CN108173882B - AES algorithm-based edge computing node identity authentication method - Google Patents

AES algorithm-based edge computing node identity authentication method Download PDF

Info

Publication number
CN108173882B
CN108173882B CN201810172441.8A CN201810172441A CN108173882B CN 108173882 B CN108173882 B CN 108173882B CN 201810172441 A CN201810172441 A CN 201810172441A CN 108173882 B CN108173882 B CN 108173882B
Authority
CN
China
Prior art keywords
edge
key
registration
edge service
service equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201810172441.8A
Other languages
Chinese (zh)
Other versions
CN108173882A (en
Inventor
滕明凤
安建伟
林福宏
孔志印
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
University of Science and Technology Beijing USTB
Original Assignee
University of Science and Technology Beijing USTB
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by University of Science and Technology Beijing USTB filed Critical University of Science and Technology Beijing USTB
Priority to CN201810172441.8A priority Critical patent/CN108173882B/en
Publication of CN108173882A publication Critical patent/CN108173882A/en
Application granted granted Critical
Publication of CN108173882B publication Critical patent/CN108173882B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Computer And Data Communications (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides an edge computing node identity authentication method based on an AES algorithm, wherein the method comprises the following steps: an initialization step, a registration authority is utilized to distribute ID for each edge service device in the network, and the generation of public and private key pairs of the edge service devices and the registration authority is completed; a registration step, which is to complete the registration of the edge user requesting service and the generation of a master key; and an authentication step, namely, utilizing the improved AES algorithm to realize the bidirectional identity authentication of the edge user and the edge service equipment. The technical scheme provided by the invention solves the problem of bidirectional identity authentication of the edge computing node, ensures the safe and efficient communication of the edge node, and can meet the requirements of high dynamic and low time delay of edge computing.

Description

AES algorithm-based edge computing node identity authentication method
Technical Field
The invention relates to the field of identity authentication related application, in particular to an edge computing node identity authentication method based on an AES algorithm.
Background
With the rapid development of the internet of things and the popularization of 4G/5G wireless networks, the era of internet of everything interconnection comes rapidly, the number of network edge devices is rapidly increased, mass data needs to be processed, a centralized big data processing mode taking a cloud computing model as a core cannot efficiently process data generated by the edge devices, the continuous complication of the network, network delay, network blockage and the like bring immeasurable loss to the internet of things, and the existing mode that the internet of things directly accesses to the cloud is not suitable any more. The edge calculation can efficiently, timely and safely process mass data, provides faster response for users, and solves the demand at the edge, so the edge calculation becomes the key point of attention of people in the world of everything interconnection.
The AES (advanced Encryption Standard) has the advantages of simplicity, high efficiency, symmetry, modularity and the like, but the research on the current attack method of the algorithm shows that the AES adopts a mode of expanding a seed key to generate a sub-key, the key expansion algorithm is designed to be simpler, and the attacks such as energy attack and penetration attack are just made in the key expansion algorithm in the AES algorithm to attack the safety of the AES Encryption algorithm. The algorithm has the defect that an attacker can derive the original seed key after obtaining a round key. The reverse process is a main thinking mode of a key cracker, and if a method which can enable the operation direction of the algorithm to have uniqueness can be found, namely the algorithm can be calculated only from front to back and cannot be calculated from back to front, the attack can be prevented.
Identity authentication is a very important measure for ensuring the safety of edge computing, and a traditional identity authentication scheme has no good expandability in a high-dynamic and high-density edge network; the identity authentication based on the biological characteristics has longer execution time and high price; the identity authentication technology developed based on the D-H problem uses complex model calculation, and the authentication process is too slow to be suitable for intelligent equipment or an intelligent card.
Disclosure of Invention
In view of this, the present invention provides an edge computing node identity authentication method based on an AES algorithm, so as to solve the problem of bidirectional identity authentication of an edge computing node, and to ensure safe and efficient communication of the edge node.
The invention provides an edge computing node identity authentication method based on an AES algorithm, wherein the method comprises the following steps:
an initialization step, a registration authority is utilized to distribute ID for each edge service device in the network, and the generation of public and private key pairs of the edge service devices and the registration authority is completed;
a registration step, which is to complete the registration of the edge user requesting service and the generation of a master key;
and an authentication step, namely, utilizing the improved AES algorithm to realize the bidirectional identity authentication of the edge user and the edge service equipment.
Preferably, the improved AES algorithm comprises an improvement of a column mixing matrix, where the improved column mixing matrix a is:
Figure BDA0001586253990000031
wherein the modified column mixing matrix A is in the finite field GF (2)8) The inverse of (a) is the same as the modified column mixing matrix a.
Preferably, the AES algorithm of the improvement further comprises an improvement of key expansion, wherein the improvement of key expansion comprises:
from Wi-4、Wi-3、Wi-2、Wi-1Calculate Wi、Wi+1、Wi+2、Wi+3Wherein W isiFrom Wi-4And Wi-1Is calculated to obtaini+1From WiAnd Wi-2XOR to obtain Wi+2、Wi+3Not related to the key of the previous round but directly determined from the key of the current round, Wi+2From WiAnd Wi+1XOR to obtain Wi+3From Wi+1And Wi+2Obtaining an exclusive or;
and exchanging the third word of each round of keys with the third word of the previous round of keys, wherein the exchanged keys are used as new round of sub-keys.
Preferably, the registration authority is located in the cloud and is responsible for registration and key distribution of each edge service device in the network, wherein the initialization step specifically includes:
the registry assigns a unique ID to each edge service device in the networkESAnd using the private key sRAThe signature is sent to the edge service equipment;
the edge service equipment receives the private key s of the registration authorityRAAfter signing, using public key p of said registration authorityRAA verification message;
the registry and the edge service device respectively have respective public and private key pairs, and the private keys are respectively kept, the edge service device also has the public key of the registry, and the registry also has the public key of the edge service device.
Preferably, the registering step specifically includes:
the edge user requesting service sends the ID of the edge user to the registryEU
The registration authority checks the received ID of the edge userEUWhether it has already been registered;
if the registration is already carried out, the current registration step is stopped.
Preferably, the registering step further includes:
if not, the registration mechanism randomly selects a master key k for the edge userEUAnd sending to the edge user;
the registration mechanism calculates the key k of the edge service equipment under the current edge user conditionES=H(IDE,IDES,kEU) And using the public key p of the edge service deviceESEncrypting and then using the private key s of the registration authorityRAAfter signing, sending the signature to the edge service equipment;
the edge service device uses the public key p of the registration authority after receivingRAVerifying whether the edge service equipment is maliciously tampered or not, and using a private key s of the edge service equipmentESDecrypting to obtain the key kESAnd stores the key kESID corresponding to the edge userEU
Preferably, the step of authenticating further comprises:
the edge user picks a random number rEUAnd broadcasting data < helloEdge, ID to the networkEU,rEU>;
The edge service device checks the ID of the edge user after receiving the broadcast dataEUIf not, stopping the process, if so, the ID of the edge user is associated withEUCorresponding said key kESTaking out;
the edge service equipment selects a random number rESAnd encrypted (r) using said improved AES algorithmEU,rES) Then reply to the edge user
Figure BDA0001586253990000051
Preferably, the step of authenticating further comprises:
the edge user utilizes the received edge service equipment IDESAnd own IDE、kEUCalculating kESWherein k isES=H(IDE,IDES,kEU);
Said edge user using calculated kESDecrypting the encrypted data to obtain a decrypted random number, and comparing the decrypted random number with a transmitted random number rEUComparing, if equal, stopping the continuous execution, otherwise stopping the process;
the edge user selects random data as a session key ksEncrypting by using the improved AES algorithm, wherein the encryption key is rES
The edge user sends data to the edge service equipment
Figure BDA0001586253990000052
Preferably, the step of authenticating further comprises:
the edge service device uses rESFor received data
Figure BDA0001586253990000053
Decrypting to obtain the session key ks
If the decryption is successful and the received encryption key rESWith said key kESIf the two are equal, the authentication is completed, otherwise, the process is stopped.
The technical scheme provided by the invention realizes bidirectional identity authentication of the edge computing node by using the improved AES symmetric encryption algorithm, the hash algorithm and other algorithms, fully utilizes the advantages of high performance and flexibility of the symmetric encryption algorithm, avoids the phenomenon that a key attacker deduces an original seed key by using a wheel key by improving the AES algorithm, solves the bidirectional identity authentication problem of the edge computing node, ensures the safe and efficient communication of the edge node, can meet the requirements of high dynamic and low time delay of edge computing, and can safely and quickly finish the identity authentication between the nodes.
Drawings
FIG. 1 is a flowchart of an edge computing node identity authentication method based on AES algorithm according to an embodiment of the present invention;
FIG. 2 is a flow chart illustrating a registration phase according to an embodiment of the present invention;
FIG. 3 is a flow chart illustrating an authentication phase according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of an AES algorithm key expansion in accordance with an embodiment of the present invention;
fig. 5 is a schematic diagram of a key exchange process of the AES algorithm according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The following will describe in detail an edge computing node identity authentication method based on the AES algorithm provided by the present invention.
Fig. 1 is a flowchart illustrating an edge computing node identity authentication method based on AES algorithm according to an embodiment of the present invention.
In step S1, an initialization step, which allocates an ID to each edge service device in the network by using a registration authority, and completes generation of a public and private key pair between the edge service device and the registration authority.
In the embodiment, the edge computing identity authentication relates to a cloud registration authority RA, an edge service device ES located at the edge of a network, and an edge user EU requesting for service, wherein the whole authentication process includes three steps of an initialization stage, a registration stage, and an authentication stage.
In this embodiment, the registration mechanism is located in the cloud and is responsible for registration and key distribution of each edge service device in the network, where the initialization step specifically includes:
the registry assigns a unique ID to each edge service device in the networkESAnd using the private key sRAThe signature is sent to the edge service equipment;
the edge service device receives the notePrivate key s of book organizationRAAfter signing, using public key p of said registration authorityRAA verification message;
the registry and the edge service device respectively have respective public and private key pairs, and the private keys are respectively kept, the edge service device also has the public key of the registry, and the registry also has the public key of the edge service device.
In step S2, a registration step completes registration of the edge user requesting the service and generation of the master key.
In this embodiment, the whole registration phase is as shown in fig. 2, and the registration step specifically includes:
the edge user requesting service sends the ID of the edge user to the registryEU
The registration authority checks the received ID of the edge userEUWhether it has already been registered;
if the registration is already carried out, the current registration step is stopped.
In this embodiment, the registering step further includes:
if not, the registration mechanism randomly selects a master key k for the edge userEUAnd sending to the edge user;
the registration mechanism calculates the key k of the edge service equipment under the current edge user conditionES=H(IDE,IDES,kEU) And using the public key p of the edge service deviceESEncrypting and then using the private key s of the registration authorityRAAfter signing, sending the signature to the edge service equipment;
the edge service device uses the public key p of the registration authority after receivingRAVerifying whether the edge service equipment is maliciously tampered or not, and using a private key s of the edge service equipmentESDecrypting to obtain the key kESAnd stores the key kESID corresponding to the edge userEU
In step S3, an authentication step, which implements bidirectional identity authentication between the edge user and the edge service device by using the improved AES algorithm.
In this embodiment, the whole authentication phase is as shown in fig. 3, wherein the authentication step further includes:
the edge user picks a random number rEUAnd broadcasting data < helloEdge, ID to the networkEU,rEU>;
The edge service device checks the ID of the edge user after receiving the broadcast dataEUIf not, stopping the process, if so, the ID of the edge user is associated withEUCorresponding said key kESTaking out;
the edge service equipment selects a random number rESAnd encrypted (r) using said improved AES algorithmEU,rES) Then reply to the edge user
Figure BDA0001586253990000091
In this embodiment, the authenticating step further includes:
the edge user utilizes the received edge service equipment IDESAnd own IDE、kEUCalculating kESWherein k isES=H(IDE,IDES,kEU);
Said edge user using calculated kESDecrypting the encrypted data to obtain a decrypted random number, and comparing the decrypted random number with a transmitted random number rEUComparing, if equal, stopping the continuous execution, otherwise stopping the process;
the edge user selects random data as a session key ksEncrypting by using the improved AES algorithm, wherein the encryption key is rES
The edge user sends data to the edge service equipment
Figure BDA0001586253990000092
Preferably, the step of authenticating further comprises:
the edge service device uses rESFor received data
Figure BDA0001586253990000093
Decrypting to obtain the session key ks
If the decryption is successful and the received encryption key rESWith said key kESIf the two are equal, the authentication is completed, otherwise, the process is stopped.
In the present embodiment, the improved AES algorithm includes two parts, an improvement of the column mixing matrix and an improvement of the key expansion.
In the present embodiment, the column blending is divided into forward column blending (MC) and backward column blending (IMC), which are all independent operations on the state matrix, and each column of the input state matrix is associated with a fixed polynomial in the finite field GF (2)8) Up-multiplying, then modulo polynomial x4+1, where positive column mixing uses equation (1) and negative column mixing uses equation (2).
Figure BDA0001586253990000101
Figure BDA0001586253990000102
As can be seen from the above equations (1) and (2), the forward column mixing fixed matrix is much simpler than the reverse column mixing fixed matrix, the forward column mixing transformation needs to perform 4 xor operations and 2 xtime multiplication operations, and the reverse column mixing transformation needs to perform 9 xor operations and 12 xtime multiplication operations, which is why the reverse column mixing takes much more time than the forward column mixing.
Therefore, the present invention adopts a simplest form matrix (i.e. an improved column mixing matrix a), wherein the improved column mixing matrix a is:
Figure BDA0001586253990000103
wherein the modified column mixing matrix A is in the finite field GF (2)8) The inverse matrix is the same as the improved column mixing matrix A, so that the computation complexity of the inverse column mixing is the same as that of the forward column mixing, and only 4 times of xor operation and 2 times of xtime multiplication operation are needed, so that the decryption time is saved, and the efficiency of the AES algorithm is improved.
In this embodiment, the AES algorithm in the modification further includes a modification of key expansion, as shown in fig. 4, where the modification method of key expansion includes:
from Wi-4、Wi-3、Wi-2、Wi-1Calculate Wi、Wi+1、Wi+2、Wi+3Wherein W isiFrom Wi-4And Wi-1Is calculated to obtaini+1From WiAnd Wi-2XOR to obtain Wi+2、Wi+3Not related to the key of the previous round but directly determined from the key of the current round, Wi+2From WiAnd Wi+1XOR to obtain Wi+3From Wi+1And Wi+2Obtaining an exclusive or;
and exchanging the third word of each round of keys with the third word of the previous round of keys, wherein the exchanged keys are used as new round of sub-keys.
In this embodiment, the key is also transformed in bytes, represented by a 4-row two-dimensional array, and the key expansion is implemented in a direct expansion manner, so that the algorithm has high efficiency, and the 128b encryption performs 10 rounds of operations, and adds the initial seed key to completely encrypt 11 packets at a time. The key expansion process consists ofi-4、Wi-3、Wi-2、Wi-1Calculate Wi、Wi+1、Wi+2、Wi+3From the above key expansion implementation process, it is known that although each round of complex transformation is performed, there is strong correlation with the previous round. Assuming that an attacker obtains a round key, only 2 guesses are needed32The key of the previous round can be derived, so that the derived seed includesAll subkeys including subkey. Therefore, the key expansion needs to be improved, so that the efficiency of the original key expansion is maintained, the algorithm unidirectionality is improved as much as possible, and the algorithm is not realized in a reverse reasoning manner.
In this embodiment, the improved method of key expansion is shown in fig. 4, and the basic flow of expansion is unchanged, which is represented by Wi-4、Wi-3、Wi-2、Wi-1Calculate Wi、Wi+1、Wi+2、Wi+3,WiFrom Wi-4And Wi-1Is calculated to obtaini+1From WiAnd Wi-2XOR to obtain Wi+2、Wi+3Not related to the key of the previous round but directly determined from the key of the current round, Wi+2From WiAnd Wi+1XOR to obtain Wi+3From Wi+1And Wi+2And XOR is obtained.
In this embodiment, the third word of each round of keys is exchanged with the third word of the previous round of keys, and as shown in fig. 5, the exchanged keys are used as the new round of sub-keys. Thus, even if the first two words of the key are guessed, the 3 rd and 4 th words cannot be deduced, and if one wants to obtain a round key, the first two words of the ten round key must be guessed. Need 2128And the method is comparable to brute force cracking. And W2The method does not participate in calculation, cannot obtain seed keys, cannot obtain all keys by an attacker, and enhances the security of the keys.
The technical scheme provided by the invention realizes bidirectional identity authentication of the edge computing node by using the improved AES symmetric encryption algorithm, the hash algorithm and other algorithms, fully utilizes the advantages of high performance and flexibility of the symmetric encryption algorithm, avoids the phenomenon that a key attacker deduces an original seed key by using a wheel key by improving the AES algorithm, solves the bidirectional identity authentication problem of the edge computing node, ensures the safe and efficient communication of the edge node, can meet the requirements of high dynamic and low time delay of edge computing, and can safely and quickly finish the identity authentication between the nodes.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.

Claims (2)

1. An edge computing node identity authentication method based on an AES algorithm is characterized by comprising the following steps:
an initialization step, a registration authority is utilized to distribute ID for each edge service device in the network, and the generation of public and private key pairs of the edge service devices and the registration authority is completed;
a registration step, which is to complete the registration of the edge user requesting service and the generation of a master key;
the authentication step, the improved AES algorithm is used for realizing the bidirectional identity authentication of the edge user and the edge service equipment;
the improved AES algorithm comprises an improvement of a column mixing matrix, wherein the improved column mixing matrix A is:
Figure FDA0002517568430000011
wherein the modified column mixing matrix A is in the finite field GF (2)8) The inverse matrix above is the same as the modified column mixing matrix a;
the improved AES algorithm further comprises an improvement in key expansion, wherein the improved method of key expansion comprises:
from Wi-4、Wi-3、Wi-2、Wi-1Calculate Wi、Wi+1、Wi+2、Wi+3Wherein W isiFrom Wi-4And Wi-1Is calculated to obtaini+1From WiAnd Wi-2XOR to obtain Wi+2、Wi+3Not related to the key of the previous round but directly determined from the key of the current round, Wi+2From WiAnd Wi+1XOR to obtain Wi+3From Wi+1And Wi+2Obtaining an exclusive or;
exchanging the third word of each round of key with the third word of the previous round of key, wherein the exchanged key is used as a new round of sub-key;
wherein the initializing step specifically comprises:
the registry assigns a unique ID to each edge service device in the networkESAnd using the private key sRAThe signature is sent to the edge service equipment;
the edge service equipment receives the private key s of the registration authorityRAAfter signing, using public key p of said registration authorityRAA verification message;
the registry and the edge service equipment respectively have respective public and private key pairs, and the private keys are respectively kept, the edge service equipment also has a public key of the registry, and the registry also has a public key of the edge service equipment;
the registration step specifically includes:
the edge user requesting service sends the ID of the edge user to the registryEU
The registration authority checks the received ID of the edge userEUWhether it has already been registered;
if the registration is already carried out, the step of the registration is stopped;
the registering step further specifically includes:
if not, the registration mechanism randomly selects a master key k for the edge userEUAnd sending to the edge user;
the registration mechanism calculates the key k of the edge service equipment under the current edge user conditionES=H(IDE,IDES,kEU) And using the public key p of the edge service deviceESEncrypting and then using the private key s of the registration authorityRAAfter signing, sending the signature to the edge service equipment; wherein H is a Hash algorithm; IDECalculating a network ID for the edge;
the edge service device uses the public key p of the registration authority after receivingRAVerifying whether the edge service equipment is maliciously tampered or not, and using a private key s of the edge service equipmentESDecrypting to obtain the key kESAnd stores the key kESID corresponding to the edge userEU
The authentication step further comprises:
the edge user picks a random number rEUAnd broadcasting the data to the network<helloEdge,IDEU,rEU>(ii) a The helloEdge is preset broadcast information sent by the edge user to the edge service equipment for requesting service;
the edge service device checks the ID of the edge user after receiving the broadcast dataEUIf not, stopping the process, if so, the ID of the edge user is associated withEUCorresponding said key kESTaking out;
the edge service equipment selects a random number rESAnd encrypted (r) using said improved AES algorithmEU,rES) Then reply to the edge user<IDE,IDEU,IDES,EkES(rEU,rES)>(ii) a Wherein E iskESRepresenting a key of kESAES encryption algorithm of (1);
the authentication step further comprises:
the edge user utilizes the received edge service equipment IDESAnd own IDE、kEUCalculating kESWherein k isES=H(IDE,IDES,kEU);
Said edge user using calculated kESDecrypting the encrypted data to obtain a decrypted random number, and comparing the decrypted random number with a transmitted random number rEUComparing, if equal, stopping the continuous execution, otherwise stopping the process;
the edge user selects random data as a session key ksEncrypting by using the improved AES algorithm, wherein the encryption key is rES
The edge user sends data to the edge service equipment<IDE,IDEU,IDES,ErES(ks,rES)>(ii) a Wherein E isrESRepresenting a secret key of rESAES encryption algorithm of (1);
the authentication step further comprises:
the edge service device uses rESFor received data<IDE,IDEU,IDES,ErES(ks,rES)>Decrypting to obtain the session key ks
If the decryption is successful and the received encryption key rESWith said key kESIf the two are equal, the authentication is completed, otherwise, the process is stopped.
2. The AES-algorithm-based edge compute node identity authentication method of claim 1, wherein the registry is in a cloud and is responsible for registration and key distribution for each edge service device in the network.
CN201810172441.8A 2018-03-01 2018-03-01 AES algorithm-based edge computing node identity authentication method Expired - Fee Related CN108173882B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810172441.8A CN108173882B (en) 2018-03-01 2018-03-01 AES algorithm-based edge computing node identity authentication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810172441.8A CN108173882B (en) 2018-03-01 2018-03-01 AES algorithm-based edge computing node identity authentication method

Publications (2)

Publication Number Publication Date
CN108173882A CN108173882A (en) 2018-06-15
CN108173882B true CN108173882B (en) 2020-07-31

Family

ID=62510866

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810172441.8A Expired - Fee Related CN108173882B (en) 2018-03-01 2018-03-01 AES algorithm-based edge computing node identity authentication method

Country Status (1)

Country Link
CN (1) CN108173882B (en)

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109246209B (en) * 2018-08-30 2019-07-09 张家口市金诚科技有限责任公司 Forestry Internet of Things secure communication management method
CN111371730B (en) * 2018-12-26 2021-11-30 中国科学院沈阳自动化研究所 Lightweight authentication method supporting anonymous access of heterogeneous terminal in edge computing scene
CN109873815B (en) * 2019-01-28 2021-07-02 西安电子科技大学 Heterogeneous Internet of things authentication method based on edge computing and Internet of things security platform
CN111049814B (en) * 2019-12-04 2021-09-28 苏州大学 Method for computing and verifying pollution attack in edge computing environment
CN110958111B (en) * 2019-12-09 2023-09-08 广东电网有限责任公司 Block chain-based identity authentication mechanism of electric power mobile terminal
CN111147472B (en) * 2019-12-23 2023-02-28 全球能源互联网研究院有限公司 Lightweight authentication method and system for intelligent electric meter under edge computing scene
CN111182551B (en) * 2020-01-07 2022-09-02 中国联合网络通信集团有限公司 Network security protection method and system
CN111294352B (en) * 2020-02-03 2022-06-14 国家工业信息安全发展研究中心 Data security authentication method between cloud and edge node
CN111355745B (en) * 2020-03-12 2021-07-06 西安电子科技大学 Cross-domain identity authentication method based on edge computing network architecture
CN111935714B (en) * 2020-07-13 2022-11-22 兰州理工大学 Identity authentication method in mobile edge computing network
WO2022067654A1 (en) * 2020-09-30 2022-04-07 Lenovo (Beijing) Limited Key-based authentication for a mobile edge computing network
CN112347513B (en) * 2020-11-13 2024-02-13 北京科技大学 Block chain node identity authentication method and system based on channel state information
CN112637298B (en) * 2020-12-15 2022-03-04 中国联合网络通信集团有限公司 Authentication method and member node
CN112866197A (en) * 2020-12-31 2021-05-28 北京安御道合科技有限公司 Password edge calculation method and system for realizing security of terminal of Internet of things and terminal
WO2023070433A1 (en) * 2021-10-28 2023-05-04 Apple Inc. Authentication between wireless devices and edge servers

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102970679A (en) * 2012-11-21 2013-03-13 联想中望***服务有限公司 Identity-based safety signature method
CN106203047A (en) * 2016-07-08 2016-12-07 钟林超 A kind of movable storage device with identification verification function

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9806886B2 (en) * 2013-01-21 2017-10-31 Alcatel Lucent Service plane encryption in IP/MPLS networks

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102970679A (en) * 2012-11-21 2013-03-13 联想中望***服务有限公司 Identity-based safety signature method
CN106203047A (en) * 2016-07-08 2016-12-07 钟林超 A kind of movable storage device with identification verification function

Also Published As

Publication number Publication date
CN108173882A (en) 2018-06-15

Similar Documents

Publication Publication Date Title
CN108173882B (en) AES algorithm-based edge computing node identity authentication method
CN108234501B (en) Quantum key fusion-based virtual power plant secure communication method
CN108989053B (en) Method for realizing certificateless public key cryptosystem based on elliptic curve
CN109584978B (en) Information processing method and system based on signature aggregation medical health monitoring network model
CN107947913B (en) Anonymous authentication method and system based on identity
CN109600233B (en) Group signature label issuing method based on SM2 digital signature algorithm
CN110113155B (en) High-efficiency certificateless public key encryption method
CN107659395B (en) Identity-based distributed authentication method and system in multi-server environment
CN110650017B (en) Non-bilinear pairing multi-message multi-receiver signcryption method and Internet of things communication system
CN107294696B (en) Method for distributing full homomorphic keys for Leveled
CN110999202A (en) Computer-implemented system and method for highly secure, high-speed encryption and transmission of data
CN114268439A (en) Identity-based authentication key negotiation method based on lattice
Wang et al. Provably secure and efficient identification and key agreement protocol with user anonymity
CN115695007A (en) Lightweight authentication key exchange method suitable for metachrosis electric power transaction
Harn et al. General logic-operation-based lightweight group-key distribution schemes for Internet of Vehicles
CN110932856B (en) Verifiable quantum key negotiation method
CN112118569B (en) Group authentication method and system in asynchronous group communication of LTE network machine type communication equipment
CN106487502B (en) Lightweight key negotiation method based on password
CN116055136A (en) Secret sharing-based multi-target authentication method
KR20040013966A (en) Authentication and key agreement scheme for mobile network
CN109412815B (en) Method and system for realizing cross-domain secure communication
CN114070549A (en) Key generation method, device, equipment and storage medium
CN114070570A (en) Safe communication method of power Internet of things
CN113312647A (en) Multi-agent data sharing method based on block chain storage
Wang et al. A design for cloud-assisted Fair-Play Management System of online contests with provable security

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20200731

CF01 Termination of patent right due to non-payment of annual fee