CN109995531A - The anti-deception measures of Beidou II system protected based on domestic password and spread spectrum information - Google Patents
The anti-deception measures of Beidou II system protected based on domestic password and spread spectrum information Download PDFInfo
- Publication number
- CN109995531A CN109995531A CN201811551684.9A CN201811551684A CN109995531A CN 109995531 A CN109995531 A CN 109995531A CN 201811551684 A CN201811551684 A CN 201811551684A CN 109995531 A CN109995531 A CN 109995531A
- Authority
- CN
- China
- Prior art keywords
- information
- spread spectrum
- key
- navigation
- certification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Mathematical Physics (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Physics & Mathematics (AREA)
- Pure & Applied Mathematics (AREA)
- Algebra (AREA)
- Computing Systems (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Position Fixing By Use Of Radio Waves (AREA)
Abstract
The invention patent relates to field of information security technology for this, design a kind of scheme of anti-deception of Beidou D2 navigation message protected based on domestic password and spread spectrum information.Newcomer of the Beidou Navigation System as GNSS, positioning principle were similar to GPS in recent years.It is disclosed in crowd since the signal parameter and message structure of civil signal have passed through associated documents, therefore deception side is easily manufactured curve and starts spoofing attack, to control and receive the positioning result of machine and cause extremely serious consequence.The present invention is used to generate authentication information using domestic cryptographic algorithm (SM2, SM3 and SM4), to detect spoofing attack.In addition, the present invention will sign and other authentication informations carry out information protection by way of band spectrum modulation, to prevent authentication information from distorting.The present invention carries out emulation experiment by MATLAB and OpenSSL platform, and experimental result shows that the present invention can resist spoofing attack.
Description
Technical field
It is a kind of based on the Beidou II of domestic password and spreading code navigation electricity the present invention relates to field of information security technology
The safety certification scheme of text.
Background technique
Beidou Navigation System is the Global Satellite Navigation System that China independently establishes and develops.With dipper system construction and
The raising of service ability, Related product are widely used to all trades and professions, gradually penetrate into the side of social production and people's life
Aspect face, for China's economy and society development injection new vitality.Therefore, the safety for ensureing satellite navigation signals, for
It is most important for family.
1. satellite navigation information spoofing attack
But in recent years, with the continuous development of science and technology, Global Satellite Navigation System has gradually received deception and has attacked
The influence hit.By taking GPS as an example, the unmanned plane of United States Air Force is successfully captured by Cheating Technology in Iran in 2011, makes its drop
It falls within Iranian domestic.In January, 2016, Iran successfully cheats U.S.'s guard boat by GPS Cheating Technology, causes a deviation from course line,
Drive into Iranian waters.In academia, Todd professor Humphreys in the U.S. successfully demonstrates GPS in U.S. white sand base and takes advantage of
It out-tricks journey;And the scientist Koichi Chino of Japan successfully elaborates to take advantage of its national satellite QZSS dynamic in its paper
It out-tricks journey.Therefore the newcomer as Global Satellite Navigation System, there is also cheated wind for Beidou Navigation System
Danger, this nothing have buried safely great hidden danger suspected of China's civilian installation.
For satellite-signal, deception mode is broadly divided into relay type deception and production cheats both.Forwarding
Formula deception refers to that received signal information was forwarded in the past for deception side, so that cheated receiver obtains mistake
Temporal information, to influence its positioning.And production deception refers to that deception side distorts basic navigation information and is sent to, so that
It is spoofed position and temporal information that receiver obtains mistake, directly affects or even can control its positioning result.The two is all right
Navigation system constitutes serious threat.
2. cryptographic algorithm
Anti- fraud schemes based on cryptographic algorithm are that nowadays a kind of more common scheme, the present invention devise a kind of base
In the anti-fraud schemes of cryptography, cryptographic algorithm therein includes SM2, SM3 and SM4.The characteristic of these three passwords such as 1 institute of table
Show.
The feature of the different Encryption Algorithm of table 1
SM2 algorithm was issued in 2012.It using private key to encrypting in plain text, and output ciphertext is known as signing, and ciphertext can
It is also referred to as authenticated with the process by public key decryptions, the decryption.The encryption intensity of SM2 algorithm is higher than RSA-2048 algorithm and adds
Close speed is faster than RSA-2048 algorithm.SM2 elliptic curve parameter is as shown in table 2, specific ciphering process and decrypting process ginseng
See national standard GB/T 32918.
2 SM2 elliptic curve parameter of table
Wherein, p represents prime number, and a and b confirm elliptic curve equation, (xG, yG) be basic point coordinate.N is the stage of basic point.
