A broadcast information authentication method based on a cross TESLA key chain
By cross-using the TESLA key chain to authenticate the broadcast signals of satellite navigation systems, the problem of broadcast signals being easily spoofed is solved, and a continuous and uninterrupted authentication process is achieved. This is suitable for unidirectional broadcast signal scenarios of satellite navigation systems, and enhances the continuity of authentication and the capacity of the key chain.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- DATA COMM SCI & TECH RES INST
- Filing Date
- 2024-12-18
- Publication Date
- 2026-06-19
AI Technical Summary
In existing satellite navigation systems, broadcast signals are vulnerable to spoofing attacks, which can interfere with the timing function of navigation information, and there is a lack of effective protection measures.
A Timed Efficient Stream Loss-tolerant (TESLA) key chain is used to generate a first and a second TESLA key chain. These key chains are used interchangeably to authenticate broadcast information, and the authenticated information is broadcast through the broadcast node. The terminal receiver uses the root key for verification.
It enables continuous and uninterrupted authentication of broadcast signals, increases the capacity of the key chain, is suitable for one-way broadcast signal scenarios in satellite navigation systems, avoids interruption of the signing process, and improves the continuity and reliability of authentication.
Smart Images

Figure CN122247595A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of information security technology, and in particular to a broadcast message authentication method based on a Timed Efficient Stream Loss-tolerant (TESLA) key chain. Background Technology
[0002] Satellite navigation and positioning systems can provide unified time and space references, offering accurate positioning services to users across land, sea, air, and space. Currently, all major global satellite navigation and positioning systems provide civilian services. These civilian services use publicly available signals; their carrier frequency, modulation scheme, spreading code, and navigation message format are all publicly disclosed in the interface control files. Therefore, attackers can exploit this publicly available signal information structure to forge and send false navigation signals, deceiving GNSS receivers and interfering with their navigation and timing functions. Thus, how to protect broadcast signals from deception is a pressing technical problem that needs to be solved. Summary of the Invention
[0003] Based on the above analysis, the embodiments of the present invention aim to provide a broadcast information authentication method based on a key chain of cross-time effect stream loss fault tolerance authentication mechanism, in order to solve the technical problem of how to protect broadcast signals from deception.
[0004] In a first aspect, embodiments of the present invention provide a broadcast message authentication method based on a Timed Efficient Stream Loss-tolerant (TESLA) keychain, characterized by comprising the following steps:
[0005] The authentication device generates a first TESLA key chain and a second TESLA key chain.
[0006] The authentication device uses the first TESLA key chain and the second TESLA key chain interchangeably to authenticate the information to be authenticated and generate the authenticated broadcast information.
[0007] The authentication device broadcasts or broadcasts the authenticated information through a broadcast node;
[0008] The terminal receiver verifies the authenticated broadcast information based on the root keys of the first TESLA key chain and the second TESLA key chain used when authenticating the information to be authenticated.
[0009] Based on the further improvement of the above broadcast information authentication method, the authentication device uses the first TESLA key chain and the second TESLA key chain interchangeably to authenticate the information to be authenticated, including:
[0010] The multiple TESLA keychains in the first TESLA keychain are sequentially numbered into odd-numbered TESLA keychains, wherein the length of the first TESLA keychain in the first TESLA keychain is... The length of the remaining TESLA key chains in the first TESLA key chain is n, where n is a positive integer;
[0011] The multiple TESLA key chains in the second TESLA key chain are sequentially numbered into an even-numbered TESLA key chain, wherein the length of each TESLA key chain in the second TESLA key chain is n;
[0012] At the same time, both odd-numbered and even-numbered TESLA keychains are used interchangeably to authenticate the information to be authenticated.
[0013] Based on the further improvement of the above broadcast information authentication method, the authentication device uses the first TESLA key chain and the second TESLA key chain interchangeably to authenticate the information to be authenticated, including:
[0014] The authentication device authenticates the information to be authenticated according to the following formula:
[0015]
[0016] in, Indicates in T k The current authentication information, i p and j q They represent T respectively k The key count used by the first and second Tesla key chains at any given time. and Represent the i-th chain of the p-th chain of the first TESLA key chain. p The j-th key and the q-th chain of the second Tesla key chain q The key is defined by "||", which represents concatenation, and MAC(·) represents the message authentication code algorithm.
[0017] Based on further improvements to the above broadcast information authentication method, the authentication device generates authenticated broadcast information including:
[0018] The authentication device generates the authenticated broadcast message (msg) according to the following formula:
[0019]
[0020] in, and Represent the i-th chain of the p-th chain of the first TESLA key chain. p -1 key and the j-th chain of the q-th chain of the second Tesla key chain q -1 key.
[0021] Based on a further improvement to the above broadcast information authentication method, the terminal receiver verifies the authenticated broadcast information according to the root keys of the first TESLA key chain and the second TESLA key chain used when authenticating the information to be authenticated, including:
[0022] The terminal receiver uses the root key pair of the first TESLA key chain and the second TESLA key chain used when authenticating the information to be authenticated. and Conduct the first round of verification;
[0023] If the first round of verification passes, then... Conduct a second round of verification;
[0024] If the second round of verification passes, the certified broadcast information is considered reliable.
[0025] Based on a further improvement to the above broadcast information authentication method, the terminal receiver uses the root key pair of the first TESLA key chain and the second TESLA key chain used when authenticating the information to be authenticated. and The first round of verification includes:
[0026] The terminal receiver uses the following formula to... and Verification required:
[0027]
[0028] in, This is the root key of the p-th chain in the first Tesla key chain. H is the root key of the qth chain of the second TESLA key chain, and H(·) represents the hash algorithm.
[0029] Based on further improvements to the aforementioned broadcast information authentication method, for The second round of verification includes:
[0030] Step S10: Calculate the target message authentication code according to the following formula:
[0031]
[0032] Step S20: Determine the target message authentication code and the T k Check whether the authentication codes received at any given time are consistent.
[0033] Based on a further improvement of the above broadcast information authentication method, the message authentication code algorithm includes any one of the following:
[0034] The message authentication code algorithm in the SM3 algorithm, the message authentication code algorithm in the SHA algorithm, and the message authentication code algorithm in the MD algorithm.
[0035] Based on the further improvement of the above broadcast information authentication method, the authentication device and the broadcast node are a one-way broadcast information system.
[0036] Based on a further improvement of the above-mentioned broadcast information authentication method, the broadcast node is an artificial satellite in the Global Navigation Satellite System.
[0037] Compared with the prior art, the present invention can achieve at least one of the following beneficial effects:
[0038] 1. The TESLA authentication scheme proposed in this invention is implemented using a cross-TESLA key chain. Key chain switching does not require a signature, which enables the authentication process to be continuous and uninterrupted, and can be applied to the design of Beidou satellite civilian navigation signals in the future.
[0039] 2. This invention can utilize the characteristics of the TESLA key chain to achieve continuous and uninterrupted broadcast authentication key updates and rolling, making the authentication process uninterrupted. Compared with other authentication schemes, it does not require a signature process and is more suitable for continuous one-way broadcast signal scenarios such as satellite navigation systems.
[0040] 3. This invention utilizes the characteristics of the TESLA key chain to ensure uninterrupted authentication process through continuous broadcasting of authentication key updates and rolling, thereby increasing the usable capacity of the TESLA key chain.
[0041] In this invention, the above-described technical solutions can be combined with each other to achieve more preferred combinations. Other features and advantages of this invention will be set forth in the following description, and some advantages may become apparent from the description or be learned by practicing the invention. The objects and other advantages of this invention can be realized and obtained from what is particularly pointed out in the description and drawings. Attached Figure Description
[0042] The accompanying drawings are for illustrative purposes only and are not intended to limit the invention. Throughout the drawings, the same reference numerals denote the same parts.
[0043] Figure 1 A flowchart illustrating a broadcast message authentication method based on a cross-TESLA key chain according to an embodiment of the present invention is shown.
[0044] Figure 2An example of cross-using a first TESLA keychain and a second TESLA keychain according to an embodiment of the present invention is shown. Detailed Implementation
[0045] Preferred embodiments of the present invention will now be described in detail with reference to the accompanying drawings, which form part of this application and are used together with the embodiments of the present invention to illustrate the principles of the present invention, but are not intended to limit the scope of the present invention.
[0046] Figure 1 A flowchart illustrating a broadcast message authentication method based on a cross-TESLA key chain according to an embodiment of the present invention is shown. Figure 1 As shown, this broadcast message authentication method based on a cross-TESLA key chain includes the following steps:
[0047] Step S100: The authentication device generates a first TESLA key chain and a second TESLA key chain.
[0048] Time-Effected Stream Loss Tolerance (TESLA) is a method for authenticating streaming data. TESLA generates a key sequence using a sequence generated by a random function application. The sender chooses a random key and pre-computes a sequence of multiple key values, called a key chain. Each key appears as a pseudo-random number to an attacker. The receiver can derive all previous keys from the received key, thus verifying the authenticity of the data packet. This scheme tolerates any number of packet losses, and discarding insecure packets does not affect the authentication of subsequent packets.
[0049] For example, the BeiDou navigation message authentication method based on BeiDou short messages employs a Time Effect Stream Loss Tolerance (TESLA) authentication mechanism. The ground control center generates a key and uses it to encrypt basic navigation data to generate an information authentication code. This information authentication code is then added to the reserved bytes of the BeiDou navigation message and sent as authentication information to each medium Earth orbit satellite. The medium Earth orbit satellites then send the BeiDou navigation message with the added authentication information to each user.
[0050] In this embodiment, the authentication device can be the ground control center in the BeiDou navigation system.
[0051] In some embodiments, the process by which the authentication device generates the first TESLA key chain includes the following steps:
[0052] Step S10: Generate a first random number for generating the first TESLA key chain.
[0053] Step S20: Calculate the first TESLA key chain root using a hash function based on the first random number.
[0054] Step S30: Calculate the first TESLA key chain using a hash function based on the root of the first TESLA key chain.
[0055] Steps S10 to S30 will be described below with a specific implementation method.
[0056] First, the authentication device generates a random number r0 to generate the first Tesla key chain. The root key of the first Tesla key chain is denoted as K0. Then:
[0057] K0 = H n (r0)
[0058] Among them, H n (·) indicates that the hash function is calculated n times, then:
[0059] K i-1 =H(K) i )
[0060] Among them, K i Let represent the i-th key in the first Tesla key chain, denoted as . Let r0 be the key chain generated by random number r0, where i represents the i-th key in the key chain and k represents the k-th key chain generated by the Beidou navigation authentication device.
[0061] In some embodiments, the process of the authentication device generating a second TESLA keychain includes the following steps:
[0062] Step S40: Generate a second random number to generate the second TESLA key chain.
[0063] Step S50: Calculate the second TESLA key chain root using a hash function based on the second random number.
[0064] Step S60: Calculate the second TESLA key chain using a hash function based on the root of the second TESLA key chain.
[0065] Steps S40 to S60 will be described below with reference to a specific implementation method.
[0066] First, the authentication device generates a random number r0' to generate the second TESLA key chain. The root key of the second TESLA key chain is denoted as K0'. Then:
[0067] K0'=H n (r0')
[0068] Among them, H n (·) indicates that the hash function is calculated n times, then:
[0069] K i-1'=H(K i ')
[0070] Among them, K i ' represents the i-th key in the second Tesla key chain, denoted as Let r0' be the key chain generated by random number r0', where i represents the i-th key in the key chain and k represents the k-th key chain generated by the Beidou navigation authentication device.
[0071] Step S200: The authentication device uses the first TESLA key chain and the second TESLA key chain interchangeably to authenticate the information to be authenticated and generate the authenticated broadcast information.
[0072] In this embodiment, both the first and second TESLA key chains can be used simultaneously. The order in which the first and second TESLA key chains are used is explained below.
[0073] Figure 2 An example of cross-using a first TESLA keychain and a second TESLA keychain according to an embodiment of the present invention is shown.
[0074] like Figure 2 As shown, the first TESLA keychain has k TESLA keychains, and the first TESLA keychain contains... The first TESLA key chain has n keys, and the second through k TESLA key chains each contain n keys. The second TESLA key chain has k TESLA key chains, each containing n keys. Here, the k TESLA key chains in the first TESLA key chain can be sequentially numbered into odd-numbered TESLA key chains, i.e. Figure 2 The K1, K3, K5, K7, K9, ... in the second TESLA keychain can be sequentially numbered into even-numbered TESLA keychains, i.e. Figure 2 K2, K4, K6, K8, ... After completing the numbering, as follows... Figure 2 As shown, the k TESLA key chains of the first TESLA key chain and the k TESLA key chains of the second TESLA key chain can be aligned in chronological order. For example, at time t0, the first key in K1 and the first key in K2 can be used simultaneously.
[0075] It should be noted that, in Figure 2In the example, setting the length of the first TESLA keychain in the first TESLA keychain to half the length of the remaining TESLA keychains is beneficial. This setting ensures that when any TESLA keychain in the first TESLA keychain is exhausted, only half of the TESLA keychain in the second TESLA keychain is used, leaving half of its keys available, thus indirectly increasing the TESLA keychain's usable capacity. Similarly, this setting ensures that when any TESLA keychain in the second TESLA keychain is exhausted, only half of the TESLA keychain in the first TESLA keychain is used, leaving half of its keys available, thus indirectly increasing the TESLA keychain's usable capacity. In this embodiment, odd-numbered and even-numbered TESLA keychains can be used simultaneously for authentication of the information to be authenticated.
[0076] The cross-use scheme of TESLA key chain proposed in this embodiment of the invention enables the authentication process to be continuous and uninterrupted, thereby increasing the utilization capacity of TESLA key chain.
[0077] In some embodiments, the process of authentication devices cross-using a first TESLA keychain and a second TESLA keychain to authenticate the information to be authenticated includes:
[0078] The authentication device authenticates the information to be authenticated according to the following formula:
[0079]
[0080] in, Indicates in T k The current authentication information, i p and j q They represent T respectively k The key count used by the first and second Tesla key chains at any given time. and Represent the i-th chain of the p-th chain of the first TESLA key chain. p The j-th key and the q-th chain of the second Tesla key chain q The key is defined by "||", which represents concatenation, and MAC(·) represents the Message Authentication Code (MAC) algorithm. MAC(·) can be any of the MAC algorithms used in the SM3 national cryptographic algorithm, the SHA algorithm, or the MD algorithm.
[0081] It should be noted that the parameters p and q in the above formula refer to the order of the TESLA key chains within the first and second TESLA key chains, respectively, and not the odd and even numbering in this embodiment. Figure 2 For example, at time t1, although K3 is used, K3 is the second TESLA key chain in the first TESLA key chain, so the parameter p = 2; at time t1, although K2 is used, K2 is the first TESLA key chain in the second TESLA key chain, so the parameter q = 1.
[0082] by Figure 2 For example, let's assume T k Time for Figure 2 At time t1, i p This indicates which key within K3 the key is at the position indicated by the dashed line, for example, i. p =30 indicates that the key at the position of the dashed line is the 30th key in K3; j q This indicates which key within K2 the key is located at the position indicated by the dashed line, for example, j. q =80 means that the key at the position of the dashed line is the 80th key in K2.
[0083] exist Figure 2 In the example, assume T k Time for Figure 2 At time t1, p = 2 and q = 1.
[0084] In some embodiments, the authentication device generates authenticated broadcast information including:
[0085] The authentication device generates the authenticated broadcast message (msg) according to the following formula:
[0086]
[0087] in, and Represent the i-th chain of the p-th chain of the first TESLA key chain. p -1 key and the j-th chain of the q-th chain of the second Tesla key chain q -1 key.
[0088] Step S300: The authentication device broadcasts or broadcasts the authenticated broadcast information through the broadcast node.
[0089] In this embodiment, the authentication device broadcasts the authenticated broadcast information (msg) through the broadcast node.
[0090] In other embodiments, the authentication device can be integrated on the broadcast node, in which case the authentication device can directly broadcast the authenticated broadcast message (msg).
[0091] Step S400: The terminal receiver verifies the authenticated broadcast information based on the root keys of the first TESLA key chain and the second TESLA key chain used when authenticating the information to be authenticated.
[0092] In this embodiment, the terminal receiver can obtain the root keys of the first and second TESLA key chains used when authenticating the information to be authenticated through a third-party channel, that is, the root key of the p-th chain of the first TESLA key chain. The root key K of the qth chain of the second TESLA key chain q .
[0093] In some embodiments, the terminal receiver verifies the authenticated broadcast information based on the root keys of the first and second TESLA key chains used when authenticating the information to be authenticated, including the following steps:
[0094] Step S111: The terminal receiver uses the root key pair of the first and second Tesla key chains used when authenticating the information to be authenticated. and Conduct the first round of verification.
[0095] Step S222: If the first round of verification passes, then... A second round of verification will be conducted.
[0096] Step S333: If the second round of verification passes, the certified broadcast information is reliable.
[0097] Specifically, step S111 includes:
[0098] The terminal receiver uses the following formula to... and Verification required:
[0099]
[0100] in, This is the root key of the p-th chain in the first Tesla key chain. H is the root key of the qth chain of the second TESLA key chain, and H(·) represents the hash algorithm.
[0101] Specifically, step S222 includes:
[0102] Step S10: Calculate the target message authentication code according to the following formula:
[0103]
[0104] Step S20: Determine the target message authentication code and the T k The system checks whether the received message authentication codes match. If they match, the verification passes; otherwise, it fails.
[0105] Compared with the prior art, the embodiments of the present invention can achieve at least one of the following beneficial effects:
[0106] 1. The TESLA authentication scheme proposed in this invention is implemented using a cross-TESLA key chain. Key chain switching does not require a signature, which enables the authentication process to be continuous and uninterrupted, and can be applied to the design of Beidou satellite civilian navigation signals in the future.
[0107] 2. This invention can utilize the characteristics of the TESLA key chain to achieve continuous and uninterrupted broadcast authentication key updates and rolling, making the authentication process uninterrupted. Compared with other authentication schemes, it does not require a signature process and is more suitable for continuous one-way broadcast signal scenarios such as satellite navigation systems.
[0108] 3. This invention utilizes the characteristics of the TESLA key chain to ensure uninterrupted authentication process through continuous broadcasting of authentication key updates and rolling, thereby increasing the usable capacity of the TESLA key chain.
[0109] The above description is only a preferred embodiment of the present invention, but the scope of protection of the present invention is not limited thereto. Any changes or substitutions that can be easily conceived by those skilled in the art within the scope of the technology disclosed in the present invention should be included within the scope of protection of the present invention.
Claims
1. A broadcast message authentication method based on a cross-TESLA key chain, characterized in that, Includes the following steps: The authentication device generates a first TESLA key chain and a second TESLA key chain. The authentication device uses the first TESLA key chain and the second TESLA key chain interchangeably to authenticate the information to be authenticated and generate the authenticated broadcast information. The authentication device broadcasts or broadcasts the authenticated information through a broadcast node; The terminal receiver verifies the authenticated broadcast information based on the root keys of the first TESLA key chain and the second TESLA key chain used when authenticating the information to be authenticated.
2. The broadcast information authentication method according to claim 1, characterized in that, The authentication device uses both the first and second TESLA key chains to authenticate the information to be authenticated, including: The multiple TESLA keychains in the first TESLA keychain are sequentially numbered into odd-numbered TESLA keychains, wherein the length of the first TESLA keychain in the first TESLA keychain is... The length of the remaining TESLA key chains in the first TESLA key chain is n, where n is a positive integer; The multiple TESLA key chains in the second TESLA key chain are sequentially numbered into an even-numbered TESLA key chain, wherein the length of each TESLA key chain in the second TESLA key chain is n; At the same time, both odd-numbered and even-numbered TESLA keychains are used interchangeably to authenticate the information to be authenticated.
3. The broadcast information authentication method according to claim 2, characterized in that, The authentication device uses both the first and second TESLA key chains to authenticate the information to be authenticated, including: The authentication device authenticates the information to be authenticated according to the following formula: in, Indicates in T k The current authentication information, i p and j q They represent T respectively k The key count used by the first and second Tesla key chains at any given time. and Represent the i-th chain of the p-th chain of the first TESLA key chain. p The j-th key and the q-th chain of the second Tesla key chain q The key is "||" which represents concatenation operation, and MAC(·) represents the message authentication code algorithm.
4. The broadcast information authentication method according to claim 3, characterized in that, The certified equipment generates certified broadcast information including: The authentication device generates the authenticated broadcast message (msg) according to the following formula: in, and Represent the i-th chain of the p-th chain of the first TESLA key chain. p -1 key and the j-th chain of the q-th chain of the second Tesla key chain q -1 key.
5. The broadcast information authentication method according to claim 4, characterized in that, The terminal receiver verifies the authenticated broadcast information based on the root keys of the first TESLA key chain and the second TESLA key chain used when authenticating the information to be authenticated, including: The terminal receiver uses the root key pair of the first TESLA key chain and the second TESLA key chain used when authenticating the information to be authenticated. and Conduct the first round of verification; If the first round of verification passes, then... Conduct a second round of verification; If the second round of verification passes, the certified broadcast information is considered reliable.
6. The broadcast information authentication method according to claim 5, characterized in that, The terminal receiver uses the root key pair of the first TESLA key chain and the second TESLA key chain used when authenticating the information to be authenticated. and The first round of verification includes: The terminal receiver uses the following formula to... and Verification required: in, This is the root key of the p-th chain in the first Tesla key chain. H is the root key of the qth chain of the second TESLA key chain, and H(·) represents the hash algorithm.
7. The broadcast information authentication method according to claim 5 or 6, characterized in that, right The second round of verification includes: Step S10: Calculate the target message authentication code according to the following formula: Step S20: Determine the target message authentication code and the T k Check whether the authentication codes received at any given time are consistent.
8. The broadcast information authentication method according to claim 3, characterized in that, The message authentication code algorithm includes any of the following: The message authentication code algorithm in the SM3 algorithm, the message authentication code algorithm in the SHA algorithm, and the message authentication code algorithm in the MD algorithm.
9. The broadcast information authentication method according to claim 1, characterized in that, The authentication device and the broadcast node constitute a one-way broadcast information system.
10. The broadcast information authentication method according to claim 9, characterized in that, The broadcast node is an artificial satellite in the Global Navigation Satellite System.