CN113630244A - End-to-end safety guarantee method facing communication sensor network and edge server - Google Patents

End-to-end safety guarantee method facing communication sensor network and edge server Download PDF

Info

Publication number
CN113630244A
CN113630244A CN202110796702.5A CN202110796702A CN113630244A CN 113630244 A CN113630244 A CN 113630244A CN 202110796702 A CN202110796702 A CN 202110796702A CN 113630244 A CN113630244 A CN 113630244A
Authority
CN
China
Prior art keywords
sensing node
edge server
key
information
session key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110796702.5A
Other languages
Chinese (zh)
Inventor
杨会峰
魏勇
黄镜宇
李建岐
尚立
张磊
李毅超
刘玮
崔俊彬
王俊卿
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
Information and Telecommunication Branch of State Grid Hebei Electric Power Co Ltd
Original Assignee
State Grid Corp of China SGCC
Information and Telecommunication Branch of State Grid Hebei Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, Information and Telecommunication Branch of State Grid Hebei Electric Power Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN202110796702.5A priority Critical patent/CN113630244A/en
Publication of CN113630244A publication Critical patent/CN113630244A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention is applicable to the technical field of power communication, and particularly relates to an end-to-end safety guarantee method facing a communication sensor network and an edge server. The method comprises the following steps: acquiring a key negotiation instruction sent by a first sensing node; judging whether the second sensing node is a sensing node in the local trust domain or not according to the key negotiation instruction; if so, generating a first session key, and respectively sending the first session key to the first sensing node and the second sensing node; if not, generating a second session key, sending the second session key to the first sensing node, and generating and sending cross-domain security verification information to the second edge server; the cross-domain security authentication information is used for instructing the second edge server to generate a second session key and sending the second session key to the second sensing node. According to the method, the intra-domain and cross-domain secure communication can be realized at the edge server end, so that the defect that cloud computing data is easy to intercept and attack is overcome.

Description

End-to-end safety guarantee method facing communication sensor network and edge server
Technical Field
The invention belongs to the technical field of power communication, and particularly relates to an end-to-end safety guarantee method facing a communication sensor network and an edge server.
Background
The communication sensing network is used as a sensing tip of the power Internet of things and is mainly used for collecting data monitored in a specific area and transmitting the data to a user in real time. However, in practical applications, due to limited node resources and operation in a wireless channel, a user faces security threats such as tracking itself, interception of data, and forgery when accessing a network to obtain data.
Because the environment of the communication sensor network is more and more complex, and the network attack mode is more and more diversified, the security authentication mechanism of the existing communication sensor network is more and more difficult to meet the security guarantee requirement of data transmission. At present, a computing task in a security guarantee mechanism is often completed in a cloud server, so that information transmitted by a wireless sensor is easier to intercept and analyze, and a security hole exists.
Disclosure of Invention
In view of this, embodiments of the present invention provide an end-to-end security assurance method facing a communication sensor network and an edge server, so as to solve the problem of a vulnerability in security assurance of the communication sensor network in the prior art.
A first aspect of an embodiment of the present invention provides an end-to-end security guarantee method for a communication sensor network, including:
applied to a first edge server, comprising:
acquiring a key negotiation instruction sent by a first sensing node; the key agreement instruction comprises basic identity information of the second sensing node;
judging whether the second sensing node is a sensing node in the local trust domain or not according to the basic identity information;
if so, generating a first session key according to the key negotiation instruction, and respectively sending the first session key to the first sensing node and the second sensing node;
if not, generating a second session key according to the key negotiation instruction, sending the second session key to the first sensing node, and generating and sending cross-domain security verification information to the second edge server; the cross-domain security verification information is used for indicating a second edge server to generate a second session key and sending the second session key to a second sensing node; the second edge server is an edge server of a trust domain where the second sensing node is located;
the first session key or the second session key is used for realizing the secure encrypted communication of the first sensing node and the second sensing node.
A second aspect of an embodiment of the present invention provides an edge server, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the steps of the end-to-end security method facing a communication sensor network as described above when executing the computer program.
A third aspect of the embodiments of the present invention provides a computer-readable storage medium, which stores a computer program, and when the computer program is executed by a processor, the computer program implements the steps of the end-to-end security assurance method for a communication sensor network as described above.
A fourth aspect of an embodiment of the present invention provides an end-to-end secure communication system facing a communication sensor network, including: a second edge server, a first sensing node, a second sensing node, and a first edge server as described above.
Compared with the prior art, the embodiment of the invention has the following beneficial effects: in this embodiment, a first edge server first obtains a key agreement instruction sent by a first sensing node; the key agreement instruction comprises basic identity information of the second sensing node; judging whether the second sensing node is a sensing node in the local trust domain or not according to the basic identity information; if so, generating a first session key according to the key negotiation instruction, and respectively sending the first session key to the first sensing node and the second sensing node; if not, generating a second session key according to the key negotiation instruction, sending the second session key to the first sensing node, and generating and sending cross-domain security verification information to the second edge server; the cross-domain security verification information is used for indicating a second edge server to generate a second session key and sending the second session key to a second sensing node; and the second edge server is an edge server of a trust domain where the second sensing node is located. According to the method, intra-domain and cross-domain end-to-end safe communication can be achieved at the edge server side, so that the defect that cloud computing data are easy to intercept and attack is overcome, and meanwhile, the computing, storing and communication burdens of the cloud server are reduced.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the embodiments or the prior art descriptions will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
FIG. 1 is a schematic structural diagram of an end-to-end security system facing a communication sensor network according to an embodiment of the present invention;
fig. 2 is a schematic flow chart of an implementation of an end-to-end security assurance method facing a communication sensor network according to an embodiment of the present invention;
fig. 3 is a schematic diagram of an edge server according to an embodiment of the present invention.
Detailed Description
In the following description, for purposes of explanation and not limitation, specific details are set forth, such as particular system structures, techniques, etc. in order to provide a thorough understanding of the embodiments of the invention. It will be apparent, however, to one skilled in the art that the present invention may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present invention with unnecessary detail.
In order to explain the technical means of the present invention, the following description will be given by way of specific examples.
In one embodiment, the system model provided by the invention consists of a trust domain, an edge server and a sensing node. A trust domain refers to a network of entities that operate in the same environment, are related to each other, and have the same security protection requirements and protection policies. For each trust domain, at least one edge server should exist to support end-to-end secure communication between sensing nodes in the trust domain or between sensing nodes across the trust domain. The edge server may be an edge gateway, an authentication server, a sink node, or the like, or may be a combination of several entities. In practical applications, the edge server may be deployed directly as an infrastructure. The sensing nodes represent the source and destination of messages in end-to-end communication. In the actual information transmission process, both the sensing node and the proxy server may be untrusted intermediate entities, such as a router and the like, and devices such as the router and the like may have threats, such as backdoor vulnerabilities and the like, to reveal transmission information, so that security authentication needs to be performed between the sensing node and the proxy server to achieve end-to-end security communication.
In one embodiment, the end-to-end secure communication system facing a communication sensor network provided by the embodiment includes a first sensor node, a second sensor node and an edge server. And if the first sensing node and the second sensing node are in cross-domain communication, one first edge server corresponding to the first sensing node and one second edge server corresponding to the second sensing node.
