Access authentication method for unmanned swarm ad hoc network and related device
By introducing a two-way authentication scheme into the drone swarm network, using SHA and HMAC-SHA algorithms to generate and verify authentication information, the problem of unauthorized node access in the drone swarm network is solved, achieving efficient and secure identity verification and improving the security and trustworthiness of the network.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- CHANGSHA QIANZHILONG MICROELECTRONICS CO LTD
- Filing Date
- 2026-04-07
- Publication Date
- 2026-07-10
AI Technical Summary
Unauthorized nodes can freely access drone swarm networks, leading to network eavesdropping, data injection, or denial-of-service attacks. Existing TDMA network access procedures have security blind spots and are difficult to implement effective identity authentication.
A two-way authentication scheme is adopted, which performs two-way identity verification between the network master node and the slave node to be joined. Secure hash algorithms (such as SHA-256, SHA-160) and hash-based message authentication codes (HMAC-SHA512) are used to generate and verify authentication information, ensuring the dynamism and security of the authentication process.
It significantly improves the overall security and communication reliability of unmanned swarm networks, prevents identity forgery and man-in-the-middle attacks, and is suitable for unmanned swarm systems with limited computing power and communication resources, meeting the requirements for low latency and efficient networking in highly dynamic environments.
Smart Images

Figure CN122373002A_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of communication technology, specifically to an access authentication method and related equipment for an unmanned swarm self-organizing network. Background Technology
[0002] Due to their flexibility, scalability, and robustness, drone swarms are increasingly being used in various fields. However, the high-speed movement of nodes and the dynamic changes in network topology within drone swarms also pose serious security challenges to unmanned ad hoc networks. Among these, the primary security threat is the unauthorized access of nodes, which can eavesdrop on the network, inject data, or launch denial-of-service attacks, leading to the loss of control or even paralysis of the entire swarm system.
[0003] Therefore, establishing a secure and reliable identity authentication mechanism is the first and crucial line of defense for ensuring trusted communication in unmanned swarm networks.
[0004] Among numerous networking technologies, the access control method based on Time Division Multiple Access (TDMA) is particularly suitable for highly dynamic unmanned swarm networks because it can provide deterministic communication time slots and effectively avoid data collisions.
[0005] However, the existing TDMA network access process has security blind spots.
[0006] The information disclosed in the background section is only intended to enhance the understanding of the background of this application, and therefore may contain information that is not part of the prior art known to those skilled in the art. Summary of the Invention
[0007] This application provides an access authentication method and related equipment for an unmanned swarm self-organizing network. By performing two-way authentication, the overall security of the network and the reliability of communication can be significantly improved.
[0008] A first aspect of this application provides an access authentication method for an unmanned bee colony self-organizing network, applied to a master node in the network, the access authentication method comprising: A broadcast frame is sent, the broadcast frame carrying first authentication information; Receive a network access request message from a slave node to be joined to the network. The network access request message is a response message generated by the slave node to be joined to the network after receiving the broadcast frame and successfully authenticating the first authentication information in the broadcast frame. The network access request message carries second authentication information. In response to successful authentication of the second authentication information, an access response message is sent to the slave node to be joined to the network.
[0009] In an optional embodiment of this application, the first authentication information includes: a master node random number and a master node authentication code ciphertext; The first authentication information is generated in the following manner: The first algorithm is used to process the key file to generate the master node key; Obtain the first current system timestamp, and process the first current system timestamp using the third algorithm to generate the master node random number; The fourth algorithm is used to perform logical operations on the master node random number and the master node key to generate a master node authentication message; The master node authentication message is encrypted to generate a master node authentication code; the encryption process is based on the fifth algorithm and implemented using the master node key. The key file is processed using the sixth algorithm to generate the master node authentication code key; The master node authentication code is encrypted to generate master node authentication code ciphertext; the encryption process is based on the seventh algorithm and implemented using the master node authentication code key. The master node random number and the master node authentication code are encapsulated to generate a first authentication header structure, which serves as the first authentication information.
[0010] In an optional embodiment of this application, the authentication of the first authentication information in the broadcast frame includes: The broadcast frame is parsed to obtain the master node random number and the master node authentication code ciphertext; The seventh algorithm is used to decrypt the ciphertext of the master node authentication code to generate the broadcast node authentication code; The fourth algorithm is used to perform logical operations on the master node random number and the master node key to generate a master node authentication message; The fifth algorithm is used, and based on the master node key, the master node authentication message is encrypted to generate a master node authentication code; In response to the broadcast node's authentication code being the same as the master node's authentication code, the authentication is successful, and a network access request message is sent to the master node in the network.
[0011] In an optional embodiment of this application, the access authentication method further includes: If the authentication code of the broadcast node is different from that of the master node, the authentication fails, and the master node and its network information are deleted.
[0012] In an optional embodiment of this application, the second authentication information includes: a random number of the slave node to be joined and the encrypted authentication code of the slave node to be joined; The second authentication information is generated in the following manner: The second algorithm is used to process the key file to generate the key for the slave node to join the network; Obtain the second current system timestamp, and process the second current system timestamp using the third algorithm to generate the random number of the slave node to be joined to the network; The fourth algorithm is used to perform logical operations on the random number of the slave node to be connected to the network and the key of the slave node to be connected to the network to generate an authentication message for the slave node to be connected to the network. The authentication message of the slave node to be connected to the network is encrypted to generate an authentication code for the slave node to be connected to the network; the encryption process is based on the fifth algorithm and implemented using the key of the slave node to be connected to the network. The sixth algorithm is used to process the key file to generate the authentication code key for the slave node to join the network; The authentication code of the slave node to be connected to the network is encrypted to generate ciphertext of the authentication code; the encryption process is based on the seventh algorithm and implemented using the authentication code key of the slave node to be connected to the network. The random number of the slave node to be connected to the network and the encrypted authentication code of the slave node to be connected to the network are encapsulated to generate a second authentication header structure, which serves as the second authentication information.
[0013] In an optional embodiment of this application, the authentication of the second authentication information includes: The network access request message is parsed to obtain the random number of the slave node to be accessed and the encrypted authentication code of the slave node to be accessed. The seventh algorithm is used to decrypt the ciphertext of the authentication code of the slave node to be joined to generate the authentication code request of the slave node to be joined to the network. The fourth algorithm is used to perform logical operations on the random number of the slave node to be connected to the network and the key of the slave node to be connected to the network to generate an authentication message for the slave node to be connected to the network. The fifth algorithm is used, and based on the key of the slave node to be connected to the network, the authentication message of the slave node to be connected to the network is encrypted to generate the authentication code of the slave node to be connected to the network. If the authentication code requested by the node to be connected to the network is the same as the authentication code of the slave node to be connected to the network, and the authentication is successful, the access response message is sent to the slave node to be connected to the network.
[0014] In an optional embodiment of this application, the access authentication method further includes: If the authentication code requested by the node to be connected to the network is different from the authentication code of the slave node to be connected to the network, the authentication fails and the access response message is not sent.