The clear data for being not fixed length can be generated the cryptographic Hash of regular length by SM3 algorithm.Different clear datas
Under the calculating of same hash algorithm, different cryptographic Hash can be generated.SM3 hash function mainly includes three processes, is respectively
Three data filling, Iteration Contraction and output parts, specific algorithm are detailed in standard national standard GBT 32905.
SM4 algorithm is block cipher.Its encrypting plaintext data length is 128, and key length is 128, output
Ciphertext length 128.Encryption Algorithm and key schedule are all made of 32 wheel nonlinear iteration structures.Decipherment algorithm and encryption are calculated
Method structure is identical, and the round key sequence that only round key used in decrypting process and ciphering process use is on the contrary, it is specific
Ciphering process is referring to national standard GB/T 32907.
3.D2 navigation message introduction
BD-II navigation message includes D1 navigation message and D2 navigation message.In Beidou II navigation system, although sending
The number of satellite of D1 navigation message is much larger than the number of satellite for sending D2 navigation message, but for receiver, receives
The quantity of D2 navigation message is much larger than D1 navigation message.This is because the information rate of D2 navigation message is 500bps, and D1 is led
The information rate of avionics text is 50bps.Therefore, other disturbing factors are not considered, and receiver, which is more likely to selection D2 navigation message, to be come
Determine self-position.
Basic navigation information includes the location information of satellite.The position of receiver can be believed by the basic navigation of 4 satellites
Breath and temporal information are calculated, and other information is for improving positioning accuracy.In conclusion anti-deception side designed by the present invention
Case mainly for the protection of D2 navigation message basic navigation information and temporal information.
Beidou D2 navigation message is made of superframe, prime frame and subframe.Each superframe is 180000 bits, lasts 6 minutes, often
A superframe is made of 120 prime frames, and each prime frame is 1500 bits, lasts 3 seconds, each prime frame is made of 5 subframes, every height
Frame is 300 bits, lasts 0.6 second, and each subframe is made of 10 words, and each word is 30 bits, lasts 0.06 second.Basic navigation
Information is sent by ten continuous subframes 1, this ten continuous subframes 1 are referred to as one group of subframe 1, this group of subframe 1 is included
Basic navigation information is sent by 10 page timesharing, and specific structure is as shown in Figure 1.
The present invention will authenticate satellite navigation information to prevent from being spoofed attack, in terms of primary authentication following two
Content:
A) satellite position information authenticates, that is, verifies the authenticity of basic navigation information.
B) satellite time authentification of message, i.e., the second counts the authenticity and continuity of (SOW) in verifying week.
In conjunction with the characteristic that ten page timesharing of basic navigation information point are sent, i.e. every ten (ten continuous pages of continuous subframes 1
Face) transmission primaries be one group of complete basic navigation information.For SOW certification it is necessary to being divided into for every group subframe 1 (ten
Continuous page) SOW certification and organize in subframe 1 (each page) SOW certification, the former be known as group a time certification, after
Person is known as page time certification.
The function of group time certification is detection basic navigation information with the presence or absence of a possibility that distorting.According to Beidou II control
The regulation of interface (BD-II ICD) file processed, basic navigation information at least update primary per hour.Wish that receiver will in deception side
The variation of basic navigation information is considered as the update of a basic navigation information in deception textual information.In this case, it receives
Chance normally updates basic navigation information and the positioning result of its output can be controlled gradually the side of being spoofed.But at this
In the process, the continuity for organizing the time is destroyed, so, it organizes time authenticity and continuity certification can be to basic navigation information
Whether it is tampered and is prejudged.
The function of page time certification is whether the information of subframe 1 in detection group (each page) is continuous, so that detection is taken advantage of
Whether the side of deceiving carries out spoofing attack since certain pages in group.If page time authenticates the information successfully illustrated in group
It is continuous reliable;Otherwise, illustrate that information can suffer from spoofing attack in group.
Summary of the invention
The present invention mainly starts with from two angles of time certification and signature authentication, and whether the received information of analysis receiver institute
To cheat information.All authentication information is by by way of encryption and the mode of Information Spread spectrum is protected simultaneously, thus
Guarantee the safety of authentication information.The content of present invention is by encipherment protection, spread spectrum information protection, cipher key delivery, transmission process and connects
Five parts of verification process are received to be described.