Specifically, fig. 1 shows an end-to-end secure communication system model facing a communication sensor network provided in this embodiment, and as shown in fig. 1, this embodiment simplifies the system model, and includes two trust domains, namely, a trust domain X and a trust domain Y. The trust domain X is provided with a first edge server and a plurality of sensing nodes, and the trust domain Y is provided with a second edge server and a plurality of sensing nodes. The embodiment is described by taking a peer-to-peer communication scenario of a pair of sensing nodes as an example. In a cross-domain communication scene, a sensing node 1 is selected from a trust domain X to represent a message source end in end-to-end communication, namely a first sensing node; and the selected sensing node 2 in the trust domain Y represents a destination end in end-to-end communication, namely a second sensing node. Messages sent between the first sensing node and the second sensing node need to be forwarded through the first edge server and the second edge server. In an intra-domain communication scene, a sensing node 1 in a trust domain X is selected to represent a message source end in end-to-end communication, namely a first sensing node, a sensing node 2 represents a destination end in end-to-end communication, namely a second sensing node, and messages sent between the first sensing node and the second sensing node are forwarded through a first edge server. In order to ensure the security of end-to-end communication, the first sensing node and the second sensing node need to encrypt/decrypt communication contents by negotiating a session key between the first sensing node and the second sensing node, and the edge server can assist and supervise a key negotiation process between the sensing nodes after passing bidirectional security identity authentication with the sensing nodes.
In an embodiment, as shown in fig. 2, fig. 2 shows an implementation flow of an end-to-end security assurance method facing a communication sensor network provided in this embodiment, where an execution subject of the method is a first edge server in the system of fig. 1, and a process of the method is detailed as follows:
s101: acquiring a key negotiation instruction sent by a first sensing node; the key agreement instruction includes basic identity information of the second sensing node.
S102: and judging whether the second sensing node is a sensing node in the local trust domain or not according to the basic identity information.
S103: and if so, generating a first session key according to the key negotiation instruction, and respectively sending the first session key to the first sensing node and the second sensing node.
S104: if not, generating a second session key according to the key negotiation instruction, sending the second session key to the first sensing node, and generating and sending cross-domain security verification information to the second edge server; the cross-domain security verification information is used for indicating a second edge server to generate a second session key and sending the second session key to a second sensing node; and the second edge server is an edge server of a trust domain where the second sensing node is located.
The first session key or the second session key is used for realizing the secure encrypted communication of the first sensing node and the second sensing node.
In one embodiment, before S101, the method further comprises:
s201: and acquiring a first digital signature sent by the first sensing node, and decrypting the first digital signature to obtain the identity verification information of the first sensing node.
S202: and performing bidirectional security authentication with the first sensing node according to the authentication information.
S203: and if the bidirectional security identity authentication with the first sensing node passes, executing the step of acquiring the key negotiation instruction sent by the first sensing node.
In an embodiment, before S201, the method provided in this embodiment further includes:
s401: acquiring a registration request sent by the first sensing node, wherein the registration request comprises basic identity information;
s402: generating a temporary private key of the first sensing node by adopting a method for generating a random number;
s403: generating an interactive temporary public key of the first sensing node by adopting an asymmetric encryption algorithm, and storing the interactive temporary public key and the temporary private key of the first sensing node;
s404: and sending registration information to the first sensing node, wherein the registration information comprises a temporary private key and an interactive temporary public key of the first sensing node, and a digital signature and a public key of the first edge server, so that the first sensing node verifies the digital signature of the first edge server according to the public key of the first edge server, and stores the registration information after the verification is passed.
In this embodiment, man-in-the-middle attack is a common intrusion mode in peer-to-peer communication. The attacker is used as a middle person to establish independent contact with two ends of communication respectively, so that two communication parties think that the communication parties keep normal communication connection with each other through a private connection, but the whole communication process is completely controlled by the attacker. The embodiment resists man-in-the-middle attack by mutually authenticating the two communication parties, and the initialization and the sensor node registration are the basis of mutual authentication of the two communication parties.
Specifically, the registration processes of the sensor nodes in the intra-domain communication scenario and the cross-domain communication scenario are respectively described as follows:
(1) the method comprises the following steps of registering an intra-domain communication sensing node:
step 1: first, when the first sensing node initially registers in the trust domain X, it will contain the basic identity information ID1Sends the registration request to a first edge server in a trust domain X, and then the first edge server selects a random number X1And the random number is used as a temporary private key of the first sensing node: PRK1=x1. Then, the first edge server obtains an interactive temporary public key through calculation of an asymmetric encryption algorithm:
Figure BDA0003163048930000061
and storing the temporary private key and the interactive temporary public key of the first sensing node into a cache table. Finally, the first edge server is directed toThe first sensing node sends registration information, wherein the registration information comprises: temporary private key x of first sensing node1Interactive temporary public key
Figure BDA0003163048930000062
Digital signature of first edge server, public key PUK of first edge serverA. Specifically, the asymmetric encryption algorithm selects a D-H (Diffie-Hellman, Diffie-Hellman key exchange) algorithm. The digital signature of the first edge server is a signature of a public key of the first sensing node
Figure BDA0003163048930000063
Step 2: first, the second sensor node initially registers in the trust domain X similar to the first sensor node. The second sensing node will contain the basic identity information ID2Sends the registration request to a first edge server in the trust domain X, and the first edge server selects a random number X2And the random number is used as a temporary private key of the first sensing node: PRK2=x2. Then, the first edge server obtains an interactive temporary public key through calculation of an asymmetric encryption algorithm:
Figure BDA0003163048930000071
and storing the temporary private key and the interactive temporary public key of the second sensing node into a cache table. Finally, the first edge server sends registration information to the second sensing node, wherein the registration information comprises: temporary private key x of second sensing node2Interactive temporary public key
Figure BDA0003163048930000072
Signature of first edge server on public key of second sensing node
Figure BDA0003163048930000073
Public key PUK of first edge serverA
And 3, after the first sensing node/the second sensing node receives the registration information sent by the first edge server, verifying the digital signature of the first edge server by adopting the public key of the first edge server, after the verification is passed, storing the registration information into a cache table by the sensing node, and completing the initialization and sensing node registration stages under the intra-domain end-to-end communication scene.
(2) Registering a cross-domain communication sensing node, specifically as follows:
step 1: first, the first sensing node initially registers in the trust domain X as in the intra-domain communication network model. The first sensing node will contain the basic identity information ID1Sends the registration request to a first edge server in a trust domain X, and then the first edge server selects a random number X1And the random number is used as a temporary private key of the first sensing node: PRK1=x1. Then, the first edge server obtains an interactive temporary public key through calculation of an asymmetric encryption algorithm:
Figure BDA0003163048930000074
and storing the temporary private key and the interactive temporary public key of the first sensing node into a cache table. Finally, the first edge server sends registration information to the first sensing node, wherein the registration information comprises: temporary private key x of first sensing node1Interactive temporary public key
Figure BDA0003163048930000075
Signature of first edge server on public key of first sensing node
Figure BDA0003163048930000076
Public key PUK of first edge serverA
Step 2: firstly, when the second sensing node initially registers in the trust domain Y, the second sensing node will contain the basic identity information ID2Sends the registration request to a second edge server in the trust domain Y, and then the second edge server selects a random number x2And the random number is used as a temporary private key of the second sensing node: PRK2=x2. The second edge server then passes the asymmetryCalculating an interactive temporary public key by using an encryption algorithm:
Figure BDA0003163048930000077
and storing the temporary private key and the interactive temporary public key of the second sensing node into a cache table. Finally, the second edge server sends registration information to the second sensing node, wherein the registration information comprises: temporary private key x of second sensing node2Interactive temporary public key
Figure BDA0003163048930000081
Signature of second edge server on public key of second sensing node
Figure BDA0003163048930000082
Public key PUK of second edge serverB
And 3, after the first sensing node receives the registration information of the first edge server, the second sensing node receives the registration information of the second edge server, the digital signatures of the edge servers are verified by the second sensing node respectively through the public keys, after the verification is passed, the first sensing node and the second sensing node respectively store the respective registration information into respective cache tables, and the initialization and sensing node registration stages under the cross-domain end-to-end communication scene are completed.
In this embodiment, after the registration is completed, security assurance before communication needs to be performed, in this embodiment, security assurance calculation is transferred to the edge server, and the computing capability of the edge server is greatly reduced compared with that of the cloud server, so that a lightweight security assurance mechanism is needed to ensure the secure transmission of the communication sensor network. In order to reduce the amount of calculation of the security and protection mechanism, the security and protection mechanism of the present embodiment includes a secure identity authentication phase (S201-S203) and a key agreement phase (S101-S104).
In one embodiment, the step S202 includes:
s301: judging whether the difference value between the timestamp in the identity verification information of the first sensing node and the first timestamp is within an allowed time range; the first timestamp is a timestamp generated when the first edge server acquires the identity verification information;
s302: if the difference value between the timestamp in the authentication information of the first sensing node and the first timestamp is within the allowable time range, searching whether the authentication information of the first sensing node exists in first preset storage information or not;
s303: if the identity verification information of the first sensing node exists in the first preset storage information, judging that the forward authentication of the first sensing node passes;
s304: if the forward authentication of the first sensing node passes, encrypting the identity verification information of the first edge server to generate a second digital signature;
s305: and sending the second digital signature to the first sensing node, so that the first sensing node performs backward authentication on the first edge server according to the second digital signature.
Specifically, the specific process of the secure identity authentication stage is as follows:
in the invention, the sensing node needs to perform identity verification on the edge server of the trust domain, and meanwhile, the edge server needs to perform identity verification on the sensing node, and the security identity authentication is divided into a forward authentication stage and a backward authentication stage. The invention completes the identity verification by forming a digital signature by the timestamp and the basic identity information. The timestamp represents the generation time of the sensing node data, and the identity authentication by using the timestamp has the advantages of small storage space, convenience in calculation and the like. The authenticity of the message can be ensured by completing the safety identity authentication by using the digital signature. Taking a first edge server and a first sensing node in the trust domain X as an example, a specific security authentication process is described as follows:
forward authentication: the forward authentication phase refers to the security authentication process of the edge server to the sensing node. In an initial state, a secure channel exists between the first edge server and the first sensing node, and data interaction can be performed. First, the first sensing node sends an authentication request to the first edge server for the basic identity information ID1And a current time stamp T1Generating signature Sig after encryption1(ID1,T1) And will generate a signature Sig1(ID1,T1) And sending the data to the first edge server through the secure channel. Then the first edge server receives the signature and decrypts the signature to obtain the basic identity information ID1And a time stamp T1. Finally, the time stamp T obtained by decryption1And a first time stamp TP1Comparing, and if the time difference is not within the allowable time range delta, failing to authenticate; if the time difference is within the allowable time range delta, the basic identity information ID obtained by decryption is used1And comparing the first preset storage information stored in the first edge server with the first preset storage information stored in the first edge server, wherein the first preset storage information conforms to the condition that the forward security identity authentication of the first sensing node is successful.
And (3) backward authentication: due to the particularity of the communication sensing network, after the edge server successfully authenticates the identity of the sensing node, the sensing node is required to authenticate the edge server. The backward authentication process is similar to the forward authentication process. First, the first edge server sends an authentication request to the first sensing node, and the basic identity information ID of the first edge server is identifiedAGenerates signature Sig after being encrypted with current time stamp T22(IDA,T2) And sending the data to the first sensing node. After the first sensing node receives the signature, the first sensing node decrypts the signature to obtain basic identity information IDAAnd a time stamp T2. Finally, the first sensing node decrypts the obtained timestamp T2And a current time stamp TP2Making a comparison if the time stamp T2And a current time stamp TP2If the time difference is not within the allowable time range delta, the authentication fails; and within the range delta, comparing the basic identity information obtained by decryption with second pre-stored information stored in the first sensing node, and confirming that the first edge server is successful in security identity authentication.
After the forward authentication and the backward authentication are both passed, the safety identity authentication between the edge server and the sensing node is successful.
In this embodiment, after the security identity authentication phase is completed, that is, the bidirectional security identity authentication between the edge server and the sensing node is successful, the key agreement phase is entered, based on the first phaseIdentity ID of sensing node1And the identity ID of the second sensing node2Random verification number NumtempAnd a secret key of the edge server, and calculating a session secret key SK used by the communication, so as to provide safety guarantee for the end-to-end communication process of the subsequent communication sensor network.
In one embodiment, the key agreement instruction further includes basic identity information of the first sensing node; the specific process of S103 includes:
a first verification number is randomly generated.
And generating the first session key based on the basic identity information of the first sensing node, the basic identity information of the second sensing node, the first verification number and a private key of the first edge server.
In this embodiment, in the key agreement stage, the first sensing node is a communication initiator, the first edge server first needs to obtain a key agreement instruction sent by the first sensing node, where the key agreement instruction includes a basic identity information ID of the first sensing node1And basic identity information ID of second sensing node2. After receiving the key agreement instruction sent by the first sensing node, the first edge server firstly analyzes the key agreement instruction sent by the first sensing node to obtain the identity ID of the second sensing node2. Then, the first edge server generates a random first verification number Numtemp. Because the first sensing node and the second sensing node are in the same trust domain at the moment, the first edge server-based private key PPKABasic identity information ID of first sensing node1And basic identity information ID of second sensing node2And calculating a session key used by the first sensing node and the second sensing node for the communication: SK1 ═ Prf (PRK)A||Numtemp||ID1||ID2) Where SK1 denotes the first session key.
The first edge server sends the first session key SK1 to the first sensing node and the second sensing node respectively, the first sensing node and the second sensing node store the first session key SK1 respectively, and the session key negotiation phase is ended. And then, the first sensing node and the second sensing node in the domain communicate with each other by adopting the first session key to encrypt and protect the integrity of the communication content.
In a subsequent end-to-end secure communication phase, the first sensing node and the second sensing node perform secure encrypted communication using the first session key SK 1. On one hand, the first session key SK1 not only plays a role in encrypting and integrity protecting the end-to-end communication content, but also plays a role in indirect end-to-end secure identity authentication.
In one embodiment, the key agreement instruction further includes basic identity information of the first sensing node; s104 comprises the following steps:
obtaining a first shared key between the first edge server and the second edge server;
randomly generating a second verification number;
and generating a second session key based on the second verification number, the basic identity information of the first sensing node, the basic identity information of the second sensing node and the first shared key.
In this embodiment, for the cross-domain key agreement phase, the first sensor node, as a communication initiator, first sends the identity ID of the second sensor node to the first edge server in the trust domain where the first sensor node is located2The message, which is intended to tell the first edge server that it wants to communicate with the second sensing node at this time, requests the first edge server to generate the session key SK2 for this communication. After the first edge server receives the key negotiation instruction sent by the first sensing node, the first edge server firstly analyzes the message sent by the first sensing node to obtain the identification ID of the second sensing node2. Then, the first edge server generates a random authentication number, (the second authentication number Num)temp) And a current time stamp TA. Finally, based on the shared key CK between the first edge server and the second edge serverABThe session key used by the first sensing node for the communication with the second sensing node is calculated, i.e. the second session key SK2 ═ prf (CK)AB||Numtemp||ID1||ID2) And sending the data to the first sensing node for storage.
In one embodiment, the cross-domain security verification information includes the second verification number, a second timestamp, the first shared key, the basic identity information of the first sensing node, and the basic identity information of the second sensing node, where the second timestamp is a timestamp generated when the first edge server generates cross-domain security verification information;
the S104 further includes:
generating and sending cross-domain security verification information to the second edge server, so that the second edge server analyzes the cross-domain security verification information, generates a third timestamp corresponding to the current time, and determines whether a difference value between the second timestamp and the third timestamp is within an allowed time range, if the difference value between the second timestamp and the third timestamp is within the allowed time range, it is determined that the identity authentication of the first edge server is successful, and when the identity authentication is successful, the second session key is generated based on the second verification number, the basic identity information of the first sensing node, the basic identity information of the second sensing node, and the first shared key.
In this embodiment, the first edge server sends the second session key SK2 to the first sensing node, while sending the second authentication number Num it just generated to the second edge servertempA second time stamp TA(the aforementioned Current time stamp TA) Shared key CK of first edge server and second edge serverABID of the first sensing node1And the identity ID of the second sensing node2
Suppose the timestamp corresponding to the current time is the third timestamp TBAfter receiving the message sent by the first edge server, the second edge server firstly analyzes the message to obtain a second timestamp TAVerification of TAAnd TBAnd whether the time difference is within a safe time range delta or not, and if the time difference is within the safe time range delta, the first edge server identity authentication is successful. Then, the user can use the device to perform the operation,identity ID of first sensing node of communication initiator obtained through message analysis1And the identity ID of the second sensing node of the communication receiver2The second edge server can know that the first sensing node requests to communicate with the second sensing node in the trust domain corresponding to the server at the moment. Then, the second edge server analyzes the obtained shared key CK through the messageABAnd a second verification number NumtempAnd calculating the session key: SK2 ═ prf (CK)AB||Numtemp||ID1||ID2) The second edge server sends the calculated session key SK2 to the second sensing node. The first sensing node and the second sensing node respectively store the session key SK2, and the session key negotiation phase is ended.
