Lightweight distributed secure communication authentication method and system based on blockchainTechnical Field
The invention belongs to the field of information security of industrial control systems, relates to a security communication authentication method and system, and in particular relates to a lightweight distributed security communication authentication method and system based on a blockchain, which are applied to an industrial control system.
Background
Along with the development of modern internet technology, information technology is continuously penetrating into an industrial control system, so that the connection between the industrial control system and the internet is more compact, the internet technology improves the industrial productivity, and meanwhile, the internet technology brings a plurality of malicious attacks on the industrial control system and the security of the internet is greatly threatened. However, the potential safety hazard caused by connection between the industrial control system and the network is not considered too much in the early stage of construction of the industrial control system, so that the capability of resisting malicious attacks is weak, and the information security problem of the industrial control system should be paid attention to enough.
From the view of the composition structure of the industrial control system, the terminal equipment of the industrial control system is at the bottom layer and is used for controlling the field equipment to directly communicate with the main control center, so that important data are required to be stored, but the application scene is very closed, the terminal equipment is at an unattended site, and the terminal equipment is almost free of safety protection measures and is easily attacked by network maliciousness. If the industrial control system is once invaded by an illegal person, important data stored in the terminal equipment are stolen, and the consequence is not considered. Therefore, the safety protection of the industrial control system is enhanced, the identity authentication is particularly important as a first defense line of information safety protection, and a safe and reliable authentication scheme is provided for the industrial control system.
However, the existing researches related to the identity authentication of the industrial control system still mainly adopt centralized certificate authentication, the authentication process is complicated, and the security is low. Meanwhile, as the amount of industrial demand increases, the number of devices is increased, the computing capacity of industrial control devices is limited to a certain extent by the industrial control system for controlling the cost, the problems of huge number, small storage capacity, limited computing capacity of processors and the like of the devices in the industrial control system occur, and the centralized management mode meets a plurality of new challenges.
Disclosure of Invention
Aiming at the problems of imperfect identity authentication technology, low safety of a centralized management mode and the like in an industrial control system, the invention provides a lightweight distributed safety communication authentication method and system based on a blockchain, which realize distributed authentication among devices, ensure the openness, the integrity and the traceability of information in the authentication process, prevent terminal devices from being invaded by illegal external personnel and protect sensitive data of the system.
The invention aims at realizing the following technical scheme:
a lightweight distributed secure communication authentication method based on a blockchain comprises the following steps:
step one, an initialization stage:
The security management center generates a public parameter pp, an identifier hid, a signature main private key KM-pri, a signature main public key KM-pub, a private key KEP-pri of the edge computing node and a private key KED-pri of the terminal equipment of the system, and the public keys of the edge computing node and the terminal equipment are unique identity marks of the edge computing node and the terminal equipment and are marked as Kx-pub;
Step two, registration stage:
Assuming that the security management center is trusted, the terminal device registration is performed as follows:
Firstly, a security management center selects a message M to be encrypted, and sends the message M to an edge node through a security channel, and simultaneously sends the message M to terminal equipment;
after receiving the message M, the edge node encrypts the message M by using a public key KEP-pub according to a public key encryption algorithm to generate a ciphertext En (M), and then the edge node sends the ciphertext En (M) to subordinate managed terminal equipment through a secure channel;
Thirdly, after receiving the ciphertext En (M), the terminal equipment stores the ciphertext, then uses a public key KED-pub of the terminal equipment and a hash function H1 () in an elliptic encryption algorithm to generate a digest H of the message M, then uses a private key KED-pri of the terminal equipment to generate a digital signature S, and finally obtains a signature (H, S);
Step two, the terminal equipment sends ciphertext En (M) and digital signature (h, S) to a security management center, the security management center creates a transaction through an intelligent contract, and publishes public parameters pp, a signature main public key KM-pub, ciphertext En (M), signature (h, S), an identifier hid and public key KED-pub information of the terminal equipment to a blockchain account book, wherein the information indicates that the equipment is legally registered in the blockchain network;
step three, equipment identity verification stage:
Step three, the terminal equipment sends an authentication request for joining the system to the edge node, the edge node inquires related information of the equipment on the blockchain after receiving the authentication request, acquires related information issued by the blockchain at the last stage, marks the public parameter of the system as pp ', marks the public key of the signature as K 'M-pub, marks the ciphertext as E 'n (M), marks the signature as (h ', S '), marks the identifier as hid ' and marks the public key of the terminal equipment as K 'ED-pub;
step three, after obtaining the related information, the edge node firstly uses the private key KEP-pri to decrypt the ciphertext E 'n (M) to obtain a message M';
Thirdly, after obtaining the message M ', the edge node calculates the signature (h', S ') according to a digital signature algorithm based on the identity by utilizing the message M', a public parameter pp 'of the system, a signature master public key K'M-pub, a ciphertext E 'n (M), a signature (h', S '), an identifier hid' and a public key K 'ED-pub of the terminal equipment to obtain an information abstract h2 of the message M';
Judging whether h2 = h' is established, if so, agreeing to add the terminal equipment into the system and broadcasting the event to the whole network, otherwise, judging that the terminal equipment identity is wrong and is not allowed to be added into the industrial control system, and not entering the mutual authentication stage between the equipment;
step four, mutual authentication phase between devices:
assuming that both the terminal device 1 and the terminal device 2 have passed the authentication of the edge node 1 and the edge node 2, respectively, the inter-device mutual authentication is performed as follows:
After the edge node 1 completes authentication of the terminal equipment 1, the edge node 1 automatically pairs the corresponding ethernet mapping address for the terminal equipment 1, and sets an access validity period tE for the terminal equipment 1 through a time stamp t0;
Step four, the terminal equipment 1 inquires authentication information of the terminal equipment 2 and the edge node 2 in the blockchain network through intelligent contracts, and sends an identity authentication request for the terminal equipment 2;
step four, after the terminal equipment 1 sends an identity authentication request, the intelligent joint date creates a message Token with an edge node 2, the Ethernet addresses of the terminal equipment 1 and the terminal equipment 2 and a current timestamp t0, and sends the Token to the terminal equipment 1 and the edge node 2;
Step four, after receiving the Token, the terminal device 1 firstly verifies whether the time stamp t0≤tE is satisfied, if so, performs the next authentication, if not, discards the Token, and the authentication process is ended;
The terminal device 1 signs the message Token according to a digital signature algorithm based on the identity mark by using a private key KED-pri (1) of the terminal device and sends the message Token to the edge node 2;
Step four, six, after the edge node 2 receives the signature, the public key KED-pub (1) of the terminal equipment 1 is utilized to verify the signature, if the verification is passed, the edge node 2 generates a random number R1, the edge node 2 uses the private key KEP-pri (2) of the edge node to sign the message Token according to a digital signature algorithm based on the identity, and the random number R1, the signature and the verification result are returned to the terminal equipment 1;
Step four, after receiving the random number R1, signature and verification result sent by the edge node 2, the terminal equipment 1 verifies the signature by utilizing the public key KEP-pub (2) of the edge node 2, if the verification is passed, the terminal equipment 1 generates a random number R2 and returns the random number R2 and the verification result to the edge node 2, and at the moment, the identity authentication process between the equipment is completed;
Step five, key negotiation stage:
After the random numbers R1 and R2 are successfully given to each other in the mutual authentication phase between the devices, key negotiation is carried out according to the following steps:
Fifthly, the terminal device 1 generates a random number R3, encrypts the random number R3 according to an elliptic curve encryption algorithm by utilizing a public key KED-pub (2) of the terminal device 2 to generate a ciphertext En(R3), and then sends the generated En(R3) and an encryption suite to the terminal device 2;
Step five, after receiving the ciphertext En(R3) by the terminal equipment 2, decrypting En(R3) by using the private key KED-pri (2) of the terminal equipment 2 to obtain a random number R3 generated by the terminal equipment 1, wherein the terminal equipment 1 and the terminal equipment 2 both have three random numbers R1、R2 and R3, and then both sides generate a symmetrically encrypted secret key Ksym according to the same algorithm in the encryption suite;
Step five, the terminal device 2 encrypts the third random number R3 by using the negotiated key Ksym, and sends the encrypted third random number R3 to the terminal device 1, and the terminal device 1 decrypts the encrypted third random number by using the symmetric key Ksym after receiving the ciphertext;
And fifthly, the terminal equipment 1 compares whether the decrypted data is correct, if so, the terminal equipment 2 is informed, the key agreement is consistent, the symmetric key is used for carrying out encryption communication in the subsequent data communication, and if not, the step five is restarted.
The lightweight distributed security communication authentication system based on the blockchain for realizing the method comprises a security management center, a distributed edge node and terminal equipment, wherein:
The security management center is responsible for setting and distributing public parameters of the system, generating private keys of all edge nodes and terminal equipment, carrying out identity management on the terminal equipment, realizing the registration of each equipment, and writing identity information of newly added equipment into a blockchain;
the distributed edge nodes are responsible for maintaining basic operation of the blockchain, managing terminal equipment in the area, and verifying the legitimacy of the identity of the terminal equipment;
the terminal equipment interacts with the intelligent contract through the Ethernet client by means of the distributed edge node, and is successfully added into the terminal equipment in the industrial control system, and identity authentication and key negotiation work can be carried out on the terminal equipment and the terminal equipment before communication.
Compared with the prior art, the invention has the following advantages:
1. the invention provides a lightweight distributed security communication authentication scheme based on a blockchain, which combines a blockchain technology with an edge computing technology, is applied to identity authentication of an industrial control system, uses an edge node to execute preprocessing and operation of local data in the authentication process, performs distributed storage on the data, realizes distributed authentication among devices, adds a time stamp, performs related constraint on access time, and enhances the security of an authentication system.
2. According to the invention, the security management center is used for registering the terminal equipment in the early authentication stage, and the intelligent contract is created to write the system parameters, the digital signature, the authentication result and other information into the blockchain, so that the key information of the authentication system is stored by utilizing the non-tamperable characteristic of the blockchain, the openness, the integrity and the traceability of the information in the authentication process are ensured, the centralization effect of the security management center is weakened, and the security of the authentication system is enhanced.
3. The invention uses the digital signature algorithm based on the identity mark to realize the authentication process of the system, takes the identity mark of the system as the public key of the system, does not need the existence of the public key certificate, and greatly reduces the complexity of management and maintenance of the public key certificate. Meanwhile, after the two sides of the equipment mutually confirm the correctness of the identity, the generation work of the symmetric key is completed, and the security guarantee is provided for the subsequent data transmission.
Drawings
FIG. 1 is a flow chart of entity information interaction in the present invention;
FIG. 2 is a timing diagram of a registration phase according to the present invention;
FIG. 3 is a timing diagram of the device authentication phase of the present invention;
FIG. 4 is a timing diagram illustrating the phase of mutual authentication between devices according to the present invention;
Fig. 5 is a timing diagram of a key negotiation stage according to the present invention.
Detailed Description
The following description of the present invention is provided with reference to the accompanying drawings, but is not limited to the following description, and any modifications or equivalent substitutions of the present invention should be included in the scope of the present invention without departing from the spirit and scope of the present invention.
The invention provides a block chain-based lightweight distributed security communication authentication system for an industrial control system, which is shown in fig. 1, and comprises a security management center, a distributed edge node and terminal equipment, wherein:
The security management center is mainly responsible for setting and releasing public parameters of the system, generating private keys of all edge nodes and terminal equipment, carrying out identity management on the terminal equipment, realizing the registration of each equipment, writing the identity information of newly added equipment into a blockchain, and interacting with an intelligent contract through a front-end application program;
The distributed edge nodes are positioned close to the edge equipment, and perform preprocessing and operation of data locally, so that the delay of communication between the cloud server and the equipment is reduced; each distributed edge node is mainly responsible for maintaining basic operation of a blockchain, managing terminal equipment in an area and verifying the legitimacy of the identity of the terminal equipment;
each terminal device is provided with a pair of public/private keys, each terminal device generates an Ethernet address according to the public/private keys, each terminal device is mapped to a distributed edge node, the terminal device interacts with an intelligent contract through an Ethernet client by means of the distributed edge node, the terminal device is successfully added into the terminal device in an industrial control system, and identity authentication and key negotiation work can be carried out on the terminal device and the terminal device before communication.
The invention also provides a lightweight distributed secure communication authentication method based on the blockchain, which comprises the steps of firstly completing the configuration and preprocessing of the prior stage through a secure management center, generating the public parameters of the system and the information used in the signature authentication process by using an elliptic curve digital signature algorithm, and issuing the authentication information into the blockchain. And then, performing data processing and operation locally by the edge node to complete the multi-body authentication process between the edge node and the equipment and between the edge node and the equipment. Finally, after the multi-main authentication process is completed, the negotiation of the shared key is realized through three times of information transmission. The method comprises an initialization stage, a registration stage, a device identity verification stage, a mutual authentication stage between devices and a key negotiation stage, and comprises the following specific steps:
step one, an initialization stage:
This stage is mainly that the security management center generates the public parameters pp, identifier his, signature master private key KM-pri and signature master public key KM-pub of the system, and the private key Kx-pri of the edge computing node and the private key Kx-pri of the terminal device respectively (KEP-pri is the key of the edge computing node when x=ep, KED-pri is the key of the terminal device when x=ed, and the same situation is encountered below). The public key of the edge computing node and the terminal equipment is the unique identity mark, which is marked as Kx-pub. The private keys of the edge computing node and the terminal equipment are generated by the security management center according to the public key Kx-pub through an elliptic curve encryption algorithm. The method specifically comprises the following steps:
The method comprises the steps that a security management center generates KM-pri epsilon [1, N-1] as a signature main private key, wherein N is the order of a cyclic group G1、G2 and GT, GT is a multiplication cyclic group of the order N, G1 and G2 are addition cyclic groups of the order N, and an element KM-pub=[KM-pri]P2 in an elliptic curve encryption algorithm G2 is calculated, wherein P2 is a generator of a group G2;
Step two, the public keys of the edge node and the terminal equipment are respectively unique identity marks and are marked as Kx-pub, in order to generate the signature private keys Kx-pri of the edge node and the terminal equipment, the security management center firstly calculates t1=H1(Kx-pub||hid,N)+KM-pri on a finite field FN of an elliptic encryption algorithm, wherein H1 is a cryptographic function derived from a cryptographic hash function, if t1 =0, the steps are returned to one by one, otherwise, t2 and Kx-pri are calculated through the elliptic encryption algorithm, and the calculation formula is as follows: kx-pri=[t2]P1, wherein P1 is a generator of group G1.
Defining the public key KEP-pub (1) value of the edge node 1 as "byjd01", the public key KEP-pub (2) value of the edge node 2 as "byjd02", the public key KED-pub (1) value of the terminal device 1 as "zdsb01", and the public key KED-pub (2) value of the terminal device 2 as "zdsb02".
According to the above calculation formula, the calculated private key KEP-pri (1) of the edge node 1 has a value of "4a07cc7bb01ae6cb81c97d3e647f9f07c6362c39cf40f6d67b5418767c4a9f84492d6413ebe1f5846ed8460c3386c2590a94ddd819815a76b9fc2cfd8d5388bf",, the private key KEP-pri (2) of the edge node 2 has a value of "2aea8aff692d8aa54647b9ed8fede4d7a79e730119ba6e683cb29874255c603b73ff5198a5c8beafc602cdf96408191d17e98b94d574802b093617fe30cadc4e",, the private key KED-pri (1) of the terminal device 1 has a value of "1f060b621c69f56aa44b1070f3d2c2a1d8d8a1b86a0bc10f8ed0ee04c8b7fe8d260cb46b9e5f6296b43a824639e22c5aafa c7ac07905290b930cd3bddad8c87a",, and the private key KED-pri (2) of the terminal device 2 has a value of "013d6db37bcb812a6a5c4d6eef5b426b399653a0e3be2299b6708f37f9495cf7902bf7c387e32268cea3bba1c25e3db7f6e4351091b2f7a199e7f4acb67e9875".
Step two, registration stage:
the stage is mainly that the security management center completes the registration work before the authentication of the terminal equipment. Note that the terminal device 1 and the terminal device 2 both need to perform registration work before authentication, and the procedure is the same, and only the registration work of the terminal device 1 will be described in detail.
Assuming that the security management center is trusted, as shown in fig. 2, the registration of the terminal device 1 is performed as follows:
Step two, the security management center firstly selects the message M to be encrypted, the specific value is '4368696 e65736520494245207374616e 64617264', and the message M is sent to the edge node 1 through the secure channel and is simultaneously sent to the terminal device 1.
Step two, after receiving the message M, the edge node 1 encrypts the message M according to the public key encryption algorithm by using its own public key "byjd" to generate a ciphertext En (M), and after a specific value is "52ebabff56224965f542b199afa32b39f40216b9929c503df2349eecb3f08c7d15315125a4f115e8eda15a7c7d261bd354a364a524e0c3d8df03e3ea225cf9feadba14f85d1db3a64cda289576bbea4d4fdf6b98bfaff960fcd02b45cccd14ad60a3a9e85ce21c32fb774a1afd4a4ee4befa04b1f3f09239a7d750f19656340ae2cad29d705729d5aa1a529d3d96e089",, the edge node 1 sends the ciphertext En (M) to the terminal device 1 through a secure channel.
Step two and three, the terminal device 1 receives the ciphertext En (M) and stores the ciphertext, then uses the public key ED1 of the terminal device and the hash function H1 () in the elliptic encryption algorithm to generate the digest H of the message M, the specific value is "430ad7cb71d3b 39 a 4 d 47a13446123cae8fed5012609db24ccdbfbfbf1780", then uses the private key KED-pri of the terminal device to generate the digital signature S, and the specific value is "92f8e49a2df9fe56eae37582bcef51297283cb8fb054a18fd0f54eece19bf7663a81f64f91f4790c7c4af93c90c516954836c649923c77e052f9ff6c37a8583d",, and finally obtains the signature (H, S).
Step two, the terminal device 1 sends the ciphertext En (M) and the digital signature (h, S) to the security management center, the security management center creates a transaction through the intelligent contract, and issues the public parameter pp of the system, the signature master public key KM-pub, the ciphertext En (M), the signature (h, S), the identifier hid and the public key KED-pub information of the terminal device 1 to the blockchain ledger, at this time, the device is indicated to be legally registered in the blockchain network.
Step three, equipment identity verification stage:
The method mainly comprises the step that the edge node verifies the validity of the identity of the terminal equipment to be added into the system by inquiring information in the blockchain. The authentication procedure of the edge node 1 with the terminal device 1 to be joined to the system is illustrated in detail here. As shown in fig. 3, the method specifically comprises the following steps:
step three, the terminal device 1 sends an authentication request for joining the system to the edge node 1, the edge node 1 inquires the related information of the terminal device 1 on the blockchain after receiving the authentication request, acquires the related information issued by the blockchain of the last stage, marks the public parameter of the system as pp ', the signature master public key as K 'M-pub, the ciphertext as E 'n (M), the signature as (h ', S '), the identifier as hid ' and the public key of the terminal device as K 'ED-pub.
Step three, the edge node 1 firstly decrypts the ciphertext E 'n (M) by using the private key KEP-pri after obtaining the related information, so as to obtain a message M ', and the value of the normal result M ' is 4368696E65736520494245207374616E64617264".
Thirdly, after obtaining the message M ', the edge node 1 calculates the signature (h', S ') according to a digital signature algorithm based on the identity by using the message M', the public parameter pp 'of the system, the signature master public key K'M-pub, the ciphertext E 'n (M), the signature (h', S '), the identifier hid' and the public key K 'ED-pub of the terminal device 1, and obtains a message digest h2 of the message M'.
Step three and four, when h2 = h' = 430ad7cb71d3b184a39d4e47a13446123cae8fed5012609db24ccdbfbfbf1780, the identity of the terminal equipment 1 is legal, agreeing to add the terminal equipment 1 into the system and broadcasting the event to the whole network, otherwise, the identity of the terminal equipment 1 is wrong, the terminal equipment 1 is not allowed to be added into the industrial control system, and the mutual authentication phase between the equipment is not entered.
Step four, mutual authentication phase between devices:
This stage is mainly to implement identity authentication between the terminal devices through the edge nodes and the intelligent contracts. After the terminal equipment joins the industrial control system network, the identity authentication between the equipment and the exchange of the symmetric key still need to be completed to perform the secure communication. Assuming that both the terminal device 1 and the terminal device 2 have passed the authentication of the edge node 1 and the edge node 2, respectively, as shown in fig. 4, the inter-device mutual authentication is performed as follows:
after the edge node 1 completes the authentication of the terminal device 1, the edge node 1 pairs the corresponding ethernet mapping address for the terminal device 1, and sets an access validity period tE for the terminal device 1 through a time stamp t0.
And step four, the terminal equipment 1 inquires authentication information of the terminal equipment 2 and the edge node 2 in the blockchain network through an intelligent contract and sends an identity authentication request for the terminal equipment 2.
And step four, after the terminal equipment 1 sends an identity authentication request, the intelligent joint date creates a message Token with the edge node 2, the Ethernet addresses of the terminal equipment 1 and the terminal equipment 2 and the current timestamp t0, and sends the Token to the terminal equipment 1 and the edge node 2.
And fourthly, after receiving the Token, the terminal equipment 1 firstly verifies whether the time stamp t0≤tE is met, if so, performs the next authentication, and if not, discards the Token and ends the authentication process.
And step four, the terminal equipment 1 signs the message Token according to a digital signature algorithm based on the identity identification by using the private key KED-pri (1) and sends the message Token to the edge node 2.
Step four, six, after the edge node 2 receives the signature, the public key KED-pub (1) of the terminal device 1 is utilized to verify the signature, if the signature passes, the edge node 2 generates a random number R1, the edge node 2 uses the private key KEP-pri (2) to sign the message Token according to the digital signature algorithm based on the identity, and the random number R1, the signature and the verification result are returned to the terminal device 1.
And seventhly, after receiving the random number R1, the signature and the verification result sent by the edge node 2, the terminal equipment 1 verifies the signature by utilizing the public key KEP-pub (2) of the edge node 2, if the verification is passed, the terminal equipment 1 generates a random number R2 and returns the random number R2 and the verification result to the edge node 2, at the moment, the identity authentication process between the equipment is completed, if the verification is not passed, all information is discarded, and the identity authentication process between the equipment is ended without entering a key negotiation stage.
Step five, key negotiation stage:
This stage is mainly to complete the negotiation of symmetric keys between devices. After the two-party equipment passes the authentication in the previous stage, the terminal equipment 1 and the terminal equipment 2 respectively generate a random number R1 and a random number R2 and send the random numbers R1 and the random numbers R2 to the other party, and at the moment, the two parties have the two random numbers. After successful mutual authentication phase between devices, the random numbers R1 and R2 are given to each other, as shown in fig. 5, the key agreement is performed as follows:
Step five, the terminal device 1 generates a random number R3, encrypts the random number R3 according to the elliptic curve encryption algorithm by using the public key KED-pub (2) of the terminal device 2 to generate a ciphertext En(R3), and then sends the generated En(R3) and an encryption suite to the terminal device 2, wherein the encryption suite determines the algorithm used in the subsequent generation of the symmetric key.
Step five, after the terminal device 2 receives the ciphertext En(R3), the terminal device 1 decrypts En(R3) by using its own private key KED-pri (2) to obtain a random number R3 generated by the terminal device 1, where the terminal device 1 and the terminal device 2 both have three random numbers R1、R2 and R3. Then, a symmetric encryption key Ksym is generated according to the same algorithm in the encryption suite on both sides, and then the transmitted data can be symmetrically encrypted by using the key.
And step five, the terminal device 2 encrypts the third random number R3 by using the negotiated key Ksym and sends the encrypted third random number R3 to the terminal device 1. After receiving the ciphertext, the terminal device 1 decrypts the ciphertext using the symmetric key Ksym.
And fifthly, the terminal equipment 1 compares whether the decrypted data is correct, if so, the terminal equipment 2 is informed, the key agreement is consistent, the symmetric key is used for carrying out encryption communication in the subsequent data communication, and if not, the step five is restarted.
The invention realizes the storage of key information by using the blockchain, ensures the disclosure and traceability of data, and reduces the centralization effect of the safety management center. In the multi-main body authentication process, the data are stored in a distributed mode, distributed authentication among devices is achieved, negotiation of a shared key is completed, and safety guarantee is provided for subsequent data transmission.