1. the encipherment protection of group time certification information and band spectrum modulation generator polynomial (SSMGP) information
Certification for temporal information, including group time certification and page time certification.Wherein organize time certification information
Mainly it is protected by way of encryption.The process of group time certification is mainly that the SOW of upper one group of subframe 1 is 12 low
Information is combined, and is encrypted and be sent in next group of subframe 1.After receiving next group of subframe 1, by decrypting ciphertext
Obtain the SOW information of one group of subframe 1.The SOW information can be compared with the SOW information received before, if unanimously, saying
Time Continuous between bright group;Otherwise, then time continuity is destroyed between illustrating group, receiver may be blocked signal attack or
The attack of person's curve.
Other than group time certification information, also band spectrum modulation generator polynomial (SSMGP) information is carried out in ciphertext
Protection.The main function of SSMGP is demodulated to the spread spectrum information of insertion, so that user obtains the certification in spread spectrum information
Information.
A) the structure of ciphertext
Cipher-text information mainly includes that SSMGP information and group time certification information, structure are as shown in Figure 2.SSMGP is used for
Spread spectrum information between demodulation insertion subframe 1 and 2.In view of satellite system generated usually using 11 grades of shift registers it is pseudo- with
Machine code sequence, the present invention generate SSMGP using 11 grades of shift registers.In addition, receiver has preset SSMGP code book, each
SSMGP all correspond to an ID, the ID long 8.The id information just refers to the SSMGP information in ciphertext.According to the ID in ciphertext, i.e.,
It can determine corresponding SSMGP.
Whether group time certification information is continuous for verifying current this group of subframe 1 and upper one group of subframe 1.In group authentication information
Low 12 comprising each page SOW in upper one group of subframe 1.Since each group of subframe 1 includes 10 pages, then authentication information is organized
Totally 120.As shown in Fig. 2, 8 id informations of concatenation and 120 authentication informations are 128 total.128 information are as logical in plain text
SM4 algorithm is crossed to be encrypted.
B) the storage of ciphertext content
According to the frame structure requirement in BD-II ICD, the reservation for going replacement each page different 128 cipher-text informations
Position, specific replacement position are as shown in table 3.
The replacement position of 3 ciphertext of table and reserved bit
2. spread spectrum information is protected
The purpose of signing messages and page time authentication information progress band spectrum modulation is the peace in order to protect authentication information
Quan Xing, while pre- anti-fraud side shifts to an earlier date the authentication information for extracting from noise and being spread across modulation.In the present invention, when deception side initiates
When spoofing attack, the continuity of navigation information will be destroyed, and page time authentication information will detect this unusual condition simultaneously
There are cheated possibilities for received textual information instantly for advance notice receiver.In addition, if basic navigation is modified by deception side
Information, signing messages in the present invention in spread spectrum information will authentification failure, inform the receiver received navigation message of institute instantly
Information is insincere.
A) spread spectrum information content
The digest value of basic navigation information is generated by SM3 algorithm, and the signature made a summary is generated by SM2 algorithm.Each group of son
The basic navigation information of frame 1 can be authenticated by the signature in spread spectrum information, and verification process is as shown in Figure 3.Signature
Length is 512, and is split into 10 parts, and each part includes 51 or 53 information.The spread spectrum of each page is believed
Signing messages digit included in breath is as shown in table 4.
The content of 4 spread spectrum information of table
In one group of subframe 1, because the high significance bit of major part in SOW is identical, page time authentication information
Several low orders only comprising the SOW in a upper subframe 1.Previous page included in the spread spectrum information of each page
SOW low-order information digit is as shown in table 4.As shown in figure 4, after receiver demodulates spread spectrum information, obtained page time certification
Information will be compared with the corresponding SOW information in a upper subframe 1.If than more consistent, instruction page information it is continuous and
Temporal information is reliable;Otherwise, instruction page information has the possibility by block signal or curve attack.
B) spread spectrum information structure
During information transmission, spread spectrum information may be occurred by the interference of noise so as to cause certain information
Mistake.Such case occurs in order to prevent, present invention inserting correcting code in spread spectrum information.The present invention program using BCH (15,
11,1) checking algorithm, the algorithm is consistent with checking algorithm used in navigation message, to avoid calculating because introducing new verification
Method and the hardware burden that may cause.During the transmission of spread spectrum information, 11 data are inputted to BCH (15,11,1) algorithm, are led to
Calculating is crossed, output 4 are used as error correcting code.The overall structure of spread spectrum information is as shown in Figure 5.
3. cipher key delivery
In D2 navigation information, sign by SM2 public key verifications, ciphertext is decrypted by SM4 key.In the certification phase of navigation information
Between, SM2 public key is used for signature verification, and SM4 key is decrypted for ciphertext.
User can obtain these keys by two ways.One is the short message services for passing through Beidou Navigation System
(SMS) mode, another kind are by way of digital certificate on downloading internet.The network environment locating for the receiver is preferable
When, key can be obtained using digital certificate;When the network environment locating for the receiver is poor, it can be obtained using SMS
Key.
The renewal process of SM4 key is as shown in Figure 6.It will be in master key parameter and acquired more new information during this
The number of iterations can determine SM4 key updating result as input.Wherein, all receivers all save 256 identical master it is close
Key, protection of the master key by high strength encrypting algorithm.Master key and high-intensitive cryptographic algorithm be only known to receiver manufacturer,
Do not disclosed to the public;The number of iterations is saved in more new information.In SM4 key updating process as shown in FIG. 6,
SM4 Encryption Algorithm uses fixed master key as encryption key, while master key being used to be encrypted repeatedly as plaintext, adds
Close number is determined by the number of iterations.Whole process has detailed narration in SM4 national standard GB/T 32907-2016.
In entire renewal process, only this parameter of the number of iterations is not known to user, and user needs to pass by key
Defeated information determines the parameter.Therefore, during cipher key delivery, as long as transmission the number of iterations information, user can obtain in time
Obtain SM4 key.Even if third party obtains iterative parameter, but due to lacking master key parameter, third party can not also be calculated
SM4 key, it ensure that the safety of SM4 key.
A key updating) is carried out by SMS
The integrality of preset-key can be checked when receiver updates public key and the number of iterations information, recipient by SMS.Often
A receiver has a unique corresponding preset data packet, which includes preset-key and preset-key authentication information.
The data packet is transmitted by master key encryption, can be under the website of receiver manufacturer when user uses receiver for the first time
Carry data packet.
As shown in fig. 7, the master key of cryptographic key protection module protection can be passed through when receiver has downloaded encrypted data packet
To packet decryption and obtain packet content.Preset-key and key authentication information, certification letter are contained in the packet
Breath is the digest value of preset-key, also referred to as abstract 1.Another digest value is known as abstract 2, it uses SM3 algorithm pair by receiving end
Preset-key in data packet obtains after calculating.If abstract 1 is identical as abstract 2, receiver is downloaded before saving from website
Preset data packet, otherwise delete preset data packet, and re-download data packet.After key updating completion, receiver will
It will be deleted preset-key and retain encrypted preset-key packet, in case next time uses.
When receiver is by SMS more new key, recipient will be decrypted in preset data Bao Bingcong data packet by master key
Obtain preset key.During passing through SMS key updating and updating digital certificate, related key type is more, is
It is easy to understand, association key abbreviation is as shown in table 5.
Key abbreviation meaning in 5 SMS of table transmission
As shown in fig. 7, receiver control centre will be sent out to the ground when receiver needs to update KeyPublic and NITER
Send the solicited message with their own ID.The solicited message passes through KeyPreset encrypted transmission;When ground control centre receives
When the solicited message of encryption, control centre can obtain from preset-key database accordingly according to the ID of recipient
KeyPreset;At the same time, the signature of KeyPublic, NITER and IDgroupkeys are generated by KeyPrivate;
KeyPublic, IDgroupkeys and its signature are transferred to receiver after encrypting by KeyPreset;When receiver obtains ciphertext
When, receiver will be decrypted it to restore KeyPublic, and pass through received KeyPublic verifying signature.If verifying at
Function then updates IDgroupkeys (comprising KeyPublic and NITER);If authentication failed, recipient will abandon this KeyGroup
And signature, and control centre sends request to the ground again.
B key updating) is carried out by digital certificate
The digital certificate being used in the present invention meets standard X.509.The certificate include version number, certificate serial number,
Validity, theme public key information, issuer title and subject name.Public key information is current comprising KeyPublic and for generating
The NITER of symmetric key.Subject name is the Code Number of the key management department of ground control centre.Certificate serial number is
The correspondence ID of KeyGroup.After certificate expired, user needs through internet more new authentication.The validity time of certificate is by ground
Control centre determines.
4. information transmission process
As shown in figure 8, SSMGP and upper group of authentication information, which all pass through the encryption of SM4 key, obtains ciphertext.Cipher-text information will combine
Table 3 is substituted into subframe 1 in corresponding reserved place.Meanwhile it being inserted into synchronizing sequence in the tail portion of each subframe 1, to prompt
Receiver receives the spread spectrum information next to be transmitted.In addition, basic navigation information generates digest value by SM3 algorithm, this is plucked
It is worth to generate by SM2 algorithm and signs.Signing messages can carry out splitting and being combined with page authentication information in conjunction with table 4.Group
The navigation information of information and addition ciphertext after conjunction all can generate respective error correcting code by BCH (15,11,1).Navigation information
Error correcting code is inserted into corresponding position according to the requirement in BD-II ICD, and error correcting code is inserted by the information after combination according to Fig. 2.Finally,
Both information are all modulated and are sent by respective spreading code.Time consumed by each step is as shown in table 6.
The time consumed by each step before information is transmitted of table 6
5. information receives verification process
Navigation information receives mainly to be comprised the following steps in verification process, and specific reception verification process is as shown in Figure 9.
A) after receiver receives all synchronizing sequences in subframe 1, spread spectrum information will be stored.In the present invention program
In, according to the regulation in BD-II ICD, D2 navigation message transmission rate 500bit/s, the spread spectrum information of every page of insertion 75bit,
Therefore the storage time of spread spectrum information is about 0.15 second.Subsequent receiver continues to the information of reconciliation tune frame 2.
B close in navigation information) after receiver, which is received, completes to receive and complete it BCH code verification to one group of subframe 1
Text will be extracted and is decrypted by SM4 key, and SSMGP and group time certification letter are obtained from the plaintext of decryption
Breath.SSMGP is used for the demodulation of spread spectrum information, and group time certification information is used for validation group time authenticity and continuity.In this hair
It is bright middle that group time certification information and the SOW in receiver 1 each page of received upper one group of subframe is (page totally 10 of 12 information low
Face, 120 total) be compared.If comparison result is completely the same, illustrate that 1 information time of subframe in two groups is true and connects
It is continuous, further verify the authenticity of page time and the integrality of continuity and basic navigation information.Otherwise, received satellite is led
Boat signal may suffer from block attacks or spoofing attack.
C) after demodulating to the spreading codes information of insertion, BCH verification is executed.To the information extraction page after verification
Face authentication information and signing messages.
D) in order to page time authenticity and continuity authenticate, by page authentication information withTable 4Corresponding
The low-order information of SOW compares in a upper subframe 1.If comparison result is completely the same, two page times are true and continuous, and
Continue the signing messages of verifying basic navigation;Conversely, receiving, satellite navigation signals may suffer from block attacks or deception is attacked
It hits.
E) use SM2 algorithm public key decryptions step C) in obtain signature.By the summary info of decryption and received base
The summary info of this navigation information is compared, if comparison result is completely the same, basic navigation information truth is credible;Conversely,
Basic navigation information is falseness, may be spoofed.It should be noted that the summary info of basic navigation information is calculated by SM3
Method is calculated.
In the case where not considering influence of noise, the certification of three types is shown in table 7: group time authenticity and continuous
Property certification, page time authenticity and it is successional certification and the certification to signing messages.
7 three kinds of authentication result analyses of table
Table 7 illustrates that the present invention program can detect spoofing attack, i.e. detection group time authenticity and company in terms of three
Continuous property, detection page time authenticity and continuity and the integrality (signature authentication) for verifying basic navigation information, each step
The time of consumption is as shown in table 8.
The time that each step consumes after the receipt of table 8
The core of the present invention program be verification time information (group time and page time) authenticity and continuity and
Verify the integrality of basic navigation information.The present invention needs to carry out the certification of navigation information in both cases.First when basic
When no change has taken place for navigation information (not updating in one hour), it is only necessary to primary successfully certification, and retain by recognizing
The basic navigation information of card;Secondly when basic navigation information changes, it is necessary to verify its integrality in time.
If recipient be not to the authentication requesting of navigation information it is too high, only need to the authenticity of group time and continuous
Property is authenticated.The authenticity and continuity of page time information do not need constantly to be verified in the whole process, at this time
The required verification time will be reduced.The authenticated time in the case of two kinds is shown in table 9.
Required authenticated time under 9 different demands of table
To sum up, according to the different demands of confrontation deception degree, user can choose suitable certificate scheme to reduce certification
Time.
Detailed description of the invention
Basic navigation information in Fig. 1 D2 navigation information
Fig. 2 ciphertext structure
The certification of Fig. 3 basic navigation information
The certification of Fig. 4 page time continuity
Fig. 5 spread spectrum information structure
Fig. 6 SM4 key updating process
Fig. 7 SMS carries out key updating process
The process of Fig. 8 information transmission
The verification process of Fig. 9 reception information
Figure 10 experimental framework
Figure 11 CNR time distribution map
Figure 12 signal modulation process
Figure 13 signal demodulating process
Figure 14 certification rate of the present invention
Specific embodiment
The software platform of system testing of the invention be mainly based upon Visual Studio-OPENSSL (cryptopart) with
And MATLAB (information transmitting and receiving portion) this two parts.Wherein computer 1 is based on Visual Studio-OPENSSL,
Plaintext ciphering process, ciphertext decrypting process, signing messages generating process and signing messages verification process are emulated, calculated
Machine 2 to the simulation process for adding channel of making an uproar and emulates the information process of transmitting terminal and receiving end based on MATLAB.
In an experiment, other relevant parameters are as shown in table 10.
10 laboratory apparatus relevant parameter of table
In order to verify the validity of the present invention program, specific simulation process under experimental framework as shown in Figure 10 into
Row.Specific experiment process and experimental result are as follows:
1. key generates
Elliptic curve parameter in SM2 algorithm has been expressed in the summarized section.According to these parameters, SM4 key, SM2
Public key and SM2 private key are as shown in table 11.
The key that table 11 SM2, SM4 are generated
2. information encrypts
Ciphertext is made of SSMGP information and group time certification information.Difference in this emulation, in the code book of SSMGP
SSMGP refers to that different satellites correspond to pseudorandom number generation multinomial in BD-II ICD.The satellite number of different satellites indicates not
With the ID of SSMGP information.In the present invention program, SSMGP uses the PN code of satellite No.13, therefore id information is 13 (hexadecimals
It is down 0D).Specific cleartext information and the cipher-text information of encrypted generation are as shown in table 12.
The ciphertext of table 12 plaintext to be encrypted and generation
3. signature generates
The signature of basic navigation information is generated by the private key of SM2 algorithm, the summary info and A.L.S. of basic navigation information
Breath is as shown in table 13.
The signature of table 13 and abstract
4. generating the satellite navigation information for having authentication function
The synchronizing sequence for being attached to 1 tail portion of subframe is " 1111100110101 ", and the synchronizing sequence of normal textual information is all bar
Gram code.All respective error correcting code can be generated by BCH (15,11,1) to spread spectrum information and the navigation information for adding ciphertext.Navigation
The error correcting code of information is inserted into corresponding position according to the requirement in BD-II ICD, is inserted into error correcting code according to Fig. 5 to spread spectrum information.
Finally, 1 information of normal navigation information subframe is 300 bits, and it to spread spectrum information is 75 bits that each subframe 1 is corresponding.
5. transmission process
Add in channel of making an uproar in designed, the noise of addition is white Gaussian noise.Satellite is led according in BD-II ICD
The relevant parameter requirement of boat signal, the centre frequency of designed BD-II signal (B1I) are 1561.098MHz, 1dB bandwidth
For 4.092MHz, sample frequency 8191429.602Hz.Simultaneously according to the derivation of equation in pertinent literature, carrier-to-noise ratio (CNR) and letter
It makes an uproar and is than the relationship between (SNR)
Figure 11 show the CNR change that receiver receives No. 2 satellites in September, 2017-5 times of No. 10 2 pms
Change figure, the CNR that is averaged is 43.4209dB.Then according to formula (1), when CNR is 43.4209dB, SNR is -23dB.Therefore believing
It makes an uproar than under -23dB, the modulation and demodulation of satellite-signal are as shown in Figure 12 and Figure 13.
6. signal receives and verification result analysis
In simulations, after receiving information completion BCH error correction, navigation information is started to verify.Verification result analysis
Mainly start with from verifying time-consuming and certification the two parts of Success Rate Analysis.
A) verifying is time-consuming
In the present invention, it in order to reach anti-deception purpose, is added to normal signal and sends and receives.The time such as table of consumption
14 and table 15 shown in.
Time loss before the transmission of table 14
The received time loss of table 15
B) certification rate Success Rate Analysis
Since the present invention is the anti-fraud schemes based on Encryption Algorithm, theoretically, when there is no noise to cause information dislocation
It mistakes, authentication result is accurate.Therefore, noise signal not only will affect the error correction result of BCH, but also will affect and authenticate successfully
Rate (PD).In an experiment, when SNR is gradually reduced, the certification success rate of the program is as shown in figure 14.
Certification success rate, group time certification success rate and the page time certification success rate of signature are P1, P2 and P3 respectively.
In Figure 14, when SNR is lower than -33dB, P1 begins lower than 100%.When SNR is lower than -35dB, P1, P2 and P3 are below
100%.Therefore, in order to guarantee that the program can operate normally, the SNR that receiver receives satellite-signal cannot be below -35dB
(CNR is not less than 31.11dB).
In general, in the lower situation of signal-to-noise ratio, signature authentication information is easier to be influenced by noise.But
In view of satellite at least 1 hour update cycle repeated broadcast basic navigation information.Once basic navigation information is updating
It is authenticated successfully once, then can retain and using the information until next basic navigation information update, to avoid in period
Repeatedly verification process.In addition, being more than some in the authentication rate of P1, P2 and P3 when the demand for security of user is not high
When threshold value, it is also assumed that authenticating successfully, which can be determined based on the demand for security of user itself.
By analysis of experimental results it is found that according to the requirement of Beidou RDSS, the CNR that receiver receives signal is greater than
35dB, in this case, the present invention can be used normally.Further for the different receiver of demand for security, the present invention can also
To optimize and revise the spoofing attack to resist for Beidou II D2 navigation message.
Claims (6)
1. a kind of anti-deception measures of Beidou II D2 navigation message protected based on domestic cryptographic algorithm and spread spectrum information, special
Sign is:
1) satellite position information in Beidou navigation text is authenticated, i.e. basic navigation information is protected.For basic navigation
Information carries out information protection by the way of signature authentication, and signing messages is transmitted to transmission together with satellite navigation information.
2) for the satellite time authentification of message in Beidou navigation text, the main protection considered for second count information in week.
For second count information in week, by the way of information encryption and the mode of Information Spread spectrum carries out information protection, and ciphertext is believed
Breath sends jointly to user in company with text with spread spectrum information.
1) and 2) 3) for part-time authentication information in, information protection is carried out by the way of Information Spread spectrum, guarantees certification
The safety of information.1) and 2) in addition, in, key information relevant to verification process, design based on Big Dipper short message and
The key updating mode of digital certificate.
4) 1) treatment process of various satellite navigation informations in, 2) He 3) is emulated, while builds satellite navigation signals
Propagate emulation platform, the lowest signal-to-noise that the measurement program can be realized successfully.
2. being authenticated according to the location information that right 1 is described, it is characterised in that: basic navigation information is mainly passed through SM3 algorithm
Digest value is generated, digest value is generated using SM2 algorithm and is signed, signing messages is split as 10 parts, is put into subframe 1 and son
Between frame 2, information transmission is carried out finally by the mode of band spectrum modulation.
3. the temporal information described according to right 2 authenticates, it is characterised in that: by temporal information certification be divided into group time certification with
And page time certification.Whether the temporal information that group time certification detects every group of subframe 1 is true and continuous, by every group of 10 pages
Low 12 SOW are combined and through SM4 encrypting storing, then the reserved bit in ciphertext and subframe 1 is replaced, thus by ciphertext and text
It is sent to receiver.Whether the temporal information of each page is true and continuous in every group of subframe 1 of page time authentication checks, passes through
Previous page SOW low-order information is added in the spread spectrum information of insertion and sends it to receiver, so that receiver be made to complete
Page time is authenticated.
4. being protected according to the spread spectrum information that right 3 is described, it is characterised in that: pass through the spread spectrum multinomial information of authentication information
SM4 algorithm for encryption is transferred to user, and wherein the reserved bit in cipher-text information and subframe 1 is replaced, so that authentication information be avoided to shift to an earlier date
It is intercepted and captured by third party, influences its safety.
5. the key updating process described according to right 3, it is characterised in that: in key updating process, use the short report of Beidou
Text and digital certificate can directly be updated SM2 public key and SM4 key, the authentification of message process based on short message
In, by information encryption and Information Signature certification in the way of ensure that transmission information integrality and confidentiality.
6. the simulation process described according to right 4, it is characterised in that: entire emulation includes information BCH error correction, and information interweaves
Coding, NH modulation, band spectrum modulation, the processes such as carrier modulation, the experimental results showed that, when signal-to-noise ratio is greater than -33dB, the program is all
It can achieve 100% certification rate.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811551684.9A CN109995531A (en) | 2018-12-18 | 2018-12-18 | The anti-deception measures of Beidou II system protected based on domestic password and spread spectrum information |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811551684.9A CN109995531A (en) | 2018-12-18 | 2018-12-18 | The anti-deception measures of Beidou II system protected based on domestic password and spread spectrum information |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109995531A true CN109995531A (en) | 2019-07-09 |
Family
ID=67128726
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811551684.9A Pending CN109995531A (en) | 2018-12-18 | 2018-12-18 | The anti-deception measures of Beidou II system protected based on domestic password and spread spectrum information |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109995531A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110488324A (en) * | 2019-09-03 | 2019-11-22 | 中国民航大学 | The anti-deception measures of Beidou II civil signal based on authentification of message |
| CN111465006A (en) * | 2020-04-08 | 2020-07-28 | 无锡职业技术学院 | Beidou short message encryption and decryption method based on ancestor algorithm and communication system |
| CN112291783A (en) * | 2020-10-28 | 2021-01-29 | 中国科学院空天信息创新研究院 | Text authentication method and system, sending end and receiving end |
| CN112291783B (en) * | 2020-10-28 | 2024-05-31 | 中国科学院空天信息创新研究院 | Text authentication method and system, transmitting end and receiving end |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107911160A (en) * | 2017-04-20 | 2018-04-13 | 武汉大学 | Beidou satellite navigation signal large-scale parallel real-time Transmission method and system |
| CN108270465A (en) * | 2017-12-25 | 2018-07-10 | 西安电子科技大学 | A kind of spectrum spreading method of anti-deceptive interference |
-
2018
- 2018-12-18 CN CN201811551684.9A patent/CN109995531A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107911160A (en) * | 2017-04-20 | 2018-04-13 | 武汉大学 | Beidou satellite navigation signal large-scale parallel real-time Transmission method and system |
| CN108270465A (en) * | 2017-12-25 | 2018-07-10 | 西安电子科技大学 | A kind of spectrum spreading method of anti-deceptive interference |
Non-Patent Citations (1)
| Title |
|---|
| ZHIJUN WU 等: "ECDSA-Based Message Authentication Scheme for BeiDou-II Navigation Satellite System", 《IEEE TRANSACTIONS ON AEROSPACE AND ELECTRONIC SYSTEMS》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110488324A (en) * | 2019-09-03 | 2019-11-22 | 中国民航大学 | The anti-deception measures of Beidou II civil signal based on authentification of message |
| CN111465006A (en) * | 2020-04-08 | 2020-07-28 | 无锡职业技术学院 | Beidou short message encryption and decryption method based on ancestor algorithm and communication system |
| CN111465006B (en) * | 2020-04-08 | 2022-08-30 | 无锡职业技术学院 | Beidou short message encryption and decryption method based on ancestor algorithm and communication system |
| CN112291783A (en) * | 2020-10-28 | 2021-01-29 | 中国科学院空天信息创新研究院 | Text authentication method and system, sending end and receiving end |
| CN112291783B (en) * | 2020-10-28 | 2024-05-31 | 中国科学院空天信息创新研究院 | Text authentication method and system, transmitting end and receiving end |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109493221B (en) | Method, device, network and storage medium for keeping transaction records secret in block chain | |
| CN107742212B (en) | Asset verification method, device and system based on block chain | |
| CN101136748B (en) | Identification authentication method and system | |
| US8391488B2 (en) | Method and apparatus for using navigation signal information for geoencryption to enhance security | |
| EP1714420B1 (en) | One way authentication | |
| AU2017258272B2 (en) | GNSS message authentication | |
| CN104618109B (en) | A kind of electric power terminal data safe transmission method based on digital signature | |
| CN109617693A (en) | The anti-deception measures of Beidou II system based on elliptic curve | |
| CN101931536B (en) | Method for encrypting and authenticating efficient data without authentication center | |
| CN103067402A (en) | Method and system for digital certificate generation | |
| US20030041241A1 (en) | Privacy data communication method | |
| Neish et al. | Design and analysis of a public key infrastructure for SBAS data authentication | |
| Neish et al. | Parameter selection for the TESLA keychain | |
| Wu et al. | TESLA-based authentication for BeiDou civil navigation message | |
| CN109995531A (en) | The anti-deception measures of Beidou II system protected based on domestic password and spread spectrum information | |
| KR20210108420A (en) | Location information providing system and method of providing location information | |
| CN110224810A (en) | A kind of method for anti-counterfeit of two dimensional code | |
| CN109889344A (en) | The transmission method and computer readable storage medium of terminal, data | |
| Ogundoyin | An Efficient, Secure and Conditional Privacy-Preserving Authentication Scheme for Vehicular Ad-hoc Networks. | |
| CN109633693A (en) | The anti-fraud schemes of Beidou II navigation system based on domestic password | |
| CN113761578A (en) | Document true checking method based on block chain | |
| JP5256103B2 (en) | Emergency information transmitter and receiver for digital terrestrial television broadcasting | |
| CN110488324A (en) | The anti-deception measures of Beidou II civil signal based on authentification of message | |
| CN110995671A (en) | Communication method and system | |
| US20210044435A1 (en) | Method for transmitting data from a motor vehicle and method for another vehicle to receive the data through a radio communication channel |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20190709 |