As can be seen from the foregoing embodiments, in the present embodiment, the key agreement process and the identity authentication process are decoupled, and in the security identity authentication process and the key agreement process, the edge server is used as a third party and is responsible for end-to-end security identity verification, session key calculation and forwarding, which indirectly helps the sensing node complete end-to-end security identity authentication and key agreement. In the identity authentication process, because the identity of the sensing node is authenticated by the edge server, and the obtained session key is only known by the real sensing node which passes the authentication and the safe and reliable edge server, the identity authentication between the message source end and the destination end can also be indirectly completed by the key in the subsequent communication process, no additional operation step is needed, namely when the first sensing node uses the session key for encryption communication, only the second sensing node can analyze the correct plaintext message, so that the second sensing node can complete the identity authentication of the first sensing node; similarly, after the first sensing node correctly decrypts the ciphertext message sent by the second sensing node, the identity authentication of the second sensing node is also completed.
From the above embodiments, the present invention has the following advantages:
the method is suitable for the intra-domain and cross-domain end-to-end communication sensor network scenes, and the specific steps are slightly different in different scenes, namely, the two scenes can be adapted only by deploying the same infrastructure, so that the deployment cost is reduced.
And secondly, the security identity authentication process is transferred from the cloud server to the edge server, namely the edge server completes security authentication calculation, so that the calculation, storage and communication burden of the cloud server are reduced, and the defect that cloud calculation data is easy to intercept and attack is overcome. And aiming at the problem of insufficient computing power of the edge server, a lightweight end-to-end security guarantee mechanism is provided, simple security authentication operation between agents is completed by utilizing the timestamp, the computing overhead is low, and the lightweight communication and computing requirements of the communication sensing network are met. Meanwhile, under the cross-domain scene of the key agreement stage, the safety authentication between the servers is added, the identity authentication between the message source end and the destination end is indirectly completed, the identity authentication is not required to be repeatedly carried out, and the calculation cost is low.
And thirdly, the intra-domain security identity authentication stage comprises a forward authentication stage and a backward authentication stage, so that the bidirectional security of the sensing node and the edge server is ensured, and the defects of information leakage and the like caused by false servers are overcome.
Fourthly, the identity authentication process and the key agreement process are decoupled, and redundant calculation cost generated under the condition of coupling the identity authentication process and the key agreement process is avoided. In the traditional security protection mechanism, the identity authentication and the key agreement process are coupled, and the identity authentication is required before each key agreement, so that the calculation cost is increased. The invention decouples the two, firstly, the sensing nodes of intra-domain communication and inter-domain communication are authenticated by the edge server. Subsequently, in a cross-domain key agreement stage, the first sensing node and the second sensing node respectively store the session key SK2, and then the session key is adopted for encrypting and integrity protecting communication contents in secure communication, and the session key can also play a role in indirect end-to-end secure identity authentication, so that identity authentication is further perfected, and unnecessary calculation overhead is saved.
It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present invention.
Fig. 3 is a schematic diagram of an edge server according to an embodiment of the present invention. As shown in fig. 3, the edge server 3 of this embodiment includes: a processor 30, a memory 31 and a computer program 32 stored in said memory 31 and executable on said processor 30. The processor 30 executes the computer program 32 to implement the steps in the above-mentioned embodiments of the end-to-end security method facing a communication sensor network, such as the steps 101 to 104 shown in fig. 1.
The computer program 32 may be divided into one or more modules/units, which are stored in the memory 31 and executed by the processor 30 to accomplish the present invention. The one or more modules/units may be a series of computer program instruction segments capable of performing specific functions, which are used to describe the execution of the computer program 32 in the edge server 3.
The edge server may include, but is not limited to, a processor 30, a memory 31. Those skilled in the art will appreciate that fig. 3 is merely an example of an edge server 3 and does not constitute a limitation of the edge server 3 and may include more or fewer components than shown, or some components in combination, or different components, e.g., the edge server may also include input output devices, network access devices, buses, etc.
The Processor 30 may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The storage 31 may be an internal storage unit of the edge server 3, such as a hard disk or a memory of the edge server 3. The memory 31 may also be an external storage device of the edge server 3, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like, provided on the edge server 3. Further, the memory 31 may also include both an internal storage unit and an external storage device of the edge server 3. The memory 31 is used for storing the computer program and other programs and data required by the edge server. The memory 31 may also be used to temporarily store data that has been output or is to be output.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-mentioned division of the functional units and modules is illustrated, and in practical applications, the above-mentioned function distribution may be performed by different functional units and modules according to needs, that is, the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-mentioned functions. Each functional unit and module in the embodiments may be integrated in one processing unit, or each unit may exist alone physically, or two or more units are integrated in one unit, and the integrated unit may be implemented in a form of hardware, or in a form of software functional unit. In addition, specific names of the functional units and modules are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present application. The specific working processes of the units and modules in the system may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus/edge server and method may be implemented in other ways. For example, the above-described apparatus/edge server embodiments are merely illustrative, and for example, the division of the modules or units is only one logical division, and there may be other divisions when actually implemented, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated modules/units, if implemented in the form of software functional units and sold or used as separate products, may be stored in a computer readable storage medium. Based on such understanding, all or part of the flow of the method according to the embodiments of the present invention may also be implemented by a computer program, which may be stored in a computer-readable storage medium, and when the computer program is executed by a processor, the steps of the method embodiments may be implemented. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution medium, and the like. It should be noted that the computer readable medium may contain content that is subject to appropriate increase or decrease as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable media does not include electrical carrier signals and telecommunications signals as is required by legislation and patent practice.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present invention, and are intended to be included within the scope of the present invention.

Claims (10)

1. An end-to-end security guarantee method facing a communication sensor network is applied to a first edge server and comprises the following steps: acquiring a key negotiation instruction sent by a first sensing node; the key agreement instruction comprises basic identity information of the second sensing node; judging whether the second sensing node is a sensing node in the local trust domain or not according to the basic identity information; if so, generating a first session key according to the key negotiation instruction, and respectively sending the first session key to the first sensing node and the second sensing node; if not, generating a second session key according to the key negotiation instruction, sending the second session key to the first sensing node, and generating and sending cross-domain security verification information to the second edge server; the cross-domain security verification information is used for indicating a second edge server to generate a second session key and sending the second session key to a second sensing node; the second edge server is an edge server of a trust domain where the second sensing node is located; the first session key or the second session key is used to enable secure encrypted communication of the first sensing node and the second sensing node.
2. The end-to-end security method facing a communication sensor network of claim 1, wherein the key agreement instruction further includes basic identity information of the first sensor node; the generating a first session key according to the key negotiation instruction includes:
randomly generating a first verification number;
and generating the first session key based on the basic identity information of the first sensing node, the basic identity information of the second sensing node, the first verification number and a private key of the first edge server.
3. The end-to-end security method facing a communication sensor network of claim 1, wherein the key agreement instruction further includes basic identity information of the first sensor node;
the generating a second session key according to the key agreement instruction includes:
obtaining a first shared key between the first edge server and the second edge server;
randomly generating a second verification number;
and generating a second session key based on the second verification number, the basic identity information of the first sensing node, the basic identity information of the second sensing node and the first shared key.
4. The end-to-end security assurance method facing a communication sensor network of claim 3, wherein the cross-domain security verification information includes the second verification number, a second timestamp, the first shared key, the basic identity information of the first sensor node, and the basic identity information of the second sensor node, and the second timestamp is a timestamp generated when the first edge server generates the cross-domain security verification information;
generating and sending cross-domain security verification information to a second edge server; the cross-domain security authentication information is used for instructing a second edge server to generate a second session key, and includes:
generating and sending cross-domain security verification information to the second edge server, so that the second edge server analyzes the cross-domain security verification information, generates a third timestamp corresponding to the current time, and determines whether a difference value between the second timestamp and the third timestamp is within an allowed time range, if the difference value between the second timestamp and the third timestamp is within the allowed time range, it is determined that the identity authentication of the first edge server is successful, and when the identity authentication is successful, the second session key is generated based on the second verification number, the basic identity information of the first sensing node, the basic identity information of the second sensing node, and the first shared key.
5. The end-to-end security protection method facing communication sensor network of any of claims 1 to 4, wherein before the obtaining the key agreement instruction sent by the first sensing node, the method further comprises:
acquiring a first digital signature sent by the first sensing node, and decrypting the first digital signature to obtain identity verification information of the first sensing node;
performing bidirectional security authentication with the first sensing node according to the authentication information;
and if the bidirectional security identity authentication with the first sensing node passes, executing the step of acquiring the key negotiation instruction sent by the first sensing node.
6. The end-to-end security assurance method facing a communication sensor network of claim 5, wherein the performing bidirectional security authentication with the first sensing node according to the authentication information comprises:
judging whether the difference value between the timestamp in the identity verification information of the first sensing node and the first timestamp is within an allowed time range; the first timestamp is a timestamp generated when the first edge server acquires the identity verification information;
if the difference value between the timestamp in the authentication information of the first sensing node and the first timestamp is within the allowable time range, searching whether the authentication information of the first sensing node exists in first preset storage information or not;
if the identity verification information of the first sensing node exists in the first preset storage information, judging that the forward authentication of the first sensing node passes;
if the forward authentication of the first sensing node passes, encrypting the identity verification information of the first edge server to generate a second digital signature;
and sending the second digital signature to the first sensing node, so that the first sensing node performs backward authentication on the first edge server according to the second digital signature.
7. The end-to-end security method facing a communication sensor network of claim 5, wherein prior to said obtaining the first digital signature sent by the first sensor node, the method further comprises:
acquiring a registration request sent by the first sensing node, wherein the registration request comprises basic identity information;
generating a temporary private key of the first sensing node by adopting a method for generating a random number;
generating an interactive temporary public key of the first sensing node by adopting an asymmetric encryption algorithm, and storing the interactive temporary public key and the temporary private key of the first sensing node;
and sending registration information to the first sensing node, wherein the registration information comprises a temporary private key and an interactive temporary public key of the first sensing node, and a digital signature and a public key of the first edge server, so that the first sensing node verifies the digital signature of the first edge server according to the public key of the first edge server, and stores the registration information after the verification is passed.
8. An edge server comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the steps of the method according to any of claims 1 to 7 when executing the computer program.
9. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 7.
10. An end-to-end secure communication system facing a communication sensor network, comprising: a second edge server, a first sensing node, a second sensing node, and the first edge server of claim 8.
CN202110796702.5A 2021-07-14 2021-07-14 End-to-end safety guarantee method facing communication sensor network and edge server Pending CN113630244A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110796702.5A CN113630244A (en) 2021-07-14 2021-07-14 End-to-end safety guarantee method facing communication sensor network and edge server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110796702.5A CN113630244A (en) 2021-07-14 2021-07-14 End-to-end safety guarantee method facing communication sensor network and edge server

Publications (1)

Publication Number Publication Date
CN113630244A true CN113630244A (en) 2021-11-09

Family

ID=78379723

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110796702.5A Pending CN113630244A (en) 2021-07-14 2021-07-14 End-to-end safety guarantee method facing communication sensor network and edge server

Country Status (1)

Country Link
CN (1) CN113630244A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114006696A (en) * 2021-12-20 2022-02-01 中国电信股份有限公司 Communication method, device, system and computer readable storage medium
CN114900288A (en) * 2022-05-23 2022-08-12 科大天工智能装备技术(天津)有限公司 Industrial environment authentication method based on edge service

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008074226A1 (en) * 2006-12-19 2008-06-26 Zte Corporation A method for negotiating the session secret key between the endpoints across multiple gatekeeper zones
CN104737570A (en) * 2012-10-19 2015-06-24 诺基亚技术有限公司 Method and device of generating a key for device-to-device communication between a first user equipment and a second user equipment
CN105491076A (en) * 2016-01-28 2016-04-13 西安电子科技大学 Heterogeneous network end-to-end authentication secret key exchange method based on space-sky information network
CN105848140A (en) * 2016-03-17 2016-08-10 西安电子科技大学 Safe end-to-end establishment method capable of achieving communication supervision in 5G network
CN112291064A (en) * 2020-10-10 2021-01-29 达闼机器人有限公司 Authentication system, registration and authentication method, device, storage medium and electronic equipment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2008074226A1 (en) * 2006-12-19 2008-06-26 Zte Corporation A method for negotiating the session secret key between the endpoints across multiple gatekeeper zones
CN104737570A (en) * 2012-10-19 2015-06-24 诺基亚技术有限公司 Method and device of generating a key for device-to-device communication between a first user equipment and a second user equipment
CN105491076A (en) * 2016-01-28 2016-04-13 西安电子科技大学 Heterogeneous network end-to-end authentication secret key exchange method based on space-sky information network
CN105848140A (en) * 2016-03-17 2016-08-10 西安电子科技大学 Safe end-to-end establishment method capable of achieving communication supervision in 5G network
CN112291064A (en) * 2020-10-10 2021-01-29 达闼机器人有限公司 Authentication system, registration and authentication method, device, storage medium and electronic equipment

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114006696A (en) * 2021-12-20 2022-02-01 中国电信股份有限公司 Communication method, device, system and computer readable storage medium
CN114900288A (en) * 2022-05-23 2022-08-12 科大天工智能装备技术(天津)有限公司 Industrial environment authentication method based on edge service
CN114900288B (en) * 2022-05-23 2023-08-25 北京科技大学 Industrial environment authentication method based on edge service

Similar Documents

Publication Publication Date Title
CN109309565B (en) Security authentication method and device
CN109347835B (en) Information transmission method, client, server, and computer-readable storage medium
US11533297B2 (en) Secure communication channel with token renewal mechanism
Bhargavan et al. Triple handshakes and cookie cutters: Breaking and fixing authentication over TLS
US7992193B2 (en) Method and apparatus to secure AAA protocol messages
CN109728909A (en) Identity identifying method and system based on USBKey
US20150172064A1 (en) Method and relay device for cryptographic communication
CN106941404B (en) Key protection method and device
CN114362993B (en) Block chain assisted Internet of vehicles security authentication method
CN112532393A (en) Verification method of cross-link transaction, relay link node equipment and medium
US9398024B2 (en) System and method for reliably authenticating an appliance
US20210167963A1 (en) Decentralised Authentication
US11570213B2 (en) Collaborative security for application layer encryption
Hlauschek et al. Prying Open Pandora's Box:{KCI} Attacks against {TLS}
CN113630244A (en) End-to-end safety guarantee method facing communication sensor network and edge server
Hu et al. Gatekeeper: A gateway-based broadcast authentication protocol for the in-vehicle Ethernet
CN114553480B (en) Cross-domain single sign-on method and device, electronic equipment and readable storage medium
CN110519222B (en) External network access identity authentication method and system based on disposable asymmetric key pair and key fob
CN114338091B (en) Data transmission method, device, electronic equipment and storage medium
Khan et al. Resource efficient authentication and session key establishment procedure for low-resource IoT devices
WO2015180399A1 (en) Authentication method, device, and system
CN110572392A (en) Identity authentication method based on HyperLegger network
US8356175B2 (en) Methods and apparatus to perform associated security protocol extensions
US11240661B2 (en) Secure simultaneous authentication of equals anti-clogging mechanism
Chang et al. On making U2F protocol leakage-resilient via re-keying

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination