CN115134123B - Anonymous safety conversation method and device for civil aviation ACARS ground-air data link - Google Patents
Anonymous safety conversation method and device for civil aviation ACARS ground-air data link Download PDFInfo
- Publication number
- CN115134123B CN115134123B CN202210617103.7A CN202210617103A CN115134123B CN 115134123 B CN115134123 B CN 115134123B CN 202210617103 A CN202210617103 A CN 202210617103A CN 115134123 B CN115134123 B CN 115134123B
- Authority
- CN
- China
- Prior art keywords
- message
- ground station
- anonymous
- identity
- initial vector
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B7/00—Radio transmission systems, i.e. using radiation field
- H04B7/14—Relay systems
- H04B7/15—Active relay systems
- H04B7/185—Space-based or airborne stations; Stations for satellite systems
- H04B7/18502—Airborne stations
- H04B7/18506—Communications with or from aircraft, i.e. aeronautical mobile service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
- H04L63/0421—Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Astronomy & Astrophysics (AREA)
- Aviation & Aerospace Engineering (AREA)
- General Physics & Mathematics (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The application discloses a civil aviation ACARS ground-air data link anonymous security session method and device, wherein the method comprises the following steps: receiving a ground station identity message broadcast by a ground station; transmitting a first message to the ground station through an asymmetric key mechanism based on the ground station identity message, wherein the first message comprises a first initial vector; receiving a second message sent by the ground station; verifying the second message, and generating an anonymous identity library according to the first initial vector under the condition that verification is passed, wherein the anonymous identity library comprises N first anonymous identities, and N is a positive integer greater than or equal to 1; and carrying out a session with the ground station based on the anonymous identity library. The security, privacy and authentication of the civil aviation ACARS message can be effectively guaranteed.
Description
Technical Field
The application relates to the field of information security, in particular to a method and a device for anonymous security session of a civil aviation ACARS ground-air data link.
Background
The ACARS system (Aircrat Communications Addressing and Reporting System, aircraft communication addressing and reporting system) is a data link communication system for transmitting short messages between an aircraft and a ground station by radio or satellite, and is currently the most widely used civil aviation communication system worldwide. Most countries in the world, including China, adopt the ACARS system, and the protocol adopted by the ACARS system is ARINC-618 (very high frequency communication space-earth protocol). In the air channel, confidentiality, integrity and non-repudiation of information of the civil aviation data link cannot be guaranteed through any protocol transmission without any encryption and authentication mechanism, and the civil aviation data link is easily threatened by attacks such as eavesdropping, deception, camouflage, information tampering, replay and the like. These possible attacks can steal the privacy and confidentiality of the civil aviation system practitioner, user, and even disrupt the proper operation of the civil aviation system, resulting in significant personnel and property loss. Therefore, the importance of protecting the safety of the civil aviation data link cannot be ignored.
The problem of security of ACARS ground-air data link messages is becoming more important, and some studies encrypt the Text field of a message with a symmetric cryptosystem to achieve confidentiality of the message, and protect non-repudiation (authentication) of the message by an asymmetric cryptosystem. Of these, the most representative is the ACARS message security (ACARSMessage Security, AMS) system proposed by ARINC corporation (Aeronautical Radio inc., aeronautical radio communications corporation) in the ARINC-823P1 standard to protect message confidentiality and identity authentication.
Privacy of civil aviation identities in air-ground data link messages such as ACARS is also of concern. Conformal encryption is a special type of symmetric encryption algorithm that can ensure that the encrypted ciphertext format is exactly the same as the plaintext format before encryption, thus having the advantage of not needing to change the database paradigm and being transparent to upper layer applications, so that some research hopes to use conformal encryption in another kind of air-ground communication link ADS-B (Automatic dependent surveillance-broadcast auto-correlation monitoring).
The ACARS message has two fields, namely an ARN (Aircraft Registration Number, aircraft registration code) and a Text (message) to be protected. The ARN in the control field is a 7-bit aircraft registration code and is a unique identity of the aircraft; the Text field of the message can carry Text information with the load of not more than 220 characters, and the format of the information can be defined by using a specified template. The downlink Text field is divided into three subfields, namely a message sequence number MSN, an aircraft identity Flight ID, and a Free message Free Text, where the Flight ID and Free Text need to be protected.
The scheme of security protection of Text fields represented by AMS system cannot protect the privacy of airplane identity. Although the message content is encrypted, an attacker can still deduce the navigation information of the aircraft according to the identity of the current airspace aircraft and even peep out politics or business secrets in the aircraft.
The conformal encryption is used for the ground-air data link, so that the privacy of the airplane can be protected to a certain extent, but after the airplane and the ground station perform more sessions and an attacker grasps the statistical characteristics of the session, the behavior rule of the airplane can still be presumed, and the security of civil aviation is threatened.
In summary, in the prior art, confidentiality, privacy and authentication of civil aviation ACARS messages cannot be effectively guaranteed.
Content of the application
The present application aims to solve, at least to some extent, one of the technical problems in the related art.
Therefore, the purpose of the application is to solve the problem that confidentiality, privacy and authentication of civil aviation ACARS information cannot be effectively guaranteed in the prior art, and provide a method for anonymous security session of a civil aviation ACARS ground-air data link.
Another object of the present application is to provide a civil aviation ACARS ground-air data link anonymous security session device.
In order to achieve the above purpose, the application provides a civil aviation ACARS ground-air data link anonymous security session method, which comprises the following steps:
receiving a ground station identity message broadcast by a ground station;
transmitting a first message to the ground station through an asymmetric key mechanism based on the ground station identity message, wherein the first message comprises a first initial vector;
receiving a second message sent by the ground station;
verifying the second message, and generating an anonymous identity library according to the first initial vector under the condition that verification is passed, wherein the anonymous identity library comprises N first anonymous identities, and N is a positive integer greater than or equal to 1;
and carrying out a session with the ground station based on the anonymous identity library.
In some possible embodiments, the sending the first message to the ground station via an asymmetric key mechanism based on the ground station identity information includes:
determining a public key of the ground station according to the ground station identity information;
generating the first initial vector and a session key, and recording a timestamp of the current time;
generating a second anonymous identity of the aircraft through a public key of the ground station according to the aircraft registration number and the session key;
Generating a first signature through a private key of the airplane according to the first initial vector, the session key, the timestamp and the airplane registration number;
generating a first ciphertext by a public key of the ground station according to the first initial vector, the session key, the timestamp and the first signature;
and replacing the aircraft registration number in the first message with a second anonymous identity of the aircraft, and transmitting the first message to the ground station after filling the message segment in the first message into the first ciphertext.
In some possible embodiments, the validating the second message includes:
acquiring a second signature through the second message;
and verifying the second signature through the public key of the ground station.
In some possible embodiments, the generating an anonymous identity library from the first initial vector in the event of verification passing includes:
sequentially adding the first initial vectors to generate N identity vectors, wherein N is a positive integer greater than or equal to 1;
generating the N first anonymous identities of the airplane according to the airplane registration number, the session key and the N identity vectors;
The anonymous identity library is formed based on the N first anonymous identities.
In some possible embodiments, the conducting a session with the ground station based on the anonymous identity library includes:
generating a third message based on the anonymous identity library;
transmitting the third message to the ground station;
and receiving a fourth message sent by the ground station.
In some possible embodiments, the generating a third message based on the anonymous identity library includes:
generating a first plaintext and a first message sequence number, and calculating a first hash value of the first plaintext and the first message sequence number;
calculating a second initial vector of the third message according to the first message sequence number and the first initial vector;
generating a second ciphertext through the session key according to the first plaintext, the first hash value and the second initial vector;
selecting a third anonymous identity from the anonymous identity library by means of a random number algorithm;
and replacing the aircraft registration number in the third message with a third anonymous identity, filling a message segment in the third message into the second ciphertext, and then sending the third message to the ground station.
In some possible embodiments, the receiving the fourth message sent by the ground station includes:
acquiring a fourth anonymous identity in the fourth message;
searching the fourth anonymous identity in the anonymous identity library;
under the condition that the fourth anonymous identity is found in the anonymous identity library, inquiring the first initial vector and the session key corresponding to the fourth anonymous identity;
acquiring the second message sequence number in the fourth message;
calculating a third initial vector of the fourth message according to the first initial vector and the second message sequence number corresponding to the fourth anonymous identity;
obtaining a third ciphertext in the fourth message, decrypting the third ciphertext according to the session key and the third initial vector, and obtaining a second plaintext and a second hash value;
calculating a third hash value of the second plaintext and the second message sequence number;
verifying whether the third hash value is equal to the second hash value;
and processing the second plaintext when the third hash value is equal to the second hash value, and discarding the fourth message when the third hash value is not equal to the second hash value.
In some possible embodiments, after searching the anonymous identity library for the fourth anonymous identity, the method further comprises:
and discarding the fourth message under the condition that the fourth anonymous identity cannot be found in the anonymous identity library.
In some possible embodiments, before determining the public key of the ground station from the ground station identity information, comprising:
and acquiring the ground station identity information and the public key corresponding to the ground station identity information of the route of the airplane through an authentication center.
To achieve the above objective, another aspect of the present application provides a civil aviation ACARS ground-air data link anonymous security session device, including:
the first receiving module is used for receiving the ground station identity message broadcast by the ground station;
a sending module, configured to send a first message to the ground station through an asymmetric key mechanism based on the ground station identity message, where the first message includes a first initial vector;
the second receiving module is used for receiving a second message sent by the ground station;
the verification module is used for verifying the second message, and generating an anonymous identity library according to the first initial vector under the condition that verification is passed, wherein the anonymous identity library comprises N first anonymous identities, and N is a positive integer greater than or equal to 1;
And the session module is used for carrying out session with the ground station based on the anonymous identity library.
The beneficial effects of this application:
according to the civil aviation ACARS ground-air data link anonymous security session method, a ground station identity message broadcast by a ground station is received; transmitting a first message to the ground station through an asymmetric key mechanism based on the ground station identity message, wherein the first message comprises a first initial vector; receiving a second message sent by the ground station; verifying the second message, and generating an anonymous identity library according to the first initial vector under the condition that verification is passed, wherein the anonymous identity library comprises N first anonymous identities, and N is a positive integer greater than or equal to 1; sessions are developed with the ground station based on the anonymous identity library. The security, privacy and authentication of the civil aviation ACARS message can be effectively guaranteed.
Additional aspects and advantages of the application will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the application.
Drawings
The foregoing and/or additional aspects and advantages of the present application will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings, in which:
FIG. 1 is a flow chart of a civil aviation ACARS ground-air data link anonymous secure session method according to an embodiment of the application;
FIG. 2 is a schematic diagram of session establishment according to an embodiment of the present application;
FIG. 3 is a schematic diagram of an aircraft anonymous identity library generation process, according to an embodiment of the present application;
FIG. 4 is a schematic diagram of an ACARS anonymous secure session protocol downlink, according to an embodiment of the present application;
FIG. 5 is a schematic diagram of an ACARS anonymous secure session protocol uplink, according to an embodiment of the present application;
FIG. 6 is a schematic diagram of an ACARS ground-to-air data security model according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of a civil aviation ACARS ground-air data link anonymous security session device according to an embodiment of the present application.
Detailed Description
It should be noted that, in the case of no conflict, the embodiments and features in the embodiments may be combined with each other. The present application will be described in detail below with reference to the accompanying drawings in conjunction with embodiments.
In order to make the present application solution better understood by those skilled in the art, the following description will be made in detail and with reference to the accompanying drawings in the embodiments of the present application, it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, shall fall within the scope of the present application.
The method and the device for anonymous security session of the civil aviation ACARS ground-air data link according to the embodiment of the application are described below with reference to the accompanying drawings, and the method for anonymous security session of the civil aviation ACARS ground-air data link according to the embodiment of the application will be described first.
It should be noted that, symbols and function symbols that may be used in the civil aviation ACARS ground-air data link anonymous security session method are shown in table 1:
table 1 symbol and function symbol definition
Fig. 1 is a flow chart of a civil aviation ACARS ground-air data link anonymous security session method according to an embodiment of the present application.
As shown in fig. 1, the civil aviation ACARS ground-air data link anonymous security session method comprises the following steps:
step S110, a ground station identity message broadcasted by the ground station is received.
In this embodiment of the present application, as shown in fig. 2, after an aircraft enters an airspace covered by a ground station, a ground station identity message broadcasted by the ground station may be received, where the ground station broadcasts to the airspace covered by the aircraft at a fixed time interval according to the rules of the ARINC618 standard, and may be represented by the following formula:
Message1:G→F:ID G
where Message1 represents a ground station identity Message,g represents a ground station, F represents an aircraft, ID G Representing the identity of the ground station, G-F-ID G Indicating that the ground station transmits the ground station identity to the aircraft.
Step S120, a first message is sent to the ground station through an asymmetric key mechanism based on the ground station identity message.
Wherein the first message comprises a first initial vector iv 0 The first Message2 may be a session establishment request Message sent to the ground station according to the ground station identity Message after the aircraft receives the ground station identity Message, and the first initial vector may be an initial vector included in the first Message.
In the embodiment of the application, after the aircraft receives the ground identity message broadcast by the ground station, the aircraft may send a first message to the ground station through an asymmetric key mechanism based on the ground station identity message, where the first message is used to request to establish a session with the ground station.
Step S130, receiving a second message sent by the ground station.
The second Message3 may be a session establishment feedback Message sent to the aircraft after the ground station receives the first Message sent by the aircraft, and is used to indicate that the aircraft ground station has made session preparation.
In the embodiment of the application, after the aircraft sends the first message to the ground station, the aircraft can receive the second message sent by the ground station, and the aircraft can know whether the ground station is ready for a session according to the second message.
And step S140, verifying the second message, and generating an anonymous identity library according to the first initial vector under the condition that verification is passed.
Wherein the anonymous identity library comprises N first anonymous identity AIDs 1 N is a positive integer greater than or equal to 1, and the first anonymous identity is an anonymous identity generated by the airplane according to the first initial vector and is used for hiding the true identity of the airplane in the conversation process.
In the embodiment of the application, after the aircraft receives the second message sent by the ground station, the aircraft can verify the second message, and under the condition that verification is passed, the ground station can be considered to be ready for a session, and an anonymous identity library is generated according to the first initial vector, wherein the anonymous identity library comprises N first anonymous identities, and the aircraft can use the first anonymous identities for hiding the true identities of the aircraft in each subsequent session, so that the privacy of the true identities of the aircraft is ensured.
And step S150, carrying out session with the ground station based on the anonymous identity library.
In the embodiment of the application, after the aircraft generates the anonymous identity library according to the first initial vector, a session can be developed with the ground station based on the anonymous identity library, the aircraft can inform the ground station of the flight information such as the current flight altitude, the flight state and the like through a session process, and the ground station can record the flight information of the aircraft through the session process.
According to the civil aviation ACARS ground-air data link anonymous security session method, a ground station identity message broadcast by a ground station is received; transmitting a first message to the ground station through an asymmetric key mechanism based on the ground station identity message, wherein the first message comprises a first initial vector; receiving a second message sent by the ground station; verifying the second message, and generating an anonymous identity library according to the first initial vector under the condition that verification is passed, wherein the anonymous identity library comprises N first anonymous identities, and N is a positive integer greater than or equal to 1; sessions are developed with the ground station based on the anonymous identity library. The security, privacy and authentication of the civil aviation ACARS message can be effectively guaranteed.
In some possible embodiments, sending the first message to the ground station via an asymmetric key mechanism based on the ground station identity information comprises:
determining a public key of the ground station according to the ground station identity information;
generating a first initial vector and a session key, and recording a timestamp of the current time;
generating a second anonymous identity of the airplane through a public key of the ground station according to the airplane registration number and the session key;
generating a first signature through a private key of the airplane according to the first initial vector, the session key, the time stamp and the airplane registration number;
Generating a first ciphertext through a public key of the ground station according to the first initial vector, the session key, the time stamp and the first signature;
and after filling the message segment in the first message into the first ciphertext, sending the first message to the ground station.
The second anonymous identity may be an anonymous identity generated by the plane through a public key of the ground station according to the plane registration number and the session key, and is used for hiding identity information of the plane before session establishment, the first signature may be a signature generated by the plane through a private key of the plane according to a first initial vector, the session key, the time stamp and the plane registration number, and is a digital signature in nature, and is used for signature verification by the ground station, so as to confirm whether a received message is tampered, and the first ciphertext may be a ciphertext generated by the plane through the public key of the ground station according to the first initial vector, the session key, the time stamp and the first signature, and the ciphertext may be decrypted after being received by the ground station, so as to obtain the first initial vector, the session key, the time stamp and the first signature generated by the plane.
In this embodiment of the present application, as shown in fig. 2, after the aircraft enters the airspace of the ground station and receives the ground station identity information broadcast by the ground station, the aircraft may be configured according to the ground station identity information ID G Determining a public key pk of a ground station G And generates a first initial vector iv for the session 0 Session key k d And recording a time stamp t of the current time, and generating a session key k according to the aircraft registration number ARN and the generated session key k based on a public key encryption algorithm d Public key pk through ground station G Second anonymous identity AID of the aircraft may be generated 2 I.e. AID 2 =ENC(ARN,k d ) Can also be based on the first initial vector iv 0 Session key k d The timestamp t and the aircraft registration number ARN pass through the private key sk of the aircraft F Generating a first signature, Γ 1 =SIG(iv 0 ||k d ||t||ARN,sk F ) Can then be based on the first initial vector iv 0 Session key k d Time stamp t and first signature Γ 1 Public key pk through ground station G Generating a first ciphertext C 1 C, i.e 1 =ENC(iv 0 ||k d ||t||Γ 1 ,pk G ) The aircraft registration number in the first Message is replaced by the second anonymous identity of the aircraft, and after the Message segment in the first Message is filled into the first ciphertext, a complete first Message2 is generated, so that the first Message can be sent to the ground station, and the above process can be simply expressed as:
Message2:
in some possible embodiments, validating the second message includes:
acquiring a second signature through a second message;
the second signature is verified by the public key of the ground station.
The second signature can be a signature of the ground station on the second message based on a signature algorithm, and the aircraft can know whether the second message is tampered or not according to a verification result of the second signature.
In an embodiment of the present application, as also shown in fig. 2, after the aircraft receives the second message sent by the ground station, the aircraft may obtain the second signature Γ through the second message 2 Then pass through public key pk of ground station based on signature verification algorithm G The second signature is verified and the second signature is verified, namely VER (t I ARN I iv) 0 ||k d ,pk G ) In the case of verification passing, the aircraft may determine that the ground station is ready for a session and may generate an anonymous identity library from the first initial vector, and in the case of verification failing, the aircraft may consider that there is an attacker tampering with the second message, so that the second message may be discarded.
It should be noted that, as still shown in fig. 2, after receiving the first message sent by the aircraft, the ground station may use the private key sk of its own ground station G Decrypting the first ciphertext C therein 1 Obtain a first initial vector iv 0 Session key k d Time stamp t and first signature Γ 1 I.e. DEC (C) 1 ,sk G ) The AID may also be retrieved from the control field 2 The airplane registration number is obtained by session key decryption, i.e. arn=dec (AID, k) d ) After the ground station acquires the aircraft registration number, acquiring an aircraft public key pk corresponding to the aircraft according to the aircraft registration number query F The first signature is verified by the plane public key based on the signature verification algorithm, namely VER (iv) 0 ||k d ||t||ARN,Γ 1 ,pk F ) In the event that the verification is successful, the ground station may determine that the first message is not tampered with by an attacker, thereby determining a session key, a timestamp, and an aircraft registration number for the aircraft, and in the event that the verification is unsuccessful, the ground station may discard the first message. After the ground station successfully verifies the first signature, the ground station can verify the freshness of the time stamp after determining the session key, the time stamp and the time registration number of the airplane, whether the delay between the determined time stamp and the time stamp at the current moment is within a reasonable range or not is compared, if the delay is within the reasonable range, the next step of processing is carried out, and if the delay is not within the reasonable range, the first message can be discarded and the airplane waits for sending the updated first message. After determining that the delay is within a reasonable range, the ground station may determine, based on the digital signature algorithm, the first initial vector iv, the time stamp t, the aircraft registration number ARN, and the second initial vector iv by the ground station private key 0 And session key k d Signing to obtain a second signature Γ 2 I.e. Γ 2 =SIG(t||ARN||iv 0 ||k d ,sk G ) And filling the second signature into a message field of the second message, filling the second anonymous identity into a control field of the second message, and then sending the second message to the airplane. As shown in fig. 3, the ground station may also predict N anonymous identities, i.e., AID, used by the aircraft during the session based on the first initial vector i =ENC(ARN,k d ,iv 0i ) N is a positive integer greater than or equal to 1, specifically, the ground station can obtain N identity vectors by sequentially adding one to the first initial vector, which can be understood as iv 0i =iv 0 And +i, i is more than or equal to 1 and less than or equal to N, the identity vector is encrypted through the session key, and then the encrypted identity vector and the airplane registration code are subjected to exclusive OR operation to obtain anonymous identities, and the obtained N anonymous identities form an anonymous identity library corresponding to the airplane. The second messaging process can be described simplyThe method comprises the following steps:
Message3:
in some possible embodiments, in the event that the verification passes, generating an anonymous identity library from the first initial vector comprises:
sequentially adding the first initial vectors to generate N identity vectors, wherein N is a positive integer greater than or equal to 1;
generating N first anonymous identities of the airplane according to the airplane registration number, the session key and the N identity vectors;
an anonymous identity library is formed based on the N first anonymous identities.
In the embodiment of the application, the aircraft may sequentially add the first initial vectors to generate N identity vectors under the condition that the second message passes verification, which may be understood as iv 0i =iv 0 And (i) is greater than or equal to 1 and less than or equal to N, N identity vectors are respectively encrypted through a session key and then are respectively exclusive-ored with aircraft registration numbers to obtain N first anonymous identities, and the N first anonymous identities form an anonymous identity library of the aircraft.
In some possible embodiments, conducting a session with a ground station based on an anonymous identity library includes:
generating a third message based on the anonymous identity library;
transmitting a third message to the ground station;
and receiving a fourth message sent by the ground station.
The third message may be a session message generated by the aircraft based on N first anonymous identities in the anonymous identity library, for notifying the ground station of the flight status of the aircraft itself, and the fourth message may be a session message sent by the ground station according to the received third message, for notifying or indicating the aircraft that it reacts according to the third message.
In the embodiment of the application, after the aircraft forms the anonymous identity library of the aircraft, the third message can be generated based on the anonymous identity library, and then the third message is sent to the ground station, so that the flight state of the aircraft can be notified to the ground station.
In some possible embodiments, generating the third message based on the anonymous identity library includes:
generating a first plaintext and a first message sequence number, and calculating a first hash value of the first plaintext and the first message sequence number;
calculating a second initial vector of the third message according to the first message sequence number and the first initial vector;
generating a second ciphertext through the session key according to the first plaintext, the first hash value and the second initial vector;
selecting a third anonymous identity from the library of anonymous identities by means of a random number algorithm;
and replacing the aircraft registration number in the third message with the third anonymous identity, filling the message segment in the third message into the second ciphertext, and then sending the third message to the ground station.
The first plaintext may be text content generated by the aircraft according to a current flight state of the aircraft, the first message sequence number may be a message sequence number corresponding to the third message, the first hash value may be a hash value generated by the aircraft according to the first plaintext and the first message sequence number based on a hash algorithm, the ground station may determine whether the third message is tampered by verifying the first hash value, the second initial vector may be an initial vector of the third message calculated by the aircraft according to the first message sequence number and the first initial vector, the second ciphertext may be a ciphertext generated by the aircraft according to the first plaintext, the first hash value and the second initial vector through a session key based on an encryption algorithm, and the third anonymous identity may be one of first anonymous identities randomly selected by the aircraft in a self anonymous identity library through a random number algorithm.
In an embodiment of the present application, as shown in FIG. 4, the aircraft doesAfter the ground-based station has made session preparation and generated an anonymous identity library, a first plaintext M may be generated 1 And a first message sequence number MSN 1 And calculates a first hash value H of the first plaintext and the first message sequence number 1 I.e. H 1 =Hash(M 1 ,MSN 1 ) From the first message sequence number and the first initial vector, a second initial vector iv corresponding to the third message can be calculated i I.e. iv i =SM3(iv 0 ||MSN 1 ) Generating a second ciphertext C from the first plaintext, the first hash value, and the second initial vector via the session key 1 C, i.e 1 =ENC(M 1 ||H 1 ,k d ,iv i ) One of the first anonymous identities is randomly selected from the anonymous identity library to serve as a third anonymous identity through a random number algorithm, an airplane registration number in the third message is replaced by the third anonymous identity, after a message segment in the third message is filled into a second ciphertext, a complete third message is generated, and then the third message is sent to the ground station, wherein the process can be simply expressed as:
Message4:
it should be noted that during the session of the aircraft and the ground station, an initial vector needs to be generated for each session message, but only the first initial vector is used for generating the anonymous identity library.
It should be noted that, as still shown in fig. 4, after the aircraft sends the third message to the ground station, the ground station may receive the third message, extract the third anonymous identity from the third message, search the same anonymous identity in the anonymous identity library according to the third anonymous identity, and query the corresponding first initial vector iv according to the third anonymous identity if the third anonymous identity is found 0 Session key k d And an aircraft registration number ARN, the third message may be discarded in case no third anonymous identity is found. After the first initial vector, the session key and the plane registration number corresponding to the third anonymous identity are queried and obtained, the first message in the third message can be extractedThe sequence number, according to the first initial vector and the sequence number of the first message, can calculate the second initial vector corresponding to the third message, according to the second initial vector and the first ciphertext obtained by calculation, decrypt through the session key to obtain the first plaintext and the first Hash value, and based on the first plaintext and the sequence number of the first message, calculate the Hash value, i.e. Hash (M 1 ,MSN 1 ) Verifying whether the first Hash value is equal to Hash (M 1 ,MSN 1 ) At the first Hash value equal to Hash (M 1 ,MSN 1 ) In the case of (2), the first plaintext is further processed, and the first Hash value is not equal to Hash (M 1 ,MSN 1 ) In the case of (2), the first message may be discarded.
It should be noted that, during the session between the aircraft and the ground station, a part of fields in each session message need to be protected, as shown in table 2, where the ARN, text FlightID, text fields are fields with added security protection, and the remaining fields may be transmitted in plain Text:
Table 2 security protection field
In some possible embodiments, receiving the fourth message sent by the ground station includes:
acquiring a fourth anonymous identity in a fourth message;
searching a fourth anonymous identity in the anonymous identity library;
under the condition that a fourth anonymous identity is found in the anonymous identity library, inquiring a first initial vector and a session key corresponding to the fourth anonymous identity;
acquiring a second message sequence number in the fourth message;
calculating a third initial vector of the fourth message according to the first initial vector and the second message sequence number corresponding to the fourth anonymous identity;
obtaining a third ciphertext in the fourth message, decrypting the third ciphertext according to the session key and the third initial vector, and obtaining a second plaintext and a second hash value;
calculating a third hash value of the second plaintext and the second message sequence number;
verifying whether the third hash value is equal to the second hash value;
and processing the second plaintext when the third hash value is equal to the second hash value, and discarding the fourth message when the third hash value is not equal to the second hash value.
The fourth anonymous identity may be one of anonymous identities randomly selected by the ground station in an anonymous identity library of a corresponding aircraft, the second message sequence number may be a message sequence number generated by the ground station for the fourth message, the third initial vector may be a third initial vector of the fourth message calculated by the aircraft according to the first initial vector and the second message sequence number corresponding to the fourth anonymous identity, the third ciphertext may be a third ciphertext generated by the ground station, the second plaintext may be a plaintext generated by the ground station, the second hash value may be a hash value calculated by the ground station, and the third hash value may be a hash value calculated by the aircraft according to the second plaintext and the second message sequence number by a hash algorithm.
In this embodiment of the present application, as shown in fig. 5, after the aircraft sends the third message to the ground station, the aircraft may wait to receive the fourth message sent by the ground station, after receiving the fourth message, may acquire the fourth anonymous identity from the fourth message, search the fourth anonymous identity in the anonymous identity library of the aircraft, and search the first initial vector iv corresponding to the fourth anonymous identity if the fourth anonymous identity is found in the anonymous identity library 0 And session key k d Obtaining a second message sequence number MSN2 from the fourth message, and calculating a third initial vector of the fourth message, namely iv, according to the first initial vector corresponding to the fourth anonymous identity and the second message sequence number i =Hash(iv 0 ||MSN 2 ) Obtaining a third ciphertext in the fourth message, decrypting the third ciphertext according to the session key and the third initial vector to obtain a second plaintext and a second hash value, namely M 2 ||H 2 =DEC(C 3 ,k d ,iv i ) Calculating a third hash value H according to the second plaintext and the second message sequence number through a hash algorithm 3 Verifying whether the third hash value and the second hash value are equal, i.e. verifying H 3 =H 2 And processing the second plaintext in the case that the third hash value is equal to the second hash value, and discarding the fourth message in the case that the third hash value is not equal to the second hash value.
The ground station needs to generate the fourth message before transmitting the fourth message. Specifically, as also shown in fig. 5, the ground station may generate a second plaintext and a second message sequence number, calculate a second hash value, H, of the second plaintext and the second message sequence number 2 =Hash(M 2 ,MSN 2 ) Calculating a third initial vector of a fourth message according to the first initial vector and the second message serial number, generating a third ciphertext according to a second plaintext, a second hash value, the third initial vector and a session key based on an encryption algorithm, randomly selecting one of first anonymous identities as a fourth anonymous identity in an anonymous identity library of a corresponding aircraft through a random number algorithm, replacing an aircraft registration number in the fourth message with the fourth anonymous identity, filling a message segment in the fourth message into the third ciphertext, and transmitting the fourth message to the aircraft after generating a complete fourth message, wherein the process can be simply expressed as:
Message5:
in some possible embodiments, after searching the anonymous identity library for the fourth anonymous identity, further comprising:
and discarding the fourth message in case the fourth anonymous identity is not found in the anonymous identity library.
In the embodiment of the application, the aircraft searches the fourth anonymous identity in the self anonymous identity library, and in the case that the fourth anonymous identity library cannot be searched, it can be determined that the received fourth message is not a message sent to the aircraft, and the fourth message can be discarded.
In some possible embodiments, prior to determining the public key of the ground station from the ground station identity information, comprising:
and acquiring the ground station identity information and the public key corresponding to the ground station identity information, which are passed by the route of the airplane, through the authentication center.
In the embodiment of the application, the aircraft acquires the public key of the ground station before determining the public key of the ground station according to the identity information of the ground station. As shown in fig. 6, public keys may be managed using a public key infrastructure (Public Key Infrastructure, PKI) to bind the public keys of the aircraft and ground stations with respective identity information through a third party trust authority-authentication center (Certificate Authority, CA), i.e., a certificate authority. Before the session starts, according to the flight plan provided by the empty pipe center, the aircraft can know the public keys and the corresponding identity information of the ground stations possibly passing through the air route through the CA, and the ground stations can also know the public keys and the corresponding identity information of all the aircraft possibly passing through the coverage area through the CA. Thus, after the aircraft or the ground station receives the identity information of the opposite party, the corresponding public key of the opposite party can be queried according to the identity information of the opposite party.
The session key may be generated by the airplane and then sent to the ground station, or may be determined by negotiation through key negotiation protocols such as Diff-Hellman (Diff-Hellman) protocol, joux three-party key negotiation (You Kesi) protocol, BD two-wheel set key negotiation (Burmester, desmedt, brewster, demeld) protocol, and the like.
The symmetric encryption and decryption algorithm based on the session key may be preferably an SM4 symmetric encryption and decryption algorithm, or may be a symmetric encryption and decryption algorithm such as 3DES (Triple Data Encryption Algorithm ) and AES (Advanced Encryption Standard, advanced encryption standard). In addition, the digital signature algorithm, the signature verification algorithm and the asymmetric encryption and decryption algorithm may be preferably an SM2 asymmetric encryption and decryption algorithm, or may be an asymmetric encryption and decryption algorithm such as RSA (Ron Rivest, adi Shamir, leonard Adleman, ronard levister, aldi samer, lunate adman).
In order to implement the above embodiment, as shown in fig. 7, in this embodiment, there is further provided a device 700 for anonymous security session of a civil aviation ACARS ground-air data link, where the device 700 includes: a first receiving module 710, a transmitting module 720, a second receiving module 730, a verifying module 740, and a session module 750.
A first receiving module 710, configured to receive a ground station identity message broadcasted by a ground station;
a sending module 720, configured to send a first message to the ground station through an asymmetric key mechanism based on the ground station identity message, where the first message includes a first initial vector;
A second receiving module 730, configured to receive a second message sent by the ground station;
the verification module 740 is configured to verify the second message, and generate an anonymous identity library according to the first initial vector if verification is passed, where the anonymous identity library includes N first anonymous identities, and N is a positive integer greater than or equal to 1;
a session module 750 for conducting a session with the ground station based on the anonymous identity library.
According to the civil aviation ACARS ground-air data link anonymous safety session device, a ground station identity message broadcast by a ground station is received; transmitting a first message to the ground station through an asymmetric key mechanism based on the ground station identity message, wherein the first message comprises a first initial vector; receiving a second message sent by the ground station; verifying the second message, and generating an anonymous identity library according to the first initial vector under the condition that verification is passed, wherein the anonymous identity library comprises N first anonymous identities, and N is a positive integer greater than or equal to 1; sessions are developed with the ground station based on the anonymous identity library. The security, privacy and authentication of the civil aviation ACARS message can be effectively guaranteed.
In some possible embodiments, the sending module 720 includes:
The determining unit is used for determining the public key of the ground station according to the identity information of the ground station;
the first generation unit is used for generating a first initial vector and a session key and recording a timestamp of the current time;
a second generating unit, configured to generate a second anonymous identity of the aircraft through a public key of the ground station according to the aircraft registration number and the session key;
the third generation unit generates a first signature through a private key of the airplane according to the first initial vector, the session key, the time stamp and the airplane registration number;
a fourth generation unit that generates a first ciphertext by a public key of the ground station according to the first initial vector, the session key, the time stamp, and the first signature;
and the replacing unit is used for replacing the aircraft registration number in the first message with the second anonymous identity of the aircraft, and transmitting the first message to the ground station after filling the message segment in the first message into the first ciphertext.
In some possible embodiments, the verification module 740 includes:
an acquisition unit configured to acquire a second signature through a second message;
and the first verification unit is used for verifying the second signature through the public key of the ground station.
In some possible embodiments, the verification module 740 further comprises:
A fifth generating unit, configured to sequentially add the first initial vectors to generate N identity vectors, where N is a positive integer greater than or equal to 1;
a sixth generating unit, configured to generate N first anonymous identities of the plane according to the plane registration number, the session key, and N identity vectors;
and the forming unit is used for forming an anonymous identity library based on the N first anonymous identities.
In some possible embodiments, session module 750 includes:
a seventh generating unit, configured to generate a third message based on the anonymous identity library;
a first transmitting unit, configured to transmit a third message to the ground station;
the first receiving unit is used for receiving the fourth message sent by the ground station.
In some possible embodiments, the seventh generating unit comprises:
a generation computation subunit, configured to generate a first plaintext and a first message sequence number, and compute a first hash value of the first plaintext and the first message sequence number;
a first calculation subunit, configured to calculate a second initial vector of the third message according to the first message sequence number and the first initial vector;
a first generation subunit, configured to generate a second ciphertext through a session key according to the first plaintext, the first hash value, and the second initial vector;
A selecting subunit, configured to select a third anonymous identity from the anonymous identity library through a random number algorithm;
and the replacing subunit is used for replacing the aircraft registration number in the third message with the third anonymous identity, filling the message segment in the third message into the second ciphertext, and sending the third message to the ground station.
In some possible embodiments, the first receiving unit comprises:
the first acquisition subunit is used for acquiring a fourth anonymous identity in the fourth message;
a searching subunit, configured to search for a fourth anonymous identity in the anonymous identity library;
the inquiring subunit is used for inquiring the first initial vector and the session key corresponding to the fourth anonymous identity under the condition that the fourth anonymous identity is found in the anonymous identity library;
a second obtaining subunit, configured to obtain a second message sequence number in the fourth message;
a second calculating subunit, configured to calculate a third initial vector of the fourth message according to the first initial vector and the second message sequence number corresponding to the fourth anonymous identity;
the third obtaining subunit is used for obtaining a third ciphertext in the fourth message, decrypting the third ciphertext according to the session key and the third initial vector, and obtaining a second plaintext and a second hash value;
A third calculation subunit, configured to calculate a third hash value of the second plaintext and the second message sequence number;
a verification subunit configured to verify whether the third hash value is equal to the second hash value;
and the first discarding subunit is configured to process the second plaintext if the third hash value is equal to the second hash value, and discard the fourth message if the third hash value is not equal to the second hash value.
In some possible embodiments, the first receiving unit further comprises:
and the second discarding subunit is configured to discard the fourth message if the fourth anonymous identity is not found in the anonymous identity library.
In some possible embodiments, the civil aviation ACARS ground-air data link anonymous security session device includes:
the public key acquisition module is used for acquiring the ground station identity information of the aircraft passing by the route and the public key corresponding to the ground station identity information through the authentication center.
It should be noted that, the explanation of the foregoing embodiment of the method for anonymous security session of the civil aviation ACARS ground-air data link is also applicable to the anonymous security session device of the civil aviation ACARS ground-air data link of the embodiment, which is not described herein again.
Furthermore, the terms "first," "second," and the like, are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include at least one such feature. In the description of the present application, the meaning of "plurality" is at least two, such as two, three, etc., unless explicitly defined otherwise.
In the description of the present specification, a description referring to terms "one embodiment," "some embodiments," "examples," "specific examples," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present application. In this specification, schematic representations of the above terms are not necessarily directed to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, the different embodiments or examples described in this specification and the features of the different embodiments or examples may be combined and combined by those skilled in the art without contradiction.
Although embodiments of the present application have been shown and described above, it will be understood that the above embodiments are illustrative and not to be construed as limiting the application, and that variations, modifications, alternatives, and variations may be made to the above embodiments by one of ordinary skill in the art within the scope of the application.
Claims (9)
1. The civil aviation ACARS ground-air data link anonymous safety conversation method is applied to an airplane and is characterized by comprising the following steps of:
Receiving a ground station identity message broadcast by a ground station;
transmitting a first message to the ground station through an asymmetric key mechanism based on the ground station identity message, wherein the first message comprises a first initial vector;
receiving a second message sent by the ground station;
verifying the second message, and generating an anonymous identity library according to the first initial vector under the condition that verification is passed, wherein the anonymous identity library comprises N first anonymous identities, and N is a positive integer greater than or equal to 1;
developing a session with the ground station based on the anonymous identity library;
the sending, based on the ground station identity information, a first message to the ground station through an asymmetric key mechanism, including:
determining a public key of the ground station according to the ground station identity information;
generating the first initial vector and a session key, and recording a timestamp of the current time;
generating a second anonymous identity of the aircraft through a public key of the ground station according to the aircraft registration number and the session key;
generating a first signature through a private key of the airplane according to the first initial vector, the session key, the timestamp and the airplane registration number;
Generating a first ciphertext by a public key of the ground station according to the first initial vector, the session key, the timestamp and the first signature;
and replacing the aircraft registration number in the first message with a second anonymous identity of the aircraft, and transmitting the first message to the ground station after filling the message segment in the first message into the first ciphertext.
2. The method of claim 1, wherein said validating said second message comprises:
acquiring a second signature through the second message;
and verifying the second signature through the public key of the ground station.
3. The method of claim 2, wherein the generating an anonymous identity library from the first initial vector in the event of verification passing comprises:
sequentially adding the first initial vectors to generate N identity vectors, wherein N is a positive integer greater than or equal to 1;
generating the N first anonymous identities of the airplane according to the airplane registration number, the session key and the N identity vectors;
the anonymous identity library is formed based on the N first anonymous identities.
4. A method according to claim 3, wherein said conducting a session with said ground station based on said anonymous identity library comprises:
Generating a third message based on the anonymous identity library;
transmitting the third message to the ground station;
and receiving a fourth message sent by the ground station.
5. The method of claim 4, wherein the generating a third message based on the anonymous identity library comprises:
generating a first plaintext and a first message sequence number, and calculating a first hash value of the first plaintext and the first message sequence number;
calculating a second initial vector of the third message according to the first message sequence number and the first initial vector;
generating a second ciphertext through the session key according to the first plaintext, the first hash value and the second initial vector;
selecting a third anonymous identity from the anonymous identity library by means of a random number algorithm;
and replacing the aircraft registration number in the third message with a third anonymous identity, filling a message segment in the third message into the second ciphertext, and then sending the third message to the ground station.
6. The method of claim 5, wherein said receiving a fourth message sent by the ground station comprises:
acquiring a fourth anonymous identity in the fourth message;
Searching the fourth anonymous identity in the anonymous identity library;
under the condition that the fourth anonymous identity is found in the anonymous identity library, inquiring the first initial vector and the session key corresponding to the fourth anonymous identity;
acquiring the second message sequence number in the fourth message;
calculating a third initial vector of the fourth message according to the first initial vector and the second message sequence number corresponding to the fourth anonymous identity;
obtaining a third ciphertext in the fourth message, decrypting the third ciphertext according to the session key and the third initial vector, and obtaining a second plaintext and a second hash value;
calculating a third hash value of the second plaintext and the second message sequence number;
verifying whether the third hash value is equal to the second hash value;
and processing the second plaintext when the third hash value is equal to the second hash value, and discarding the fourth message when the third hash value is not equal to the second hash value.
7. The method of claim 6, wherein after searching the fourth anonymous identity in the anonymous identity library, further comprising:
And discarding the fourth message under the condition that the fourth anonymous identity cannot be found in the anonymous identity library.
8. The method of claim 1, comprising, prior to determining the public key of the ground station from the ground station identity information:
and acquiring the ground station identity information and the public key corresponding to the ground station identity information of the route of the airplane through an authentication center.
9. A civil aviation ACARS ground-air data link anonymous security session device, applied to an aircraft, comprising:
the first receiving module is used for receiving the ground station identity message broadcast by the ground station;
a sending module, configured to send a first message to the ground station through an asymmetric key mechanism based on the ground station identity message, where the first message includes a first initial vector;
the second receiving module is used for receiving a second message sent by the ground station;
the verification module is used for verifying the second message, and generating an anonymous identity library according to the first initial vector under the condition that verification is passed, wherein the anonymous identity library comprises N first anonymous identities, and N is a positive integer greater than or equal to 1;
A session module for developing a session with the ground station based on the anonymous identity library;
the sending, based on the ground station identity information, a first message to the ground station through an asymmetric key mechanism, including:
determining a public key of the ground station according to the ground station identity information;
generating the first initial vector and a session key, and recording a timestamp of the current time;
generating a second anonymous identity of the aircraft through a public key of the ground station according to the aircraft registration number and the session key;
generating a first signature through a private key of the airplane according to the first initial vector, the session key, the timestamp and the airplane registration number;
generating a first ciphertext by a public key of the ground station according to the first initial vector, the session key, the timestamp and the first signature;
and replacing the aircraft registration number in the first message with a second anonymous identity of the aircraft, and transmitting the first message to the ground station after filling the message segment in the first message into the first ciphertext.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210617103.7A CN115134123B (en) | 2022-06-01 | 2022-06-01 | Anonymous safety conversation method and device for civil aviation ACARS ground-air data link |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210617103.7A CN115134123B (en) | 2022-06-01 | 2022-06-01 | Anonymous safety conversation method and device for civil aviation ACARS ground-air data link |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115134123A CN115134123A (en) | 2022-09-30 |
| CN115134123B true CN115134123B (en) | 2023-05-05 |
Family
ID=83378297
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210617103.7A Active CN115134123B (en) | 2022-06-01 | 2022-06-01 | Anonymous safety conversation method and device for civil aviation ACARS ground-air data link |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115134123B (en) |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100570668C (en) * | 2008-04-17 | 2009-12-16 | 民航数据通信有限责任公司 | Secure transmission system for broadcast automatic monitoring information |
| GB2542474A (en) * | 2015-07-17 | 2017-03-22 | Relmatech Ltd | An aircraft controlled by a secure integrated airspace management system |
| CN106961329B (en) * | 2017-03-23 | 2020-02-14 | 电子科技大学 | Method for solving confidentiality and integrity of ADS-B protocol |
| CN112073964B (en) * | 2020-10-26 | 2021-11-19 | 河南大学 | Unmanned aerial vehicle and base station communication identity authentication method based on elliptic curve encryption |
-
2022
- 2022-06-01 CN CN202210617103.7A patent/CN115134123B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN115134123A (en) | 2022-09-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Yang et al. | A practical and compatible cryptographic solution to ADS-B security | |
| US11122428B2 (en) | Transmission data protection system, method, and apparatus | |
| JP6452205B2 (en) | Key distribution in satellite systems | |
| Baek et al. | How to protect ADS-B: Confidentiality framework and efficient realization based on staged identity-based encryption | |
| EP2731294B1 (en) | Method and apparatus for managing group key for mobile device | |
| CN108683647B (en) | Data transmission method based on multiple encryption | |
| WO2004047405A2 (en) | Secure aircraft communications addressing and reporting system (acars) | |
| WO2018226154A1 (en) | Secure and encrypted heartbeat protocol | |
| Mäurer et al. | A cybersecurity architecture for the L-band digital aeronautical communications system (LDACS) | |
| Mun et al. | Secure privacy-preserving V2V communication in 5G-V2X supporting network slicing | |
| CN105743641A (en) | Multi-receiver signcryption method for explicit verification of public key | |
| Braeken | Holistic air protection scheme of ADS-B communication | |
| Ewert et al. | Group key distribution procedures for the L-band digital aeronautical communications system (LDACS) | |
| KR20190068172A (en) | Secure Drone communication protocol | |
| Ogundoyin | An Efficient, Secure and Conditional Privacy-Preserving Authentication Scheme for Vehicular Ad-hoc Networks. | |
| Chen | An authenticated encryption scheme for automatic dependent surveillance-broadcast data link | |
| CN115134123B (en) | Anonymous safety conversation method and device for civil aviation ACARS ground-air data link | |
| Yang et al. | Secure Automatic Dependent Surveillance-Broadcast Systems | |
| EP3664361B1 (en) | Methods and devices for secured identity-based encryption systems with two trusted centers | |
| CN111698263B (en) | Beidou satellite navigation data transmission method and system | |
| Yang et al. | An efficient broadcast authentication scheme with batch verification for ADS-B messages | |
| Wu et al. | An approach of security protection for VSAT network | |
| Wernberg | Security and privacy of controller pilot data link communication | |
| Mäurer et al. | A Combined Link Layer Security Solution for FCI Datalink Technologies | |
| Tsou et al. | A High-security Internet of Drones Design by Integrating Physical-layer Key Generation and Blockchain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |