WO2025000590A1 - Chinese national cryptographic algorithm-based identity authentication and data encryption method for coap - Google Patents

Abstract

Disclosed in the present invention is a Chinese national cryptographic algorithm-based identity authentication and data encryption method for CoAP, comprising: pre-configuring identity authentication data of a client and a server; and performing identity authentication on the basis of the pre-configured information, determining the security of the client and the server, performing key agreement to obtain a session key, and if it is determined that the security meets a requirement, completing data transmission on the basis of the session key. According to the present invention, identity tables are established for a client and a server respectively, and important data can only be accessed by both the client and the server by looking up the tables; by means of a pre-shared key, SM4 and SM3 algorithms are used to complete bidirectional identity authentication and key agreement before data transmission between the client and the server, and by using only two handshake messages, the confidentiality of the important data and the integrity of messages during identity authentication can still be guaranteed; replay attacks are prevented by using timestamps and random numbers; and data transmission is performed by using an observer mode that reduces overhead to the greatest extent.

Description

Translated fromChinese

一种基于国密的CoAP协议身份认证和数据加密方法A CoAP protocol identity authentication and data encryption method based on national encryption技术领域Technical Field

本发明属于报文传输技术领域，特别是涉及一种基于国密的CoAP协议身份认证和数据加密方法。The present invention belongs to the technical field of message transmission, and in particular relates to a CoAP protocol identity authentication and data encryption method based on national encryption.

背景技术Background Art

随着物联网的快速发展，物联网环境中的安全性也变得至关重要。CoAP协议是一种基于请求/响应模型的物联网传输协议，因其轻量化、非长连接通信的特点，适用于低功耗物联网环境。由于传统CoAP协议在设计时并没有考虑安全问题，后续在RFC7252标准中规定CoAP在通信过程中需要额外引入单独的协议层，导致会产生过多计算开销，因此提出一种轻量级的CoAP协议保护方法具有重要研究意义。With the rapid development of the Internet of Things, security in the Internet of Things environment has also become crucial. The CoAP protocol is an Internet of Things transmission protocol based on the request/response model. Due to its lightweight and non-long connection communication characteristics, it is suitable for low-power Internet of Things environments. Since the traditional CoAP protocol did not consider security issues when it was designed, the RFC7252 standard subsequently stipulated that CoAP needs to introduce an additional separate protocol layer during the communication process, resulting in excessive computational overhead. Therefore, it is of great research significance to propose a lightweight CoAP protocol protection method.

国密算法是国家密码局认定的国产密码算法标准及其应用规范，是我国自主研发的一套数据加密处理算法。目前已经公布的算法有SM2(对称加密算法)、SM3(散列密码算法)、SM4(对称加密算法)、SM9(非对称加密算法)，未公布的算法有SM1(对称加密算法)、SM7(分组加密算法)。过去的加密算法都是由别的国家制定的，所以很难保证我们使用这些算法是否真的安全，因此国密算法的推广对提升我国网络安全水平具有重要的意义。The national encryption algorithm is a set of data encryption processing algorithms independently developed by my country and is a domestic encryption algorithm standard and its application specification recognized by the State Cryptography Bureau. Currently, the published algorithms are SM2 (symmetric encryption algorithm), SM3 (hash encryption algorithm), SM4 (symmetric encryption algorithm), SM9 (asymmetric encryption algorithm), and the unpublished algorithms are SM1 (symmetric encryption algorithm) and SM7 (block encryption algorithm). In the past, encryption algorithms were developed by other countries, so it is difficult to guarantee whether we are really safe to use these algorithms. Therefore, the promotion of the national encryption algorithm is of great significance to improving my country's network security level.

CoAP(Constrained Application Protocol)是IETF的CoRE工作组提出的一种受限环境下的应用层协议，所谓资源受限环境主要是指物联网设备只具有有限的存储空间、计算能力和通信带宽。为了适配资源受限环境，CoAP的设计足够轻量，采用二进制形式来定义数据包内容，因此相比HTTP协议来说，数据包更加小巧，最小只需要4个字节，就可以实现一个CoAP数据包。CoAP的设计初衷就是想让资源受限型设备也能够使用类似HTTP的应用层完成数据交互，因此CoAP也实现了RESTful的资源访问方式，即CoAP协议是一种基于请求/响应模型的消息传输协议，属于UDP/IP协议之上的应用层协议。但目前针对于CoAP的保护方案基本都需要大量的网络资源，这与CoAP协议的设计理念相悖。在传统的CoAP协议中，规定基于DTLS协议来进行身份认证和数据加密，但是这种方法需要额外引入单独的协议层，并且需要使用计算复杂且消耗大量资源的密码套件，显然对资源受限的网络是不可取的，与CoAP协议的设计初衷不符。CoAP (Constrained Application Protocol) is an application layer protocol for constrained environments proposed by the CoRE working group of IETF. The so-called resource-constrained environment mainly refers to the limited storage space, computing power and communication bandwidth of IoT devices. In order to adapt to resource-constrained environments, CoAP is designed to be lightweight enough and uses binary form to define the content of data packets. Therefore, compared with the HTTP protocol, the data packet is smaller, and only 4 bytes are required to implement a CoAP data packet. The original intention of the design of CoAP is to enable resource-constrained devices to use an application layer similar to HTTP to complete data interaction. Therefore, CoAP also implements the RESTful resource access method, that is, the CoAP protocol is a message transmission protocol based on the request/response model, which belongs to the application layer protocol above the UDP/IP protocol. However, the current protection schemes for CoAP basically require a large amount of network resources, which is contrary to the design concept of the CoAP protocol. In the traditional CoAP protocol, it is stipulated that identity authentication and data encryption are based on the DTLS protocol, but this method requires the introduction of a separate protocol layer and the use of a cipher suite that is computationally complex and consumes a lot of resources. Obviously, it is not advisable for resource-constrained networks and is inconsistent with the original design of the CoAP protocol.

发明内容Summary of the invention

本发明的目的是提供一种基于国密的CoAP协议身份认证和数据加密方法，以解决上述现有技术存在的问题。The purpose of the present invention is to provide a CoAP protocol identity authentication and data encryption method based on national secrets to solve the problems existing in the above-mentioned prior art.

为实现上述目的，本发明提供了一种基于国密的CoAP协议身份认证和数据加密方法，包括：To achieve the above purpose, the present invention provides a CoAP protocol identity authentication and data encryption method based on national encryption, including:

对客户端与服务端的身份认证数据进行预配置；客户端与服务端根据所述身份认证数据进行身份认证，判断客户端与服务器的安全性，同时进行密钥协商，获得会话密钥，若判断安全性符合要求，则基于所述会话密钥完成数据传输。The client and server authentication data are pre-configured; the client and server perform identity authentication based on the authentication data, determine the security of the client and server, and negotiate keys to obtain session keys. If the security is determined to meet the requirements, data transmission is completed based on the session key.

可选的，身份认证数据进行预配置的过程包括：Optionally, the process of pre-configuring the authentication data includes:

根据每个客户端的自身设备标识符、与服务器预共享的SM4对称密钥、会话密钥构建第一身份认证表，其中，所述第一身份认证表中的会话密钥初始值为空；Constructing a first identity authentication table according to each client's own device identifier, the SM4 symmetric key pre-shared with the server, and the session key, wherein the initial value of the session key in the first identity authentication table is empty;

根据每个客户端的自身设备标识符、与标识符对应的预共享的SM4对称密钥、会话密钥、许可状态构建第二身份认证表，其中，所述第二身份认证表中会话密钥初始值为空，许可状态默认值为0。A second identity authentication table is constructed according to each client's own device identifier, the pre-shared SM4 symmetric key corresponding to the identifier, the session key, and the permission status, wherein the initial value of the session key in the second identity authentication table is empty and the default value of the permission status is 0.

可选的，所述身份认证包括服务器对客户端的身份认证、客户端对服务器的身份认证。Optionally, the identity authentication includes identity authentication of the server to the client and identity authentication of the client to the server.

可选的，服务器对客户端的身份认证过程包括：Optionally, the server's identity authentication process for the client includes:

客户端请求数据时，记录请求时间，并生成与请求时间位数相同的第一随机数，提取发出请求的客户端存储在所述第一身份认证表中的信息，计算第一随机数、请求时间、自身设备标识符对应的SM4对称密钥连接后的第一哈希值，对所述第一哈希值进行截取，获得第一明文；将所述第一明文、请求时间、SM4对称密钥连接后加密获得第一密文；将所述第一密文、请求时间、自身设备标识符连接存储为有效载荷；将所述请求时间标识为CON类型，将带有所述有效载荷的请求发送至目标服务器；When a client requests data, the request time is recorded, and a first random number with the same number of bits as the request time is generated, the information of the client that issued the request stored in the first identity authentication table is extracted, the first random number, the request time, and the first hash value after the SM4 symmetric key corresponding to the device identifier are connected are calculated, the first hash value is intercepted to obtain a first plaintext; the first plaintext, the request time, and the SM4 symmetric key are connected and encrypted to obtain a first ciphertext; the first ciphertext is encrypted The text, request time, and own device identifier are connected and stored as a payload; the request time is identified as a CON type, and the request with the payload is sent to the target server;

目标服务器接收请求后，判断接收时间与请求时间的差值是否在预设范围内，若在预设范围内，将有效载荷中包含的自身设备标识符与所述第二身份认证表进行匹配，采用匹配结果中与标识符对应的SM4对称密钥对所述第一密文进行解密，得到第一明文与新的随机数，将请求时间、新的随机数、与标识符对应的SM4对称密钥连接后计算第二哈希值，对所述第二哈希值进行截取后，判断是否其与所述第一明文相等，完成服务端对客户端的身份认证。After receiving the request, the target server determines whether the difference between the receiving time and the request time is within a preset range. If it is within the preset range, the device identifier contained in the payload is matched with the second identity authentication table, and the first ciphertext is decrypted using the SM4 symmetric key corresponding to the identifier in the matching result to obtain the first plaintext and a new random number. The request time, the new random number, and the SM4 symmetric key corresponding to the identifier are connected to calculate the second hash value. After intercepting the second hash value, it is determined whether it is equal to the first plaintext, thereby completing the server's identity authentication of the client.

可选的，客户端对服务器的身份认证及密钥协商过程包括：Optionally, the client's identity authentication and key negotiation process for the server includes:

服务端对客户端的身份认证通过后，生成第二随机数与第一随机数连接获得会话密钥并对所述第二身份认证表进行更新；将第二随机数、第一随机数、接收时间连接后计算第三哈希值，对第三哈希值截取获得第二明文，将第二随机数与第二明文，结合SM4对称密钥进行加密的获得第二密文，将第二密文与接收时间连接后，作为发送给客户端的响应信息；After the server authenticates the client, it generates a second random number and connects it with the first random number to obtain a session key and updates the second authentication table; after connecting the second random number, the first random number, and the receiving time, it calculates a third hash value, intercepts the third hash value to obtain a second plaintext, encrypts the second random number and the second plaintext with the SM4 symmetric key to obtain a second ciphertext, connects the second ciphertext with the receiving time, and sends it as a response message to the client;

客户端接收到响应信息后获取当前时间，判断当前时间与接收时间的差值是否处于预设范围内，若是，则采用SM4对称密钥对第二密文进行解密，获得第二明文与新的随机数，将第一随机数、新的随机数、接收时间连接后计算获得第四哈希值，对第四哈希值进行截取并判断是否与第二明文相等，完成客户端对服务器的身份认证过程；After receiving the response information, the client obtains the current time and determines whether the difference between the current time and the receiving time is within the preset range. If so, the SM4 symmetric key is used to decrypt the second ciphertext to obtain the second plaintext and the new random number. The first random number, the new random number, and the receiving time are connected to calculate the fourth hash value, the fourth hash value is intercepted and determined whether it is equal to the second plaintext, and the client completes the identity authentication process of the server;

将所述第一随机数与第二随机数连接后获得会话密钥，对所述第一身份认证表进行更新。The first random number is concatenated with the second random number to obtain a session key, and the first identity authentication table is updated.

可选的，数据传输过程包括：Optionally, the data transmission process includes:

服务端接收客户端数据请求时，根据许可状态判断是否通过身份认证，若已通过身份认证，则获取客户端对应的会话密钥，将请求的资源与请求时间连接后计算哈希值并截取获得第三明文，基于所述会话密钥对请求的资源与第三明文连接后得到的值进行加密获得第三密文，将第三密文与请求时间连接后作为服务器的响应信息；When the server receives a data request from the client, it determines whether the identity authentication has been passed according to the permission status. If the identity authentication has been passed, it obtains the session key corresponding to the client, connects the requested resource with the request time, calculates the hash value and intercepts it to obtain the third plaintext, encrypts the value obtained by connecting the requested resource with the third plaintext based on the session key to obtain the third ciphertext, and connects the third ciphertext with the request time as the response information of the server;

客户端接收响应信息后，记录接收时间，判断请求时间与接收时间的差值是否在预设范围内，若是，则根据会话密钥对所述第三密文进行解密获得第三明文与资源，计算资源与请求时间的哈希值，根据哈希值判断资源是否正确。After the client receives the response information, it records the receiving time and determines whether the difference between the request time and the receiving time is within a preset range. If so, it decrypts the third ciphertext according to the session key to obtain the third plaintext and the resource, calculates the hash value of the resource and the request time, and determines whether the resource is correct based on the hash value.

可选的，哈希值的计算均基于SM3算法，加密均采用SM4算法，哈希值的截取长度为64位。Optionally, the calculation of hash values is based on the SM3 algorithm, the encryption uses the SM4 algorithm, and the truncation length of the hash value is 64 bits.

可选的，当服务器资源改变时，服务器重新发送一个CON请求报文，将改变后的资源再次发给客户端，客户端接收到该报文后返回一个空的响应报文。Optionally, when the server resources are changed, the server resends a CON request message to send the changed resources to the client again, and the client returns an empty response message after receiving the message.

本发明的技术效果为：The technical effects of the present invention are:

本发明针对客户端和服务器各自建立了身份表，重要数据只能由双方查表才能得到；利用预共享密钥的方式，采用SM4和SM3算法在客户端和服务器进行数据传输之前完成了双向身份认证及密钥协商，仅使用两个握手消息，仍能够保证身份认证时重要数据的机密性以及消息的完整性；使用了时间戳及随机数防止了重放攻击；采用CoAP实际应用中最节省开销的观察者模式进行数据的传输。The present invention establishes identity tables for the client and the server respectively, and important data can only be obtained by looking up the tables by both parties; by using a pre-shared key method, SM4 and SM3 algorithms are adopted to complete two-way identity authentication and key negotiation before data transmission between the client and the server, and only two handshake messages are used to ensure the confidentiality of important data during identity authentication and the integrity of messages; timestamps and random numbers are used to prevent replay attacks; and the observer mode that saves the most cost in practical applications of CoAP is adopted to transmit data.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

构成本申请的一部分的附图用来提供对本申请的进一步理解，本申请的示意性实施例及其说明用于解释本申请，并不构成对本申请的不当限定。在附图中：The drawings constituting a part of the present application are used to provide a further understanding of the present application. The illustrative embodiments and descriptions of the present application are used to explain the present application and do not constitute an improper limitation on the present application. In the drawings:

图1为本发明实施例中的方法流程示意图。FIG. 1 is a schematic diagram of a method flow in an embodiment of the present invention.

具体实施方式DETAILED DESCRIPTION

需要说明的是，在不冲突的情况下，本申请中的实施例及实施例中的特征可以相互组合。下面将参考附图并结合实施例来详细说明本申请。It should be noted that, in the absence of conflict, the embodiments and features in the embodiments of the present application can be combined with each other. The present application will be described in detail below with reference to the accompanying drawings and in combination with the embodiments.

需要说明的是，在附图的流程图示出的步骤可以在诸如一组计算机可执行指令的计算机系统中执行，并且，虽然在流程图中示出了逻辑顺序，但是在某些情况下，可以以不同于此处的顺序执行所示出或描述的步骤。It should be noted that the steps shown in the flowcharts of the accompanying drawings can be executed in a computer system such as a set of computer executable instructions, and that, although a logical order is shown in the flowcharts, in some cases, the steps shown or described can be executed in an order different from that shown here.

实施例一Embodiment 1

如图1所示，本实施例中提供一种基于国密的CoAP协议身份认证和数据加密方法，包括：As shown in FIG1 , this embodiment provides a CoAP protocol identity authentication and data encryption method based on national encryption, including:

一次性设备配置阶段。在进行身份认证之前将所需数据进行预配置，保证客户端和服务器顺利完成身份认证。One-time device configuration phase: Pre-configure the required data before identity authentication to ensure that the client and server successfully complete identity authentication.

步骤1：每个客户端存储一个由自身设备标识符(IDi，i＝1，2，3...)、与服务器预共享的SM4对称密钥(K_mi，i＝1，2，3...)以及协商后的会话密钥(K_si，i＝1，2，3...)组成的表，在身份认证之前，该表中的会话密钥为空。服务器则会存储一个由每个客户端的设备标识符、标识符对应的SM4预共享密钥、协商后的会话密钥以及字段Authorized组成的身份表，在身份认证之前，该表中的会话密钥为空并且Authorized默认为0。客户端ID1身份表如表1所示，服务器身份表如表2所示。Step 1: Each client stores a table consisting of its own device identifier (IDi, i=1, 2, 3...), the SM4 symmetric key pre-shared with the server (_Kmi , i=1, 2, 3...) and the negotiated session key (_Ksi , i=1, 2, 3...). Before identity authentication, the session key in the table is empty. The server will store an identity table consisting of the device identifier of each client, the SM4 pre-shared key corresponding to the identifier, the negotiated session key and the field Authorized. Before identity authentication, the session key in the table is empty and Authorized defaults to 0. The client ID1 identity table is shown in Table 1, and the server identity table is shown in Table 2.

表1
Table 1

身份认证及密钥协商阶段。在进行数据传输之前增加身份认证和密钥协商功能，保证数据传输时CoAP协议的客户端和服务器是可信任的，并且用协商的密钥进行之后的数据传输。Identity authentication and key negotiation phase: Add identity authentication and key negotiation functions before data transmission to ensure that the client and server of the CoAP protocol are trustworthy during data transmission, and use the negotiated key for subsequent data transmission.

步骤2：客户端ID1记录当前时间T₁，T₁大小为64bits，再生成64bits随机数N_C，利用SM3算法计算N_C、T₁、以及ID1的预共享密钥K_m1连接后的哈希值H₁，取H₁的前64bits为明文P1，将N_C与P1连接，并取出表中的预共享密钥K_m1利用SM4算法对连接后的明文进行加密得到密文C1，将C1、T₁和ID1连接并放入payload字段中，将URI设为/localhost:5683/authorize，把协议头部中T字段标识为CON类型，并将该消息以POST请求的形式发送给服务器。Step 2: Client ID1 records the current time_T1 , the size of_T1 is 64 bits, and then generates a 64-bit random number_Nc . The SM3 algorithm is used to calculate the hash value_H1 after the connection of_Nc ,_T1 , and the pre-shared key_Km1 of ID1. The first 64 bits of_H1 are taken as the plaintext P1,_Nc is connected with P1, and the pre-shared key_Km1 in the table is taken out and the plaintext after the connection is encrypted by the SM4 algorithm to obtain the ciphertext C1. C1,_T1 and ID1 are connected and put into the payload field, the URI is set to /localhost:5683/authorize, the T field in the protocol header is marked as the CON type, and the message is sent to the server in the form of a POST request.

步骤3：服务器接收到该请求后，记录当前时间T₂，接着取出payload字段中的有效值，计算|T₂-T₁|，检查该值是否在规定的时间范围内，如果是，则通过服务器中的身份表查询是否有相同的设备标识符，如果有，则取出对应的预共享密钥K_m1，接着利用K_m1解密C1得到明文N_C'和P1，利用SM3算法计算N_C'、T₁与K_m1连接后的哈希值H₂，如果H₂的前64bits与P1相等，则表明客户端通过payload传来的信息是正确的，服务器验证了该客户端的身份。服务器生成64bits随机数N_S，将N_C与N_S连接得到K_s1作为新的会话密钥存储在服务器表中，并将表中该客户端对应的Authorized字段由0改为1。服务器即将从客户端ID1得来的N_C、自身生成的N_S以及记录的T₂连接并使用SM3算法计算哈希值得到H₃，取H₃的前64bits为明文P2，将N_S与P2连接，并用K_m1以及SM4算法对连接后的明文进行加密得到密文C2，将C2和T₂连接并放入payload字段中，发送响应给客户端。Step 3: After receiving the request, the server records the current time T₂ , then takes out the valid value in the payload field, calculates |T₂ -T₁ |, checks whether the value is within the specified time range, and if so, checks whether there is the same device identifier through the identity table in the server. If so, takes out the corresponding pre-shared key K_m1 , then uses K_m1 to decrypt C1 to obtain the plaintext N_C 'and P1, and uses the SM3 algorithm to calculate the hash value H₂ after N_C ', T₁ and K_m1 are connected. If the first 64 bits of H₂ are equal to P1, it means that the information sent by the client through the payload is correct, and the server has verified the identity of the client. The server generates a 64-bit random number N_S , concatenates N_C and N_S to obtain K_s1 as the new session key and stores it in the server table, and changes the Authorized field corresponding to the client in the table from 0 to 1. The server will connect N_C obtained from client ID1, N_S generated by itself and recorded T_2, and use SM3 algorithm to calculate the hash value H₃ , take the first 64 bits of H₃ as plaintext P2, connect N_S and P2, and use K_m1 and SM4 algorithm to encrypt the connected plaintext to obtain ciphertext C2, connect C2 and T₂ and put them in the payload field, and send a response to the client.

步骤4：客户端接收到该响应后，记录当前时间T₃，取出payload字段中的有效值，计算|T₃-T₂|，检查该值是否在规定的时间范围内，如果是，则使用预共享密钥K_m1解密C2得到明文N_S'和P2，将N_C、N_S'、T₂进行连接并使用SM3算法计算哈希值得到H₄。如果H₄的前64bits与P2相等，则表明服务器通过payload传来的随机数N_S等信息是正确的，并且客户端也验证了服务器的身份，将N_C与N_S连接得到K_s1作为新的会话密钥存储在客户端表中。身份认证及密钥协商阶段结束。Step 4: After receiving the response, the client records the current time T₃ , takes out the valid value in the payload field, calculates |T₃ -T₂ |, and checks whether the value is within the specified time range. If so, it uses the pre-shared key K_m1 to decrypt C2 to obtain the plaintext N_S 'and P2, concatenates N_C , N_S ', and T₂ , and uses the SM3 algorithm to calculate the hash value to obtain H₄ . If the first 64 bits of H₄ are equal to P2, it indicates that the random number N_S and other information sent by the server through the payload are correct, and the client has also verified the identity of the server, and concatenates N_C and N_S to obtain K_s1 as the new session key and stores it in the client table. The identity authentication and key negotiation phase ends.

数据传输阶段。Data transmission phase.

步骤5：客户端ID1将协议头部中T字段标识为CON类型，URI设为/localhost:5683/observe，标识ID1存入创建的256号选项中，把observe选项字段设为0，以表明向服务器提出观察资源的请求，并且向服务器发出GET请求。Step 5: Client ID1 identifies the T field in the protocol header as the CON type, sets the URI to /localhost:5683/observe, stores the identifier ID1 in the created option No. 256, sets the observe option field to 0 to indicate that a request to observe resources is made to the server, and sends a GET request to the server.

步骤6：服务器接收到客户端发来的GET请求后，记录当前时间T₄，并检查请求中的observe字段是否为0，如果为0，服务器取出256号选项中的设备标识符，通过服务器中的身份表查询是否是正确的ID1，若正确，则检查该设备标识符对应的Authorized字段是否为1，如果为1，则表明该设备此前已经经过了身份认证，是合法设备，将ID1存入观察者列表，并取出身份表中对应的会话密钥K_s1。将64bits的资源M1与T₄进行连接并用SM3算法计算哈希值得到H₅，取H₅的前64bits为明文P3，使用K_s1和SM4算法对M1与P3连接后的值进行加密得到密文C3，将C3与T₄连接放入payload中，发送响应给客户端。Step 6: After receiving the GET request from the client, the server records the current time T₄ and checks whether the observe field in the request is 0. If it is 0, the server takes out the device identifier in option 256 and checks whether it is the correct ID1 through the identity table in the server. If it is correct, check whether the Authorized field corresponding to the device identifier is 1. If it is 1, it indicates that the device has been authenticated before and is a legal device. Store ID1 in the observer list and take out the corresponding session key K_s1 in the identity table. Connect the 64-bit resource M1 with T₄ and calculate the hash value using the SM3 algorithm to obtain H_5. Take the first 64 bits of H₅ as plaintext P3. Use K_s1 and SM4 algorithms to encrypt the value of M1 and P3 to obtain ciphertext C3. Connect C3 with T₄ and put it into the payload, and send a response to the client.

步骤7：客户端收到消息后，记录当前时间T₅，取出payload中的有效值，计算|T₅-T₄|，检查该值是否在规定的时间范围内，如果是，则取出表中对应的会话密钥K_s1解密C3得到M1'和P3，使用SM3算法计算M1'与T₄连接后的哈希值H₆，如果H₆的前64bits与P3相等，则说明客户端收到服务器发来的资源M1'是正确的。Step 7: After receiving the message, the client records the current time T₅ , takes out the valid value in the payload, calculates |T₅ -T₄ |, and checks whether the value is within the specified time range. If so, take out the corresponding session key K_s1 from the table, decrypt C3 to obtain M1' and P3, and use the SM3 algorithm to calculate the hash value H₆ after connecting M1' and T_4. If the first 64 bits of H₆ are equal to P3, it means that the resource M1' sent by the server received by the client is correct.

步骤8：当服务器资源改变时，服务器重新发送一个CON请求报文，将改变后的资源再次发给客户端，具体步骤类似于步骤7。Step 8: When the server resources change, the server resends a CON request message to send the changed resources to the client again. The specific steps are similar to step 7.

步骤9：客户端接收到该报文后返回一个空的响应报文。Step 9: After receiving the message, the client returns an empty response message.

本发明各符号含义如表3所示。The meanings of the symbols in the present invention are shown in Table 3.

表3
Table 3

本发明针对客户端和服务器各自建立了身份表，重要数据只能由双方查表才能得到；利用预共享密钥的方式，采用SM4和SM3算法在客户端和服务器进行数据传输之前完成了双向身份认证及密钥协商，仅使用两个握手消息，仍能够保证身份认证时重要数据的机密性以及消息的完整性；使用了时间戳及随机数防止了重放攻击；采用CoAP实际应用中最节省开销的观察者模式进行数据的传输。The present invention establishes identity tables for the client and the server respectively, and important data can only be obtained by looking up the tables by both parties; by using a pre-shared key method, SM4 and SM3 algorithms are adopted to complete two-way identity authentication and key negotiation before data transmission between the client and the server, and only two handshake messages are used to ensure the confidentiality of important data during identity authentication and the integrity of messages; timestamps and random numbers are used to prevent replay attacks; and the observer mode that saves the most cost in practical applications of CoAP is adopted to transmit data.

以上所述，仅为本申请较佳的具体实施方式，但本申请的保护范围并不局限于此，任何熟悉本技术领域的技术人员在本申请揭露的技术范围内，可轻易想到的变化或替换，都应涵盖在本申请的保护范围之内。因此，本申请的保护范围应该以权利要求的保护范围为准。The above is only a preferred specific implementation of the present application, but the protection scope of the present application is not limited thereto. Any changes or substitutions that can be easily thought of by a person skilled in the art within the technical scope disclosed in the present application should be included in the protection scope of the present application. Therefore, the protection scope of the present application should be based on the protection scope of the claims.

Claims (8)

Translated fromChinese

一种基于国密的CoAP协议身份认证和数据加密方法，其特征在于，包括以下步骤：A CoAP protocol identity authentication and data encryption method based on national secrets, characterized in that it includes the following steps:对客户端与服务端的身份认证数据进行预配置；客户端与服务端根据所述身份认证数据进行身份认证，判断客户端与服务器的安全性，同时进行密钥协商，获得会话密钥，若判断安全性符合要求，则基于所述会话密钥完成数据传输。The client and server authentication data are pre-configured; the client and server perform identity authentication based on the authentication data, determine the security of the client and server, and negotiate keys to obtain session keys. If the security is determined to meet the requirements, data transmission is completed based on the session key.根据权利要求1所述的基于国密的CoAP协议身份认证和数据加密方法，其特征在于，The CoAP protocol identity authentication and data encryption method based on national secrets according to claim 1 is characterized in that:身份认证数据进行预配置的过程包括：The process of pre-configuring authentication data includes:根据每个客户端的自身设备标识符、与服务器预共享的SM4对称密钥、会话密钥构建第一身份认证表，其中，所述第一身份认证表中的会话密钥初始值为空；Constructing a first identity authentication table according to each client's own device identifier, the SM4 symmetric key pre-shared with the server, and the session key, wherein the initial value of the session key in the first identity authentication table is empty;根据每个客户端的自身设备标识符、与标识符对应的预共享的SM4对称密钥、会话密钥、许可状态构建第二身份认证表，其中，所述第二身份认证表中会话密钥初始值为空，许可状态默认值为0。A second identity authentication table is constructed according to each client's own device identifier, the pre-shared SM4 symmetric key corresponding to the identifier, the session key, and the permission status, wherein the initial value of the session key in the second identity authentication table is empty and the default value of the permission status is 0.根据权利要求2所述的基于国密的CoAP协议身份认证和数据加密方法，其特征在于，The CoAP protocol identity authentication and data encryption method based on national secrets according to claim 2 is characterized in that:所述身份认证包括服务器对客户端的身份认证、客户端对服务器的身份认证。The identity authentication includes the identity authentication of the server to the client and the identity authentication of the client to the server.根据权利要求3所述的基于国密的CoAP协议身份认证和数据加密方法，其特征在于，The CoAP protocol identity authentication and data encryption method based on national secrets according to claim 3 is characterized in that:服务器对客户端的身份认证过程包括：The server's authentication process for the client includes:客户端请求数据时，记录请求时间，并生成与请求时间位数相同的第一随机数，提取发出请求的客户端存储在所述第一身份认证表中的信息，计算第一随机数、请求时间、自身设备标识符对应的SM4对称密钥连接后的第一哈希值，对所述第一哈希值进行截取，获得第一明文；将所述第一明文、请求时间、SM4对称密钥连接后加密获得第一密文；将所述第一密文、请求时间、自身设备标识符连接存储为有效载荷；将所述请求时间标识为CON类型，将带有所述有效载荷的请求发送至目标服务器；When the client requests data, the request time is recorded, and a first random number with the same number of digits as the request time is generated, the information of the client that issued the request stored in the first identity authentication table is extracted, the first random number, the request time, and the first hash value after the SM4 symmetric key corresponding to the own device identifier are connected are calculated, the first hash value is intercepted to obtain the first plaintext; the first plaintext, the request time, and the SM4 symmetric key are connected and encrypted to obtain the first ciphertext; the first ciphertext, the request time, and the own device identifier are connected and stored as a payload; the request time is identified as a CON type, and the request with the payload is sent to the target server;目标服务器接收请求后，判断接收时间与请求时间的差值是否在预设范围内，若在预设范围内，将有效载荷中包含的自身设备标识符与所述第二身份认证表进行匹配，采用匹配结果中与标识符对应的SM4对称密钥对所述第一密文进行解密，得到第一明文与新的随机数，将请求时间、新的随机数、与标识符对应的SM4对称密钥连接后计算第二哈希值，对所述第二哈希值进行截取后，判断是否其与所述第一明文相等，完成服务端对客户端的身份认证。After receiving the request, the target server determines whether the difference between the receiving time and the request time is within a preset range. If it is within the preset range, the device identifier contained in the payload is matched with the second identity authentication table, and the first ciphertext is decrypted using the SM4 symmetric key corresponding to the identifier in the matching result to obtain the first plaintext and a new random number. The request time, the new random number, and the SM4 symmetric key corresponding to the identifier are connected to calculate the second hash value. After intercepting the second hash value, it is determined whether it is equal to the first plaintext, thereby completing the server's identity authentication of the client.根据权利要求4所述的基于国密的CoAP协议身份认证和数据加密方法，其特征在于，The CoAP protocol identity authentication and data encryption method based on national secrets according to claim 4 is characterized in that:客户端对服务器的身份认证及密钥协商过程包括：The client's identity authentication and key negotiation process for the server includes:服务端对客户端的身份认证通过后，生成第二随机数与第一随机数连接获得会话密钥并对所述第二身份认证表进行更新；将第二随机数、第一随机数、接收时间连接后计算第三哈希值，对第三哈希值截取获得第二明文，将第二随机数与第二明文，结合SM4对称密钥进行加密的获得第二密文，将第二密文与接收时间连接后，作为发送给客户端的响应信息；After the server authenticates the client, it generates a second random number and connects it with the first random number to obtain a session key and updates the second authentication table; after connecting the second random number, the first random number, and the receiving time, it calculates a third hash value, intercepts the third hash value to obtain a second plaintext, encrypts the second random number and the second plaintext with the SM4 symmetric key to obtain a second ciphertext, connects the second ciphertext with the receiving time, and sends it as a response message to the client;客户端接收到响应信息后获取当前时间，判断当前时间与接收时间的差值是否处于预设范围内，若是，则采用SM4对称密钥对第二密文进行解密，获得第二明文与新的随机数，将第一随机数、新的随机数、接收时间连接后计算获得第四哈希值，对第四哈希值进行截取并判断是否与第二明文相等，完成客户端对服务器的身份认证过程；After receiving the response information, the client obtains the current time and determines whether the difference between the current time and the receiving time is within the preset range. If so, the SM4 symmetric key is used to decrypt the second ciphertext to obtain the second plaintext and the new random number. The first random number, the new random number, and the receiving time are connected to calculate the fourth hash value, the fourth hash value is intercepted and determined whether it is equal to the second plaintext, and the client completes the identity authentication process of the server;将所述第一随机数与第二随机数连接后获得会话密钥，对所述第一身份认证表进行更新。The first random number is concatenated with the second random number to obtain a session key, and the first identity authentication table is updated.根据权利要求2所述的基于国密的CoAP协议身份认证和数据加密方法，其特征在于，The CoAP protocol identity authentication and data encryption method based on national secrets according to claim 2 is characterized in that:数据传输过程包括：The data transfer process includes:服务端接收客户端数据请求时，根据许可状态判断是否通过身份认证，若已通过身份认证，则获取客户端对应的会话密钥，将请求的资源与请求时间连接后计算哈希值并截取获得第三明文，基于所述会话密钥对请求的资源与第三明文连接后得到的值进行加密获得第三密文，将第三密文与请求时间连接后作为服务器的响应信息；When the server receives a data request from the client, it determines whether the identity authentication has been passed according to the permission status. If the identity authentication has been passed, it obtains the session key corresponding to the client, connects the requested resource with the request time, calculates the hash value and intercepts it to obtain the third plaintext, encrypts the value obtained by connecting the requested resource with the third plaintext based on the session key to obtain the third ciphertext, and connects the third ciphertext with the request time as the response information of the server;客户端接收响应信息后，记录接收时间，判断请求时间与接收时间的差值是否在预设范围内，若是，则根据会话密钥对所述第三密文进行解密获得第三明文与资源，计算资源与请求时间的哈希值，根据哈希值判断资源是否正确。After the client receives the response information, it records the receiving time and determines whether the difference between the request time and the receiving time is within a preset range. If so, it decrypts the third ciphertext according to the session key to obtain the third plaintext and the resource, calculates the hash value of the resource and the request time, and determines whether the resource is correct based on the hash value.根据权利要求1-6中任一项所述的基于国密的CoAP协议身份认证和数据加密方法，其特征在于，According to any one of claims 1 to 6, the CoAP protocol identity authentication and data encryption method based on national secrets, The characteristic is that哈希值的计算均基于SM3算法，加密均采用SM4算法，哈希值的截取长度为64位。The calculation of hash values is based on the SM3 algorithm, the encryption uses the SM4 algorithm, and the truncation length of the hash value is 64 bits.根据权利要求1所述的基于国密的CoAP协议身份认证和数据加密方法，其特征在于，当服务器资源改变时，服务器重新发送一个CON请求报文，将改变后的资源再次发给客户端，客户端接收到该报文后返回一个空的响应报文。According to the CoAP protocol identity authentication and data encryption method based on national secrets according to claim 1, it is characterized in that when the server resources change, the server resends a CON request message and sends the changed resources to the client again. After receiving the message, the client returns an empty response message.