CN113872945A - Security authentication method based on wireless sensor network - Google Patents

Security authentication method based on wireless sensor network Download PDF

Info

Publication number
CN113872945A
CN113872945A CN202111043100.9A CN202111043100A CN113872945A CN 113872945 A CN113872945 A CN 113872945A CN 202111043100 A CN202111043100 A CN 202111043100A CN 113872945 A CN113872945 A CN 113872945A
Authority
CN
China
Prior art keywords
server
information
ems
router
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111043100.9A
Other languages
Chinese (zh)
Other versions
CN113872945B (en
Inventor
谢琪
刘东南
胡斌
谭肖
韩立东
王圣宝
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Normal University
Original Assignee
Hangzhou Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Normal University filed Critical Hangzhou Normal University
Priority to CN202111043100.9A priority Critical patent/CN113872945B/en
Publication of CN113872945A publication Critical patent/CN113872945A/en
Application granted granted Critical
Publication of CN113872945B publication Critical patent/CN113872945B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Algebra (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Small-Scale Networks (AREA)

Abstract

The invention discloses a security authentication method based on a wireless sensor network, which is applied to a community hydroelectric management system, provides a bidirectional authentication and key verification authentication method between hydroelectric equipment and an SN server S, introduces an elliptic curve cryptographic algorithm, optimizes encryption operation in the authentication process, enables the whole authentication process to be efficient, and reduces the operation pressure on a sensor node SN of the hydroelectric equipment; and the safety of the authentication process is improved through the addition and removal functions of the third-party identity identification. The invention can effectively resist replay attack, verification table theft attack and identity guessing attack through the security authentication method, so that the whole authentication process is safe and efficient, and the invention has high application value in the district hydropower management scene.

Description

Security authentication method based on wireless sensor network
Technical Field
The invention belongs to the technical field of safety information, and particularly relates to a safety authentication method based on a wireless sensor network.
Background
In the wireless sensor network, data captured by the intelligent sensor equipment can be transmitted to the server in real time by using the access point, and staff at the server end can analyze and process the data, however, information of the wireless sensor network is transmitted through a public channel, and adversaries and challengers can illegally obtain hydropower data of residents by using modes of meter stealing attack, known session key attack, identity guess attack and the like, and even tamper and forge the information, and the safety of the system is seriously threatened.
Therefore, how to realize the safe transmission of the hydropower data of residents in the smart community and how to protect the privacy information of users becomes a research hotspot.
Patent document CN 113259091 a discloses an elliptic curve cipher-based asynchronous security authentication method for space network clocks, which includes an initialization phase, a registration phase, a login and authentication phase, and a cipher change phase, and improves the security of authentication by optimizing an elliptic curve algorithm, but the method cannot resist man-in-the-middle attacks.
Patent document CN 112822025 a discloses a mobile terminal device security authentication method and system based on an elliptic curve algorithm, which performs authentication and key agreement with a neighboring device through an elliptic curve cryptography algorithm, thereby resisting common attacks such as replay attack and man-in-the-middle attack, but the method does not consider the problem that information is hijacked to acquire information when transmitted in a public channel.
An academic literature An Improved WBSN Key-agent Protocol Based on Static Parameters and Hash Functions [ J ] 2020. A lightweight scheme suitable for a two-hop or two-layer centralized wireless physiological sensor network is provided, but the scheme has the problem of correctness, is easy to suffer from stealing attack of a verification table and has no perfect forward security.
Disclosure of Invention
In order to solve the problems, the invention provides a security authentication method based on a wireless sensor network, which is applied to a district hydroelectric management system, and key data in the authentication process are encrypted by adopting Deffie-Hellman key exchange and introducing an elliptic curve cryptographic algorithm to resist replay attack, verification table stealing attack and identity guessing attack, so that the security of information transmission is improved.
A security authentication method based on a wireless sensor network is applied to a cell hydroelectric management system and comprises the following steps:
s1 server S initialization;
s2 user submits registration request to server S in safe channel through registration device, server S sends registration information to registration device after calculation process, and stores in smart card;
s3, after acquiring the registration information from the smart card and adding the verification parameters, the user submits a login request to the server S through the hydroelectric equipment;
s4 after authentication of both the hydroelectric equipment and the server S, a session key K for the hydroelectric equipment and the server S is negotiatedSH
Preferably, the server S selects an elliptic curve EpSelecting a base point P on the elliptic curve; then selects a master key KHNAnd stored secretly in the server S, which calculates the elliptic curve-based public key G-KHNP, finally parameters { G, E }pP.
Preferably, the hydroelectric equipment and the server transmit information EMS through a wireless public channel, the information EMS is relayed through a router AP, the router AP is only responsible for relaying and forwarding the information EMS, and the relayed information EMS is added with or removed from an identification id of the router APp
Preferably, the step S2 includes the following steps:
s2.1, after the user inserts the smart card into the card reader, the information is transmitted between the registered device and the server S;
s2.2 the user selects an identity information id for the sensor node SN of the hydroelectric equipmentjThen, the identity information id is sentjAnd registering the request to the server S;
s2.3 Server S receives and verifies the identity information id receivedjAnd after the registration request, calculating a common secret value x between the server S and the sensor node SN of the hydropower devicejSending the registration information to the registration equipment through a secure channel, and storing the registration information in the smart card;
s2.4 Server S selects an identity id for Router APpStored in the router AP, while the server S stores the identity id of the router APp
Preferably, the verification in S4 is based on a mutual authentication and key verification between the sensor node SN of the hydroelectric device and the server S.
Preferably, the specific steps of bidirectional authentication and key verification are as follows:
s4.1 after the user inserts the smart card into the hydroelectric equipment, the sensor node SN of the hydroelectric equipment generates the current timestamp T through the registration information in the smart card1And calculating verification parameters to generate a current timestamp T1And calculates verification parameters, verification parameters and a time stamp T1EMS storage information1In, the user will EMS1Sending the data to the router AP;
s4.2 Router AP receives message EMS1EMS for information1Identity id of router AP is addedpAnd will be accompanied by an identification idpEMS of information2Sending the data to a server S;
s4.3 Server S receives message EMS2Then, a current time stamp T is generated2To message EMS2Inner time stamp T1And identity idpMaking a decision if the timestamp T1With identity idpIf any is invalid, the authentication process is terminated; if both pass, the server S EMS according to the information2Parameter in commonCalculating to obtain comparison verification parameters, and comparing with EMS2The verification parameters in the authentication process are judged, and if the verification parameters are not equal, the authentication process is terminated; if the two are equal, the authentication of the sensor node SN is successful;
s4.4 after the server S successfully authenticates the sensor node SN, the current timestamp T is generated3With session key KSHAnd calculating the verification parameter and applying the time stamp T3Session key KSHEMS for passing verification parameter3Sending the data to the router AP;
s4.5 Router AP receives message EMS3Later, router AP removes message EMS3Identity id inpThen, information EMS is transmitted4Into the sensor node SN of the hydroelectric equipment;
s4.6 EMS (energy management System) for receiving information by sensor node SN of hydroelectric equipment4Then, a current time stamp T is generated4To message EMS2Inner time stamp T3Making a decision if the timestamp T3If the authentication is invalid, the authentication process is terminated; if passing, the sensor node SN of the hydroelectric equipment is EMS according to the information4Inner parameter common calculation session key KSHComparing the verification parameters, and if the verification parameters are not equal, terminating the authentication process; if the two are equal, the authentication is successful;
s4.7 successfully establishing a session key K between a sensor node SN of a hydroelectric device and a server SSH
Preferably, the verification parameters and the comparison verification parameters are elliptic curves E selected by the server SpThe function is encrypted and calculated, so that the calculation pressure of the sensor node SN of the hydroelectric equipment is reduced;
at S4.1, the sensor node SN of the hydroelectric device generates a random number a1、rjAnd a current time stamp T1By an elliptic curve EpFunction calculation S1=a1P and S2=a1After G, calculate r for encryptionjIs/are as follows
Figure BDA0003250186970000051
Validating parameters
Figure BDA0003250186970000052
For encrypting idjIs/are as follows
Figure BDA0003250186970000053
Will { MG1,MG2,MG3,S1,T1Add to message EMS1Performing the following steps;
in S4.3, if the time stamp T and the ID are passedpVerification, the server S passes the elliptic curve EpFunction calculation
Figure BDA0003250186970000054
Then, EMS according to the information2Content calculation of
Figure BDA0003250186970000055
Figure BDA0003250186970000056
Figure BDA0003250186970000057
Finally, calculating to obtain comparison verification parameters
Figure BDA0003250186970000058
At S4.4, after the server S verifies, the server S generates a random number a2And a current time stamp T3By an elliptic curve EpFunction calculation S3=a2·P,S4=a2·S1Then, a session key K is obtained through calculationSHWhile computing verification parameters
Figure BDA0003250186970000059
Will { MG4,S3,T3Add to message EMS3Performing the following steps;
at S4.6, if the validation of the timestamp T is passed, the sensor node SN elliptic curve E of the hydroelectric devicepFunction calculation
Figure BDA0003250186970000061
EMS according to information4Content calculation in (1)
Figure BDA0003250186970000062
Finally, calculating to obtain comparison verification parameters
Figure BDA0003250186970000063
The parameters mentioned above may be stolen or imitated by the outside world during the authentication process.
Preferably, the timestamp determination method is | Tn-Tn+1| < delta T, wherein TnFor time stamps contained in the information transmitted in the previous phase, Tn+1The current time stamp acquired by the equipment when the information is received, delta T is the maximum allowable delay time in the preset communication process, when T isnAnd Tn+1If the time difference is larger than the threshold value delta T, the authentication is terminated; and when the time difference is smaller than the threshold value delta T, the next step is carried out.
Preferably, the session key KSH=h(rj||xj||S1||S3||S4||idj||T1||T3) By time stamp T1And a time stamp T3Hybrid encryption is obtained, the time stamp T1The generation is only carried out on the sensor node SN of the hydroelectric equipment; said time stamp T3The session key is generated only in the server S, so that the difficulty in obtaining the session key by the outside is increased, and the communication safety is improved.
Compared with the prior art, the invention has the beneficial effects that: key data of the authentication process are encrypted by adopting deffee-Hellman key exchange and introducing an elliptic curve cryptographic algorithm, and a session key K is encrypted in a mixed mode through timestamps generated by a sensor node SN and a server S independentlySHSo that the session key KSHThe method is difficult to obtain, so that the problems of replay attack, verification table stealing attack and identity guessing attack are solved; further, by providingA third-party router AP is determined as a transfer station of the sensor node SN and the server S, and an independent identity identifier id is provided in the information transmission processpThe adding and removing functions of the system improve the safety of the transmission process.
Drawings
Fig. 1 is a flowchart of a security authentication method based on a wireless sensor network according to the present invention;
figure 2 is a flow chart of the mutual authentication and key verification between the sensor node SN and the server S of a hydroelectric device.
Detailed Description
The present invention will be described in detail with reference to the accompanying drawings.
As shown in fig. 1, a security authentication method based on a wireless sensor network, which is applied in a cell hydroelectric management system, includes:
s1 server S initialization;
s2 user submits registration request to server S in safe channel through registration device, server S sends registration information to registration device after calculation process, and stores in smart card;
s3, after acquiring the registration information from the smart card and adding the verification parameters, the user submits a login request to the server S through the hydroelectric equipment;
s4 after authentication of both the hydroelectric equipment and the server S, a session key K for the hydroelectric equipment and the server S is negotiatedSH
Initialization of a server S: the server S selects an elliptic curve EpSelecting a base point P on the elliptic curve; then selects a master key KHNAnd stored secretly in the server S, which calculates the elliptic curve-based public key G-KHNP, finally parameters { G, E }pP.
The specific step of S2 is as follows:
s2.1, after the user inserts the smart card into the card reader, the information is transmitted between the registered device and the server S;
s2.2 user is sensor festival of water and electricity equipmentThe SN selects an identity information idjThen, the identity information id is sentjAnd registering the request to the server S;
s2.3 Server S receives and verifies the identity information id receivedjAnd after the registration request, calculating a common secret value x between the server S and the sensor node SN of the hydropower devicejSending the registration information to the registration equipment through a secure channel, and storing the registration information in the smart card;
s2.4 Server S selects an identity id for Router APpStored in the router AP, while the server S stores the identity id of the router APp
As shown in fig. 2, it is a flow chart of bidirectional authentication and key verification between a sensor node SN of a hydroelectric device and a server S, and the specific steps are as follows:
s4.1 after the user inserts the intelligent card into the hydroelectric equipment, the sensor node SN of the hydroelectric equipment generates a random number a1、rjAnd a current time stamp T1According to the registration information in the smart card, by means of an elliptic curve EpFunction calculation S1=a1P and S2=a1After G, calculate r for encryptionjIs/are as follows
Figure BDA0003250186970000081
Figure BDA0003250186970000082
Validating parameters
Figure BDA0003250186970000083
For encrypting idjIs/are as follows
Figure BDA0003250186970000084
And passing information EMS1{MG1,MG2,MG3,S1,T1Sending the data to the router AP;
s4.2 Router AP receives message EMS1The router AP is then the information EMS1In which identity id is addedpWill be additionally provided withIdentity idpEMS of information2{idp,MG1,MG2,MG3,S1,T1Sending the data to the server S;
s4.3 Server S receives message EMS2Then, a current time stamp T is generated2To message EMS2Inner time stamp T1And identity idpMaking a decision if the timestamp T1With identity idpIf any is invalid, the authentication process is terminated;
if both pass, the server S passes the elliptic curve EpFunction calculation
Figure BDA0003250186970000091
Then, EMS according to the information2Content calculation of
Figure BDA0003250186970000092
Figure BDA0003250186970000093
Figure BDA0003250186970000094
Finally, calculating to obtain comparison verification parameters
Figure BDA0003250186970000095
Figure BDA0003250186970000096
Then EMS with information2Internal validation parameter MG2Judging, if not equal, terminating the authentication process; if the two are equal, the authentication is successful;
s4.4 after the authentication of the Server S, the Server S generates a random number a2And a current time stamp T3By an elliptic curve EpFunction calculation S3=a2·P,S4=a2·S1Then, the session key is obtained through calculation
Figure BDA0003250186970000097
Simultaneous calculation of verification parameters
Figure BDA0003250186970000098
EMS passing information3{MG4,S3,T3,idpSending the data to the router AP;
s4.5 Router AP receives message EMS3Later, router AP removes message EMS3Identity id inpThen, information EMS is transmitted4{MG4,S3,T3-into the sensor node SN of the hydroelectric equipment;
s4.6 EMS (energy management System) for receiving information by sensor node SN of hydroelectric equipment4Then, a current time stamp T is generated4To message EMS4Inner time stamp T3Making a decision if the timestamp T3If the authentication is invalid, the authentication process is terminated;
if passing, the sensor node SN elliptic curve E of the hydroelectric equipmentpFunction calculation
Figure BDA0003250186970000101
EMS according to information4Content calculation in (1)
Figure BDA0003250186970000102
Figure BDA0003250186970000103
Finally, calculating to obtain comparison verification parameters
Figure BDA0003250186970000104
Figure BDA0003250186970000105
Then EMS with information4Internal validation parameter MG4Judging, if not equal, terminating the authentication process; if the two are equal, the authentication is successful;
s4.7 after the authentication of the sensor node SN of the hydroelectric equipment is passed, a session key K is successfully established between the sensor node SN of the hydroelectric equipment and the server SSH=h(rj||xj||S1||S3||S4||idj||T1||T3)。
Method in which the timestamp is determined, in particular | Tn-Tn+1| < delta T, wherein TnFor time stamps contained in the information transmitted in the previous phase, Tn+1The current time stamp acquired by the equipment when the information is received, delta T is the maximum allowable delay time in the preset communication process, when T isnAnd Tn+1If the time difference is larger than the threshold value delta T, the authentication is terminated; and when the time difference is smaller than the threshold value delta T, the next step is carried out.
The parameters mentioned above may be stolen or imitated by the outside world during the authentication process.

Claims (9)

1. A security authentication method based on a wireless sensor network comprises the following steps:
s1 server S initialization;
s2 user submits registration request to server S in safe channel through registration device, server S sends registration information to registration device after calculation process, and stores in smart card;
s3, after acquiring the registration information from the smart card and adding the verification parameters, the user submits a login request to the server S through the hydroelectric equipment;
s4 after authentication of both the hydroelectric equipment and the server S, a session key K for the hydroelectric equipment and the server S is negotiatedSH
2. The security authentication method based on the wireless sensor network according to claim 1, wherein the server S is initialized to: the server S selects an elliptic curve EpSelecting a base point P on the elliptic curve; then selects a master key KHNAnd stored secretly in the server S, which calculates the elliptic curve-based public key G-KHNP, finally parameters { G, E }pP.
3. According to the claimsSolving 1 the security authentication method based on the wireless sensor network is characterized in that the hydropower equipment and the server transmit information EMS through a wireless public channel, the information EMS is relayed through a router AP, the router AP is only responsible for relaying and forwarding the information EMS, and the relayed information EMS is added with or removed from an identity id of the router APp
4. The security authentication method based on the wireless sensor network according to claim 1, wherein the step S2 comprises the steps of:
s2.1, after the user inserts the smart card into the card reader, the information is transmitted between the registered device and the server S;
s2.2 the user selects an identity information id for the sensor node SN of the hydroelectric equipmentjThen, the identity information id is sentjAnd registering the request to the server S;
s2.3 Server S receives and verifies the identity information id receivedjAnd after the registration request, calculating a common secret value x between the server S and the sensor node SN of the hydropower devicejSending the registration information to the registration equipment through a secure channel, and storing the registration information in the smart card;
s2.4 Server S selects an identity id for Router APpStored in the router AP, while the server S stores the identity id of the router APp
5. The wireless sensor network-based security authentication method according to claim 1, wherein the verification in S4 is based on mutual authentication and key verification between the sensor node SN of the hydroelectric device and the server S.
6. The wireless sensor network-based security authentication method according to claim 5, wherein the steps of mutual authentication and key verification are as follows:
s4.1 after the user inserts the smart card into the hydroelectric equipment, the sensor node SN of the hydroelectric equipment passes through the smart cardTo generate a current timestamp T1And calculates verification parameters, verification parameters and a time stamp T1EMS storage information1In, the user will EMS1Sending the data to the router AP;
s4.2 Router AP receives message EMS1EMS for information1Identity id of router AP is addedpAnd will be accompanied by an identification idpEMS of information2Sending the data to a server S;
s4.3 Server S receives message EMS2Then, a current time stamp T is generated2To message EMS2Inner time stamp T1And identity idpMaking a decision if the timestamp T1With identity idpIf any is invalid, the authentication process is terminated; if both pass, the server S EMS according to the information2The parameters are calculated together to obtain comparison verification parameters, and then the comparison verification parameters are compared with the information EMS2The verification parameters in the authentication process are judged, and if the verification parameters are not equal, the authentication process is terminated; if the two are equal, the authentication of the sensor node SN is successful;
s4.4 after the server S successfully authenticates the sensor node SN, the current timestamp T is generated3With session key KSHAnd calculating the verification parameter and applying the time stamp T3Session key KSHEMS for passing verification parameter3Sending the data to the router AP;
s4.5 Router AP receives message EMS3Later, router AP removes message EMS3Identity id inpThen, information EMS is transmitted4Into the sensor node SN of the hydroelectric equipment;
s4.6 EMS (energy management System) for receiving information by sensor node SN of hydroelectric equipment4Then, a current time stamp T is generated4To message EMS2Inner time stamp T3Making a decision if the timestamp T3If the authentication is invalid, the authentication process is terminated; if passing, the sensor node SN of the hydroelectric equipment is EMS according to the information4Inner parameter common calculation session key KSHComparing the verification parameters, and if the verification parameters are not equal, terminating the authentication process; if they are equal to each other, the two,the authentication server S succeeds;
s4.7 successfully establishing a session key K between a sensor node SN of a hydroelectric device and a server SSH
7. The security authentication method based on wireless sensor network as claimed in claim 6, wherein the verification parameter and the comparison verification parameter are elliptic curves E selected by the server SpThe function performs cryptographic calculations.
8. The method of claim 6, wherein the timestamp is determined by a timestamp, specifically by a time stamp of | T |)n-Tn+1| < delta T, wherein TnFor time stamps contained in the information transmitted in the previous phase, Tn+1The current time stamp acquired by the equipment when the information is received, delta T is the maximum allowable delay time in the preset communication process, when T isnAnd Tn+1If the time difference is larger than the threshold value delta T, the authentication is terminated; and when the time difference is smaller than the threshold value delta T, the next step is carried out.
9. The wireless sensor network-based security authentication method as claimed in claim 6, wherein the session key K isSHBy time stamp T1And a time stamp T3Hybrid encryption is obtained, the time stamp T1The generation is only carried out on the sensor node SN of the hydroelectric equipment; said time stamp T3Only in the server S.
CN202111043100.9A 2021-09-07 2021-09-07 Security authentication method based on wireless sensor network Active CN113872945B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111043100.9A CN113872945B (en) 2021-09-07 2021-09-07 Security authentication method based on wireless sensor network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111043100.9A CN113872945B (en) 2021-09-07 2021-09-07 Security authentication method based on wireless sensor network

Publications (2)

Publication Number Publication Date
CN113872945A true CN113872945A (en) 2021-12-31
CN113872945B CN113872945B (en) 2023-10-03

Family

ID=78989883

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111043100.9A Active CN113872945B (en) 2021-09-07 2021-09-07 Security authentication method based on wireless sensor network

Country Status (1)

Country Link
CN (1) CN113872945B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018147673A1 (en) * 2017-02-09 2018-08-16 에스지에이솔루션즈 주식회사 Symmetric key-based user authentication method for ensuring anonymity in wireless sensor network environment
CN109905374A (en) * 2019-01-29 2019-06-18 杭州电子科技大学 A kind of identity identifying method with secret protection characteristic towards wired home
CN110351727A (en) * 2019-07-05 2019-10-18 北京邮电大学 A kind of certifiede-mail protocol method suitable for wireless sensor network
CN111083150A (en) * 2019-12-23 2020-04-28 郑州轻工业大学 Identity authentication and data security transmission method under medical sensor network environment
CN112954675A (en) * 2021-03-02 2021-06-11 西安电子科技大学 Multi-gateway authentication method, system, storage medium, computer device and terminal

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018147673A1 (en) * 2017-02-09 2018-08-16 에스지에이솔루션즈 주식회사 Symmetric key-based user authentication method for ensuring anonymity in wireless sensor network environment
CN109905374A (en) * 2019-01-29 2019-06-18 杭州电子科技大学 A kind of identity identifying method with secret protection characteristic towards wired home
CN110351727A (en) * 2019-07-05 2019-10-18 北京邮电大学 A kind of certifiede-mail protocol method suitable for wireless sensor network
CN111083150A (en) * 2019-12-23 2020-04-28 郑州轻工业大学 Identity authentication and data security transmission method under medical sensor network environment
CN112954675A (en) * 2021-03-02 2021-06-11 西安电子科技大学 Multi-gateway authentication method, system, storage medium, computer device and terminal

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
郭琰;汪烈军;刘双;: "无线传感器网络中基于共享密钥的互认证和密钥协商方案", 中国科技论文, no. 08, pages 865 - 868 *

Also Published As

Publication number Publication date
CN113872945B (en) 2023-10-03

Similar Documents

Publication Publication Date Title
CN111083131B (en) Lightweight identity authentication method for power Internet of things sensing terminal
CN112073379B (en) Lightweight Internet of things security key negotiation method based on edge calculation
CN107919956B (en) End-to-end safety guarantee method in cloud environment facing to Internet of things
CN108809637B (en) LTE-R vehicle-ground communication non-access stratum authentication key agreement method based on mixed password
CN111314056B (en) Heaven and earth integrated network anonymous access authentication method based on identity encryption system
Huang et al. Authentication and key agreement protocol for UMTS with low bandwidth consumption
CN110234111B (en) Two-factor authentication key agreement protocol suitable for multi-gateway wireless sensor network
EP2037621A1 (en) Method and device for deriving local interface key
CN100452697C (en) Conversation key safety distributing method under wireless environment
WO2010012203A1 (en) Authentication method, re-certification method and communication device
US20230075612A1 (en) Privacy protection authentication method based on wireless body area network
CN112804680B (en) Mobile terminal equipment safety authentication method and system based on chaotic mapping
Nyangaresi Lightweight key agreement and authentication protocol for smart homes
CN111586685B (en) Anonymous roaming authentication method based on lattices
CN113055394A (en) Multi-service double-factor authentication method and system suitable for V2G network
CN116388995A (en) Lightweight smart grid authentication method based on PUF
CN112399407B (en) 5G network authentication method and system based on DH ratchet algorithm
CN113411801A (en) Mobile terminal authentication method based on identity signcryption
CN117614626A (en) Lightweight identity authentication method based on PUF
Nyangaresi et al. Anonymity preserving lightweight authentication protocol for resource-limited wireless sensor networks
Zhu et al. Research on authentication mechanism of cognitive radio networks based on certification authority
CN114070570B (en) Safe communication method of electric power Internet of things
CN116760530A (en) Lightweight authentication key negotiation method for electric power Internet of things terminal
CN113872945B (en) Security authentication method based on wireless sensor network
CN112822018B (en) Mobile equipment security authentication method and system based on bilinear pairings

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant