基于随机接入过程进行上行同步。本申请实施例中可信接入过程包括:
蜂窝用户获取小区标识、主信息块,并验证区块标识信息。蜂窝用户基于区块标识信息验证主信息块。蜂窝用户进行下行链路同步。蜂窝用户获取SIB1的时频域位置。蜂窝用户从SIB1中获得所需随机接入信息。用蜂窝用户通过上行链路执行随机接入过程。
蜂窝用户与蜂窝基站进行后续初始接入流程。
在本申请优选实施例中,发出接入请求的蜂窝用户可通过SIB1获取随机接入过程信息(例如上行频率和物理随机信道配置),并通过随机接入过程实行上行同步。而后,启动初始注册程序。其中,针对现阶段R16版本协议,联系本实施例中面向的独立组网场景,随机接入过程可采用两步随机接入方案。第一
步包括上行MSGA传输,包含了preamble和payload,且需要先发送MsgA preamble,再发送MsgA payload。两步随机接入的第二步是下行MSGB传输(由基站向用户发送),包含MsgB PDCCH和MsgB PDSCH。如果在MsgB Response Window内没收到MsgB,则重传MsgA。
可以理解的是,基于随机接入过程与所述待接入的蜂窝基站上行同步是本领域技术人员采用的常规技术手段,本申请对此不作具体的限定,以上实施例只是一个参考,并不是对本申请的限定,本领域技术人员可以实际情况执行上述随机接入过程与上行同步流程。
图7是本申请优选实施例中面向蜂窝基站的去中心化可信接入方法流程图;如图7所示,可对上述实施例中可信接入方法进行优化,进行优化的过程包括:
明确信道模型;在区块链提升系统信息安全有效性证明以及相应实施方面,信道模型是可选的,本实施例以瑞利信道为实施方式例进行说明。
基于信道模型,得到接收端信噪比分布表达式,即可得蜂窝用户终端(User equipment,UE)处接收合法基站信号的信噪比γu的累积分布函数(Cumulative Distribution Function,CDF)为伪基站(False Base Station,FBS)处接收合法基站信号的信噪比γe的CDF为和UE处接收FBS信号的信噪比γf的CDF为其中,和分别代表FBS和合法蜂窝基站的发射功率,N代表蜂窝基站的发射天线数量,分别代表在UE处和在FBS处的高斯白噪声方差,Γ(.)表示伽马函数,Γ(·,·)表示上不完全伽马函数。
计算中断概率;在中断概率计算步骤,本实施方式例中基于Wyner窃听模型计算中断概率计算。在区块链场景下中断概率为在传统无区块链场景下的中断概率为其中,与Re分别表示有/无区块链场景下的保密冗余速率。
因此,在区块链情况下UE接入伪基站的概率也即采用本申请接入方法得出的接入失败概率为:其中,表示伪基站信号质量高于合法蜂窝基站的概率,为伪基站向UE发送信号的传输速率;Pd为FBS基于主链的最新块构建伪链发起的双花攻击成功概率,表示为:
其中z为区块深度确认门限,即当一个区块得到z个后续区块的确认后,则认为此区块有效;q和p分别代表FBS和gNB制造新块的概率,即各自算力占总算力的比例,p+q=1;λ=zqp-1为FBS制造的区块的个数的期望值,M为FBS所能接受的落后主链的最大区块个数。
在无区块链情况下UE接入伪基站的概率也即采用传统接入方法经过预计算得出的接入失败概率为:Pf=Pso×Pe;其中,表示伪基站信号质量高于合法蜂窝基站的概率。因此,基于前述与Pf定义与计算,可得计算安全增益
根据所述安全增益部署区块链网络的块门限,可根据不同应用场景的安全需求确定适用的块门限,其中块门限及其更新数据可置于主信息块中,以便用户获取;然后再根据块门限更新验证阈值,即,在步骤302中更新蜂窝用户对所属区块深度的验证阈值,若所述区块的深度小于所述验证阈值,则标记该区块对应的蜂窝基站为恶意的无效基站;若所述区块的深度不小于所述验证阈值,则认定所述区块可用,确定广播所述区块对应的所属区块标识信息的蜂窝基站为待接入的蜂窝基站。
在本申请的优选实施例中,此外,本实施例还支持在多基站情况下的系统性安全分析。接下来本实施方式例在基站、FBS位置分布满足泊松点分布(Poisson Point Process,PPP)的情况下,计算采用区块链网络所提升的系统安全增益。在PPP场景下,为方便公式表达,用符号u表示UE,λg与λf分别表示蜂窝基站与
伪基站分布密度,将距离u最近的蜂窝基站表示为g0,将距离u最近的伪基站表示为f0,dx,y表示接收端x与发射端y之间的距离。基于上述SG的分析框架,推导在PPP场景下UE处接收合法基站信号的信噪比的CDF为FBS处接收合法基站信号的信噪比的CDF为UE处接收FBS信号的信噪比的CDF为并可得的概率密度函数为因此,基于前述SG定义,可得在PPP场景下的安全增益。其中涉及的各函数定义为:
其中,表示数学期望,2F1(.)表示高斯超几何函数,τ为路径损耗指数,νi表示干扰蜂窝基站i与u之间的信道增益,NI表示干扰基站的发射天线数量。
可以理解的是,本实施例中定义用户将FBS确定为待接入基站的概率定义为接入失败概率。本实施例中通过对本申请实施例中所计算出接入失败概率与传统技术中不采用区块链网络下的接入失败概率进行比较,计算出本申请实施例中区块链网络的安全增益SG;按照安全增益来更新部署区块链网络的块门限,根据块门限更新验证阈值,使得所述一种基于面向蜂窝基站的去中心化可信方法的效益更优。
尽管已经示出和描述了本申请的实施例,对于本领域的普通技术人员而言,可以理解在不脱离本申请的原理和精神的情况下可以对这些实施例进行多种变化、修改、替换和变型,本申请的范围由所附权利要求及其等同物限定。
Claims (10)
- 一种面向蜂窝基站的去中心化可信接入方法,应用于蜂窝基站,其特征在于,所述方法包括:向区块链网络上传注册信息,所述注册信息包括所述蜂窝基站的公钥对和证书;并基于所述公钥对和所述证书,以将所述蜂窝基站作为成员加入所述区块链网络中;向区块链网络上传主信息块,所述主信息块用于指示蜂窝基站覆盖范围内的蜂窝用户接入所述蜂窝基站所需的基本信息;接收来自所述区块链网络的区块标识信息,所述区块标识信息是通过对区块执行共识算法,在满足共识算法条件后,对所述区块进行上链存储并生成的信息;所述区块是所述区块链网络通过对所述主信息块进行认证后,打包形成的数据块;广播所述主信息块和所述区块标识信息至覆盖范围内的蜂窝用户;接收来自蜂窝用户的接入请求,所述接入请求中包括所述蜂窝用户基于所述主信息块和所述区块标识信息确定出的待接入的蜂窝基站;响应于所述接入请求,基于随机接入过程与发出所述接入请求的所述蜂窝用户上行同步。
- 一种面向蜂窝基站的去中心化可信接入方法,其特征在于,应用于区块链网络,所述方法包括:接收蜂窝基站上传的注册信息,所述注册信息包括所述蜂窝基站的公钥对和证书;响应于所述公钥对和所述证书,针对所述蜂窝基站进行注册处理,以将所述蜂窝基站作为成员加入所述区块链网络中;接收所述蜂窝基站上传的主信息块,所述主信息块用于指示蜂窝基站覆盖范围内的蜂窝用户接入所述蜂窝基站所需的基本信息;响应于所述主信息块,对所述主信息块进行认证后,打包形成区块;对所 述区块执行共识算法,在满足共识算法条件后,对所述区块进行上链存储并生成区块标识信息;向所述蜂窝基站返回所述区块标识信息,以供所述蜂窝基站广播所述主信息块和所述区块标识信息至覆盖范围内的蜂窝用户,使得覆盖范围内的蜂窝用户基于所述主信息块和所述区块标识信息确定待接入的蜂窝基站,并基于随机接入过程与所述待接入的蜂窝基站上行同步。
- 根据权利要求2所述的一种面向蜂窝基站的去中心化可信接入方法,其特征在于,所述针对所述蜂窝基站进行注册处理,以将所述蜂窝基站作为成员加入所述区块链网络中包括:对所述蜂窝基站的注册信息进行解析,获取所述蜂窝基站的身份信息;根据设备商根证书和设备商签名证书对蜂窝基站的身份信息进行验证,若验证通过,则给所述蜂窝基站签发注册证书并向所述蜂窝基站返回证书响应,将所述蜂窝基站作为成员加入所述区块链网络中;否则,拒绝所述蜂窝基站作为成员加入所述区块链网络中。
- 根据权利要求2所述的一种面向蜂窝基站的去中心化可信接入方法,其特征在于,对所述主信息块进行验证后,打包形成区块;对所述区块执行共识算法,在满足共识算法条件后,对所述区块进行上链存储并生成区块标识信息包括:响应于所述主信息块,对所述主信息块进行验证,若认证通过则打包成区块,否则丢弃;对所述区块执行共识算法,当区块链网络中的各个节点达成共识时,对所述区块进行上链存储,同时对所述区块生成区块标识信息;所述区块标识信息包括所述主信息块所在区块的区块头部信息以及包含主信息块的默尔克路径。
- 一种面向蜂窝基站的去中心化可信接入方法,其特征在于,应用于蜂窝用户,所述方法包括:获取蜂窝基站广播的主信息块和区块标识信息,对所述区块标识信息进行 验证;所述主信息块用于指示蜂窝基站覆盖范围内的蜂窝用户接入所述蜂窝基站所需的基本信息;所述区块标识信息是通过对区块执行共识算法,在满足共识算法条件后,对所述区块进行上链存储并生成的信息;所述区块是所述区块链网络通过对所述主信息块进行认证后,打包形成的数据块;若验证所述区块标识信息存在,则对所述区块标识信息进行验证,若所述区块标识信息验证通过,则继续对所述区块标识信息对应的所述区块进行验证,若对所述区块验证通过,则确定该蜂窝基站为待接入的蜂窝基站;基于随机接入过程与所述待接入的蜂窝基站上行同步。
- 根据权利要求5所述的一种面向蜂窝基站的去中心化可信接入方法,其特征在于,对所述区块标识信息进行验证,若所述区块标识信息验证通过,则继续对所述区块标识信息对应的所述区块进行验证的过程中,所采用的验证条件包括:验证通过所述区块标识信息计算得到的第一默克尔树根与所述区块链网络中存储的区块中第二默克尔树根是否一致;验证所述区块标识信息的时间戳是否合法,或者所述区块标识信息对应的区块的时间戳是否合法;验证所述区块标识信息对应区块的区块深度是否不小于验证阈值。
- 根据权利要求6所述的一种面向蜂窝基站的去中心化可信接入方法,其特征在于,所述验证通过所述区块标识信息计算得到的第一默克尔树根与所述区块链网络中存储的区块中第二默克尔树根是否一致包括:从所述区块标识信息中获取默克尔路径和区块头部信息;计算所述主信息块哈希值,并根据所述主信息块哈希值和所述默克尔路径计算出第一默克尔树根;同步主链区块头部信息,并在同步后的主链区块头部信息中搜索所述区块标识信息对应的区块头部信息;通过保存的主链区块头部信息获取第二默克尔树根;将所述第一默克尔树根与所述第二默克尔树根进行比较,若比较不一致,则标记广播所述区块标识信息的蜂窝基站为恶意的蜂窝基站。
- 根据权利要求7所述的一种面向蜂窝基站的去中心化可信接入方法,其 特征在于,验证所述区块标识信息的时间戳是否合法,或者所述区块标识信息对应的区块的时间戳是否合法包括:在所述区块标识信息对应区块的区块深度是否不小于验证阈值之前,验证所述区块标识信息的时间戳是否合法,若所述区块标识信息的时间戳不合法,则标记广播所述区块标识信息的蜂窝基站为无效的蜂窝基站;在验证通过所述区块标识信息计算得到的第一默克尔树根与所述区块链网络中存储的区块中第二默克尔树根是否一致之后,验证所述区块标识信息对应的区块的时间戳是否合法,若所述区块的时间戳不合法,则标记广播所述区块标识信息的蜂窝基站为无效的蜂窝基站。
- 根据权利要求7所述的一种面向蜂窝基站的去中心化可信接入方法,其特征在于,验证所述区块标识信息对应区块的区块深度是否不小于验证阈值包括:若所述区块的区块深度小于所述验证阈值,则标记广播所述区块标识信息的蜂窝基站为恶意的无效基站;若所述区块的区块深度不小于所述验证阈值,则标记广播所述区块标识信息的蜂窝基站为待接入的蜂窝基站。
- 根据权利要求1-9任一所述的一种面向蜂窝基站的去中心化可信接入方法,其特征在于,所述方法还包括:定义蜂窝用户确定伪基站为待接入的蜂窝基站的概率为接入失败概率;计算蜂窝用户的接入失败概率;将计算所得的所述接入失败概率与预计算的接入失败概率进行比较,计算出区块链网络的安全增益;根据所述安全增益部署区块链网络的块门限,更新区块链网络中区块深度的验证阈值。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210631134.8 | 2022-06-06 | ||
CN202210631134.8A CN115038084A (zh) | 2022-06-06 | 2022-06-06 | 一种面向蜂窝基站的去中心化可信接入方法 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2023236551A1 true WO2023236551A1 (zh) | 2023-12-14 |
Family
ID=83122460
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2023/073754 WO2023236551A1 (zh) | 2022-06-06 | 2023-01-30 | 一种面向蜂窝基站的去中心化可信接入方法 |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN115038084A (zh) |
WO (1) | WO2023236551A1 (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117640664A (zh) * | 2024-01-25 | 2024-03-01 | 中国信息通信研究院 | 标识数据同步方法、系统、电子设备及存储介质 |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115038084A (zh) * | 2022-06-06 | 2022-09-09 | 北京邮电大学 | 一种面向蜂窝基站的去中心化可信接入方法 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108462963A (zh) * | 2017-02-22 | 2018-08-28 | 蓝盾信息安全技术有限公司 | 一种利用区块链解决移动伪基站问题的方法 |
WO2019047631A1 (zh) * | 2017-09-07 | 2019-03-14 | 京信通信系统(中国)有限公司 | 基于区块链的微基站通信管理方法、系统及设备 |
EP3579494A1 (en) * | 2018-06-08 | 2019-12-11 | Deutsche Telekom AG | Blockchain based roaming |
CN111246474A (zh) * | 2020-01-10 | 2020-06-05 | 中国联合网络通信集团有限公司 | 一种基站认证方法及装置 |
CN115038084A (zh) * | 2022-06-06 | 2022-09-09 | 北京邮电大学 | 一种面向蜂窝基站的去中心化可信接入方法 |
-
2022
- 2022-06-06 CN CN202210631134.8A patent/CN115038084A/zh active Pending
-
2023
- 2023-01-30 WO PCT/CN2023/073754 patent/WO2023236551A1/zh active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108462963A (zh) * | 2017-02-22 | 2018-08-28 | 蓝盾信息安全技术有限公司 | 一种利用区块链解决移动伪基站问题的方法 |
WO2019047631A1 (zh) * | 2017-09-07 | 2019-03-14 | 京信通信系统(中国)有限公司 | 基于区块链的微基站通信管理方法、系统及设备 |
EP3579494A1 (en) * | 2018-06-08 | 2019-12-11 | Deutsche Telekom AG | Blockchain based roaming |
CN111246474A (zh) * | 2020-01-10 | 2020-06-05 | 中国联合网络通信集团有限公司 | 一种基站认证方法及装置 |
CN115038084A (zh) * | 2022-06-06 | 2022-09-09 | 北京邮电大学 | 一种面向蜂窝基站的去中心化可信接入方法 |
Non-Patent Citations (1)
Title |
---|
HOJJATI MAEDE; SHAFIEINEJAD ALIREZA; YANIKOMEROGLU HALIM: "A Blockchain-Based Authentication and Key Agreement (AKA) Protocol for 5G Networks", IEEE ACCESS, IEEE, USA, vol. 8, 2 December 2020 (2020-12-02), USA , pages 216461 - 216476, XP011824216, DOI: 10.1109/ACCESS.2020.3041710 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117640664A (zh) * | 2024-01-25 | 2024-03-01 | 中国信息通信研究院 | 标识数据同步方法、系统、电子设备及存储介质 |
CN117640664B (zh) * | 2024-01-25 | 2024-05-28 | 中国信息通信研究院 | 标识数据同步方法、系统、电子设备及存储介质 |
Also Published As
Publication number | Publication date |
---|---|
CN115038084A (zh) | 2022-09-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN112073379B (zh) | 一种基于边缘计算的轻量级物联网安全密钥协商方法 | |
CN106972931B (zh) | 一种pki中证书透明化的方法 | |
CN108810895B (zh) | 基于区块链的无线Mesh网络身份认证方法 | |
CN106789090B (zh) | 基于区块链的公钥基础设施系统及半随机联合证书签名方法 | |
WO2023236551A1 (zh) | 一种面向蜂窝基站的去中心化可信接入方法 | |
CN113746632B (zh) | 一种物联网系统多级身份认证方法 | |
CN110267270B (zh) | 一种变电站内传感器终端接入边缘网关身份认证方法 | |
Chattaraj et al. | A new two-server authentication and key agreement protocol for accessing secure cloud services | |
Hu et al. | Smart grid mesh network security using dynamic key distribution with merkle tree 4-way handshaking | |
CN108882238B (zh) | 一种用于移动自组织网中基于共识算法的轻量级轮转ca认证方法 | |
CN112118106B (zh) | 一种基于标识密码的轻量级端到端安全通信认证方法 | |
CN104780177A (zh) | 物联网感知设备云端仿真系统的信息安全保障方法 | |
CN114884698B (zh) | 基于联盟链的Kerberos与IBC安全域间跨域认证方法 | |
Chom Thungon et al. | A lightweight authentication and key exchange mechanism for IPv6 over low‐power wireless personal area networks‐based Internet of things | |
Zhang et al. | A Novel Privacy‐Preserving Authentication Protocol Using Bilinear Pairings for the VANET Environment | |
CN115514474A (zh) | 一种基于云-边-端协同的工业设备可信接入方法 | |
CN116388995A (zh) | 一种基于puf的轻量级智能电网认证方法 | |
CN108833113A (zh) | 一种基于雾计算的增强通讯安全的认证方法及系统 | |
CN115865320A (zh) | 一种基于区块链的安全服务管理方法及系统 | |
Hussain et al. | An efficient and reliable user access protocol for Internet of Drones | |
CN106230840A (zh) | 一种高安全性的口令认证方法 | |
Vangala et al. | Blockchain-Based Robust Data Security Scheme in IoT-Enabled Smart Home. | |
Songshen et al. | Hash-Based Signature for Flexibility Authentication of IoT Devices | |
CN116388989A (zh) | 一种基于分布式身份的零信任单包认证系统及方法 | |
CN112069487B (zh) | 一种基于物联网的智能设备网络通讯安全实现方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 18281084 Country of ref document: US |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 23818719 Country of ref document: EP Kind code of ref document: A1 |