[0015] In one optional embodiment of this application, the access authentication method satisfies one or more of the following: The key file is generated by a key file generator and injected into the UAV at least before the network master node sends the broadcast frame; wherein each UAV corresponds to a node in the UAV swarm ad hoc network; Each generated key file is unique and non-repeating, and the key files of all drones in the same drone swarm self-organizing network are the same; The first algorithm is SHA-256, and the master node key is obtained by hashing the key file using SHA-256. The second algorithm is SHA-160, and the key of the slave node to be added to the network is obtained by hashing the second current system timestamp using SHA-160. The third algorithm is SHA-160, and the master node random number is obtained by performing a hash operation on the first current system timestamp using SHA-160. The logical operation is an XOR operation; The fifth algorithm is HMAC-SHA512; The sixth algorithm is SHA512, and the authentication code key is obtained by hashing the key file using SHA512. The seventh algorithm is AES.
[0016] A second aspect of this application provides an access authentication method for an unmanned swarm self-organizing network, applied to a slave node to be added to the network, the access authentication method comprising: Receive a broadcast frame from an on-network master node, the broadcast frame carrying first authentication information; Sending a network access request message to the master node in the network, the network access request message is a response message generated by the slave node to be connected to the network after receiving the broadcast frame and successfully authenticating the first authentication information in the broadcast frame, the network access request message carries the second authentication information; The system receives an access response message from the on-network master node. The access response message is a response message generated by the on-network master node after it receives the network access request message and successfully authenticates the second authentication information in the network access request message.
[0017] In an optional embodiment of this application, the network access request is terminated in response to the failure of the slave node to authenticate the first authentication information or in response to the failure of the master node to authenticate the second authentication information.
[0018] A third aspect of this application provides an access authentication device for an unmanned bee colony self-organizing network, which is installed on the network master node. The access authentication device includes: The first sending module is configured to send a broadcast frame, the broadcast frame carrying first authentication information; The first receiving module is configured to receive a network access request message from a slave node to be connected to the network. The network access request message is a response message generated by the slave node after receiving the broadcast frame and successfully authenticating the first authentication information in the broadcast frame. The network access request message carries second authentication information. The second sending module is configured to send an access response message to the slave node to be joined in response to successful authentication of the second authentication information.
[0019] A fourth aspect of this application provides an access authentication device for an unmanned swarm self-organizing network, which is disposed on a slave node to be joined to the network. The access authentication device includes: The second receiving module is configured to receive broadcast frames from the network master node, the broadcast frames carrying first authentication information; The third sending module is configured to send a network access request message to the network master node. The network access request message is a response message generated by the slave node to be connected to the network after receiving the broadcast frame and successfully authenticating the first authentication information in the broadcast frame. The network access request message carries second authentication information. The third receiving module is configured to receive an access response message from the on-network master node. The access response message is a response message generated by the on-network master node after it receives the network access request message and successfully authenticates the second authentication information in the network access request message.
[0020] A fifth aspect of the present application provides a terminal, including a memory and a processor, wherein the memory stores a computer program that can run on the processor, and when the processor runs the computer program, it executes the access authentication method for an unmanned swarm ad hoc network as described in any of the foregoing embodiments, or the access authentication method for an unmanned swarm ad hoc network as described in any of the foregoing embodiments.
[0021] A sixth aspect of this application provides a computer-readable storage medium having a computer program stored thereon. When executed by a processor, the computer program implements the steps of the access authentication method for an unmanned swarm ad hoc network as described in any of the foregoing embodiments, or implements the steps of the access authentication method for an unmanned swarm ad hoc network as described in any of the foregoing embodiments.
[0022] A seventh aspect of this application provides a computer program product, including a computer program / instructions, which, when executed by a processor, implement the steps of the access authentication method for an unmanned cellular ad hoc network as described in any of the foregoing embodiments, or implement the steps of the access authentication method for an unmanned cellular ad hoc network as described in any of the foregoing embodiments. In an eighth aspect of this application, an embodiment of this application provides a chip (or communication device) on which a computer program is stored. When the computer program is executed by the chip, the access authentication method provided in the first or second aspect is executed.
[0023] In a ninth aspect of this application, an embodiment of this application provides a chip module on which a computer program is stored. When the computer program is executed by the chip module, the access authentication method provided in the first or second aspect is executed.
[0024] In a tenth aspect of this application, an embodiment of this application provides a communication system, the communication system including means for performing the access authentication method provided in the first or second aspect.
[0025] Compared with the prior art, the technical solution of this application embodiment has the following beneficial effects: This application provides a two-way authentication scheme that simultaneously performs identity verification during node access to the network. This two-way authentication scheme not only supports authentication of incoming slave nodes by the master node but also authentication of the master node by the incoming slave node. This ensures that the corresponding network formation process is executed only when both two-way authentications are successful. Thus, a more secure and reliable authentication mechanism is constructed, effectively preventing problems such as identity forgery and man-in-the-middle attacks that may exist in one-way authentication. It is particularly suitable for distributed self-organizing network environments, significantly improving the overall network security and communication reliability. Attached Figure Description
[0026] The accompanying drawings, which are included to provide a further understanding of this application and form part of this application, illustrate exemplary embodiments and are used to explain this application, but do not constitute an undue limitation of this application. In the drawings: Figure 1 This is an interactive diagram illustrating a multiple access network entry process; Figure 2 This is a flowchart of the first access authentication method for an unmanned swarm self-organizing network provided in the embodiments of this application; Figure 3 This is a flowchart of generating first authentication information provided in an embodiment of this application; Figure 4 This is a schematic diagram of an injection key file provided in an embodiment of this application; Figure 5 This is a schematic diagram of the authentication process for a first authentication information provided in an embodiment of this application; Figure 6 This is a flowchart of the second access authentication method for unmanned swarm self-organizing networks provided in the embodiments of this application; Figure 7This is an interactive schematic diagram of an access authentication method for a bee colony ad hoc network provided in an embodiment of this application; Figure 8 This is a schematic diagram of the structure of the first type of access authentication device for unmanned bee colony self-organizing network provided in the embodiments of this application; Figure 9 This is a schematic diagram of the structure of the second type of access authentication device for unmanned bee colony self-organizing network provided in the embodiments of this application; Figure 10 This is a schematic diagram of the hardware structure of a terminal provided in an embodiment of this application. Detailed Implementation
[0027] TDMA is a time division multiple access protocol that ensures that distributed nodes in wireless communication transmit and receive data wirelessly under a strictly unified and planned timing sequence, avoiding conflicts caused by multiple nodes transmitting simultaneously during communication, and maximizing channel utilization while solving the problem of fair access and sharing of the channel by multiple nodes.
[0028] See Figure 1 , Figure 1 This is an interactive diagram illustrating a multi-access network entry process.
[0029] The unmanned swarm TDMA self-organizing network includes one on-network master node and at least one on-network slave node. The on-network master node manages the time slot resources of the entire swarm network, and slave nodes must apply to the master node for time slot resources in order to access the network.
[0030] In the TDMA access process, the network master node constructs a broadcast frame and periodically sends it. This broadcast frame contains the current time slot resources of the cellular network and related network information.
[0031] When the slave node 1, which is waiting to join the network, receives the broadcast frame, it can obtain the time slot information. Under the constraints of this time slot information, the slave node 1 can send a network entry request to the master node already in the network.
[0032] When the master node receives a network entry request, it performs a time slot allocation operation and carries the time slot in the network entry response, so that the slave node 1 waiting to enter the network can enter the network.
[0033] In some other scenarios, the master node interacts with the slave node 2 to accept its network entry request and allocate time slots.
[0034] Although TDMA (Telematics Multiple Access Control) solves the problem of orderly sharing of physical channels, it does not inherently integrate a two-way verification mechanism for the legitimacy of the requesting node. This means that the existing TDMA network access process has a security blind spot, allowing any node to initiate a standard network access handshake, thus leaving an opportunity for malicious access.
[0035] To address the aforementioned technical issues, this application provides a two-way authentication scheme that simultaneously performs identity verification during node access to the network. This two-way authentication scheme not only supports authentication of incoming slave nodes by the master node but also authentication of the master node by the incoming slave node, ensuring that the corresponding network formation process is executed only when both two-way authentications are successful. This constructs a more secure and reliable authentication mechanism, effectively preventing issues such as identity forgery and man-in-the-middle attacks that may occur in one-way authentication. It is particularly suitable for distributed self-organizing network environments, significantly improving the overall network security and communication reliability.
[0036] The solutions in this application embodiment can be implemented using various computer languages, such as the object-oriented programming language Java and the interpreted scripting language JavaScript.
[0037] To make the technical solutions and advantages of the embodiments of this application clearer, the exemplary embodiments of this application will be described in further detail below with reference to the accompanying drawings. Obviously, the described embodiments are only a part of the embodiments of this application, and not an exhaustive list of all embodiments. It should be noted that, unless otherwise specified, the embodiments and features in the embodiments of this application can be combined with each other.
[0038] See Figure 2 , Figure 2 This is a flowchart of the first access authentication method for an unmanned swarm ad hoc network provided in this application embodiment. This access authentication method is applied to the network master node. The network master node corresponds to one of the unmanned drones in the unmanned swarm ad hoc network.
[0039] Accordingly, the access authentication method includes steps S201 to S203: Step S201: Send a broadcast frame, the broadcast frame carrying first authentication information.
[0040] In some embodiments, when the network master node detects that the current network is in a state where expansion is allowed, the access window is open, or the broadcast trigger time is reached according to a preset period, the network master node begins to assemble a broadcast frame to notify the slave nodes to be joined to the network, and sends the broadcast frame through a public broadcast channel so that the slave nodes to be joined to the network can initiate the network access process according to the content of the broadcast frame.
[0041] In this context, the network master node can assemble broadcast frames according to a preset broadcast frame format. Broadcast frames may include frame header fields, control fields, parameter fields, check fields, etc.
[0042] In this embodiment, in order to achieve two-way authentication, the broadcast frame also includes first authentication information, which is used to indicate the trustworthiness of the master node in the network.
[0043] In other words, this implementation integrates network identifiers, synchronization information, access time slots, authentication parameters, and address allocation information into a single broadcast message by having the master node on the network uniformly organize and send broadcast frames. Upon receiving the broadcast frame, slave nodes awaiting network access can quickly learn about the network access conditions and procedures, thereby improving network access efficiency, reducing access conflicts, and enhancing the orderliness and security of network management.
[0044] Step S202: Receive a network access request message from the slave node to be joined. The network access request message is a response message generated by the slave node to be joined after receiving the broadcast frame and successfully authenticating the first authentication information in the broadcast frame. The network access request message carries second authentication information.
[0045] In some embodiments, since a broadcast frame transmission method is used, other nodes that meet the protocol requirements can all receive the broadcast frame containing the first authentication information. Thus, the slave node seeking to join the network can parse and authenticate the first authentication information, thereby determining whether the master node in the network is trustworthy.
[0046] Thus, after the slave node to be joined passes the authentication of the first authentication information, the slave node to be joined can generate a response message (i.e., a network access request message) for the broadcast frame.
[0047] In this embodiment, the network access request message additionally carries second authentication information, which is used to indicate the trustworthiness of the slave node to be added to the network.
[0048] Step S203: In response to the successful authentication of the second authentication information, an access response message is sent to the slave node to be joined to the network.
[0049] In some embodiments, the network master node can receive a network access request message from a slave node seeking to join the network. In this way, the network master node can parse and authenticate the second authentication information, thereby determining whether the slave node seeking to join the network is trustworthy.
[0050] Thus, after the network master node successfully authenticates the second authentication information, it can generate an access response message and send it to the slave node to be joined, thereby allowing the slave node to form a network.
[0051] Specifically, the access response message carries time slot information. Under the influence of this time slot information, the slave node to be joined can enter the network, and thus the slave node to be joined can participate in swarm communication according to TDMA scheduling.
[0052] By adopting the above scheme, a two-way authentication method is introduced into the TDMA self-organizing network access process, making network access more secure and reliable.
[0053] In practical applications, the inventors further discovered that traditional cryptographic-based authentication methods are insufficient for lightweight applications in unmanned swarm networks. This is because their inherent computationally intensive nature leads to relatively large time and resource consumption. Individual nodes in an unmanned swarm are typically limited by onboard computing power and finite wireless bandwidth, making it difficult to withstand the burden of public-key cryptography.
[0054] If applied directly, it will prolong the network access authentication time of nodes and reduce the rapid networking and reconstruction capabilities of the swarm, which contradicts the core requirements of highly dynamic unmanned swarms for low latency and high timeliness.
[0055] Therefore, the existing technical solutions present a contradiction: secure TDMA network access requires the introduction of an authentication mechanism, but heavyweight traditional authentication methods would reduce the high-efficiency access advantages that TDMA brings to unmanned swarms.
[0056] Against this backdrop, there is an urgent need for a lightweight, dedicated authentication method that is tightly coupled with the TDMA network access process and reduces both computational and communication overhead, so as to ensure security without affecting the rapid networking performance of unmanned swarms.
[0057] Based on this, the embodiments of this application employ a Security Hash Algorithm (SHA) and a Hash-based Message Authentication Code (HMAC) in the security authentication process.
[0058] Among them, the SHA algorithm is a message digest generation algorithm. SHA is a standard hash algorithm designed by NIST and NSA in the United States. SHA-1 is the first generation of SHA algorithm. The later SHA-224, SHA-256, SHA-384 and SHA-512 are collectively referred to as SHA-2.
[0059] HMAC is a message authentication method based on a hash function and a key. HMAC-SHA operation uses the SHA hash algorithm, taking a key and a message as input, and generating a message digest as output. HMAC-SHA signature algorithm is a commonly used signature algorithm used to sign and digest a message. It is an irreversible encryption algorithm.
[0060] In this embodiment of the application, the first authentication information includes: master node random number (Rand-Host) and master node authentication code ciphertext (MAC-Secret-Host).
[0061] Accordingly, see Figure 3 , Figure 3This is a flowchart of generating first authentication information provided in an embodiment of this application. The first authentication information can be generated in the following manner: Step S301: The key file is processed using the first algorithm to generate the master node key.
[0062] In some embodiments, during the process of assembling a broadcast frame, the network master node can process the key file to generate a master node key (Secret-Key-Host), which is used as an encryption key to encrypt the master node authentication code (MAC-Host).
[0063] In some embodiments, processing the key file using the first algorithm may include: performing a hash operation on the key file, encrypting the key file, encoding and converting the key file, generating a target key based on a key derivation mechanism, and performing combination operations or iterative processing on the key file.
[0064] In this embodiment, the first algorithm is SHA-256.
[0065] Accordingly, the master node key is obtained by hashing the key file using SHA-256. For example, the hash value of the key file using SHA-256 is 32 bytes long.
[0066] In this embodiment, the key file is generated by a key file generator and injected into the UAV at least before the on-network master node sends the broadcast frame; wherein each UAV corresponds to a node in the UAV swarm self-organizing network.
[0067] Specifically, before executing a task, the unmanned bee swarm generates a key file using a key file generator, and each generated key file is different; then, it injects the key file through a secure channel.
[0068] Furthermore, each generated key file is unique and non-repeating, and the key files of all drones in the same drone swarm self-organizing network are identical.
[0069] This means that the key files of all nodes in the bee colony are guaranteed to be consistent, and the key files can be changed each time a task is executed to prevent the previous key files from being stolen and used.
[0070] See Figure 4 , Figure 4 This is a schematic diagram of an injection key file provided in an embodiment of this application.
[0071] A key file is generated using a key file generator, and then injected into the key file through a secure channel.
[0072] For example, key files are injected into drone 1, drone 2, ..., drone n through different secure channels, where n is an integer greater than 1.
[0073] Step S302: Obtain the first current system timestamp, and process the first current system timestamp using the third algorithm to generate the master node random number.
[0074] In some embodiments, during the process of assembling a broadcast frame, the network master node can obtain a first current system timestamp and process the first current system timestamp accordingly to generate a master node random number (Rand-Host).
[0075] In some embodiments, processing the first current system timestamp using a third algorithm may include: performing a hash operation on the first current system timestamp, encrypting the first current system timestamp, encoding and converting the first current system timestamp, generating a target key based on a key derivation mechanism, and performing combination operations or iterative processing on the first current system timestamp.
[0076] In this embodiment, the third algorithm is SHA-160.
[0077] Accordingly, the master node random number is obtained by hashing the first current system timestamp using SHA-160. For example, the hash of the first current system timestamp using SHA-160 has a length of 20 bytes.
[0078] Step 303: The fourth algorithm is used to perform logical operations on the master node random number and the master node key to generate a master node authentication message.
[0079] In some embodiments, when generating the master node random number and master node key, a master node authentication message (Msg-Auth-Host) is further generated based on the master node random number and master node key.
[0080] In one example, the logical operation is an XOR operation. The master node authentication message is generated by performing an XOR operation on the master node random number and the master node key, and taking the first 20 bytes.
[0081] Step 304: Encrypt the master node authentication message to generate a master node authentication code; the encryption process is based on the fifth algorithm and implemented using the master node key.
[0082] In some embodiments, the network master node can also use the master node key generated based on the key file and the fifth algorithm to encrypt the master node authentication message, thereby obtaining the corresponding master node authentication code and improving the security of the master node authentication code.
[0083] For the description of the fifth algorithm, please refer to the relevant content of the first algorithm in the aforementioned example.
[0084] In this embodiment, the fifth algorithm is HMAC-SHA512. The master node authentication code is generated by the network master node using HMAC-SHA512 to encrypt the master node authentication message, and the encryption key is the master node key. The master node authentication code is 64 bytes long.
[0085] Step S305: The key file is processed using the sixth algorithm to generate the master node authentication code key.
[0086] In some embodiments, the network master node also uses a sixth algorithm to process the key file to generate the master node authentication key. That is, the key file is processed by both the first algorithm and the sixth algorithm simultaneously.
[0087] For the description of the sixth algorithm, please refer to the relevant content of the first algorithm in the aforementioned example.
[0088] In this embodiment, the sixth algorithm is SHA512, and the master node authentication code key is obtained by hashing the key file using SHA512.
[0089] For example, the master node uses SHA512 to hash the key file, and takes the first 16 bytes as the key for encrypting the authentication code.
[0090] Step S306: Encrypt the master node authentication code to generate master node authentication code ciphertext; the encryption process is based on the seventh algorithm and implemented using the master node authentication code key.
[0091] In some embodiments, when generating the master node authentication code and the master node authentication code key, the seventh algorithm is further used to generate the master node authentication code ciphertext (MAC-Secret-Host) based on the master node authentication code and the master node authentication code key.
[0092] For the description of the seventh algorithm, please refer to the relevant content of the first algorithm in the aforementioned example.
[0093] In this embodiment, the seventh algorithm is AES. The master node authentication code ciphertext is generated by the network master node using AES to encrypt the master node authentication code, and the encryption key is the master node authentication code key.
[0094] Step S307: Encapsulate the master node random number and the master node authentication code ciphertext to generate a first authentication header structure, which serves as the first authentication information.
[0095] In some embodiments, when generating the master node random number and the master node authentication code ciphertext, both are encapsulated and carried in the broadcast frame. For example, this can be placed after the protocol header. In this way, the broadcast frame only carries the encrypted master node authentication code ciphertext and the master node random number; all keys and key files are not transmitted wirelessly, preventing data leakage and eavesdropping, and improving authentication security.
[0096] It should be noted that the encapsulation in this scheme can include either encapsulating the master node random number and the master node authentication code ciphertext separately, or encapsulating the master node random number and the master node authentication code ciphertext and then encapsulating them in the broadcast frame, so that the broadcast frame can carry the first authentication information.
[0097] By employing the above scheme, this embodiment of the application constructs a hierarchical authentication mechanism based on data dependencies by performing multi-stage processing on the key file and incorporating timestamp-generated random numbers into the authentication calculation. Compared with existing technologies that directly generate authentication information based on a single key or fixed data, this invention introduces master node random numbers into the authentication message generation, making each authentication process dynamic and effectively improving the authentication process's resistance to replay attacks.
[0098] Specifically, in this embodiment, a first algorithm is used to process the key file to generate a master node key, and a master node random number is generated based on the current system timestamp. Then, a fourth algorithm is used to perform logical operations on the master node random number and the master node key, so that the generated master node authentication message simultaneously binds the time factor and key information. This makes the authentication message no longer rely solely on a static key, but on a dynamically changing random number, thereby improving the unpredictability and security of the authentication result.
[0099] Building upon this foundation, the embodiments of this application further employ different algorithms for layered encryption of the data: on one hand, the authentication message is encrypted based on the master node key to generate a master node authentication code; on the other hand, a sixth algorithm is used to derive the master node authentication code key from the key file, and the authentication code is encrypted again based on this key to generate ciphertext of the authentication code. Through the above-mentioned multi-key isolation and layered encryption mechanism, isolation between different security domains is achieved, making it difficult to deduce the original authentication information even if a certain layer of keys is leaked, thereby significantly improving the overall security of the system.
[0100] Furthermore, by encapsulating the master node's random number with the authentication code ciphertext to form an authentication header structure, slave nodes waiting to join the network can perform consistency verification based on the random number, thereby improving the integrity and reliability of the authentication process.
[0101] In summary, this invention, by limiting the processing order of key processing, random number generation, authentication calculation, and layered encryption, establishes a tight data dependency between each step. This not only enhances the dynamism and attack resistance of authentication information but also achieves hierarchical key use and secure isolation, resulting in technical effects distinct from existing technologies. Therefore, this invention is not a simple combination or reordering of existing algorithms, but rather an improvement in the processing flow and data association methods. Furthermore, compared to traditional authentication protocols based on public-key cryptography, this application employs an asymmetric encryption algorithm, which improves computational efficiency while ensuring authentication security and reducing wireless bandwidth consumption. This method is suitable for UAV swarm systems with limited computing power and communication resources, effectively meeting their needs for efficient and low-overhead authentication in dynamic networking environments.
[0102] Accordingly, when a slave node to be added to the network receives a broadcast frame, it can authenticate the first authentication information in the broadcast frame and execute the appropriate network access process based on the authentication result.
[0103] See Figure 5 , Figure 5 This is a schematic diagram of an authentication process for first authentication information provided in an embodiment of this application, including steps S501 to S505: Step S501: Parse the broadcast frame to obtain the master node random number and the master node authentication code ciphertext.
[0104] In some embodiments, the existing master node and the slave node to be joined to the network use the same protocol. Upon receiving a broadcast frame, the slave node to be joined can parse the broadcast frame according to the method specified in the protocol. The slave node to be joined can obtain the master node's random number and the master node's authentication code ciphertext.
[0105] Step S502: Decrypt the master node authentication code ciphertext using the seventh algorithm to generate the broadcast node authentication code.
[0106] In some embodiments, a slave node to be added to the network can use the seventh algorithm to decrypt the ciphertext of the master node authentication code and generate a broadcast node authentication code (MAC-Host-Broad) that it considers trustworthy.
[0107] For example, the seventh algorithm can decrypt the master node authentication code ciphertext using the master node authentication code key.
[0108] It should be noted that the slave node to be added to the network and the master node already in the network have the same key file and use the same algorithm to process the key file. Therefore, the master node authentication code key and the authentication code key of the node to be added to the network are consistent. Therefore, the master node authentication code key in step S502 can be considered as the authentication code key of the node to be added to the network. That is, the slave node to be added to the network uses the seventh algorithm and decrypts the ciphertext of the master node authentication code based on the authentication code key of the node to be added to the network. In step S503, the fourth algorithm is used to perform logical operations on the master node random number and the master node key to generate the master node authentication message.
[0109] In some embodiments, the slave node to be added to the network can use a fourth algorithm to perform the opposite logical operation on the master node random number and the master node key, thereby being able to parse the master node authentication message.
[0110] Step S504: Using the fifth algorithm and based on the master node key, the master node authentication message is encrypted to generate a master node authentication code.
[0111] For details on how to generate the master node authentication code, please refer to the example above.
[0112] Step S505: In response to the broadcast node authentication code being the same as the master node authentication code, the authentication is successful, and a network access request message is sent to the master node in the network.
[0113] In some embodiments, when generating the master node authentication code (calculated by the slave node to be joined), the master node authentication code is compared with the broadcast node authentication code calculated by itself. If the two are found to be the same, it means that the master node in the network has been authenticated and the network where the master node is located is legitimate. Then the slave node can initiate access.
[0114] In some other embodiments, it also includes: Step S506: In response to the fact that the authentication code of the broadcast node is different from the authentication code of the master node, the authentication fails, and the master node in the network and its network information are deleted.
[0115] By adopting the above scheme, the authentication process is implemented on the master node to be added to the network. This ensures that the network where the master node is located is legitimate before proceeding with the network entry process, which improves the security of the network entry process.
[0116] In some embodiments, the network access request message carries second authentication information. When the network master node receives the network access request message, it can verify the second authentication information to determine whether the slave node to be accessed is trustworthy.
[0117] In this embodiment, the second authentication information includes: the random number of the slave node to be joined and the encrypted authentication code of the slave node to be joined.
[0118] Accordingly, the second authentication information is generated in the following manner: The second algorithm is used to process the key file to generate the secret key-slave key to be added to the network.
[0119] In this embodiment, the second algorithm and the third algorithm are the same, both using SHA-160. The difference is that when processing the key file using the second algorithm, SHA-160 is used to obtain the hash value of the key file, and the length is 20 bytes.
[0120] Specifically, the second algorithm is SHA-160, and the key of the slave node to be added to the network is obtained by hashing the second current system timestamp using SHA-160.
[0121] Firstly, for more details regarding the second algorithm and key file, please refer to the examples above.
[0122] Obtain the second current system timestamp, and process the second current system timestamp using the third algorithm to generate the random number (Rand-Slave) of the slave node to be joined to the network.
[0123] First, regarding the description of using the third algorithm to process the second current system timestamp to generate a random number for the slave node to be added to the network, please refer to the aforementioned example. Second, the second current system timestamp refers to the latest timestamp of the slave node to be added to the network, so that the random number of the slave node to be added to the network can change over time. This ensures that each network access request frame sent is different, which can prevent replay attacks.
[0124] The fourth algorithm is used to perform logical operations on the random number (Rand-Slave) of the slave node to be joined and the key (Secret-Key-Slave) of the slave node to be joined, to generate the authentication message (Msg-Auth-Slave) of the slave node to be joined.
[0125] For the description of using the fourth algorithm to generate the authentication message for the slave node to join the network, please refer to the aforementioned example.
[0126] The authentication message (Msg-Auth-Slave) of the slave node to be joined to the network is encrypted to generate the authentication code (MAC-Slave) of the slave node to be joined to the network; the encryption process is based on the fifth algorithm and implemented using the key (Secret-Key-Slave) of the slave node to be joined to the network.
[0127] For the description of using the fifth algorithm to generate the key for the slave node to join the network, please refer to the example above.
[0128] The sixth algorithm is used to process the key file to generate the Secret-Key-Slave authentication key for the slave node to join the network.
[0129] In some embodiments, the authentication key of the slave node to be added to the network and the authentication key of the master node already in the network are the same.
[0130] For the description of using the sixth algorithm to generate the authentication code key for the slave node to join the network, please refer to the example above.
[0131] The MAC-Slave authentication code to be joined to the network is encrypted to generate the MAC-Secret-Slave ciphertext; the encryption process is based on the seventh algorithm and implemented using the MAC-Slave authentication code key.
[0132] For the description of using the seventh algorithm to generate the authentication code for the slave node to join the network, please refer to the aforementioned example.
[0133] The random number of the slave node to be connected to the network and the encrypted authentication code of the slave node to be connected to the network are encapsulated to generate a second authentication header structure, which serves as the second authentication information.
[0134] Furthermore, when the network master node receives the network access request message, it can authenticate the second authentication information in the network access request message and execute the appropriate network access process based on the authentication result.
[0135] Accordingly, the authentication of the second authentication information is successful, including: The network access request message is parsed to obtain the random number of the slave node to be connected to the network and the encrypted authentication code of the slave node to be connected to the network.
[0136] The seventh algorithm is used to decrypt the ciphertext of the authentication code of the slave node to be joined to generate the authentication request code (MAC-Salve-Req) of the slave node to be joined to the network.
[0137] The fourth algorithm is used to perform logical operations on the random number of the slave node to be joined and the key of the slave node to be joined, to generate the authentication message (Msg-Auth-Host) of the slave node to be joined.
[0138] The fifth algorithm is used, and based on the key of the slave node to be connected to the network, the authentication message of the slave node to be connected to the network is encrypted to generate the authentication code of the slave node to be connected to the network.
[0139] If the authentication code requested by the node to be connected to the network is the same as the authentication code of the slave node to be connected to the network, and the authentication is successful, the access response message is sent to the slave node to be connected to the network.
[0140] For more information on the authentication process of the second authentication information, please refer to the example above.
[0141] In some other embodiments, if the authentication code requested by the node to be joined to the network is different from the authentication code of the slave node to be joined to the network, the authentication fails, and the access response message is not sent. That is, the network access request of the node to be joined to the network is rejected.
[0142] The above scheme achieves simultaneous authentication during node network access. This scheme supports not only master node authentication of slave nodes but also slave node authentication of master nodes, thus constructing a more secure and reliable authentication mechanism. Two-way authentication effectively prevents problems such as identity forgery and man-in-the-middle attacks that may exist in one-way authentication, making it particularly suitable for distributed self-organizing network environments and significantly improving the overall network security and communication reliability.
[0143] See Figure 6 , Figure 6 This is a flowchart of a second access authentication method for an unmanned swarm ad hoc network provided in this application embodiment. This access authentication method is applied to slave nodes seeking to join the network. The slave nodes seeking to join the network correspond to the unmanned drones applying to join the unmanned swarm ad hoc network.
[0144] Accordingly, the access authentication method includes steps S601 to S603: Step S601: Receive a broadcast frame from the network master node, the broadcast frame carrying first authentication information.
[0145] In some embodiments, when the network master node detects that the current network is in a state where expansion is allowed, the access window is open, or the broadcast trigger time is reached according to a preset period, the network master node begins to assemble a broadcast frame to notify the slave nodes to be joined to the network, and sends the broadcast frame through a public broadcast channel so that the slave nodes to be joined to the network can initiate the network access process according to the content of the broadcast frame.
[0146] In this context, the network master node can assemble broadcast frames according to a preset broadcast frame format. A broadcast frame may include a frame header field, a control field, a parameter field, and a checksum field.
[0147] In this embodiment, in order to achieve two-way authentication, the broadcast frame also includes first authentication information, which is used to indicate the trustworthiness of the master node on the network.
[0148] In other words, this implementation integrates network identifiers, synchronization information, access time slots, authentication parameters, and address allocation information into a single broadcast message by having the master node on the network uniformly organize and send broadcast frames. This allows slave nodes waiting to join the network to quickly learn about the network access conditions and access procedures after receiving the broadcast frame, thereby improving network access efficiency, reducing access conflicts, and enhancing the orderliness and security of network management.
[0149] In this way, the slave node to be added to the network can receive broadcast frames. Among them, broadcast frames from the master node in the network include: directly receiving broadcast frames sent by the master node in the network, or the master node in the network sending broadcast frames to the slave node in the network, and then the slave node in the network forwarding them.
[0150] Step S602: Send a network access request message to the master node in the network. The network access request message is a response message generated by the slave node to be accessed after receiving the broadcast frame and successfully authenticating the first authentication information in the broadcast frame. The network access request message carries second authentication information.
[0151] In some embodiments, since broadcast frames are used for transmission, a slave node that meets the protocol requirements can receive a broadcast frame containing the first authentication information. Thus, the slave node can parse and authenticate the first authentication information to determine whether the master node in the network is trustworthy.
[0152] Thus, after the slave node to join the network passes the authentication of the first authentication information, the slave node to join the network can generate a response message (i.e., a network access request message) for the broadcast frame and send it to the master node in the network.
[0153] In this embodiment, the network access request message additionally carries second authentication information, which is used to indicate the trustworthiness of the slave node to be added to the network.
[0154] Step S603: Receive an access response message from the on-network master node. The access response message is a response message generated by the on-network master node after receiving the network access request message and successfully authenticating the second authentication information in the network access request message.
[0155] In some embodiments, the network master node can receive a network access request message from a slave node seeking to join the network. In this way, the network master node can parse and authenticate the second authentication information, thereby determining whether the slave node seeking to join the network is trustworthy.
[0156] Thus, after the network master node successfully authenticates the second authentication information, it can generate an access response message and send it to the slave node to be joined, thereby allowing the slave node to form a network.
[0157] Specifically, the access response message carries time slot information. Under the influence of this time slot information, the slave node to be joined can enter the network, and thus the slave node to be joined can participate in swarm communication according to TDMA scheduling.
[0158] By adopting the above scheme, a two-way authentication method is introduced into the TDMA self-organizing network access process, making network access more secure and reliable.
[0159] In some embodiments, the network access request is terminated in response to the failure of the slave node to authenticate the first authentication information or the failure of the master node to authenticate the second authentication information.
[0160] It should be noted that for more information on the access authentication methods for slave nodes waiting to join the network, please refer to the content on the access authentication methods for master nodes already in the network mentioned above.
[0161] To better understand and illustrate the two-way authentication process in the embodiments of this application, an example is provided below.
[0162] See Figure 7 , Figure 7 This is an interactive schematic diagram of an access authentication method for a bee colony self-organizing network provided in the embodiments of this application.
[0163] An unmanned swarm self-organizing network includes one on-network master node and at least one on-network slave node. The on-network master node manages the time slot resources of the entire swarm network, and slave nodes must apply to the master node for time slot resources in order to access the network.
[0164] In the access process of an unmanned bee colony self-organizing network, the network master node can form a broadcast frame, which carries the master node's random number and the master node's authentication code ciphertext.
[0165] The network master node sends broadcast frames.
[0166] When a node receives a broadcast frame from node 1, it performs an authentication operation based on the master node's random number and the master node's authentication code ciphertext.
[0167] Upon successful authentication, the network access request obtains time slot information from node 1.
[0168] The slave node 1 generates a network access request message, which carries the random number of the slave node to be accessed and the encrypted authentication code of the slave node to be accessed.
[0169] The node to be added to the network sends the network access request message to the master node already in the network.
[0170] When the master node receives the network access request message, it performs the authentication operation based on the random number of the slave node to be accessed and the encrypted authentication code of the slave node to be accessed.
[0171] Upon successful authentication, an access response message is generated on the network master node.
[0172] The master node sends the access response message to slave node 1, which is then able to join the network.
[0173] Correspondingly, the network slave node can forward broadcast frames to the slave node 2 to be added to the network.
[0174] When a node 2 receives a broadcast frame, it performs an authentication operation based on the master node's random number and the master node's authentication code ciphertext.
[0175] Upon successful authentication, the network access request obtains time slot information from node 2.
[0176] The slave node 2 generates a network access request message, which carries the random number of the slave node to be accessed and the encrypted authentication code of the slave node to be accessed.
[0177] The slave node 2, which is waiting to join the network, sends the network entry request message to the slave node already in the network, and the slave node forwards the network entry request message to the master node already in the network.
[0178] When the master node receives the network access request message, it performs the authentication operation based on the random number of the slave node to be accessed and the encrypted authentication code of the slave node to be accessed.
[0179] Upon successful authentication, the master node generates an access response message and sends it to the slave nodes. The slave nodes then forward the access response message to the slave node 2 waiting to join the network, thus enabling slave node 2 to join the network.
[0180] It should be understood that although the steps in the flowchart are shown sequentially according to the arrows, these steps are not necessarily executed in the order indicated by the arrows. Unless explicitly stated herein, there is no strict order constraint on the execution of these steps, and they can be executed in other orders. Moreover, at least some steps in the diagram may include multiple sub-steps or multiple stages. These sub-steps or stages are not necessarily completed at the same time, but can be executed at different times. The execution order of these sub-steps or stages is not necessarily sequential, but can be performed alternately or in turn with other steps or at least some of the sub-steps or stages of other steps.
[0181] See Figure 8 , Figure 8 This is a schematic diagram of the structure of the first type of access authentication device for an unmanned swarm ad hoc network provided in this application embodiment. The access authentication device for the unmanned swarm ad hoc network can be set at the network master node.
[0182] Accordingly, the access authentication device for unmanned swarm self-organizing networks includes: The first sending module 81 is configured to send a broadcast frame, the broadcast frame carrying first authentication information; The first receiving module 82 is configured to receive a network access request message from a slave node to be connected to the network. The network access request message is a response message generated by the slave node to be connected to the network after receiving the broadcast frame and successfully authenticating the first authentication information in the broadcast frame. The network access request message carries second authentication information. The second sending module 83 is configured to send an access response message to the slave node to be joined in response to successful authentication of the second authentication information.
[0183] about Figure 8 For more details on the working principle, operation method, and beneficial effects of the communication device, please refer to the specific description above and in the accompanying drawings; it will not be repeated here.
[0184] It is understandable that the above division of modules is only a logical functional division. In actual implementation, they can be fully or partially integrated into a single physical entity, or they can be physically separated. Furthermore, the above units can be implemented by the processor calling software.
[0185] See Figure 9 , Figure 9 This is a schematic diagram of the structure of the second type of access authentication device for an unmanned swarm ad hoc network provided in this application embodiment. The access authentication device for the unmanned swarm ad hoc network can be set on the slave node to be joined to the network.
[0186] Accordingly, the access authentication device for unmanned swarm self-organizing networks includes: The second receiving module 91 is configured to receive broadcast frames from the network master node, the broadcast frames carrying first authentication information. The third sending module 92 is configured to send a network access request message to the network master node. The network access request message is a response message generated by the slave node to be connected to the network after receiving the broadcast frame and successfully authenticating the first authentication information in the broadcast frame. The network access request message carries second authentication information. The third receiving module 93 is configured to receive an access response message from the on-network master node. The access response message is a response message generated by the on-network master node after it receives the network access request message and successfully authenticates the second authentication information in the network access request message.
[0187] about Figure 9 For more details on the working principle, operation method, and beneficial effects of the communication device, please refer to the specific description above and in the accompanying drawings; it will not be repeated here.
[0188] It is understandable that the above division of modules is only a logical functional division. In actual implementation, they can be fully or partially integrated into a single physical entity, or they can be physically separated. Furthermore, the above units can be implemented by the processor calling software.
[0189] In practice, Figure 8 and Figure 9 The access authentication device for the unmanned swarm self-organizing network shown can correspond to a chip with communication function in a communication device; or it can correspond to a chip or chip module with communication function in a communication device; or it can correspond to a communication device.
[0190] This application embodiment also provides a terminal, including: a memory and a processor, wherein the memory stores a computer program that can run on the processor, and when the processor runs the computer program, it executes either the access authentication method for an unmanned swarm ad hoc network of the first aspect, or the access authentication method for an unmanned swarm ad hoc network of the second aspect.
[0191] See Figure 10 , Figure 10 This is a schematic diagram of the hardware structure of a terminal provided in an embodiment of this application.
[0192] Figure 10 The terminal shown includes a memory 110, a processor 120, and a transceiver 130. The processor 120 is coupled to the memory 110 and the transceiver 130. The memory 110 can be located inside or outside the terminal. The memory 110, processor 120, and transceiver 130 can be connected via a communication bus. The transceiver 130 is used to communicate with other devices or communication networks.
[0193] Optionally, the transceiver 130 may be a transmitter. The memory 110 stores a computer program that can run on the processor 120, and when the processor 120 runs the computer program, the transceiver 130 performs the steps of any of the methods in the foregoing embodiments provided in the above embodiments.
[0194] This application also provides a computer-readable storage medium storing a computer program thereon, which, when executed by a processor, implements the steps of any of the methods in the foregoing embodiments.
[0195] Storage media may include read-only memory (ROM), random access memory (RAM), magnetic disks, or optical disks, etc. The storage media may also include non-volatile or non-transitory memory, etc.
[0196] This application also provides a computer program product, including a computer program / instructions that, when executed by a processor, implement the steps of any of the methods in the foregoing embodiments.
[0197] It should be understood that in the embodiments of this application, the processor can be a central processing unit (CPU), or it can be other general-purpose processors, digital signal processors (DSPs), application-specific integrated circuits (ASICs), field-programmable gate arrays (FPGAs), or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. The general-purpose processor can be a microprocessor or any conventional processor.
[0198] It should also be understood that the memory in the embodiments of this application can be volatile memory or non-volatile memory, or may include both volatile and non-volatile memory. Non-volatile memory can be ROM, programmable read-only memory (PROM), erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM), or flash memory. Volatile memory can be random access memory (RAM), which is used as an external cache. By way of example, but not limitation, many forms of RAM are available, such as static random access memory (SRAM), dynamic random access memory (DRAM), synchronous dynamic random access memory (SDRAM), double data rate synchronous dynamic random access memory (DDR SDRAM), enhanced synchronous dynamic random access memory (ESDRAM), synchronous linked dynamic random access memory (SLDRAM), and direct rambus RAM (DRRAM).
[0199] Those skilled in the art will understand that embodiments of this application can be provided as methods, systems, or computer program products. Therefore, this application can take the form of a completely hardware embodiment, a completely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, this application can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program code.
[0200] This application is described with reference to flowchart illustrations and / or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of this application. It will be understood that each block of the flowchart illustrations and / or block diagrams, and combinations of blocks in the flowchart illustrations and / or block diagrams, can be implemented by computer program instructions. These computer program instructions can be provided to a processor of a general-purpose computer, special-purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, generate instructions for implementing the flowchart... Figure 1 One or more processes and / or boxes Figure 1 A device that provides the functions specified in one or more boxes.
[0201] These computer program instructions may also be stored in a computer-readable storage medium that can direct a computer or other programmable data processing device to function in a particular manner, such that the instructions stored in the computer-readable storage medium produce an article of manufacture including instruction means, which are implemented in a process Figure 1 One or more processes and / or boxes Figure 1 The function specified in one or more boxes.
[0202] These computer program instructions may also be loaded onto a computer or other programmable data processing equipment to cause a series of operational steps to be performed on the computer or other programmable equipment to produce a computer-implemented process, thereby providing instructions that execute on the computer or other programmable equipment for implementing the process. Figure 1 One or more processes and / or boxes Figure 1 The steps of the function specified in one or more boxes.
[0203] Although preferred embodiments of this application have been described, those skilled in the art, upon learning the basic inventive concept, can make other changes and modifications to these embodiments. Therefore, the appended claims are intended to be interpreted as including the preferred embodiments as well as all changes and modifications falling within the scope of this application.
[0204] Obviously, those skilled in the art can make various modifications and variations to this application without departing from the spirit and scope of this application. Therefore, if such modifications and variations fall within the scope of the claims of this application and their equivalents, this application also intends to include such modifications and variations.
Claims
1. An access authentication method for an unmanned swarm self-organizing network, characterized in that, Applied to on-network master nodes, the access authentication method includes: A broadcast frame is sent, the broadcast frame carrying first authentication information; Receive a network access request message from a slave node to be joined to the network. The network access request message is a response message generated by the slave node to be joined to the network after receiving the broadcast frame and successfully authenticating the first authentication information in the broadcast frame. The network access request message carries second authentication information. In response to successful authentication of the second authentication information, an access response message is sent to the slave node to be joined to the network.
2. The access authentication method according to claim 1, characterized in that, The first authentication information includes: a master node random number and a master node authentication code ciphertext; The first authentication information is generated in the following manner: The first algorithm is used to process the key file to generate the master node key; Obtain the first current system timestamp, and process the first current system timestamp using the third algorithm to generate the master node random number; The fourth algorithm is used to perform logical operations on the master node random number and the master node key to generate a master node authentication message; The master node authentication message is encrypted to generate a master node authentication code; the encryption process is based on the fifth algorithm and implemented using the master node key. The key file is processed using the sixth algorithm to generate the master node authentication code key; The master node authentication code is encrypted to generate master node authentication code ciphertext; the encryption process is based on the seventh algorithm and implemented using the master node authentication code key. The master node random number and the master node authentication code are encapsulated to generate a first authentication header structure, which serves as the first authentication information.
3. The access authentication method according to claim 2, characterized in that, The authentication of the first authentication information in the broadcast frame is successful, including: The broadcast frame is parsed to obtain the master node random number and the master node authentication code ciphertext; The seventh algorithm is used to decrypt the ciphertext of the master node authentication code to generate the broadcast node authentication code; The fourth algorithm is used to perform logical operations on the master node random number and the master node key to generate a master node authentication message; The fifth algorithm is used, and based on the master node key, the master node authentication message is encrypted to generate a master node authentication code; In response to the broadcast node's authentication code being the same as the master node's authentication code, the authentication is successful, and the network access request message is sent to the master node in the network.
4. The access authentication method according to claim 3, characterized in that, Also includes: If the authentication code of the broadcast node is different from that of the master node, the authentication fails, and the master node and its network information are deleted.
5. The access authentication method according to claim 2, characterized in that, The second authentication information includes: a random number of the slave node to be added to the network and the encrypted authentication code of the slave node to be added to the network; The second authentication information is generated in the following manner: The second algorithm is used to process the key file to generate the key for the slave node to join the network; Obtain the second current system timestamp, and process the second current system timestamp using the third algorithm to generate the random number of the slave node to be joined to the network; The fourth algorithm is used to perform logical operations on the random number of the slave node to be connected to the network and the key of the slave node to be connected to the network to generate an authentication message for the slave node to be connected to the network. The authentication message of the slave node to be connected to the network is encrypted to generate an authentication code for the slave node to be connected to the network; the encryption process is based on the fifth algorithm and implemented using the key of the slave node to be connected to the network. The sixth algorithm is used to process the key file to generate the authentication code key for the slave node to join the network; The authentication code of the slave node to be connected to the network is encrypted to generate ciphertext of the authentication code; the encryption process is based on the seventh algorithm and implemented using the authentication code key of the slave node to be connected to the network. The random number of the slave node to be connected to the network and the encrypted authentication code of the slave node to be connected to the network are encapsulated to generate a second authentication header structure, which serves as the second authentication information.
6. The access authentication method according to claim 5, characterized in that, The authentication of the second authentication information is successful, including: The network access request message is parsed to obtain the random number of the slave node to be accessed and the encrypted authentication code of the slave node to be accessed. The seventh algorithm is used to decrypt the ciphertext of the authentication code of the slave node to be joined to generate the authentication code request of the slave node to be joined to the network. The fourth algorithm is used to perform logical operations on the random number of the slave node to be connected to the network and the key of the slave node to be connected to the network to generate an authentication message for the slave node to be connected to the network. The fifth algorithm is used, and based on the key of the slave node to be connected to the network, the authentication message of the slave node to be connected to the network is encrypted to generate the authentication code of the slave node to be connected to the network. If the authentication code requested by the node to be connected to the network is the same as the authentication code of the slave node to be connected to the network, and the authentication is successful, the access response message is sent to the slave node to be connected to the network.
7. The access authentication method according to claim 6, characterized in that, Also includes: If the authentication code requested by the node to be connected to the network is different from the authentication code of the slave node to be connected to the network, the authentication fails and the access response message is not sent.
8. The access authentication method according to claim 6, characterized in that, Meet one or more of the following conditions: The key file is generated by a key file generator and injected into the UAV at least before the network master node sends the broadcast frame; wherein each UAV corresponds to a node in the UAV swarm ad hoc network; Each generated key file is unique and non-repeating, and the key files of all drones in the same drone swarm self-organizing network are the same; The first algorithm is SHA-256, and the master node key is obtained by hashing the key file using SHA-256. The second algorithm is SHA-160, and the key of the slave node to be added to the network is obtained by hashing the second current system timestamp using SHA-160. The third algorithm is SHA-160, and the master node random number is obtained by performing a hash operation on the first current system timestamp using SHA-160. The logical operation is an XOR operation; The fifth algorithm is HMAC-SHA512; The sixth algorithm is SHA512, and the authentication code key is obtained by hashing the key file using SHA512. The seventh algorithm is AES.
9. An access authentication method for an unmanned swarm self-organizing network, characterized in that, Applied to slave nodes awaiting network access, the access authentication method includes: Receive a broadcast frame from an on-network master node, the broadcast frame carrying first authentication information; Sending a network access request message to the master node in the network, the network access request message is a response message generated by the slave node to be connected to the network after receiving the broadcast frame and successfully authenticating the first authentication information in the broadcast frame, the network access request message carries the second authentication information; The system receives an access response message from the on-network master node. The access response message is a response message generated by the on-network master node after it receives the network access request message and successfully authenticates the second authentication information in the network access request message.
10. The access authentication method according to claim 9, characterized in that, If the slave node to be joined fails to authenticate the first authentication information or if the master node in the network fails to authenticate the second authentication information, the current network access request is terminated.
11. An access authentication device for an unmanned swarm self-organizing network, characterized in that, The authentication devices, located on the network master node, include: The first sending module is configured to send a broadcast frame, the broadcast frame carrying first authentication information; The first receiving module is configured to receive a network access request message from a slave node to be connected to the network. The network access request message is a response message generated by the slave node after receiving the broadcast frame and successfully authenticating the first authentication information in the broadcast frame. The network access request message carries second authentication information. The second sending module is configured to send an access response message to the slave node to be joined in response to successful authentication of the second authentication information.
12. An access authentication device for an unmanned swarm self-organizing network, characterized in that, The access authentication device, set on the slave node to be connected to the network, includes: The second receiving module is configured to receive broadcast frames from the network master node, the broadcast frames carrying first authentication information; The third sending module is configured to send a network access request message to the network master node. The network access request message is a response message generated by the slave node to be connected to the network after receiving the broadcast frame and successfully authenticating the first authentication information in the broadcast frame. The network access request message carries second authentication information. The third receiving module is configured to receive an access response message from the on-network master node. The access response message is a response message generated by the on-network master node after it receives the network access request message and successfully authenticates the second authentication information in the network access request message.
13. A terminal comprising a memory and a processor, wherein the memory stores a computer program executable on the processor, characterized in that, When the processor runs the computer program, it executes the access authentication method for an unmanned swarm ad hoc network as described in any one of claims 1 to 8, or the access authentication method for an unmanned swarm ad hoc network as described in claim 9 or 10.
14. A computer-readable storage medium having a computer program stored thereon, characterized in that, When the computer program is executed by the processor, it implements the steps of the access authentication method for an unmanned swarm ad hoc network as described in any one of claims 1 to 8, or implements the steps of the access authentication method for an unmanned swarm ad hoc network as described in claim 9 or 10. And / or, a computer program product comprising a computer program / instructions, characterized in that, when executed by a processor, the computer program / instructions implement the steps of the access authentication method for an unmanned cellular ad hoc network as described in any one of claims 1 to 8, or implement the steps of the access authentication method for an unmanned cellular ad hoc network as described in claim 9 or 10.