CN114697957B - Identity authentication and data encryption transmission method based on wireless self-organizing network - Google Patents

Abstract

The present invention discloses an identity authentication and data encryption transmission method based on a wireless self-organizing network, comprising: initializing each node; generating a digital signature; performing distributed identity authentication; and performing data encryption and data decryption. In the present invention, a new node can be added to the network at any time, and other nodes do not need to be reinitialized. The information transmission process enhances the security of data transmission, prevents eavesdropping, and has stronger robustness. The transmitted information has anti-counterfeiting and traceability. The digital signature has a message authentication function, which can prevent the information from being illegally tampered with, and can timely discover abnormal nodes and count the abnormal conditions of the nodes. When the abnormal conditions reach a threshold, data interaction with the node should be stopped. The present invention adopts a distributed identity authentication method, and each node can perform identity authentication. The new node can perform identity authentication nearby, which improves the efficiency of identity authentication, reduces network overhead, and enhances the network's anti-damage capability.

Description

Identity authentication and data encryption transmission method based on wireless self-organizing network

Technical Field

The invention relates to the technical field of security of wireless self-organizing networks. More particularly, to an identity authentication and data encryption transmission method based on a wireless self-organizing network.

Background

Conventional wireless cellular communication networks require support from fixed network devices (e.g., switches, routers, base stations, etc.) for data forwarding and user service control. However, in some special occasions without these infrastructures, such as battlefield, remote mountain areas, rescue sites of disasters such as fire and flood, temporary meeting places, etc., there is a strong need for a new network form, which can realize fast networking without depending on any communication infrastructure, and complete network establishment, maintenance and information transmission by means of mutual cooperation between wireless terminals. To meet this demand, wireless ad hoc networks have evolved.

A wireless ad hoc network (Mobile Ad Hoc Network, MANET) is a temporary network built by a group of mobile terminals with wireless network interfaces without the assistance of fixed network infrastructure and centralized management, so it does not require fixed infrastructure support, but rather is a network formed by the self-organization of multiple mobile terminals. Mobile terminals in a wireless ad hoc network are also called nodes, and each node can move at will and forward data in a direct or indirect way to realize mutual communication. Nodes in the wireless self-organizing network take two functions of a terminal and a router into consideration, and data can be forwarded to a destination node by a sender through multiple hops. When the wireless self-organizing network is communicated, other user nodes forward data. The network form breaks through the geographical limitation of the traditional wireless cellular network, has the characteristics of self-organization, no centrality, dynamic topology, multi-hop routing and the like, can be deployed more quickly, conveniently and efficiently, and is suitable for the communication needs of some emergency occasions, such as a single-soldier communication system in a battlefield.

The inventors have found that the above-described feature prevents the use of a center-based authentication service directly in a wireless ad hoc network. Meanwhile, the wireless self-organizing network is more easily subject to external security attacks due to the characteristics of wireless signal transmission data, frequent topology transformation, no third party authentication and the like.

Therefore, it is desirable to provide an authentication and data encryption transmission method based on a wireless ad hoc network, which is not easily subject to external security attacks.

Disclosure of Invention

In order to overcome at least one of the problems, the invention aims to provide an identity authentication and data encryption transmission method based on a wireless self-organizing network, so that a new node can access the network without reinitialization when accessing the network, the data transmission safety is enhanced, eavesdropping is prevented, the transmitted information has stronger robustness under the conditions of poor wireless channel environment and packet loss of the information, the transmitted information has anti-counterfeiting and traceability, each node can perform the identity authentication, and the new node can perform the identity authentication nearby, thereby improving the efficiency of the identity authentication, reducing network overhead and enhancing the anti-damage capability of the network.

In order to achieve the above purpose, the invention adopts the following technical scheme:

The invention provides an identity authentication and data encryption transmission method based on a wireless self-organizing network, which is applied to the wireless self-organizing network, wherein the wireless self-organizing network comprises a plurality of nodes, and the method comprises the following steps:

Initializing each node, wherein each node has a unique identifier, and a first global sharing single key K _D and a second global sharing single key K _A are built in;

The node takes a corresponding unique identifier and a request authentication message as an initialization input M, and performs encryption operation based on the first global sharing single key K _D and a double-key digital signature method to generate a digital signature;

Performing distributed identity authentication, wherein the nodes comprise a new network node and a network node, respectively performing distributed identity authentication on the new network node and the network node, and

And performing data encryption and data decryption, wherein the data encryption and the data decryption are performed based on the second global sharing single key K _A.

In one embodiment, the first global shared single key K _D is used for the new network node to generate a digital signature in cooperation with the two-key digital signature method, and the second global shared single key K _A is used for transmission and encryption.

In one embodiment, the generating the digital signature includes:

randomly selecting prime factors p and a prime factor q of p-1;

Carrying out hash operation based on the initialization input M, prime numbers p and prime factors q of p-1 to obtain a hash operation result g, wherein the initialization input M is an original message, and g=H (M, p, q);

generating a user key K _X1 and a corresponding public key K _Y1 based on the hash operation result g;

Selecting secret random number k

The initialization input M is encrypted based on the user key K _X1 and the first and global shared single keys K _D, resulting in a digital signature (r, s) =sig _k(M,p,q,g,K_X1).

In one embodiment, the performing distributed identity authentication on the newly-accessed node includes:

The new network access node determining an identity authentication message M 'based on the initialization input M, the digital signature (r, s), the prime number p, the prime factor q, and the public key K _Y1, the M' =m| (r, s) |q|p|k _Y1;

Encrypting the identity authentication message M' by a single key method based on the second global shared single key K _A;

Broadcasting information transmission is carried out on the encrypted identity authentication message M';

After receiving the broadcast information, other arbitrary nodes perform single-key method decryption based on the locally stored second global sharing single-key K _A;

Performing digital signature verification based on the public key K _Y1 and the first global sharing single key K _D to obtain a digital signature v=Ver (M, s, q, p) to be verified, and

And if the digital signature v=ver (M, s, q, p) to be verified is consistent with r in the signature (r, s), determining the node as a legal node, and listing the node identity in a routing table.

In one embodiment, the performing distributed identity authentication on the newly-accessed node further includes:

Other arbitrary nodes determine the initialization input M, digital signature (r, s), prime number p, prime factor q and public key K _Y1 of the corresponding nodes;

Determining an identity authentication message M 'of other arbitrary nodes based on the initialization input M, the digital signature (r, s), the prime number p, the prime factor q and the public key K _Y1 of the other arbitrary nodes, wherein M' =m| (r, s) |q|p|k _Y1;

Encrypting the identity authentication message M' of the other arbitrary nodes based on the second global sharing single key K _A by a single key method;

Broadcasting information transmission is carried out on the encrypted identity authentication message M';

After receiving the broadcast information, the newly-accessed node decrypts the broadcast information by a single-key method based on the locally stored second global sharing single-key K _A;

Performing digital signature verification based on the public key K _Y1 and the first global sharing single key K _D to obtain a digital signature v=Ver (M, s, q, p) to be verified, and

And if the to-be-verified digital signature v=ver (M, s, q, p) is consistent with r in the digital signature (r, s), determining the other arbitrary nodes as legal nodes, and listing the node identities of the other arbitrary nodes in a routing table.

In one embodiment, the performing distributed identity authentication on the network node includes:

When the network node receives the identity authentication information of the new network node, the network node carries out identity authentication on the new network node;

If the new network node is verified to be legal, the identity authentication information of the network node is requested to be sent to the new network node again;

The new network node performs identity authentication on the network node and

The network node sends the public key K _Y1 of the network node to the new network node.

In one embodiment, the encrypting of the data before the initializing input M is sent to the user in the routing table comprises:

Signing the data based on a digital signature public key K _Y1 and a local digital signature private key K _X generated by the opposite party to obtain digital signatures (r, s);

Determining an identity authentication message M 'based on the initialization input M, the digital signature (r, s), the prime number p, the prime factor q, and the public key K _Y1, the M' =m| (r, s) |q|p|k _Y1;

encrypting the identity authentication message M' by a single key method based on the second global sharing single key K _A to obtain an encrypted message C, and

And sending the encrypted message C to an opposite terminal.

In one embodiment, the data decryption includes:

The opposite terminal receives the encrypted message C;

Performing single-key method decryption based on the locally stored second global shared single key K _A to obtain the initialization input M;

Performing digital signature verification based on the public key K _Y1 and the local private key K _X1 to obtain a digital signature v=Ver (M, s, q, p) to be verified;

If the digital signature v=ver (M, s, q, p) to be verified is consistent with r in the signature (r, s), determining the node as a legal node and the message is not tampered, completing the identity authentication and data encryption transmission process based on the wireless self-organizing network, and

And if the digital signature v=ver (M, s, q, p) to be verified is inconsistent with r in the signature (r, s), adding 1 to the confidence loss value in the local routing table of the corresponding node.

In one embodiment, the data decryption further comprises:

and if the number of times that the v=ver (M, s, q, p) of the digital signature to be verified is inconsistent with r in the signature (r, s) is greater than or equal to 3, stopping data interaction with the node.

In one embodiment, if the node is determined to be a legitimate node and the message has not been tampered with, the confidence loss value in the local routing table of the corresponding node is set to zero.

The beneficial effects of the invention are as follows:

In the invention, when the initialization parameter is bound, the identity information of other nodes is not required to be bound, so that when a new node is accessed to the network, the other nodes can be accessed to the network at any time without reinitialization. The single key encryption method is adopted in the information transmission process, so that the data transmission safety is enhanced, eavesdropping is prevented, and the robustness is stronger than that of the stream encryption algorithm under the condition that the wireless channel environment is poor and the packet loss exists in the information. The digital signature technology enables the transmitted information to have anti-counterfeiting and traceability, further can complete the identity authentication work, and meanwhile, the digital signature has a message authentication function and can prevent the information from being illegally tampered. The method and the system can discover abnormal nodes in time, count abnormal conditions of the nodes, and stop data interaction with the nodes when the abnormal conditions reach a threshold value. By adopting the distributed identity authentication method, each node can perform identity authentication, and the new node can perform identity authentication nearby, thereby improving the efficiency of the identity authentication, reducing network overhead and enhancing the anti-damage capability of the network.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.

Fig. 1 shows a flowchart of an authentication and data encryption transmission method based on a wireless ad hoc network according to an embodiment of the present invention;

fig. 2 shows an overall flowchart of an authentication and data encryption transmission method according to an embodiment of the present invention;

FIG. 3 illustrates a flow chart for generating a digital signature according to an embodiment of the invention;

Fig. 4 shows a transmission flow chart of encryption and decryption of authentication information according to an embodiment of the invention, and

Fig. 5 shows a data encryption/decryption transmission flow chart according to an embodiment of the present invention.

Detailed Description

The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application. Like parts in the drawings are denoted by the same reference numerals. It is to be understood by persons skilled in the art that the following detailed description is illustrative and not restrictive, and that this application is not limited to the details given herein. It should be further noted that, for convenience of description, the gold output in the drawings is related to the present application. It will be apparent that the described embodiments are only some, but not all, embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.

A wireless ad hoc network is a temporary network built by a group of mobile terminals with wireless network interfaces without the assistance of fixed network infrastructure and centralized management. Nodes in the wireless self-organizing network take two functions of a terminal and a router into consideration, and data can be forwarded to a destination node by a sender through multiple hops. The network has the characteristics of self-organization, no centrality, dynamic topology, multi-hop routing and the like. However, the center-based authentication service due to the characteristics cannot be directly applied to the wireless self-organizing network, and meanwhile, the wireless self-organizing network is more easily subject to external security attacks due to the characteristics of wireless signal transmission data, frequent topology transformation, no third party authentication and the like.

Currently, research on wireless ad hoc networks includes:

1. The seventh and ninth research institute applies for a safety guide model for distributed identity authentication in a mobile self-organizing network (application number CN200610124572.6, publication number CN 1953374) of a China ship reworking group, and discloses a safety guide module for distributed authentication in a wireless self-organizing network, and an identity authentication method based on a threshold digital signature is introduced into the wireless self-organizing network to perform identity authentication hop by hop.

The method has the advantages that the source route can be ensured not to be tampered in the route request stage, a legal participant is placed to perform false local signature so as to prevent signature verification, and meanwhile, the method has the capacity of preventing eavesdropping and replay attack. However, the method can only generate digital signatures when there are not less than t nodes in the network, otherwise, only partial signatures can be performed, and strict threshold signatures cannot be performed, in this case, the security is reduced, and meanwhile, the hop-by-hop identity authentication method greatly increases the time and complexity of information processing, which is not beneficial to the rapid circulation of information.

2. Patent "a data transmission method based on wireless self-organizing network for preventing fraud and attack" (application number 201510344412.1, application publication number 104883372) filed by fifty-fourth research institute of China electronic technology group company discloses a method for realizing rapid authentication and key negotiation of nodes in wireless self-organizing network by adopting a signcryption algorithm protocol and a data encapsulation protocol based on stream encryption. The method uses a signature algorithm to process the request authentication information, the communication key and the local time stamp, then broadcasts, receives the authentication node to decrypt, checks whether the time stamp is consistent with the local time, verifies the validity of the authentication information, then uses a stream encryption algorithm to encrypt the data after verification, and uses the communication key as a symmetric key to transmit information.

The method has the advantages that the quick authentication can be completed by only using one round of signcryption algorithm during the identity authentication, and meanwhile, the algorithm based on stream encryption can encrypt and transmit data in real time, so that the security of the data is ensured. However, the method binds public and private key pairs of all members during initial authentication, and when new members outside the group join, the public and private key pairs of each node need to be reset to access the network, so that the random access of new nodes in the wireless self-organizing network is not facilitated, and meanwhile, a mode of checking a time stamp is used as a condition of identity authentication, so that legal nodes with abnormal time cannot normally join the network.

That is, none of the above prior art techniques has very good benefits with respect to the above-described problems of wireless ad hoc networks.

In order to solve at least one of the problems, the inventor researches and explores a digital signature technology, a distributed identity authentication technology and a data encryption technology, and provides a distributed identity authentication and data encryption transmission method based on a mobile wireless self-organizing network.

The digital signature is also called public key digital signature, which is a section of digital string that can not be forged by others only the sender of the information, and is also a valid proof of the authenticity of the information sent by the sender of the information. It is a method for authenticating digital information that resembles a common physical signature written on paper, but is implemented using techniques in the field of public key cryptography. A set of digital signatures typically defines two complementary operations, one for signing and the other for verification. Digital signature is the application of asymmetric key encryption technology and digital digest technology. In the invention, the digital signature technology ensures the anti-counterfeiting and traceability of information transmitted between nodes in the wireless ad hoc network, has the attribute of authentication, and performs identity authentication on the basis.

Authentication, also known as authentication, refers to the completion of user identity verification by a certain means. There are many methods of authentication, which can be basically classified into authentication based on a shared key, authentication based on biological characteristics, and authentication based on a public key encryption algorithm. The distributed identity authentication method can shorten the data transmission path of the identity authentication, improve the network efficiency and finally realize the distributed identity authentication and data encryption transmission based on the wireless self-organizing network.

Data encryption refers to converting plaintext into ciphertext through an encryption algorithm and an encryption key, and decryption refers to recovering ciphertext into plaintext through a decryption algorithm and a decryption key. The core of data encryption is cryptography, information is encrypted by using a cryptographic technology, information concealment is achieved, and therefore the function of protecting information safety is achieved, and the method is the most reliable method for protecting information by a computer system. In the invention, the data transmitted subsequently is encrypted according to the opposite party public key obtained in the identity authentication process, so that the safety of data transmission is ensured.

As shown in FIG. 1, the embodiment of the invention provides an identity authentication and data encryption transmission method based on a wireless self-organizing network, which is applied to the wireless self-organizing network, and comprises a plurality of nodes, wherein each node is provided with a unique identifier, a first global sharing single key K _D and a second global sharing single key K _A are built in, a digital signature is generated, the node takes the corresponding unique identifier and a request authentication message as an initialization input M, encryption operation is carried out based on the first global sharing single key K _D and a double-key digital signature method to generate the digital signature, distributed identity authentication is carried out, the nodes comprise a new network node and an accessed network node, distributed identity authentication is carried out on the new network node and the accessed network node respectively, data encryption and data decryption are carried out, and data encryption and data decryption are carried out on the basis of the second global sharing single key K _A.

The respective processes are described in detail below.

(1) Node initialization, wherein each node added into a wireless self-organizing network has a unique identifier, and is internally provided with a global shared single key K _D and a double-key system digital signature algorithm, and a global shared single key K _A and a single key encryption algorithm;

(2) The node uses the unique identifier and the request authentication message as an initialization input M, runs a double-key system digital signature algorithm, randomly selects prime numbers p and prime factors q of (p-1), carries out hash operation to obtain g=H (M, p, q), generates a user key K _X1 and a corresponding public key K _Y1 according to the hash operation, selects a secret random number K, carries out encryption operation on the message M by using the key K _X1 and a global sharing single key K _D, and obtains a signature (r, s) =Sig _k(M,p,q,g,K_X1.

(3) And in the identity authentication process, if the node is started and is connected to the network, the node should concatenate the original identity information, the digital signature, the coefficient q, the coefficient p and the public key K _Y1 to form an identity authentication message M ', M ' =M| (r, s) |q|p|K _Y1 to be transmitted, and the M ' is encrypted by adopting a global sharing single key K _A through a single key algorithm and then transmitted in a broadcasting mode. After receiving the broadcast information, any other node shall utilize the locally stored global shared single key K _A to perform single key algorithm decryption, then utilize the parsed K _Y1 and the global shared public key K _D to perform digital signature verification, and if v=ver (M, s, q, p) is consistent with r in the signature, the other node can be proved to be a legal node, and the identity of the other node is listed in the routing table. In this process, the node may receive the authentication message sent by other nodes, and at this time, the node performs authentication on other nodes according to the authentication flow.

If the node and other nodes complete the wireless self-organizing network construction, when the identity authentication information of the new node accessing the network is received, after verifying that the identity is legal, the self-identity authentication information is required to be sent to the new node again in order to enable the new node to authenticate the self-identity, and meanwhile, the public key of the self digital signature is sent to the new node.

(4) And (3) data encryption and decryption: before sending the message M to the user in the routing table, the data is signed (r, s) using the digital signature public key K _Y1 and the principal digital signature private key K _X generated by the other party, the original message M, the signature (r, s), coefficient q, coefficient p, public key KY1 to obtain message M '=m| (r, s) |q|p|k _Y1 to be sent, and (3) encrypting the M' by adopting a K _A single key algorithm, and sending the encrypted message C to the opposite terminal.

After receiving the message C, the opposite terminal uses the global shared single key K _A stored locally to carry out single key algorithm decryption to obtain the original information M, then carries out digital signature verification by combining the local private key K _X1 according to the digital signature public key K _Y1, and if v=Ver (M, s, q, p) is consistent with r in the signature, the opposite terminal can prove that the opposite terminal is a legal node and the message is not tampered, thus completing the distributed identity authentication and data encryption transmission process based on the mobile wireless self-organizing network. If v is inconsistent with r, the message may be tampered by a third party, the confidence loss value of the node in the local routing table should be increased by 1, and if identity verification inconsistent information is received for more than 3 times, the data interaction with the node should be stopped.

In a specific application scenario, the distributed identity authentication and data encryption transmission method based on the mobile wireless self-organizing network adopts a digital signature technology, a distributed identity authentication technology and a data encryption and decryption technology, and specifically comprises the following steps:

Step 1, node initialization, wherein each node added into a wireless self-organizing network has a unique identifier, a global shared single key K _D and a double-key system digital signature algorithm are built in, the global shared single key K _A and a single key encryption algorithm are carried out, the flow is shown in a figure 2, and the node A and the node B are all finished parameter presetting;

Step 2, node A and node B respectively read global shared single key K _D, global shared single key K _A and self identifier;

step 3, node a and node B respectively run a double-key digital signature algorithm, randomly select prime factors q of prime numbers p and (p-1), perform hash operation to obtain g=h (M, p, q), generate a user key and a corresponding public key according to the prime factors, select a secret random number K, perform encryption operation on the message M by using the key and a global shared single key K _D to obtain signatures (r, s), as shown in fig. 3, the node a generates a user private key K _XA and a user public key K _YA, and generates a digital signature (r _A,s_A), the node B generates a user private key K _XB and a user public key K _YB, and generates a digital signature (r _B,s_B);

step 4, respectively synthesizing messages M' to be transmitted by the node A and the node B, as shown in fig. 4;

Step 5, the node A and the node B encrypt the message M' to be sent by using the global shared single key K _A respectively by a single key algorithm to generate an encrypted identity authentication message C, as shown in figure 4;

step 6, the node A and the node B broadcast the encryption information of the node A and the node B respectively, and the identity authentication information is continuously broadcasted three times when a new node is started to access the network;

step 7, the node A and the node B respectively receive the information of the external node;

step 8, the node A and the node B decrypt the encrypted message C by utilizing the global shared single key K _A to obtain a message M;

Step 9, the node A decomposes the message M 'to obtain an original message M, a public key K _YB of the opposite user and a digital signature (r _B,s_B), and the node B decomposes the message M' to obtain the original message M, a public key K _YA of the opposite user and a digital signature (r _A,s_A);

Step 10, node a and node B respectively determine whether the opposite public key exists in the local routing table, if so, step 11 is performed, and if not, step 14 is performed directly.

Step 11, the node A and the node B respectively judge whether the corresponding value of the user's failure degree of the opposite public key in the local routing table is smaller than 3, if so, step 12 is carried out, and if not smaller than 3, step 7 is directly carried out;

step 12, respectively operating a double-key digital signature algorithm by the node A and the node B, substituting a user private key and an opposite user public key to calculate a digital signature v;

step 13, the node A and the node B respectively compare v obtained by operation with r in original information, if v=r, the information degree of failure of the opposite node is set to 0, and the step 16 is skipped, otherwise, the degree of failure of the opposite node is added with 1, and the step 7 is executed;

Step 14, respectively operating a double-key digital signature algorithm by the node A and the node B, substituting the double-key digital signature algorithm into the global sharing single key K _D and the public key of the opposite user to calculate a digital signature v;

Step 15, the node A and the node B respectively compare v obtained by operation with r in original information, if v=r, the opposite node information is added into a local routing table, and step 16 is carried out, otherwise, step 7 is carried out;

step 16, the node A and the node B respectively obtain the real message M of the opposite side;

Step 17, for the formal message M to be sent, the node a and the node B respectively run a double-key digital signature algorithm, and generate a digital signature (r _A,s_A) by using the user private key K _XA and the counterpart user public key K _YB by the node a, and generate a digital signature (r _B,s_B) by using the user private key K _XB and the counterpart user public key K _YA by the node B, as shown in fig. 5, and then return to step 4.

Thus, the distributed identity authentication and data encryption transmission based on the mobile wireless self-organizing network are completed.

In the invention, when the initialization parameter is bound, the identity information of other nodes is not required to be bound, so that when a new node is accessed to the network, the other nodes can be accessed to the network at any time without reinitialization. The single key encryption method is adopted in the information transmission process, so that the data transmission safety is enhanced, eavesdropping is prevented, and the robustness is stronger than that of the stream encryption algorithm under the condition that the wireless channel environment is poor and the packet loss exists in the information. The digital signature technology enables the transmitted information to have anti-counterfeiting and traceability, further can complete the identity authentication work, and meanwhile, the digital signature has a message authentication function and can prevent the information from being illegally tampered. The method and the system can discover abnormal nodes in time, count abnormal conditions of the nodes, and stop data interaction with the nodes when the abnormal conditions reach a threshold value. By adopting the distributed identity authentication method, each node can perform identity authentication, and the new node can perform identity authentication nearby, thereby improving the efficiency of the identity authentication, reducing network overhead and enhancing the anti-damage capability of the network.

It is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises an element.

Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative elements and steps are described above generally in terms of functionality in order to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.

The principles and embodiments of the present application have been described herein with reference to specific examples, but the description of the examples above is only for aiding in understanding the technical solution of the present application and its core ideas. It should be noted that it will be apparent to those skilled in the art that various changes and modifications can be made herein without departing from the principles of the application, which are also intended to fall within the scope of the appended claims.

It should be understood that the foregoing examples of the present invention are provided merely for clearly illustrating the present invention and are not intended to limit the embodiments of the present invention, and that various other changes and modifications may be made therein by one skilled in the art without departing from the spirit and scope of the present invention as defined by the appended claims.

Claims (6)

1. An identity authentication and data encryption transmission method based on a wireless self-organizing network is applied to the wireless self-organizing network, the wireless self-organizing network comprises a plurality of nodes, and is characterized in that,

The method comprises the following steps:

Initializing each node, wherein each node has a unique identifier, and a first global sharing single key K _D and a second global sharing single key K _A are built in;

The node takes a corresponding unique identifier and a request authentication message as an initialization input M, and performs encryption operation based on the first global sharing single key K _D and a double-key digital signature method to generate a digital signature;

Performing distributed identity authentication, wherein the nodes comprise a new network node and a network node, respectively performing distributed identity authentication on the new network node and the network node, and

Performing data encryption and data decryption, wherein the data encryption and the data decryption are performed based on the second global sharing single key K _A;

The first global sharing single key K _D is used for generating a digital signature by the new network access node in cooperation with the double-key digital signature method, and the second global sharing single key K _A is used for transmission and encryption;

The generating a digital signature includes:

randomly selecting prime factors p and a prime factor q of p-1;

Carrying out hash operation based on the initialization input M, prime numbers p and prime factors q of p-1 to obtain a hash operation result g, wherein the initialization input M is an original message, and g=H (M, p, q);

generating a user key K _X1 and a corresponding public key K _Y1 based on the hash operation result g;

Selecting secret random number k

Performing encryption operation on the initialization input M based on a user key K _X1 and a first and global shared single key K _D to obtain a digital signature (r, s) =sig _k(M,p,q,g,K_X1);

The step of carrying out distributed identity authentication on the newly-accessed network node comprises the following steps:

The new network access node determining an identity authentication message M 'based on the initialization input M, the digital signature (r, s), the prime number p, the prime factor q, and the public key K _Y1, the M' =m| (r, s) |q|p|k _Y1;

Encrypting the identity authentication message M' by a single key method based on the second global shared single key K _A;

Broadcasting information transmission is carried out on the encrypted identity authentication message M';

After receiving the broadcast information, other arbitrary nodes perform single-key method decryption based on the locally stored second global sharing single-key K _A;

Performing digital signature verification based on the public key K _Y1 and the first global sharing single key K _D to obtain a digital signature v=Ver (M, s, q, p) to be verified, and

If the digital signature v=ver (M, s, q, p) to be verified is consistent with r in the signature (r, s), determining the node as a legal node, and listing the node identity in a routing table;

the step of carrying out distributed identity authentication on the newly-accessed node further comprises the following steps:

Other arbitrary nodes determine the initialization input M, digital signature (r, s), prime number p, prime factor q and public key K _Y1 of the corresponding nodes;

Determining an identity authentication message M 'of other arbitrary nodes based on the initialization input M, the digital signature (r, s), the prime number p, the prime factor q and the public key K _Y1 of the other arbitrary nodes, wherein M' =m| (r, s) |q|p|k _Y1;

Encrypting the identity authentication message M' of the other arbitrary nodes based on the second global sharing single key K _A by a single key method;

Broadcasting information transmission is carried out on the encrypted identity authentication message M';

After receiving the broadcast information, the newly-accessed node decrypts the broadcast information by a single-key method based on the locally stored second global sharing single-key K _A;

Performing digital signature verification based on the public key K _Y1 and the first global sharing single key K _D to obtain a digital signature v=Ver (M, s, q, p) to be verified, and

And if the to-be-verified digital signature v=ver (M, s, q, p) is consistent with r in the digital signature (r, s), determining the other arbitrary nodes as legal nodes, and listing the node identities of the other arbitrary nodes in a routing table.

2. The method of claim 1, wherein said performing distributed authentication of said network-entered node comprises:

When the network node receives the identity authentication information of the new network node, the network node carries out identity authentication on the new network node;

If the new network node is verified to be legal, the identity authentication information of the network node is requested to be sent to the new network node again;

The new network node performs identity authentication on the network node and

The network node sends the public key K _Y1 of the network node to the new network node.

3. The method of claim 2, wherein the encrypting of the data before the initializing input M is sent to the user in the routing table comprises:

Signing the data based on a digital signature public key K _Y1 and a local digital signature private key K _X generated by the opposite party to obtain digital signatures (r, s);

Determining an identity authentication message M 'based on the initialization input M, the digital signature (r, s), the prime number p, the prime factor q, and the public key K _Y1, the M' =m| (r, s) |q|p|k _Y1;

encrypting the identity authentication message M' by a single key method based on the second global sharing single key K _A to obtain an encrypted message C, and

And sending the encrypted message C to an opposite terminal.

4. A method according to claim 3, wherein the decrypting of the data comprises:

The opposite terminal receives the encrypted message C;

Performing single-key method decryption based on the locally stored second global shared single key K _A to obtain the initialization input M;

Performing digital signature verification based on the public key K _Y1 and the local private key K _X1 to obtain a digital signature v=Ver (M, s, q, p) to be verified;

If the digital signature v=ver (M, s, q, p) to be verified is consistent with r in the signature (r, s), determining the node as a legal node and the message is not tampered, completing the identity authentication and data encryption transmission process based on the wireless self-organizing network, and

And if the digital signature v=ver (M, s, q, p) to be verified is inconsistent with r in the signature (r, s), adding 1 to the confidence loss value in the local routing table of the corresponding node.

5. The method of claim 4, wherein decrypting the data further comprises:

and if the number of times that the v=ver (M, s, q, p) of the digital signature to be verified is inconsistent with r in the signature (r, s) is greater than or equal to 3, stopping data interaction with the node.

6. The method of claim 4, wherein if the node is determined to be a legitimate node and the message has not been tampered with, setting the confidence loss value in the local routing table of the corresponding node to zero.