Method and system for secure transmission of messages or key distribution in sensor network
    
      Technical Field
      The invention relates to a sensing network in the Internet of things, in particular to a method and a system for message secure transmission or key distribution in the sensing network.
    
    
      Background
      The Internet of Things (IOT, Internet of Things) is a network that connects an article with the Internet through information sensing devices such as radio frequency identification, infrared sensors, global positioning systems, laser scanners, etc. to realize intelligent identification, positioning, tracking, monitoring and management of the article. The popularization of the Internet of things can bring convenience to the life of people, improve the working efficiency and change the life style of people. However, because the messages transmitted in the internet of things have the characteristics of various types and large message amount, a network attacker can perform network attack on the internet of things in various attack modes, so the internet of things has more security problems, and the security of the internet of things needs to be solved if the privacy of the messages transmitted in the internet of things needs to be protected.
      The architecture of the internet of things generally comprises three layers, namely a sensing layer, a network layer and an application layer from bottom to top. The network layer and the application layer of the internet of things are similar to those of the internet, and particularly, the functions of the network layer and the application layer of the current internet of things are mainly realized by the network layer and the application layer of the internet of things. Because the security problem of each layer of the current internet is well solved, what needs to be solved at present is the security problem existing in the sensing layer of the internet of things.
      A sensor network is a part of the internet of things and located at a sensing layer of the internet of things, fig. 1 is a schematic diagram of a sensor network structure in the prior art, as shown in fig. 1, the sensor network is composed of a plurality of sensor network subnets (hereinafter, subnets), each of which is composed of a plurality of common nodes, at least one Sink node and at least one gateway node, and a basic working mode of the sensor network includes: the common nodes transmit messages through a Zigbee protocol; the message transmission is carried out between the common nodes and the sink nodes directly or in a multi-hop forwarding mode; message transmission is carried out between the sink node and the gateway node through a Zigbee protocol; and message transmission is carried out among the gateway nodes and between the gateway nodes and a sensor network server (hereinafter referred to as a server) in a wired mode.
      As shown in fig. 1, since there is information interaction between subnets, that is, there is information interaction between common nodes belonging to different subnets, if connectivity of one subnet deteriorates, for example, one subnet is closed due to network attack, so that the common node of the subnet cannot perform information interaction with the common nodes belonging to other subnets, message transmission in other subnets having information interaction with the subnet is hindered, and connectivity of the sensor network deteriorates. In addition, if a subnet suffers from a network attack, so that the security of the message transmitted in the subnet is reduced, the security of the message transmitted in the subnet interacting with the subnet presence information is reduced, resulting in the reduction of the security of the sensor network.
      At present, there is no effective solution capable of ensuring the connectivity and security coexistence of the sensor network, where the connectivity and security coexistence of the sensor network refers to: the transmission of messages in the sensor network is not impeded and the messages transmitted in the sensor network are secure.
      In addition, in the sensor network, a security key is usually used to protect the messages transmitted in the sensor network, that is, each node of the sensor network is assigned with a security key, the transmitted messages are encrypted and decrypted by using the security key in the process of message transmission, and the security key needs to be updated, at this time, the sensor network needs to have at least one trust center node (hereinafter referred to as a trust center); wherein, the trust center is usually a Zigbee network coordinator, and updating the security key means: and the trust center of the sensor network sends a new security key to the node needing security key updating in the sensor network, and the node needing security key updating replaces the old security key after receiving the new security key. However, there is a transient weakness in the process of updating the security key, that is, in the process of sending a new security key to a node that needs to update the security key by a trust center of the sensor network, the security key is monitored and intercepted by a network attacker, so that the message transmitted in the sensor network loses the protection of the security key.
    
    
      Disclosure of Invention
      In view of the above, the main objective of the present invention is to provide a method and a system for secure transmission of messages in a sensor network, so as to ensure coexistence of connectivity and security of the sensor network, and to provide a method and a system for distributing a security key, so as to solve a problem of an instant weakness in a process of updating a security key.
      In order to achieve the purpose, the technical scheme of the invention is realized as follows:
      according to an embodiment of the present invention, there is provided a method for secure transmission of a message in a sensor network, the method including:
      all nodes belonging to the same subnet of the sensing network use the same security key to carry out encryption transmission and security authentication of messages;
      the security keys used by the nodes belonging to different sub-networks are different from each other, and the different sub-networks transmit messages through the gateway nodes of the sub-networks.
      According to an embodiment of the present invention, there is provided a secure key distribution method including:
      respectively distributing a same encryption verification key and a same decryption verification key for a trust center distributing keys and all key receiving nodes, wherein an original key can be encrypted by using an RSA algorithm according to the encryption verification key to obtain an encrypted key, and then the encrypted key is decrypted by using the RSA algorithm according to the decryption verification key, so that the encrypted key is restored to the original key;
      the trust center encrypts the security key to be distributed by using an RSA algorithm according to the encryption verification key, and then sends the encrypted security key to all key receiving nodes;
      and after receiving the encrypted security key, the key receiving node decrypts the encrypted security key by using an RSA algorithm according to the decrypted security key to obtain the decrypted security key, encrypts the decrypted security key according to the encryption verification key to obtain an authentication key, and replaces the security key with the decrypted security key if the authentication key is the same as the decrypted security key.
      According to an embodiment of the present invention, there is provided a system for secure transmission of a message in a sensor network, the system including:
      one or more subnets, wherein each subnet comprises one or more nodes, a sink node, and a gateway node;
      all nodes belonging to the same subnet of the sensor network have the same security key, and the encryption transmission and the security authentication of the messages in the subnet are carried out based on the security key;
      nodes belonging to different subnets have different security keys; the gateway node is used for message transmission between the subnets.
      According to an embodiment of the present invention, there is provided a secure key distribution system including: one or more nodes, and a trust center, wherein,
      each node except the trust center is provided with a key receiving module, and the trust center is provided with a key sending module;
      the key sending modules are provided with a same encryption verification key and a same decryption verification key, and can encrypt an original key by using an RSA algorithm according to the encryption verification key to obtain an encrypted key, and then decrypt the encrypted key by using the RSA algorithm according to the decryption verification key, so that the encrypted key is restored to the original key;
      the key sending module is used for encrypting the security key to be distributed by using an RSA algorithm according to the encryption verification key, sending the encrypted security key to all key receiving modules, and replacing the security key of the trust center with the security key to be distributed before, at the same time or after the encrypted security key is sent to all key receiving modules;
      and the key receiving module is used for decrypting the encrypted security key by using an RSA algorithm according to the decrypted security key after receiving the encrypted security key to obtain the decrypted security key, encrypting the decrypted security key according to the encryption verification key to obtain an authentication key, and replacing the security key of the node to which the authentication key belongs with the decrypted security key if the authentication key is the same as the decrypted security key.
      By using the method and the system of the invention, the sensor network is divided into one or more sub-networks, and all nodes of the same sub-network use the same security key to carry out encrypted transmission and security authentication of messages. The method and the system avoid direct information interaction among common nodes of each sub-network, thereby ensuring the connectivity of the sensor network. Meanwhile, the security keys used by the nodes belonging to different subnets are different from each other, and the different subnets transmit messages through the gateway nodes of each subnet, preferably, the security key updating method of the invention is adopted to update the security keys, so that the security of the sensor network is ensured, and the problems of obtaining messages in other subnets through the authority of one subnet of the sensor network and instant weakness in the process of updating the security keys are avoided, thereby enhancing the security of the sensor network.
    
    
      Drawings
      FIG. 1 is a schematic diagram of a sensor network structure in the prior art;
      FIG. 2 is a schematic diagram of a network topology of a method for secure transmission of messages in a sensor network according to the present invention;
      fig. 3 is a schematic flow chart illustrating a process of performing encrypted transmission and security authentication of a message between two nodes belonging to the same subnet of a sensor network according to the method for securely transmitting the message in the sensor network of the present invention;
      fig. 4 is a schematic flow chart illustrating a process of performing security authentication on a network access application message sent by a node when the node applies for entering a subnet of a sensor network according to the method for securely transmitting a message in a sensor network of the present invention;
      fig. 5 is another schematic flow chart illustrating a process of performing security authentication on a network access application message sent by a node when the node enters a subnet of a sensor network according to the method for securely transmitting a message in a sensor network of the present invention;
      fig. 6 is a schematic flowchart of updating a security key of a key receiving node of a sensor network according to the security key distribution method of the present invention;
      FIG. 7 is a schematic diagram of another network topology of a method for secure transmission of messages within a sensor network according to the present invention;
      FIG. 8 is a schematic structural diagram of a secure message transmission system in a sensor network according to the present invention;
      fig. 9 is a schematic structural diagram of a secure key distribution system of the present invention.
    
    
      Detailed Description
      The core idea of the invention is as follows: all nodes belonging to the same subnet of the sensing network use the same security key to carry out encryption transmission and security authentication of messages; the safety keys used by the nodes belonging to different sub-networks are different from each other, and the different sub-networks transmit messages through the gateway nodes of the sub-networks; and updating the security key of the node in the sensor network by using a security key distribution method.
      It should be noted that the embodiments and features of the embodiments may be combined with each other without conflict. The present invention will be described in detail below with reference to the accompanying drawings.
      The invention provides a method for safely transmitting messages in a sensor network, which specifically comprises the following steps: in the same subnet, all nodes use the same security key to carry out encryption transmission and security authentication of messages; the security keys used by the nodes belonging to different sub-networks are different from each other, and the different sub-networks transmit messages through the gateway nodes of the sub-networks.
      Specifically, all nodes belonging to the same subnet of the sensor network use a symmetric key encryption algorithm to perform message encryption transmission and security authentication operation of the nodes in the same subnet; and the nodes belonging to different sub-networks adopt the encryption mode of the traditional Internet to carry out message transmission operation among the sub-networks.
    
    
      Example 1
      Fig. 2 is a schematic diagram of a network topology of a method for securely transmitting messages in a sensor network according to the present invention, where as shown in fig. 2, the sensor network is composed of N subnets, including a first subnet, a second subnet, and an nth subnet. The first node1The node, the first sink node and the first gateway node are all nodes of a first subnet, the nth1+1 node1+n2The node, the second sink node and the second gateway node are all nodes of a second subnet1+n2...+nN-1+1 node1+n2...+nN-1+nNThe node, the Nth sink node and the Nth gateway node are all nodes of the Nth sub-network, and N1、n2...、nN-1、nNAnd N are both natural numbers,
      wherein, in the first subnet, the first node1The node, the first sink node and the first gateway node all use the same security key K1Within the second subnet, n1+1 node1+n2The node, the second sink node and the second gateway node all use the same security key K2... in the Nth subnetwork, the nth1+n2...+nN-1+1 node1+n2...+nN-1+nNThe node, the Nth sink node and the Nth gateway node all use the same security key KNSecure key K1、K2......、KNAre different from each other; belong to the firstUsing a secure key K between nodes of a sub-network1Encrypted transmission and security authentication of messages, using K between nodes belonging to the second subnetwork2Carrying out encrypted transmission and security authentication on messages, wherein K is used among nodes belonging to the Nth sub-networknAnd carrying out encrypted transmission and security authentication of the message.
      In order to enable data transmission among the subnetworks of the sensor network, each subnet further includes one or more sink nodes and one or more gateway nodes, and preferably one sink node and one gateway node are provided for each subnet, as shown in fig. 2, a first subnet has a first sink node and a first gateway node, a second subnet has a second sink node and a second gateway node, an nth subnet has an nth sink node and an nth gateway node, and meanwhile, message transmission is performed among the first subnet, the second subnet, the nth subnet through the first gateway node, the second gateway node. In addition, the sink node and the gateway node are also used for message transmission between the sub-network and the server. Since the message transmission among the first gateway node, the second gateway node, and the nth gateway node, and between these nodes and the server are performed in the network Layer of the internet of things, the transmitted messages may be encrypted in a conventional encryption manner, for example, by using an encryption technique of a public key specified in a Secure Socket Layer (SSL) protocol, so that these messages can be transmitted more securely.
    
    
      Example 2
      Fig. 3 is a schematic flow chart illustrating a process of performing encryption transmission and security authentication on a message between two nodes belonging to the same subnet of a sensor network according to the method for securely transmitting a message in a sensor network of the present invention, and for convenience of description, the two nodes are referred to as a message source node and a message destination node, respectively, as shown in fig. 3, the process includes the following steps:
      step 101: message source node according to its securityThe key uses the Advanced Encryption Standard (AES) algorithm to the original message D0Carrying out encryption and calculation to obtain an encrypted message D1And an encrypted authentication code T1,
      In particular, the message source node uses the AES algorithm on the original message D according to its security key0Calculating to obtain an original authentication code T0Then, according to its safety key, using AES algorithm to make original authentication code T0And original message D0Respectively encrypted to obtain encrypted authentication codes T1And encrypted message D1(ii) a Encrypted authentication code T1For judging the encrypted message D when receiving the message1The effectiveness of (a);
      in this embodiment, the AES algorithm is used to calculate the original message and obtain the original authentication code, and the AES algorithm is used to perform the encryption and decryption operations, which may be performed by a chip integrated with the AES algorithm; the security key of the message source node may be preset, and in this embodiment, the security key of the message source node is K1(ii) a The AES algorithm is a symmetric key encryption algorithm, that is, the keys used in the process of encrypting and decrypting data are the same, and the specific implementation process of encrypting and calculating using the AES algorithm is well known in the art and will not be described again here; in addition, the first and second substrates are,
      the original message is calculated by using an AES algorithm to obtain an original authentication code, the operations of encrypting the original message or the original authentication code are closely related to the security key, the encrypted messages obtained by encrypting the same message by using the AES algorithm according to different security keys are different, and the authentication codes obtained by calculating the same message by using the AES algorithm according to different security keys are also different;
      step 102: the message source node transmits the encrypted message D in a Zigbee wireless transmission mode1And an encrypted authentication code T1Sent to the message destination node to which the message source node belongsThe same subnet;
      step 103: the message destination node receives the encrypted message D sent by the message source node1And an encrypted authentication code T1Then, using AES algorithm to encrypt the received message D1And an encrypted authentication code T1Respectively decrypting to obtain decrypted messages D2And a decrypted authentication code T2Wherein
      in this embodiment, since the message destination node and the message source node are in the same subnet, the security key of the message destination node is also K1;
      Step 104: the message destination node according to the decrypted authentication code T2For received encrypted message D1Is judged if D is valid1If it is valid, step 105 is performed, otherwise, step 106 is performed, wherein,
      according to the decrypted authentication code T2Judging the received encrypted message D1Whether valid or not includes: the message destination node based on its security key K1Using AES Algorithm for decrypted message D2Calculating and obtaining the authentication code T2'; if T is2And T2' same, then indicates that the encrypted message D was received1Valid, otherwise, indicates that an encrypted message D was received1Is invalid;
      step 105: the message destination node stores the decrypted message D2;
      Step 106: the current flow ends.
    
    
      Example 3
      Fig. 4 is a schematic flow chart illustrating a process of performing security authentication on a network access application message sent by a node when the node applies for entering a subnet of a sensor network according to the method for securely transmitting a message in a sensor network of the present invention, where each subnet of the sensor network of this embodiment has at least one trust center, and the trust center is used for performing security authentication on the network access application message received by the trust center.
      For convenience of description, the above-mentioned node applying for network entry is referred to as a network entry node, and this embodiment is performed in a subnet receiving a network entry application message, in which all nodes including the trust center have a same security key, where the security key is K2And the network access node has a security key k2. As shown in fig. 4, the process includes the following steps:
      step 201: the network access node generates a network access application message M0And according to its security key k2Application message M for network access by using AES algorithm0Calculating and encrypting to obtain encrypted network access application message M1And an encrypted authentication code P1,
      In particular, the network access node is based on its security key k2Application message M for network access by using AES algorithm0Calculating and obtaining an original authentication code P0Then according to its safety key using AES algorithm to apply for network access message M0And an original authentication code P0Respectively encrypting to obtain encrypted network access application message M1And an encrypted authentication code P1(ii) a Encrypted authentication code P1Used for receiving the encrypted network access application message M at the trust center1Then judging the encrypted network access application message M1The effectiveness of (a);
      in this embodiment, the AES algorithm is used to calculate the network access application message and obtain the original authentication code, and the operations of encrypting the network access application message or the original authentication code and decrypting the encrypted network access application message or the encrypted authentication code may be performed by the chip integrated with the AES algorithm; security seal for network access nodeThe key can be preset by an administrator, and the security keys of the legal network access node and the trust center should be the same, namely K2And k is2The same; in addition, the description about the AES algorithm in this embodiment is the same as the related contents described in embodiment 2, and will not be described again here;
      step 202: the network access node uses Zigbee wireless transmission mode to encrypt the network access application message M1And an encrypted authentication code P1And performing the whole-network broadcasting, wherein,
      the network access node encrypts the network access application message M1And an encrypted authentication code P1The method for carrying out the whole network broadcast specifically comprises the following steps: the network access node encrypts the network access application message M1And an encrypted authentication code P1Sending the information to all nodes in the subnet where the network access node applies to join;
      step 203: the trust center receives the encrypted network access application message M in a monitoring mode1And an encrypted authentication code P1Then, using AES decryption algorithm to encrypt the network access application message M1And an encrypted authentication code P1Decrypting to obtain the decrypted network access application M2And a decrypted authentication code P2Wherein the security key used in the decryption process is the security key K of the trust center2;
      Step 204: the trust center applies for the received encrypted network access application message M1Is judged if M is valid1If yes, step 205 is executed, otherwise, the network access node is rejected to enter the subnet where the trust center is located, wherein,
      the trust center judges the received encrypted network access application message M1Whether valid or not includes: the trust center bases on its security key K2Applying for decrypted network access M by using AES algorithm2Calculating to obtain an authentication code P2', if P2And P2' same, it means the encrypted network access application message M1Is effectiveOtherwise, the encrypted network access application message M is represented1Is invalid;
      step 205: the trust center sends a network access permission command to the network access node in a wireless unicast transmission mode;
      step 206: and after receiving the network access permission command, the network access node performs network access operation and enters the subnet.
    
    
      Example 4
      In step 205 of embodiment 3, since the network entry permission command sent by the trust center to the network entry node is also a type of message in nature, the operation of sending the network entry permission command to the network entry node by the trust center may also be performed by using steps similar to the flow of message transmission and security authentication in embodiment 2.
      Fig. 5 is another schematic flow chart of a method for securely transmitting a message in a sensor network according to the present invention, where when a node enters a subnet of the sensor network, a trust center of the subnet performs security authentication on a network access application message sent by the node, and for convenience of description, the above-mentioned node applying for network access is also referred to as a network access node, where setting of security keys of the network access node and the trust center and operations of calculating, encrypting, and decrypting using an AES algorithm are the same as those described in embodiment 3, and are not described again here, as shown in fig. 5, the flow includes the following steps:
      steps 301 to 304 are the same as steps 201 to 204 in embodiment 2;
      step 305: the trust center calculates the network access permission command by using an AES algorithm to obtain a network access permission authentication code, then encrypts the network access permission command and the network access permission authentication code by using the AES algorithm respectively, and sends the encrypted network access permission command and the encrypted network access permission authentication code obtained after encryption to the network access node in a wireless unicast transmission mode, wherein the security keys used for calculation and encryption by using the AES algorithm are the security keys of the trust center;
      step 306: after receiving the encrypted network access permission command and the encrypted network access permission authentication code, the network access node decrypts the received encrypted network access permission command and the encrypted network access permission authentication code respectively by using an AES algorithm according to the security key of the network access node to obtain the decrypted network access permission command and the decrypted network access permission authentication code;
      step 307: the access node judges the validity of the received encrypted access permission command, if the access permission command is valid, the access node performs access operation, otherwise, the process is ended, wherein,
      the judging the validity of the received encrypted network access permission command by the network access node comprises the following steps: and the network access node calculates the decrypted network access permission command by using an AES algorithm according to the security key to obtain a comparison authentication code, if the comparison authentication code is the same as the decrypted network access permission authentication code, the encrypted network access permission command is valid, and otherwise, the encrypted network access permission command is invalid.
    
    
      Example 5
      The invention also provides a security key distribution method for updating the security key of the node in the sensor network, which specifically comprises the following steps: in a sensor network, a trust center is used for distributing security keys, a pair of same check keys is respectively distributed for the trust center and all nodes (hereinafter referred to as key receiving nodes) needing to update the security keys, the check key pair comprises an encryption check key and a decryption check key, and the pair of check keys are mutually associated, namely, an original security key can be encrypted by using an encryption algorithm according to the encryption check key to obtain an encrypted security key, and then the encrypted security key can be decrypted by using the encryption algorithm according to the decryption check key, so that the encrypted security key is restored to the original security key; the trust center of the distributed key encrypts a security key (hereinafter referred to as a new key) to be distributed to the key receiving nodes by using an encryption algorithm according to the encryption verification key to obtain an encrypted new key, and sends the encrypted new key to all the key receiving nodes in a Zigbee wireless transmission mode; and after receiving the encrypted new key, the key receiving node decrypts and judges the effectiveness of the encrypted new key according to the decryption check key, and if the encrypted new key is effective, the security key is replaced by the decrypted new key.
      Fig. 6 is a schematic flowchart of a process of updating a security key of a key receiving node of a sensor network according to the security key distribution method of the present invention, and as shown in fig. 6, the steps of the process are as follows:
      step 401: respectively distributing a pair of same check keys for the trust center and all Key receiving nodes, wherein the check Key pair comprises an encryption check Key Key1And a decryption verification Key2Wherein
      can verify the Key according to encryption1An original Key is encrypted by using an encryption algorithm, preferably RSA (RonRivest, Adi Shamirh, LenAdleman) algorithm in the example to obtain an encrypted Key, and then the encrypted Key is verified according to decryption2Decrypting the encrypted key by using an RSA algorithm so as to restore the encrypted key to an original key;
      when network planning is carried out, an administrator distributes a pair of same verification keys for the trust center and all key receiving nodes respectively;
      step 402: setting a new key to k1The trust center of the distributed Key verifies the Key Key according to the encryption1Using RSA algorithm to pair new key k1Encryption is carried out to obtain a new encrypted key k1’;
      Step 403: the trust center of the distributed key encrypts a new key k1The key is sent to a key receiving node in a Zigbee wireless transmission mode;
      step 404: the key receiving node receives the encrypted new key k1' later, the verification Key Key is decrypted according to it2Using RSA algorithm to decrypt to obtain decrypted new key k1”;
      Step 405: the key receiving node judges the decrypted new key k1"if valid, then step 406 is performed, otherwise, the process of key update ends,
      specifically, the Key receiving node verifies the Key Key according to the encryption thereof1Using RSA algorithm to decrypt new key k1Encryption is carried out to obtain an authentication key k, if k and k are1' same then means the new key k after decryption1If "is valid, step 406 is performed, otherwise, the decrypted new key k is indicated1If the key is invalid, the key updating process is ended;
      step 406: the key receiving node replaces the security key with a new decrypted key k1”。
    
    
      Example 6
      On the basis of the embodiment 1, the secure key distribution method in the embodiment 5 is adopted to match the secure key K in the embodiment 11......、KnAnd updating is carried out to further improve the safety of message transmission of the sensor network and avoid the instant weakness in the process of updating the security key.
      Fig. 7 is a schematic diagram of another network topology of the method for securely transmitting messages in a sensor network according to the present invention, as shown in fig. 7, similar to the sensor network described in fig. 2, the sensor network is also composed of N subnets, including a first subnet, a second subnet, and an nth subnet, and each subnet further includes a trust center,
      wherein, the first isWithin the subnet, a first node1The node, the first aggregation node, the first gateway node and the first trust center all use the same security key K1... in the Nth subnetwork, the nth1+n2......+nN-1+1 node1+n2......+nN-1+nNThe node, the Nth aggregation node, the Nth gateway node and the Nth trust center all use the same security key KNSecure key K1、K2......、KNDifferent from each other, the following describes an update process of the security key of the sensor network, taking the first subnet as an example.
      In the first subnet, a pair of check keys Key is distributed to all nodes1、Key2The description of the verification key pair is the same as the description related to embodiment 5, and will not be repeated here. Secure key k1As a new key, the first trust center connects the first node, the second node1Updating the security keys of the node, the first sink node and the first gateway node into a new key k1The specific update procedure is similar to the security key update procedure of embodiment 5, and will not be described herein again;
      in addition, during the above operation, the first trust center needs to use the security key K1Is updated to k1This operation may be directed to the first node, the second node, the nth node at the first trust center1The node, the first aggregation node and the first gateway node are performed before, at the same time or after the encrypted new security key is sent.
    
    
      Example 7
      Fig. 8 is a schematic structural diagram of a secure transmission system of messages in a sensor network according to the present invention, and as shown in fig. 8, the system includes: a first subnetwork, a second subnetwork, an nth subnetwork, wherein,
      the first node1Node, first sink node and firstThe gateway nodes are all nodes of a first sub-network, the nth1+1 node1+n2The node, the second sink node and the second gateway node are all nodes of a second subnet1+n2...+nN-1+1 node1+n2...+nN-1+nNThe node, the Nth sink node and the Nth gateway node are all nodes of the Nth sub-network; the first node1The node, the first aggregation node and the first gateway node all have the same security key K1N th1+1 node1+n2The node, the second sink node and the second gateway node all have the same security key K2..., n1+n2...+nN-1+1 node1+n2...+nN-1+nNThe node, the Nth sink node and the Nth gateway node all have the same security key KNSecure key K1,K2......,KNAre different from each other; and the first subnet, the second subnet and the Nth subnet carry out message transmission through the first gateway node, the second gateway node. Wherein n is1、n2...、nN-1、nNAnd N is a natural number. In addition, the sink node and the gateway node are also used for message transmission between the sub-network and the server.
    
    
      Example 8
      In the system for secure transmission of messages depicted in fig. 8, all nodes may comprise a message sending module and a message receiving module, wherein,
      the message sending module is used for calculating the message to be sent by using an AES algorithm according to the security key of the node to which the message sending module belongs and obtaining an original authentication code, encrypting the message to be sent and the original authentication code by using the AES algorithm according to the security key of the node to which the message sending module belongs respectively so as to obtain an encrypted message and an encrypted authentication code, and then sending the encrypted message and the encrypted authentication code to a message receiving module of another node which is in the same subnet as the node to which the message sending module belongs and receives the message;
      a message receiving module, for decrypting the received encrypted message and the encrypted authentication code by using AES algorithm according to the security key of the node to which the message receiving module belongs after receiving the encrypted message and the encrypted authentication code, obtaining the decrypted message and the decrypted authentication code, and judging the validity of the received encrypted message, if valid, storing the decrypted message, otherwise, not storing the decrypted message, wherein,
      determining whether the encrypted message is valid comprises: the message receiving module calculates the decrypted message by using an AES algorithm according to the security key of the node to which the message receiving module belongs to obtain a message verification authentication code, if the message verification authentication code is the same as the decrypted authentication code, the received encrypted data is valid, and otherwise, the received encrypted data is invalid;
      in addition, in the above system, the description about the AES algorithm is the same as that described in relation to embodiment 2, and will not be described again here.
    
    
      Example 9
      In the system for secure transmission of messages depicted in fig. 8, all subnets may also comprise a trust center, the system further comprising one or more network entry nodes, wherein,
      each network access node comprises a network access application module, and each trust center comprises a network access authentication module;
      the network access application module is used for calculating the network access application message and obtaining an original network access application authentication code by using an AES (advanced encryption standard) algorithm according to the security key of the network access node to which the network access application module belongs, encrypting the network access application message and the original network access application authentication code by using the AES algorithm according to the security key of the network access node to which the network access application module belongs so as to obtain the encrypted network access application message and the encrypted network access application authentication code, and sending the encrypted network access application message and the encrypted network access application authentication code to the network access authentication module of the trust center of the same subnet as the node to which the network access application module belongs;
      the network access authentication module is used for decrypting the received encrypted network access application message and the encrypted network access authentication code by using an AES algorithm according to the security key of the trust center to which the encrypted network access application message and the encrypted network access authentication code belong respectively after receiving the encrypted network access application message and the encrypted network access authentication code, obtaining the decrypted network access application message and the decrypted network access authentication code, judging whether the received encrypted network access application message is valid, if so, sending a network access permission command to the network access application module, otherwise, refusing the network access node to which the network access application module belongs to enter the subnet to which the trust center to which the network access authentication module belongs is located, wherein,
      judging whether the received encrypted network access application is valid comprises the following steps: the network access authentication module calculates the decrypted network access application message by using an AES algorithm according to the security key of the trust center to which the network access authentication module belongs to obtain a network access verification authentication code, if the network access verification authentication code is the same as the decrypted authentication code, the received encrypted network access application message is valid, and if not, the received encrypted network access application message is invalid;
      further, in the above system, the description about the use of the AES algorithm is the same as that described in embodiment 2, and will not be described again here.
    
    
      Example 10
      In the system according to embodiment 9, each trust center further has a command sending module, each network access node further has a command receiving module,
      the command sending module is used for obtaining the network access permission command from the network access authentication module of the trust center to which the command sending module belongs, calculating the network access permission command and obtaining a command authentication code by using an AES algorithm according to the security key of the trust center to which the command sending module belongs, and encrypting the network access permission command and the command authentication code by using the AES algorithm according to the security key of the trust center to which the command sending module belongs, so that the encrypted network access permission command and the encrypted command authentication code are obtained and sent to the command receiving module of the network access node sending the network access application;
      a command receiving module, configured to decrypt the received encrypted network access permission command and the encrypted command authentication code respectively by using an AES algorithm according to a security key of a node to which the command receiving module belongs after receiving the encrypted network access permission command and the encrypted command authentication code, to obtain a decrypted network access permission command and a decrypted command authentication code, and determine whether the received encrypted network access permission command is valid, if so, the network access node to which the command receiving module belongs is connected to perform a network access operation, otherwise, the network access node to which the command receiving module belongs is not performed with the network access operation, where,
      the operation of judging whether the received encrypted network access allowing command is valid comprises the following steps: the command receiving module calculates the decrypted network access permission command by using an AES algorithm according to the security key of the network access node to which the command receiving module belongs to obtain a command verification authentication code, if the command verification authentication code is the same as the decrypted command authentication code, the received encrypted network access permission command is valid, and otherwise, the received encrypted network access permission command is invalid;
      in addition, in the above system, the description about the use of the AES algorithm is the same as that described in relation to embodiment 2, and will not be described again here.
    
    
      Example 11
      Fig. 9 is a schematic structural diagram of a secure key distribution system of the present invention, as shown in fig. 9, including: n-th node1A node, a first trust center, wherein,
      n-th node1The node is provided with a first key receiving module and a second key receiving module respectively1The first trust center is provided with a first key sending module;
      n1The key receiving module and the first key sending module are both provided with a same encryption verification key and a same decryption verification key, and can encrypt an original key by using an RSA algorithm according to the encryption verification key to obtain an encrypted key, and then decrypt the encrypted key by using the RSA algorithm according to the decryption verification key, so that the encrypted key is restored to the original key;
      the first key sending module is used for encrypting the security key to be distributed by using an RSA algorithm according to the encryption verification key, sending the encrypted security key to all key receiving modules, and replacing the security key of the trust center with the security key to be distributed before, at the same time or after the encrypted security key is sent to all key receiving modules;
      the first key receiving module, the second key receiving module1The key receiving module is used for decrypting the encrypted security key by using an RSA algorithm according to the decrypted security key after receiving the encrypted security key to obtain the decrypted security key, encrypting the decrypted security key according to the encryption verification key of the key to obtain an authentication key, and replacing the security key of the node to which the key belongs with the decrypted security key if the authentication key is the same as the decrypted security key; wherein,
      the RSA algorithm is well known in the art and will not be described in detail here.
    
    
      Example 12
      The secure key distribution system shown in fig. 9 can also be applied to the message secure transmission system shown in fig. 8. On the basis of the system shown in fig. 8, a trust center is respectively provided for the first subnet, the second subnet, and the nth subnet, and the first node1N-th node1+n2...+nN-1+nNThe node, the first aggregation node, the Nth aggregation node, the first gateway node and the Nth gateway node respectively comprise a key receiving module, each trust center also comprises a key sending module, wherein,
      each key sending module and each key receiving module are provided with a same encryption verification key and a same decryption verification key, and can encrypt an original key by using an RSA algorithm according to the encryption verification key to obtain an encrypted key, and then decrypt the encrypted key by using the RSA algorithm according to the decryption verification key, so that the encrypted key is restored to the original key;
      the key sending module is used for encrypting the security key to be distributed by using an RSA algorithm according to the encryption verification key, sending the encrypted security key to the key receiving modules of all nodes except the trust center of the subnet where the node belongs, and replacing the security key of the trust center where the node belongs with the security key to be distributed while, before or after the key sending module sends the encrypted security key;
      the key receiving module is used for decrypting the encrypted security key by using an RSA algorithm according to the decrypted security key after receiving the encrypted security key to obtain the decrypted security key, encrypting the decrypted security key according to the encryption verification key of the key to obtain an authentication key, and replacing the security key of the node to which the key belongs with the decrypted security key if the authentication key is the same as the decrypted security key; wherein,
      the RSA algorithm is well known in the art and will not be described in detail here.
      The method and the system for safely transmitting the messages in the sensor network have the advantages that all the nodes use the same safety key to carry out encryption transmission and safety authentication on the messages in the same subnet of the sensor network, the safety of the messages transmitted in the sensor network is improved, the safety keys used by the nodes belonging to different subnets are different, the messages are transmitted between the different subnets through the gateway nodes of the subnets, the mutual interference between the different subnets in the message transmission process is reduced, and the connectivity and the safety of the sensor network are ensured at the same time. In addition, the method and the system for distributing the security key encrypt the distributed security key, which ensures the security of the distributed security key, thereby solving the problem of instant weakness in the updating process of the security key.
      The above description is only a preferred embodiment of the present invention, and is not intended to limit the present invention, and it will be apparent to those skilled in the art that various modifications and variations can be made in the present invention. Various modifications, equivalent substitutions, improvements and the like can be made without departing from the spirit and principles of the invention, and are intended to be included within the scope of the invention.