CN114095229B - Method, device and system for constructing data transmission protocol of energy internet - Google Patents
Method, device and system for constructing data transmission protocol of energy internet Download PDFInfo
- Publication number
- CN114095229B CN114095229B CN202111349176.4A CN202111349176A CN114095229B CN 114095229 B CN114095229 B CN 114095229B CN 202111349176 A CN202111349176 A CN 202111349176A CN 114095229 B CN114095229 B CN 114095229B
- Authority
- CN
- China
- Prior art keywords
- key
- client
- data
- public
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 49
- 230000005540 biological transmission Effects 0.000 title claims abstract description 44
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 25
- 238000004364 calculation method Methods 0.000 claims description 35
- 125000004122 cyclic group Chemical group 0.000 claims description 13
- 238000010276 construction Methods 0.000 claims description 8
- 239000000758 substrate Substances 0.000 claims 1
- 230000006854 communication Effects 0.000 abstract description 9
- 230000006870 function Effects 0.000 description 18
- 238000010586 diagram Methods 0.000 description 8
- 238000004590 computer program Methods 0.000 description 7
- 230000006872 improvement Effects 0.000 description 7
- 238000004891 communication Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 5
- 238000012545 processing Methods 0.000 description 4
- 238000001514 detection method Methods 0.000 description 2
- 238000005265 energy consumption Methods 0.000 description 2
- 238000005259 measurement Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
- H04L9/0841—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention provides a method, a device and a system for constructing a data transmission protocol of an energy internet, wherein the method comprises the following steps: the method comprises the steps that an IBC system is utilized to conduct identity authentication on a public key sender in an energy Internet user, after authentication is completed, a secret key of the public key sender is calculated, after the secret key is generated, a public key pair of a client side is sent to the client side, and a public key pair of a server is generated; based on the public and private key pair of the client and the public and private key pair of the server, carrying out key negotiation between the client and the server by using a Diffie-Hellman cryptosystem; and based on key negotiation between the client and the server, carrying out safe transmission on the electric power service data in the energy Internet by adopting the encryption data constructed by the lightweight symmetric cryptographic algorithm and the hash function. According to the method, a lightweight symmetric encryption algorithm is integrated in the communication process to realize data confidentiality protection, and a hash function with an authentication function guarantees data integrity and a timestamp guarantees data freshness.
Description
Technical Field
The invention belongs to the field of data transmission of energy Internet equipment, and particularly relates to a method, a device and a system for constructing a data transmission protocol of energy Internet.
Background
The trusted authentication of the energy internet device is the first gateway for ensuring that information resources are accessed legally. The security objective of the energy internet authentication mechanism is to authenticate the authenticity of the identity information of the data sender, ensure the validity and data integrity of specific data, ensure the freshness of received data and ensure that the received data is not replayed with outdated data. The reliable user and equipment identity access authentication and management solution is provided, the secure connection of the Internet of things equipment can be ensured, and the secure authorized access is provided for equipment users.
Because the devices in the energy internet have challenges in terms of computing power, memory storage requirements, dynamic security update, protection of physical variable capture, and some limitations of the devices themselves (limited computing power and storage space, resource limitation requirements, support of dynamic update, and the like), the traditional computer authentication protocol cannot be directly used in the energy internet devices, thereby causing the energy internet to face some security problems and challenges. The energy internet equipment is easy to be utilized by an attacker to acquire the identity authentication information of the user, forge the user identity or the communication node, and invade and attack other energy internet terminal equipment, access gateway and the like.
Intrusion protection includes two aspects: before and after intrusion. Protection before invasion belongs to network boundary protection, and a common technology is a network firewall; post-intrusion protection is Intrusion Detection (IDS), a mature security protection technique for information systems. But for the energy internet system with limited resources, the intrusion detection has little capability, so the main technology is in the aspect of safety protection before intrusion. For many energy internet devices, it is not practical to use firewall technology, so the main technical means of edge protection is identity authentication. Specifically, lightweight authentication is a key technology for improving resource-constrained internet of things devices.
Disclosure of Invention
In order to solve the problems in the prior art, the invention provides a method, a device and a system for constructing a data transmission protocol of an energy internet.
In order to achieve the above purpose, the invention adopts the following technical scheme:
a data transmission protocol construction method of energy Internet includes the following steps:
The method comprises the steps that an identity-based password system (i.e. an IBC system) is utilized to conduct identity authentication on a public key sender in the energy Internet, a secret key of the public key sender is calculated after authentication is completed, a public-private key pair is sent to a client after the secret key is generated, and a public-private key pair of a server is generated;
based on the public and private key pair of the client and the public and private key pair of the server, carrying out key negotiation between the client and the server by using a Diffie-Hellman cryptosystem;
And based on key negotiation between the client and the server, carrying out safe transmission on the electric power service data in the energy Internet by adopting the encryption data constructed by the lightweight symmetric cryptographic algorithm and the hash function.
As a further improvement of the invention, the IBC system is utilized to carry out identity authentication on a public key sender in the energy Internet user, after authentication is completed, a secret key of the public key sender is calculated, after the secret key is generated, a public-private key pair is sent to a client, and a public-private key pair of a server is generated; the method specifically comprises the following steps:
The IBC system generates a system parameter Params and a system master key s according to the security parameter K;
the private key generation center of the IBC system calculates a hash value of the identity information of the public key issuer according to the identity information ID of the public key issuer: the method for calculating the private key includes using the hash value as the public key, generating a key from the public key and the private key, and the IBC system generating the key uses the public key and the private key of the client as a pair after the key is generated, wherein P ID =h (ID) uses the hash value as the public key, and the private key calculation method is S ID=s*PID The method comprises the steps of sending a sequence number i to a client, wherein the sequence number i is determined according to the time sequence of the client accessing a system; simultaneously generating public and private key pairs of server
As a further improvement of the present invention, the IBC system is established by a server side.
As a further improvement of the present invention, the key negotiation between the client and the server is implemented by using the Diffie-Hellman cryptosystem, which specifically includes:
receiving first data sent by a client, wherein the first data is selected randomly Calculation of
Using private keysDecryption y 1, random selectionCalculation ofCalculating an encryption key K 01=(ga)b mod q and sending y 0 to the client;
receiving second data sent by the client, wherein the second data is obtained by a private key Decrypting y 0 to obtain g b, and further calculating the obtained encryption key K 01=(gb)a mod q;
Wherein the order of the cyclic group G is q.
As a further improvement of the invention, the encrypted data constructed by adopting the lightweight symmetric cryptographic algorithm and the hash function is used for carrying out safe transmission on the power service data in the energy Internet, and the method specifically comprises the following steps:
receiving third data sent by the client, wherein the third data is calculated by the sent message m Further, encrypted data (c, H (m)) is obtained;
from the received encrypted data (c, H (m)), calculation H (m 0), verifying if H (m 0) is consistent with H (m):
If the time stamp T 0 is consistent, continuing to verify the time stamp T 0, and if the time stamp T 0 is within the validity period, receiving the message to perform subsequent operations;
otherwise, refusing to receive.
A data transmission protocol construction apparatus of an energy internet, comprising:
The key generation module is used for carrying out identity authentication on a public key generator in the energy internet user by utilizing the IBC system, calculating a key of the public key generator after authentication is completed, sending a public and private key pair of the client to the client after the key is generated, and generating a public and private key pair of the server;
The negotiation encryption key module is used for carrying out key negotiation between the client and the server by utilizing a Diffie-Hellman cryptosystem based on the public and private key pair of the client and the public and private key pair of the server;
And the data safety transmission module is used for carrying out safety transmission on the electric power service data in the energy Internet by adopting the encryption data constructed by the lightweight symmetric cryptographic algorithm and the hash function based on the key negotiation of the client and the server.
Preferably, the key generation module is specifically configured to:
The method comprises the steps that an IBC system is utilized to conduct identity authentication on a public key sender in an energy Internet user, after authentication is completed, a secret key of the public key sender is calculated, after the secret key is generated, a public and private key pair is sent to a client, and a public and private key pair of a server is generated; the method specifically comprises the following steps:
The IBC system generates a system parameter Params and a system master key s according to the security parameter K;
the private key generation center of the IBC system calculates a hash value of the identity information of the public key issuer according to the identity information ID of the public key issuer: the method for calculating the private key includes using the hash value as the public key, generating a key from the public key and the private key, and the IBC system generating the key uses the public key and the private key of the client as a pair after the key is generated, wherein P ID =h (ID) uses the hash value as the public key, and the private key calculation method is S ID=s*PID The method comprises the steps of sending a sequence number i to a client, wherein the sequence number i is determined according to the time sequence of the client accessing a system; simultaneously generating public and private key pairs of server
Preferably, the negotiation encryption key module is specifically configured to:
receiving first data sent by a client, wherein the first data is selected randomly Calculation of
Using private keysDecryption y 1, random selectionCalculation ofCalculating an encryption key K 01=(ga)b mod q and sending y 0 to the client;
receiving second data sent by the client, wherein the second data is obtained by a private key Decrypting y 0 to obtain g b, and further calculating the obtained encryption key K 01=(gb)a mod q;
Wherein the order of the cyclic group G is q.
Preferably, the data security transmission module is specifically configured to:
receiving third data sent by the client, wherein the third data is calculated by the sent message m Further, encrypted data (c, H (m)) is obtained;
from the received encrypted data (c, H (m)), calculation H (m 0), verifying if H (m 0) is consistent with H (m):
If the time stamp T 0 is consistent, continuing to verify the time stamp T 0, and if the time stamp T 0 is within the validity period, receiving the message to perform subsequent operations;
otherwise, refusing to receive.
A data transmission protocol construction system of an energy internet, comprising:
the IBC system is used for carrying out identity authentication on a public key sender in the energy Internet user, calculating a key of the public key sender after authentication is finished, sending a public and private key pair to the client after the key is generated, and generating a public and private key pair of the server;
The client is used for realizing key negotiation between the client and the server by using a Diffie-Hellman cryptosystem;
The server is used for realizing key negotiation with the client; and carrying out safe transmission on the electric power service data in the energy Internet by adopting the lightweight symmetric cryptographic algorithm and the encryption data constructed by the hash function.
As a further improvement of the invention, the IBC system is specifically used for:
The IBC system generates a system parameter Params and a system master key s according to the security parameter K;
the private key generation center of the IBC system calculates a hash value of the identity information of the public key issuer according to the identity information ID of the public key issuer: the method for calculating the private key includes using the hash value as the public key, generating a key from the public key and the private key, and the IBC system generating the key uses the public key and the private key of the client as a pair after the key is generated, wherein P ID =h (ID) uses the hash value as the public key, and the private key calculation method is S ID=s*PID The method comprises the steps of sending a sequence number i to a client, wherein the sequence number i is determined according to the time sequence of the client accessing a system; simultaneously generating public and private key pairs of server
As a further improvement of the invention, the client is specifically configured to:
transmitting first data to the server, the first data being selected randomly Calculation of
Receiving return data of the server, wherein the return data is obtained by using a private keyDecryption y 1, random selectionCalculation ofCalculating an encryption key K 01=(ga)b mod q and sending y 0 to the client;
Second data transmitted, the second data being composed of the private key Decrypting y 0 to obtain g b, and further calculating the obtained encryption key K 01=(gb)a mod q;
Wherein the order of the cyclic group G is q.
As a further improvement of the present invention, in the server, the encrypted data constructed by adopting the lightweight symmetric cryptographic algorithm and the hash function is used for carrying out the secure transmission of the power service data in the energy internet, and the method is specifically used for:
receiving third data sent by the client, wherein the third data is calculated by the sent message m Further, encrypted data (c, H (m)) is obtained;
from the received encrypted data (c, H (m)), calculation H (m 0), verifying if H (m 0) is consistent with H (m):
If the time stamp T 0 is consistent, continuing to verify the time stamp T 0, and if the time stamp T 0 is within the validity period, receiving the message to perform subsequent operations;
otherwise, refusing to receive.
Compared with the prior art, the invention has the beneficial effects that:
The invention discloses a data transmission protocol construction method, which aims at establishing a shared session key so as to carry out secret communication and selectively provide confidentiality and integrity of communication data. However, many data in the energy internet system are small data, in which case the invention can integrate identity authentication with data protection to provide an authenticatable data privacy lightweight protocol. The invention is a lightweight data transmission protocol integrating the safety protection of identity authentication, data confidentiality, data integrity, data freshness and the like, and is suitable for the safety protection technology of energy internet equipment with limited resources.
Drawings
FIG. 1 is a flow chart of a method for constructing a data security transmission protocol according to the present invention;
FIG. 2 is a diagram of a process for constructing a data security transmission protocol according to the present invention;
Fig. 3 is a diagram of a data security transmission protocol construction system according to the present invention.
Detailed Description
The application will be described in detail below with reference to the drawings in connection with embodiments. It should be noted that, without conflict, the embodiments of the present application and features of the embodiments may be combined with each other.
The following detailed description is exemplary and is intended to provide further details of the application. Unless defined otherwise, all technical terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of example embodiments in accordance with the application.
The invention provides a lightweight data transmission protocol for energy Internet, which integrates the safety protection of identity authentication, data confidentiality, data integrity, data freshness and the like. Identity authentication is carried out on a public key sender in an energy Internet user by using an identity-based password system (IBC system for short), a Diffie-Hellman password system is used for realizing key negotiation between a client and a server, a lightweight symmetric encryption algorithm is integrated in the communication process for realizing data confidentiality protection, and a hash function with an authentication function is used for ensuring data integrity and a timestamp is used for ensuring data freshness.
As shown in fig. 1, the present invention provides a method for constructing a data transmission protocol of an energy internet, comprising the following steps:
The method comprises the steps that an identity-based cryptographic system is utilized to conduct identity authentication on a public key sender in an energy Internet user, after authentication is completed, a secret key of the public key sender is calculated, after the secret key is generated, a public and private key pair of a client is sent to the client, and a public and private key pair of a server is generated;
based on the public and private key pair of the client and the public and private key pair of the server, carrying out key negotiation between the client and the server by using a Diffie-Hellman cryptosystem;
And based on key negotiation between the client and the server, carrying out safe transmission on the electric power service data in the energy Internet by adopting the encryption data constructed by the lightweight symmetric cryptographic algorithm and the hash function.
As shown in fig. 2, the specific steps of the present invention are as follows:
firstly, identity authentication is carried out on public key generator in energy internet user by utilizing IBC system
(1) The server side establishes an IBC system:
Generating a system parameter Params and a system master key s according to the security parameter K;
(2) Parameter extraction:
The private key generation center calculates a hash value of the client identity information using the client identity information ID: p ID = H (ID), using the hash value as the public key of the client, the private key calculation method of the client is S ID=s*PID, generating a key from the public key and the private key, and the IBC system pairs the public key and the private key of the client after the key is generated The method comprises the steps of sending a sequence number i to a client, wherein the sequence number i is determined according to the time sequence of the client accessing a system; simultaneously generating public and private key pairs of server
Second step, key negotiation between client and server is realized by using Diffie-Hellman cryptosystem
It is assumed that the two parties of communication already know a large cyclic group G and its generator G, and the order of the cyclic group G is q, and the encryption algorithm used is the algorithm of the IBC system. The method comprises the following specific steps:
(1) Client 1 random selection Calculation ofY 1 is sent to the server.
(2) The server receives y 1 and uses the private keyDecryption, random selectionCalculation ofThe encryption key K 01=(ga)b mod q is calculated and y 0 is issued to client 1.
(3) Client 1 receives y 0, using the private keyDecryption, resulting in g b, calculates the encryption key K 01=(gb)a mod q.
Third step data security transmission
Both communication parties agree on a lightweight symmetric cryptographic algorithm SEnc and a hash function H for data encryption transmission in advance.
(1) Message m to be sent by client 1, calculateAnd (c, H (m)) is sent to the server.
(2) The server receives (c, H (m)), calculatesH (m 0), verifying whether H (m 0) is consistent with H (m), if so, continuing to verify the timestamp T 0, if so, receiving the message for subsequent operation, otherwise rejecting the reception.
The invention provides a lightweight data transmission protocol for energy Internet, which integrates the safety protection of identity authentication, data confidentiality, data integrity, data freshness and the like.
The identity authentication is carried out on a public key sender in an energy Internet user by utilizing an IBC system, wherein the IBC system is a public key cryptosystem for binding user identity information and a public key by using the user identity information as the public key of the user. The public and private key pair of the user is generated by a trusted third party PKG, after receiving the identity information of the user, the PKG uses the system master key to generate a corresponding public and private key pair for the user according to the identity information of the user, and the user private key is transmitted to the user through a safe path. The identity information of the public key can be any character string, and generally, a character string which is convenient to memorize and has a certain practical meaning is used, such as the IP of the client device, the mail address of the user, the identity card number, the telephone number and the like.
The lightweight Diffie-Hellman cryptosystem realizes the key negotiation between the client and the server, and the DH key exchange protocol does not carry out identity authentication on both communication parties, so that the client and the server are easy to suffer man-in-the-middle attack.
The lightweight symmetric encryption algorithm is integrated in the communication process to realize data confidentiality protection, and the performance measurement of the lightweight symmetric encryption algorithm is mainly considered from hardware measurement and software measurement and is divided into three dimensions of energy consumption, delay and throughput rate. The performance requirements of a hardware platform are usually represented by (circuit design) equivalent gates (GateEquivalent), and the implementation of a lightweight symmetric encryption algorithm used here requires at most 2000 equivalent gates; while the performance requirements of the software application are expressed in terms of the number of registers, the number of bytes of RAM and ROM, etc. It is required to meet the requirements of the international lightweight cryptographic algorithm to ensure that the method is applicable to energy internet equipment with limited resources.
In addition, the hash function with the authentication function also needs to adopt a lightweight algorithm, so that the data integrity is ensured with minimum energy consumption.
As shown in fig. 3, the present invention further provides a device for constructing a data transmission protocol of an energy internet, which is characterized by comprising:
The key generation module is used for carrying out identity authentication on a public key generator in the energy internet user by utilizing the IBC system, calculating a key of the public key generator after authentication is completed, sending a public and private key pair of the client to the client after the key is generated, and generating a public and private key pair of the server;
The negotiation encryption key module is used for carrying out key negotiation between the client and the server by utilizing a Diffie-Hellman cryptosystem based on the public and private key pair of the client and the public and private key pair of the server;
And the data safety transmission module is used for carrying out safety transmission on the electric power service data in the energy Internet by adopting the encryption data constructed by the lightweight symmetric cryptographic algorithm and the hash function based on the key negotiation of the client and the server.
Specifically, the key generation module is specifically configured to:
The method comprises the steps that an IBC system is utilized to conduct identity authentication on a public key sender in an energy Internet user, after authentication is completed, a secret key of the public key sender is calculated, after the secret key is generated, a public and private key pair is sent to a client, and a public and private key pair of a server is generated; the method specifically comprises the following steps:
The IBC system generates a system parameter Params and a system master key s according to the security parameter K;
the private key generation center of the IBC system calculates a hash value of the identity information of the public key issuer according to the identity information ID of the public key issuer: the method for calculating the private key includes using the hash value as the public key, generating a key from the public key and the private key, and the IBC system generating the key uses the public key and the private key of the client as a pair after the key is generated, wherein P ID =h (ID) uses the hash value as the public key, and the private key calculation method is S ID=s*PID The method comprises the steps of sending a sequence number i to a client, wherein the sequence number i is determined according to the time sequence of the client accessing a system; simultaneously generating public and private key pairs of server
Specifically, the negotiation encryption key module is specifically configured to:
receiving first data sent by a client, wherein the first data is selected randomly Calculation of
Using private keysDecryption y 1, random selectionCalculation ofCalculating an encryption key K 01=(ga)b mod q and sending y 0 to the client;
receiving second data sent by the client, wherein the second data is obtained by a private key Decrypting y 0 to obtain g b, and further calculating the obtained encryption key K 01=(gb)a mod q;
Wherein the order of the cyclic group G is q.
Specifically, the data security transmission module is specifically configured to:
receiving third data sent by the client, wherein the third data is calculated by the sent message m Further, encrypted data (c, H (m)) is obtained;
from the received encrypted data (c, H (m)), calculation H (m 0), verifying if H (m 0) is consistent with H (m):
If the time stamp T 0 is consistent, continuing to verify the time stamp T 0, and if the time stamp T 0 is within the validity period, receiving the message to perform subsequent operations;
otherwise, refusing to receive.
The invention provides three purposes of providing a data transmission protocol construction system of an energy internet, which comprises the following steps:
the IBC system is used for carrying out identity authentication on a public key sender in the energy Internet user, calculating a key of the public key sender after authentication is finished, sending a public and private key pair to the client after the key is generated, and generating a public and private key pair of the server;
The client is used for realizing key negotiation between the client and the server by using a Diffie-Hellman cryptosystem;
The server is used for realizing key negotiation with the client; and carrying out safe transmission on the electric power service data in the energy Internet by adopting the lightweight symmetric cryptographic algorithm and the encryption data constructed by the hash function.
The IBC system is specifically used for:
The IBC system generates a system parameter Params and a system master key s according to the security parameter K;
the private key generation center of the IBC system calculates a hash value of the identity information of the public key issuer according to the identity information ID of the public key issuer: the method for calculating the private key includes using the hash value as the public key, generating a key from the public key and the private key, and the IBC system generating the key uses the public key and the private key of the client as a pair after the key is generated, wherein P ID =h (ID) uses the hash value as the public key, and the private key calculation method is S ID=s*PID The method comprises the steps of sending a sequence number i to a client, wherein the sequence number i is determined according to the time sequence of the client accessing a system; simultaneously generating public and private key pairs of server
The client is specifically configured to:
transmitting first data to the server, the first data being selected randomly Calculation of
Receiving return data of the server, wherein the return data is obtained by using a private keyDecryption y 1, random selectionCalculation ofCalculating an encryption key K 01=(ga)b mod q and sending y 0 to the client;
Second data transmitted, the second data being composed of the private key Decrypting y 0 to obtain g b, and further calculating the obtained encryption key K 01=(gb)a mod q;
Wherein the order of the cyclic group G is q.
In the server, the encrypted data constructed by adopting the lightweight symmetric cryptographic algorithm and the hash function is used for carrying out safe transmission on the power service data in the energy internet, and the method is particularly used for:
receiving third data sent by the client, wherein the third data is calculated by the sent message m Further, encrypted data (c, H (m)) is obtained;
from the received encrypted data (c, H (m)), calculation H (m 0), verifying if H (m 0) is consistent with H (m):
If the time stamp T 0 is consistent, continuing to verify the time stamp T 0, and if the time stamp T 0 is within the validity period, receiving the message to perform subsequent operations;
otherwise, refusing to receive.
It will be appreciated by those skilled in the art that embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical aspects of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the above embodiments, it should be understood by those of ordinary skill in the art that: modifications and equivalents may be made to the specific embodiments of the invention without departing from the spirit and scope of the invention, which is intended to be covered by the claims.
Claims (4)
1. The method for constructing the data transmission protocol of the energy Internet is characterized by comprising the following steps of:
the method comprises the steps that an identity-based cryptographic system is utilized to conduct identity authentication on a public key sender in an energy Internet user, after authentication is completed, a secret key of the public key sender is calculated, after the secret key is generated, a public key pair is sent to a client, and a public key pair of a server is generated;
based on the public and private key pair of the client and the public and private key pair of the server, carrying out key negotiation between the client and the server by using a Diffie-Hellman cryptosystem;
based on key negotiation between the client and the server, adopting a lightweight symmetric cryptographic algorithm and encryption data constructed by a hash function to carry out safe transmission on power service data in the energy Internet;
The public key generator in the energy Internet user is subjected to identity authentication by using an identity-based password system, the secret key of the public key generator is calculated after authentication is completed, a public and private key pair is sent to a client after the secret key is generated, and the public and private key pair of the server is generated; the method specifically comprises the following steps:
Generating a system parameter Params and a system master key s by the identity-based cryptosystem according to the security parameter K;
The private key generation center of the identity-based cryptographic system calculates a hash value of the identity information of the public key issuer from the identity information ID of the public key issuer: p ID = H (ID), using the hash value as the public key, the private key calculation method is S ID=s*PID, generating a key from the public key and the private key, generating the key, and using the identity-based cryptosystem to pair the public key and the private key of the client terminal after generating the key The method comprises the steps of sending a sequence number i to a client, wherein the sequence number i is determined according to the time sequence of the client accessing a system; simultaneously generating public and private key pairs of server
The key negotiation between the client and the server is realized by using a Diffie-Hellman cryptosystem, which comprises the following steps:
receiving first data sent by a client, wherein the first data is selected randomly Calculation of
Using private keysDecryption y 1, random selectionCalculation ofCalculating an encryption key K 01=(ga)b mod q and sending y 0 to the client;
receiving second data sent by the client, wherein the second data is obtained by a private key Decrypting y 0 to obtain g b, and further calculating the obtained encryption key K 01=(gb)a mod q;
Wherein the order of the cyclic group G is q; generating element G of the cyclic group G;
the method for safely transmitting the electric power business data in the energy internet by adopting the lightweight symmetric cryptographic algorithm and the encryption data constructed by the hash function specifically comprises the following steps:
receiving third data sent by the client, wherein the third data is calculated by the sent message m Further, encrypted data (c, H (m)) is obtained;
from the received encrypted data (c, H (m)), calculation H (m 0), verifying if H (m 0) is consistent with H (m):
If the time stamp T 0 is consistent, continuing to verify the time stamp T 0, and if the time stamp T 0 is within the validity period, receiving the message to perform subsequent operations;
otherwise, refusing to receive.
2. The method of claim 1, wherein the step of determining the position of the substrate comprises,
The identity-based cryptosystem is established by a server side.
3. A data transmission protocol construction device for energy internet, comprising:
The key generation module is used for carrying out identity authentication on a public key sender in the energy Internet user by utilizing an identity-based password system, calculating a key of the public key sender after authentication is completed, sending a public and private key pair of the client to the client after the key is generated, and generating a public and private key pair of the server;
The negotiation encryption key module is used for carrying out key negotiation between the client and the server by utilizing a Diffie-Hellman cryptosystem based on the public and private key pair of the client and the public and private key pair of the server;
the data security transmission module is used for carrying out security transmission on the electric power service data in the energy internet by adopting the encryption data constructed by the lightweight symmetric cryptographic algorithm and the hash function based on the key negotiation of the client and the server;
The key generation module is specifically configured to:
The public key generator in the energy Internet user is subjected to identity authentication by using an identity-based password system, the secret key of the public key generator is calculated after authentication is completed, a public and private key pair is sent to a client after the secret key is generated, and the public and private key pair of the server is generated; the method specifically comprises the following steps:
Generating a system parameter Params and a system master key s by the identity-based cryptosystem according to the security parameter K;
The private key generation center of the identity-based cryptographic system calculates a hash value of the identity information of the public key issuer from the identity information ID of the public key issuer: p ID = H (ID), using the hash value as the public key, the private key calculation method is S ID=s*PID, generating a key from the public key and the private key, generating the key, and using the identity-based cryptosystem to pair the public key and the private key of the client terminal after generating the key The method comprises the steps of sending a sequence number i to a client, wherein the sequence number i is determined according to the time sequence of the client accessing a system; simultaneously generating public and private key pairs of server
The negotiation encryption key module is specifically configured to:
receiving first data sent by a client, wherein the first data is selected randomly Calculation of
Using private keysDecryption y 1, random selectionCalculation ofCalculating an encryption key K 01=(ga)b mod q and sending y 0 to the client;
receiving second data sent by the client, wherein the second data is obtained by a private key Decrypting y 0 to obtain g b, and further calculating the obtained encryption key K 01=(gb)a mod q;
Wherein the order of the cyclic group G is q; generating element G of the cyclic group G;
the data security transmission module is specifically used for:
receiving third data sent by the client, wherein the third data is calculated by the sent message m Further, encrypted data (c, H (m)) is obtained;
from the received encrypted data (c, H (m)), calculation H (m 0), verifying if H (m 0) is consistent with H (m):
If the time stamp T 0 is consistent, continuing to verify the time stamp T 0, and if the time stamp T 0 is within the validity period, receiving the message to perform subsequent operations;
otherwise, refusing to receive.
4. A data transmission protocol construction system of an energy internet, comprising:
the system comprises an identity-based cryptographic system, a server and a server, wherein the identity-based cryptographic system is used for carrying out identity authentication on a public key sender in an energy Internet user, calculating a key of the public key sender after authentication is completed, sending a public key pair to the client after the key is generated, and generating a public key pair of the server;
The client is used for realizing key negotiation between the client and the server by using a Diffie-Hellman cryptosystem;
the server is used for realizing key negotiation with the client; the method comprises the steps that encrypted data constructed by a lightweight symmetric cryptographic algorithm and a hash function are adopted to carry out safe transmission on power service data in the energy Internet;
The identity-based cryptographic system is particularly useful for:
Generating a system parameter Params and a system master key s by the identity-based cryptosystem according to the security parameter K;
The private key generation center of the identity-based cryptographic system calculates a hash value of the identity information of the public key issuer from the identity information ID of the public key issuer: p ID = H (ID), using the hash value as the public key, the private key calculation method is S ID=s*PID, generating a key from the public key and the private key, generating the key, and using the identity-based cryptosystem to pair the public key and the private key of the client terminal after generating the key The method comprises the steps of sending a sequence number i to a client, wherein the sequence number i is determined according to the time sequence of the client accessing a system; simultaneously generating public and private key pairs of server
The client is specifically configured to:
transmitting first data to the server, the first data being selected randomly Calculation of
Receiving return data of the server, wherein the return data is obtained by using a private keyDecryption y 1, random selectionCalculation ofCalculating an encryption key K 01=(ga)b mod q and sending y 0 to the client;
Second data transmitted, the second data being composed of the private key Decrypting y 0 to obtain g b, and further calculating the obtained encryption key K 01=(gb)a mod q;
Wherein the order of the cyclic group G is q; generating element G of the cyclic group G;
In the server, the encrypted data constructed by adopting the lightweight symmetric cryptographic algorithm and the hash function is used for carrying out safe transmission on the power service data in the energy internet, and the method is particularly used for:
receiving third data sent by the client, wherein the third data is calculated by the sent message m Further, encrypted data (c, H (m)) is obtained;
from the received encrypted data (c, H (m)), calculation H (m 0), verifying if H (m 0) is consistent with H (m):
If the time stamp T 0 is consistent, continuing to verify the time stamp T 0, and if the time stamp T 0 is within the validity period, receiving the message to perform subsequent operations;
otherwise, refusing to receive.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111349176.4A CN114095229B (en) | 2021-11-15 | 2021-11-15 | Method, device and system for constructing data transmission protocol of energy internet |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111349176.4A CN114095229B (en) | 2021-11-15 | 2021-11-15 | Method, device and system for constructing data transmission protocol of energy internet |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114095229A CN114095229A (en) | 2022-02-25 |
| CN114095229B true CN114095229B (en) | 2024-09-17 |
Family
ID=80300824
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111349176.4A Active CN114095229B (en) | 2021-11-15 | 2021-11-15 | Method, device and system for constructing data transmission protocol of energy internet |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114095229B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115118756B (en) * | 2022-05-19 | 2024-08-30 | 中国电力科学研究院有限公司 | Method and device for designing safe interaction protocol in energy internet scene |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104506534A (en) * | 2014-12-25 | 2015-04-08 | 青岛微智慧信息有限公司 | Safety communication secret key negotiation interaction scheme |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104023085A (en) * | 2014-06-25 | 2014-09-03 | 武汉大学 | Security cloud storage system based on increment synchronization |
| CN105187205B (en) * | 2015-08-05 | 2018-05-15 | 北京航空航天大学 | The authentication key agreement method and negotiating system based on level identity base without certificate |
| CN106209369B (en) * | 2016-07-01 | 2019-04-12 | 中国人民解放军国防科学技术大学 | A kind of communication means of ID-based cryptosystem system |
| CN107493165B (en) * | 2017-10-09 | 2021-02-09 | 重庆邮电大学 | Internet of vehicles authentication and key agreement method with strong anonymity |
| CN108111301B (en) * | 2017-12-13 | 2021-06-15 | 中国联合网络通信集团有限公司 | Method and system for realizing SSH protocol based on post-quantum key exchange |
| CN110120939B (en) * | 2019-04-08 | 2021-06-08 | 淮阴工学院 | Encryption method and system capable of repudiation authentication based on heterogeneous system |
-
2021
- 2021-11-15 CN CN202111349176.4A patent/CN114095229B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104506534A (en) * | 2014-12-25 | 2015-04-08 | 青岛微智慧信息有限公司 | Safety communication secret key negotiation interaction scheme |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114095229A (en) | 2022-02-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111371730B (en) | Lightweight authentication method supporting anonymous access of heterogeneous terminal in edge computing scene | |
| Wazid et al. | AKM-IoV: Authenticated key management protocol in fog computing-based Internet of vehicles deployment | |
| CN111083131B (en) | Lightweight identity authentication method for power Internet of things sensing terminal | |
| Choudhury et al. | A strong user authentication framework for cloud computing | |
| CN103763631B (en) | Authentication method, server and television set | |
| CN102547688B (en) | Virtual-dedicated-channel-based establishment method for high-credibility mobile security communication channel | |
| WO2014166546A1 (en) | Method and system for accessing device by a user | |
| Ren et al. | A novel dynamic user authentication scheme | |
| Chen et al. | Security analysis and improvement of user authentication framework for cloud computing | |
| CN104901935A (en) | Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem) | |
| CN102685749A (en) | Wireless safety authentication method orienting to mobile terminal | |
| CN107094156A (en) | A kind of safety communicating method and system based on P2P patterns | |
| CN113572765B (en) | Lightweight identity authentication key negotiation method for resource-limited terminal | |
| Mishra et al. | A pairing-free identity based authentication framework for cloud computing | |
| CN116074019A (en) | Identity authentication method, system and medium between mobile client and server | |
| CN113055394A (en) | Multi-service double-factor authentication method and system suitable for V2G network | |
| CN111416712A (en) | Quantum secret communication identity authentication system and method based on multiple mobile devices | |
| Castiglione et al. | An efficient and transparent one-time authentication protocol with non-interactive key scheduling and update | |
| Priya et al. | Secure Key Management Based Mobile Authentication in Cloud. | |
| Bicakci et al. | Server assisted signatures revisited | |
| CN114095229B (en) | Method, device and system for constructing data transmission protocol of energy internet | |
| Wanda et al. | Efficient data security for mobile instant messenger | |
| Jiang | Advanced secure user authentication framework for cloud computing | |
| Truong et al. | Improved Chebyshev Polynomials‐Based Authentication Scheme in Client‐Server Environment | |
| Liu et al. | pKAS: A Secure Password‐Based Key Agreement Scheme for the Edge Cloud |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |