A secure transmission multi-sensor data acquisition method and system
By using secure binding based on environmental context features and iterative calculation of one-way hash chains, combined with hidden sequence number design and pseudo-random delay mechanism, the transmission security and efficiency issues in multi-sensor data acquisition are solved, achieving full-path security protection and rapid packet loss recovery from sensor nodes to the cloud platform.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- CHENGDU SHENSHI TECHNOLOGY CO LTD
- Filing Date
- 2026-05-09
- Publication Date
- 2026-07-14
AI Technical Summary
In the process of multi-sensor data acquisition, there are problems such as transmission links being vulnerable to malicious attacks, keys being easily cracked, data loss due to synchronization issues, and difficulty in balancing transmission efficiency and security. Furthermore, the binding between sensor nodes and aggregation gateways lacks dynamic security mechanisms, making it difficult to adapt to complex environments.
An initial shared key is generated by secure binding based on environmental context features. The communication key is calculated iteratively using a one-way hash chain. Combined with a hidden sequence number design and a pseudo-random delay mechanism, dynamic secure association and anonymous transmission are achieved. Data continuity is ensured through a preset synchronization window and a resynchronization mechanism.
It improves the security, reliability and robustness of multi-sensor data acquisition, balances transmission efficiency and security strength, and achieves full-path security protection from sensor nodes to the cloud platform, effectively resisting attacks and quickly recovering from packet loss.
Smart Images

Figure CN122394788A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of sensor data acquisition technology, and in particular to a secure multi-sensor data acquisition method and system. Background Technology
[0002] With the rapid development of IoT technology, multi-sensor fusion acquisition technology has become a core support for achieving accurate environmental perception and equipment status monitoring, and has been widely used in many fields such as industrial manufacturing, smart terminals, and environmental monitoring. Multi-sensor systems typically contain multiple distributed sensor nodes, which aggregate data through a gateway and then upload it to a cloud platform for centralized data management and analysis.
[0003] Currently, multi-sensor data acquisition and transmission faces numerous security and reliability challenges. On the one hand, sensor nodes mostly use wireless communication, making the transmission links vulnerable to malicious attacks such as eavesdropping, tampering, and forgery, leading to sensor data leakage and alteration, affecting the accuracy and security of data use. On the other hand, traditional data transmission often uses fixed-key encryption, which is easily cracked and lacks effective authentication and sequence synchronization mechanisms, making it prone to data loss and inability to quickly recover from packet loss, thus affecting the continuity and reliability of data transmission.
[0004] Meanwhile, existing multi-sensor data acquisition solutions often struggle to balance transmission efficiency and security. They either excessively prioritize security, leading to increased transmission latency and excessive resource consumption, or prioritize efficiency at the expense of reduced security levels. This fails to meet the dual demands of real-time data acquisition, security, and robustness in complex scenarios. Furthermore, the binding process between sensor nodes and the aggregation gateway largely relies on preset keys, lacking a dynamic security binding mechanism based on environmental characteristics. This further reduces the system's resistance to attacks and makes it difficult to adapt to complex and ever-changing application environments. Summary of the Invention
[0005] To address the aforementioned technical problems, this invention provides a secure multi-sensor data acquisition method and system. The following technical solution is adopted: A secure multi-sensor data acquisition method includes the following steps: Step 1: During the registration phase, each sensor node and the aggregation gateway securely bind to each other based on shared environmental context features, generate an initial shared key for the sensor node, and synchronously initialize the packet sequence counter. The aggregation gateway creates a security status record for each sensor node, which includes the initial shared key and the current expected sequence value. Step 2: When the sensor node needs to transmit collected data, the collected data is divided into at least one data block. For each data block, the following steps are performed: incrementing the packet sequence counter to obtain the current sequence value; iteratively calculating the current communication key through a one-way hash chain starting from the initial shared key; and deriving the data encryption key and integrity verification key based on the communication key; encrypting the plaintext data containing the sensor identifier and data block index using the data encryption key to obtain ciphertext; generating an integrity verification code using the integrity verification key; and generating a hidden sequence number that does not display the sequence value and sensor identifier information using the current communication key and the ciphertext according to a preset algorithm; and combining the hidden sequence number, ciphertext, and integrity verification code into a ciphertext data packet. Step 3: The sensor node generates a pseudo-random delay based on the current communication key and sends the encrypted data packet within a randomized transmission time slot window with upper and lower bounds. Step 4: After receiving the encrypted data packet, the aggregation gateway extracts the hidden sequence number from it; for the expected sequence value and the sequence value within the preset synchronization window of each registered sensor node, it calculates the candidate communication key using the corresponding initial shared key, and generates the expected hidden sequence number according to the preset algorithm and compares it with the received hidden sequence number; if they match and the integrity verification passes, the encrypted data is decrypted using the data encryption key corresponding to the candidate communication key, the data block is restored, and the expected sequence value of the corresponding sensor node is updated; Step 5: The aggregation gateway reassembles the data based on the recovered sensor identifiers and data block indexes, generates sensor data messages, and uploads them to the cloud platform through a secure channel.
[0006] Optionally, the environmental context features in step 1 include the received signal strength indication change sequence or environmental noise envelope features of the wireless channel between the sensor node and the aggregation gateway; the secure binding process includes quantizing, harmonizing and amplifying the environmental context features, and finally generating the initial shared key.
[0007] Optionally, the calculation formula for the one-way hash chain iteration in step 2 is: , For the initial shared key, The current communication key corresponding to the current sequence value seq. The previous sequence value of the current sequence value seq The corresponding communication key, Hash is the cryptographic hash function; The Hidden Serial Number (HSN) is generated using the following formula: Where C is the ciphertext obtained after encrypting the plaintext data using the data encryption key in step 2. As a preset constant separator, Here is the truncation function, and L is the preset length. Based on the current communication key The hash message authentication code algorithm.
[0008] Optionally, the plaintext data in step 2 is specifically... ,in The data consists of raw sensor data collected by the sensor. Encryption and integrity verification use the AES-GCM authentication encryption algorithm. The ciphertext C and the integrity verification code T are generated synchronously by the same authentication encryption process, where the integrity verification code T is the authentication tag generated by the authentication encryption algorithm.
[0009] Optionally, the pseudo-random delay in step 3 The formula for determining it is: ; in Based on the current communication key The pseudo-random function, with the current communication key As a key, in constant string As input, output a fixed-length pseudo-random bit string; The upper bound of the randomized transmission time slot window, To provide a lower bound for the randomized transmission time slot window, Pair the pseudo-random bit strings Take the mold.
[0010] Optionally, the preset synchronization window size in step 4 is W; during matching, the aggregation gateway uses the expected sequence values sequentially. to All sequence values within the range are used as candidate sequence values. The corresponding candidate communication keys are calculated and matched with the received covert sequence number. Once a match is successful and the integrity verification is passed, the expected sequence value of the sensor node is updated to the successfully matched sequence value plus 1, thus achieving forward security and out-of-step recovery.
[0011] Optionally, in step 4, when a match cannot be successfully achieved within the preset synchronization window, the aggregation gateway uses the old communication key used by the sensor node during its last successful communication to encrypt and send a resynchronization request. After verifying the resynchronization request, the sensor node adjusts its own packet sequence counter to match the expected sequence value and retransmits the missing data blocks to achieve robust synchronization against packet loss.
[0012] Optionally, the reorganization and fusion in step 5 includes the following steps: First, the aggregation gateway restores all data blocks of the same sensor node into a complete single-node sensing message according to the index order based on the decrypted sensor identifier and data block index; then, based on the decrypted acquisition timestamp, it aligns and fuses the single-node sensing messages of different sensor nodes within the same time period to generate a multi-dimensional synchronous sensing data frame; the aggregation gateway signs the multi-dimensional synchronous sensing data frame using its own private key, and then uploads the signed data frame to the cloud platform through a TLS encrypted connection.
[0013] Optionally, when dividing data into blocks, the sensor node adaptively adjusts the data block length according to the rate of change of the sensing data. The data block length decreases as the rate of change of the sensing data increases and increases as the rate of change decreases, in order to balance data transmission efficiency and transmission security.
[0014] A secure multi-sensor data acquisition system is provided to implement a secure multi-sensor data acquisition method. The system includes multiple sensor nodes, a convergence gateway, and a cloud platform. Each sensor node includes a secure binding unit, a key chain and covert sequence number generation unit, a data encryption and segmentation unit, a random time slot scheduling unit, and a wireless transceiver unit. The secure binding unit performs a secure binding with the convergence gateway during the registration phase, generates an initial shared key, and initializes a packet sequence counter. The data encryption and segmentation unit divides the acquired data into data blocks, constructs plaintext data, and performs encryption operations. The key chain and covert sequence number generation unit is used to generate the current communication key, derive the encryption and verification key, and generate a covert sequence number through a one-way hash chain; the random time slot scheduling unit is used to generate a pseudo-random delay based on the current communication key and determine the data packet transmission time slot; the wireless transceiver unit is used to send encrypted data packets and receive resynchronization requests. The aggregation gateway includes a security binding and status management unit, a multi-node covert sequence number matching and decryption unit, a data reconstruction and uploading unit, and a communication unit. The security binding and status management unit is used to perform security binding with each sensor node and maintain the security status record of each sensor node. The multi-node covert sequence number matching and decryption unit is used to parse encrypted data packets, traverse the candidate sequence values of each sensor node for covert sequence number matching, perform integrity verification and decryption, update the expected sequence values of the sensor nodes, and send resynchronization requests. The data reconstruction and uploading unit is used to reconstruct single-node data, fuse multi-node data to generate multi-dimensional synchronous sensing data frames, sign the data frames, and upload them to the cloud platform through a secure channel. The communication unit is used to interact with sensor nodes and the cloud platform.
[0015] In summary, the present invention has at least one of the following beneficial technical effects: This invention provides a secure multi-sensor data acquisition method and system, effectively improving the security, reliability, and robustness of multi-sensor data acquisition and transmission, while balancing data transmission efficiency and security strength. Through secure binding based on environmental context features, dynamic secure association between sensor nodes and the aggregation gateway is achieved, enhancing the system's resistance to attacks. By utilizing a one-way hash chain to generate dynamic communication keys, combined with a hidden sequence number design, the leakage of sequence information and node identifiers is avoided, strengthening data encryption and authentication effects.
[0016] The random time-slot scheduling mechanism reduces the targeting of malicious attacks and improves the security of the transmission link; the preset synchronization window and resynchronization mechanism enable rapid recovery after data loss or packet loss, ensuring the continuity of data transmission. The adaptive data block partitioning design dynamically adjusts the block length according to the rate of change of sensor data, balancing transmission efficiency and security strength. The entire solution provides end-to-end security protection for data acquisition, encryption, transmission, decryption, and reassembly, ensuring the confidentiality, integrity, and availability of sensor data, while reducing system resource consumption and improving the overall operational reliability of the multi-sensor system. Attached Figure Description
[0017] Figure 1 This is a flowchart illustrating a secure multi-sensor data acquisition method according to the present invention. Figure 2 This is a schematic diagram of the architecture of a secure multi-sensor data acquisition system according to the present invention. Detailed Implementation
[0018] The present invention will be further described in detail below with reference to the accompanying drawings.
[0019] This invention discloses a secure multi-sensor data acquisition method and system.
[0020] Reference Figure 1 and Figure 2 Example 1: A method for securely transmitting multi-sensor data acquisition includes the following steps: Step 1: During the registration phase, each sensor node and the aggregation gateway securely bind to each other based on shared environmental context features, generate an initial shared key for the sensor node, and synchronously initialize the packet sequence counter. The aggregation gateway creates a security status record for each sensor node, which includes the initial shared key and the current expected sequence value. Step 2: When the sensor node needs to transmit collected data, the collected data is divided into at least one data block. For each data block, the following steps are performed: incrementing the packet sequence counter to obtain the current sequence value; iteratively calculating the current communication key through a one-way hash chain starting from the initial shared key; and deriving the data encryption key and integrity verification key based on the communication key; encrypting the plaintext data containing the sensor identifier and data block index using the data encryption key to obtain ciphertext; generating an integrity verification code using the integrity verification key; and generating a hidden sequence number that does not display the sequence value and sensor identifier information using the current communication key and the ciphertext according to a preset algorithm; and combining the hidden sequence number, ciphertext, and integrity verification code into a ciphertext data packet. Step 3: The sensor node generates a pseudo-random delay based on the current communication key and sends the encrypted data packet within a randomized transmission time slot window with upper and lower bounds. Step 4: After receiving the encrypted data packet, the aggregation gateway extracts the hidden sequence number from it; for the expected sequence value and the sequence value within the preset synchronization window of each registered sensor node, it calculates the candidate communication key using the corresponding initial shared key, and generates the expected hidden sequence number according to the preset algorithm and compares it with the received hidden sequence number; if they match and the integrity verification passes, the encrypted data is decrypted using the data encryption key corresponding to the candidate communication key, the data block is restored, and the expected sequence value of the corresponding sensor node is updated; Step 5: The aggregation gateway reassembles the data based on the recovered sensor identifiers and data block indexes, generates sensor data messages, and uploads them to the cloud platform through a secure channel.
[0021] By adopting the above technical solution, the aggregation gateway and sensor nodes generate initial keys and synchronize counters based on random characteristics shared by the physical environment, avoiding the transmission risks of pre-set keys. Each time a sensor node sends data, it derives the current communication key from the previous key using a one-way hash chain, ensuring that each encryption uses a different key and that the previous key cannot be calculated in reverse. After encrypting plaintext containing identity markers using this communication key, a hidden sequence number is generated using the ciphertext and the communication key. This ensures that the final transmitted data packet contains only the hidden sequence number, ciphertext, and integrity checksum, preventing external observers from obtaining sensor identity or data sequence information from the packet structure. Simultaneously, the transmission time slot is determined by a random delay derived from the communication key, eliminating fixed-period transmission patterns. When the aggregation gateway receives data, it uses the locally stored initial key and expected sequence value window for each sensor to calculate candidate communication keys and recalculate the hidden sequence number for comparison. Only after successful verification can the data be decrypted and its source determined, thus achieving anonymous transmission and secure aggregation of sensor data over untrusted channels.
[0022] In Example 2, the environmental context features in step 1 include the received signal strength indication change sequence or environmental noise envelope features of the wireless channel between the sensor node and the aggregation gateway; the secure binding process includes quantizing, harmonizing and amplifying the environmental context features, and finally generating the initial shared key.
[0023] By employing the above technical solution, environmental context features leverage the physical randomness and reciprocity of the wireless channel or ambient sound field between the sensor node and the aggregation gateway. Since the received signal strength indication or noise envelope of the wireless signal exhibits a certain symmetry at the same spatial location, and is difficult to measure precisely from the outside, both parties simultaneously collect these features and quantize them to obtain similar bit sequences. A minor inconsistency in the sequences is corrected through an information reconciliation step, followed by privacy amplification and compression to remove potentially leaked information, ultimately extracting a high-entropy and completely consistent initial shared key. This key is generated only internally between the two parties and does not undergo over-the-air transmission, fundamentally eliminating the possibility of key interception and providing a secure foundation of trust for subsequent identity concealment and communication encryption.
[0024] Example 3, the calculation formula for the one-way hash chain iteration in step 2 is: , For the initial shared key, The current communication key corresponding to the current sequence value seq. The previous sequence value of the current sequence value seq The corresponding communication key, Hash is the cryptographic hash function; The Hidden Serial Number (HSN) is generated using the following formula: Where C is the ciphertext obtained after encrypting the plaintext data using the data encryption key in step 2. As a preset constant separator, Here is the truncation function, and L is the preset length. Based on the current communication key The hash message authentication code algorithm.
[0025] By employing the above technical solution, the one-way hash chain ensures that the communication key changes unidirectionally with the increasing sequence value of each data packet. The initial shared key serves as the starting point of the chain. Each time a new key is generated, a cryptographic hash function is applied to the previous key. The one-way nature of the hash ensures that even if the current key is exposed, previous keys cannot be deduced, achieving forward security. The generation of the covert sequence number depends on the ciphertext and the current communication key. It is calculated using the hash message authentication code and then truncated to obtain a fixed-length value, making the covert sequence number a deterministic function of the ciphertext and the key. Since the sequence value is not explicitly shown in the calculation formula, and different data packets from the same sensor exhibit irregular changes in the covert sequence number due to different ciphertexts, the cryptographic connectivity between data packets is severed. Attackers cannot trace or correlate data packets based on the covert sequence number, achieving anonymity in transmission.
[0026] Example 4, the plaintext data in step 2 is specifically as follows: ,in The data consists of raw sensor data collected by the sensor. Encryption and integrity verification use the AES-GCM authentication encryption algorithm. The ciphertext C and the integrity verification code T are generated synchronously by the same authentication encryption process, where the integrity verification code T is the authentication tag generated by the authentication encryption algorithm.
[0027] By employing the above technical solution, the plaintext data contains the sensor's unique identifier, data block index, and acquisition timestamp. This information is essential for the receiving end to reconstruct multidimensional data, but its exposure would reveal the sensor's behavioral patterns. The AES-GCM authentication encryption algorithm is used to simultaneously encrypt the plaintext and generate an integrity check code. During encryption, an authentication tag is generated and bound to the ciphertext. This authentication tag, acting as an integrity check code, not only detects whether the data has been tampered with during transmission but also resists chosen-ciphertext attacks. Since encryption and authentication are both performed using encryption and integrity keys derived from the same communication key, confidentiality is ensured while avoiding additional key negotiation overhead. This makes each data packet cryptographically self-contained, allowing for verification of integrity and origin without relying on external context.
[0028] Example 5, pseudo-random delay in step 3 The formula for determining it is: ; in Based on the current communication key The pseudo-random function, with the current communication key As a key, in constant string As input, output a fixed-length pseudo-random bit string; The upper bound of the randomized transmission time slot window, To provide a lower bound for the randomized transmission time slot window, Pair the pseudo-random bit strings Take the mold.
[0029] By employing the above technical solution, a pseudo-random function based on the current communication key, using a constant delay tag as input, generates a numerical result that is unpredictable but deterministic for a fixed key and tag. This result is modulo the time slot window length and a lower bound is added to obtain a random delay value falling within a preset interval. Since the communication keys used by different data packets increment in a hash chain, even if continuously transmitted unchanged sensor data, the encrypted ciphertext will be different, leading to completely different outputs of the pseudo-random function and independent delay values. During transmission, the sensor node strictly waits for this delay before sending the data packet, resulting in a random distribution of traffic on the wireless channel in the time dimension, without any periodic characteristics, thus compromising the attacker's ability to infer the sensor sampling frequency or event-driven behavior using time intervals.
[0030] In Example 6, the preset synchronization window size in step 4 is W; during matching, the aggregation gateway uses the expected sequence values sequentially. to All sequence values within the range are used as candidate sequence values. The corresponding candidate communication keys are calculated and matched with the received covert sequence number. Once a match is successful and the integrity verification is passed, the expected sequence value of the sensor node is updated to the successfully matched sequence value plus 1, thus achieving forward security and out-of-step recovery.
[0031] By employing the above technical solution, the aggregation gateway maintains an expected sequence value for each sensor node, recording the next expected correct sequence value received. Introducing a synchronization window allows the gateway to perform tentative matching within a range from the expected sequence value to the expected sequence value plus the window width, addressing the possibility of minor packet loss or out-of-order delivery during wireless transmission. During the matching process, the gateway iteratively hashes candidate communication keys based on the candidate sequence values, starting from the initial shared key. Then, it regenerates the expected hidden sequence number using the received ciphertext and compares it with the received value. If they are equal and the integrity check passes, the packet ownership is determined and decrypted. After a successful match, the gateway updates the node's expected sequence value to the matched sequence value plus one, skipping lost sequences and maintaining the continuity of subsequent communication. This mechanism ensures both tolerance for reasonable packet loss and unwavering security.
[0032] In Example 7, when a match cannot be successfully achieved within the preset synchronization window in step 4, the aggregation gateway uses the old communication key used by the sensor node during its last successful communication to encrypt and send a resynchronization request. After verifying the resynchronization request, the sensor node adjusts its own packet sequence counter to match the expected sequence value and retransmits the missing data blocks to achieve robust synchronization against packet loss.
[0033] By employing the above technical solution, when continuous packet loss or attacks cause sequence values to become out of sync and exceed the window range, the aggregation gateway cannot locate the correct key through conventional traversal matching. In this case, the gateway reverts to the old communication key that was successfully authenticated on the sensor node last time, and uses this old key to encrypt a resynchronization request containing the current receiver's desired sequence value before sending it to the sensor node. Since the sensor node retains the old key or can decrypt it by forward computation using a hash chain, it verifies the request's legitimacy, adjusts its own packet sequence counter to the gateway's desired value, and immediately retransmits the undelivered data blocks based on the new counter and the current communication key. This resynchronization process relies on an old key that attackers cannot obtain, thus ensuring security and reliability. It effectively solves the synchronization loss problem caused by communication link interruptions or malicious interference, achieving robust synchronization against packet loss.
[0034] Example 8, step 5 of the reassembly and fusion includes the following steps: First, the aggregation gateway restores all data blocks of the same sensor node into a complete single-node sensing message according to the index order based on the decrypted sensor identifier and data block index; then, based on the decrypted acquisition timestamp, it aligns and merges the single-node sensing messages of different sensor nodes within the same time period to generate a multi-dimensional synchronous sensing data frame; the aggregation gateway signs the multi-dimensional synchronous sensing data frame using its own private key, and then uploads the signed data frame to the cloud platform through a TLS encrypted connection.
[0035] By adopting the above technical solution, after the aggregation gateway decrypts the original plaintext, it uses the sensor identifier to assign data blocks to specific sensors, and then reorders them according to the data block index to assemble a complete sensor message stream, solving the problem of out-of-order arrival of data blocks that may be caused by random time slots and wireless transmission. Subsequently, by using the collection timestamp carried in each sensor message after decryption, messages from different sensors with the same timestamp or within the same time period are aligned to generate a time-synchronized two-dimensional or multi-dimensional sensor data frame. This fusion method ensures the multi-source spatiotemporal correlation required for subsequent analysis. Finally, the gateway uses its own private key to digitally sign the fused frame, which can prevent data from being tampered with during subsequent storage or transmission and identify the data source; uploading via TLS connection ensures that the data on the channel from the aggregation gateway to the cloud platform is not eavesdropped on or tampered with, forming end-to-end security protection from low-power sensors to the cloud.
[0036] In Example 9, when dividing data into blocks, the sensor node adaptively adjusts the data block length according to the rate of change of the sensing data. The data block length decreases as the rate of change of the sensing data increases and increases as the rate of change decreases, so as to balance data transmission efficiency and transmission security.
[0037] By employing the above technical solution, the rate of change of sensor data reflects the severity of fluctuations in physical quantities. A large rate of change indicates a rapid dynamic event occurring on the monitored object. In this case, if a large amount of data is encapsulated in long data blocks, significant loss of continuous information would occur if packet loss or retransmission is required. Furthermore, long-block encryption provides more material for analysis of known plaintext. Therefore, using smaller data blocks can shorten the length of encrypted segments, reduce the risk of information loss, and limit the exposure of known plaintext. When the rate of change is small, the data is stable, allowing for larger blocks to be packaged and sent, reducing the encryption and transmission header overhead of each block and improving bandwidth utilization and energy efficiency. Sensor nodes adaptively adjust the block length, achieving dynamic optimization of transmission efficiency while ensuring security and maximizing data integrity.
[0038] Example 10: A secure multi-sensor data acquisition system for implementing a secure multi-sensor data acquisition method. The system includes multiple sensor nodes, a convergence gateway, and a cloud platform. Each sensor node includes a secure binding unit, a key chain and covert sequence number generation unit, a data encryption and segmentation unit, a random time slot scheduling unit, and a wireless transceiver unit. The secure binding unit performs a secure binding with the convergence gateway during the registration phase, generates an initial shared key, and initializes a packet sequence counter. The data encryption and segmentation unit divides the acquired data into data blocks, constructs plaintext data, and performs encryption operations. The key chain and covert sequence number generation unit is used to generate the current communication key, derive the encryption and verification key, and generate a covert sequence number through a one-way hash chain; the random time slot scheduling unit is used to generate a pseudo-random delay based on the current communication key and determine the data packet transmission time slot; the wireless transceiver unit is used to send encrypted data packets and receive resynchronization requests. The aggregation gateway includes a security binding and status management unit, a multi-node covert sequence number matching and decryption unit, a data reconstruction and uploading unit, and a communication unit. The security binding and status management unit is used to perform security binding with each sensor node and maintain the security status record of each sensor node. The multi-node covert sequence number matching and decryption unit is used to parse encrypted data packets, traverse the candidate sequence values of each sensor node for covert sequence number matching, perform integrity verification and decryption, update the expected sequence values of the sensor nodes, and send resynchronization requests. The data reconstruction and uploading unit is used to reconstruct single-node data, fuse multi-node data to generate multi-dimensional synchronous sensing data frames, sign the data frames, and upload them to the cloud platform through a secure channel. The communication unit is used to interact with sensor nodes and the cloud platform.
[0039] By adopting the above technical solutions, the secure binding unit enables sensor nodes and the aggregation gateway to jointly generate an initial shared key and initialize a counter based on the wireless channel or environmental physical characteristics during registration, establishing a foundation of trust for the system. The key chain and covert sequence number generation unit generates a new communication key using one-way hash iteration each time it transmits, derives encryption and verification keys, and combines them with ciphertext to generate a covert sequence number without identity information, which is then packaged into a ciphertext data packet. The random time slot scheduling unit calculates pseudo-random delay based on the communication key and controls the wireless transceiver unit to send packets at random times, eliminating time fingerprints. On the aggregation gateway side, the secure binding and state management unit maintains the current security state of all nodes. After receiving a packet, the multi-node covert sequence number matching and decryption unit uses the initial key of each node and the current state window to generate covert sequence numbers for candidate sequences for blind matching. Once a match is successful, the data is decrypted and the state is updated; otherwise, resynchronization is initiated. The data reassembly and upload unit reassembles the decrypted data blocks according to identifiers and indices, merges them according to timestamps, digitally signs them, and then uploads them to the cloud via a secure connection through the communication unit. The cooperation of each unit achieves a secure closed loop throughout the entire process, from physical key generation, anonymous encrypted transmission, and analysis-resistant sending to the cloud for reliable uploading.
[0040] The following specific embodiments illustrate the implementation principle of the present invention: Applied to equipment status monitoring scenarios in industrial workshops, this system deploys multiple types of sensor nodes to securely collect and upload key parameters such as temperature, vibration, and current within the workshop. Through the aforementioned multi-sensor data acquisition method and system, it addresses security risks such as untrusted wireless channels in workshops, easily traceable sensor identities, and easily tampered data transmission. Simultaneously, it ensures data transmission efficiency and robustness against packet loss, achieving end-to-end security protection from sensor nodes to the cloud platform.
[0041] The secure transmission multi-sensor data acquisition system deployed this time includes 15 sensor nodes, 1 aggregation gateway, and 1 cloud platform monitoring center. The sensor nodes are deployed according to monitoring type: 5 temperature sensor nodes are deployed near high-temperature equipment in the workshop, 5 vibration sensor nodes are installed at motor bearings, and 5 current sensor nodes are connected to the equipment's power distribution box. The aggregation gateway is deployed in the center of the workshop to ensure wireless communication coverage with all sensor nodes. The cloud platform monitoring center is deployed in the workshop's central control room for data storage, analysis, and equipment status early warning.
[0042] The specific implementation process strictly follows the above technical solution, and the operation of each step is as follows: First, the registration and secure binding process between the sensor nodes and the aggregation gateway is executed. During the registration phase, each sensor node and the aggregation gateway simultaneously collect the received signal strength indication change sequence of the wireless channel between them as environmental context features. This sequence is quantized, converting continuous signal strength values into discrete bit sequences. Then, a reconciliation step is used to correct minor inconsistencies in the bit sequences between the two parties. Subsequently, a privacy amplification algorithm is used to compress potentially leaked information, ultimately generating an initial shared key for each sensor node. Simultaneously, both parties synchronously initialize packet sequence counters, setting the initial value to 0. The aggregation gateway creates a unique security status record for each sensor node, containing the node's initial shared key, the current expected sequence value (initially 0), and the monitoring type information corresponding to the node's deployment location.
[0043] When the sensor node is working normally, it continuously collects the corresponding monitoring parameters. When it is necessary to transmit the collected data, the collected data is first divided into several data blocks. During the block division process, the data block length is adaptively adjusted according to the rate of change of the sensor data: the temperature sensor data has a small rate of change, so the data block length is set to 1024 bytes; the vibration sensor data has a large rate of change due to equipment operation fluctuations, so the data block length is set to 256 bytes; the current sensor data has a medium rate of change, so the data block length is set to 512 bytes, thus balancing transmission efficiency and safety.
[0044] For each data block, the sensor node first increments the packet sequence counter to obtain the current sequence value, and then iteratively calculates the current communication key using a one-way hash chain. The iterative calculation formula is as follows: ,in For the initial shared key, the hash uses the SHA-256 cryptographic hash function. The current communication key corresponding to the current sequence value seq. The previous sequence value of the current sequence value seq The corresponding communication key. Based on the current communication key, the data encryption key and integrity verification key are further derived, and the encryption and integrity verification operations are performed using the AES-GCM authentication encryption algorithm.
[0045] The plaintext data is constructed as IDi||j||T||payload, where IDi is the unique identifier of the sensor node, j is the data block index, T is the data acquisition timestamp, and payload is the raw sensor data acquired by the sensor. The plaintext data is encrypted using the data encryption key to obtain ciphertext, and simultaneously, an integrity verification code is generated using the integrity verification key. This verification code is an authentication tag synchronously generated by the AES-GCM algorithm. Subsequently, a hidden sequence number is generated using the current communication key and the ciphertext according to a preset algorithm. The generation formula is as follows: In this structure, C represents the ciphertext, constant is a preset constant delimiter, Truncate is the truncation function, L is set to 16 bytes, and HMAC is a hash message authentication code algorithm based on the current communication key Kseq. The generated covert sequence number does not explicitly carry any sequence value or sensor identification information. Finally, the covert sequence number, ciphertext, and integrity check code are combined into a ciphertext data packet to complete the processing of a single data block.
[0046] The sensor node generates a pseudo-random delay based on the current communication key to determine the data packet transmission time slot. (Pseudo-random delay) The formula for determining is Where PRF is based on the current communication key. The pseudo-random function takes a constant string delay as input and outputs a pseudo-random bit string of fixed length. Set to 500ms Set to 100ms, this means the upper bound of the randomized transmission time slot window is 500ms and the lower bound is 100ms. The pseudo-random bit string is modulo 400ms to ensure that the generated pseudo-random delay falls within a preset range of 100ms to 500ms. After the calculated pseudo-random delay ends, the sensor node transmits encrypted data packets via a wireless transceiver unit within the randomized transmission time slot window, avoiding the risk of being tracked due to fixed-period transmission.
[0047] After receiving the encrypted data packet through the communication unit, the aggregation gateway first extracts the hidden sequence number and then initiates a multi-node hidden sequence number matching and decryption process. The preset synchronization window size W is set to 5. For each registered sensor node, the aggregation gateway uses the expected sequence value and all sequence values within the range of that sequence value plus 5 as candidate sequence values. Using the initial shared key of the corresponding sensor node, it iteratively calculates the candidate communication key through a one-way hash chain. Then, it calculates the expected hidden sequence number according to the hidden sequence number generation formula and compares it with the received hidden sequence number.
[0048] If a candidate hidden sequence number matches the received hidden sequence number, and the integrity verification passes (i.e., the authentication tag corresponding to the ciphertext is verified to be consistent through the integrity verification key), the ciphertext is decrypted using the data encryption key corresponding to the candidate communication key, recovering the plaintext containing the sensor identifier, data block index, timestamp, and original sensor data. Simultaneously, the expected sequence value of the sensor node is updated to the successfully matched sequence value plus 1, achieving forward security and synchronization recovery. If a match cannot be successfully achieved within the preset synchronization window, the aggregation gateway uses the old communication key used by the sensor node during its last successful communication to encrypt and send a resynchronization request. After receiving the resynchronization request through the wireless transceiver unit, the sensor node decrypts and verifies the legitimacy of the request using its retained old communication key. It then adjusts its packet sequence counter to match the expected sequence value of the aggregation gateway and retransmits the missing data blocks, achieving robust synchronization against packet loss.
[0049] After the aggregation gateway decrypts all encrypted data packets, it enters the data reassembly and uploading stage. The data reassembly and fusion process consists of two steps: First, based on the decrypted sensor identifier and data block index, the aggregation gateway restores all data blocks of the same sensor node into a complete single-node sensor message in index order; Second, based on the decrypted acquisition timestamp, it aligns and fuses the single-node sensor messages of different sensor nodes within the same time period to generate a multi-dimensional synchronous sensor data frame. For example, it fuses the temperature, vibration, and current data of a certain motor at the same time into a set of multi-dimensional monitoring data to ensure the spatiotemporal correlation of the data.
[0050] After integration, the aggregation gateway digitally signs the multi-dimensional synchronous sensor data frame using its private key. Then, via a TLS encrypted connection, the signed data frame is uploaded to the cloud platform monitoring center through the communication unit. Upon receiving the data, the cloud platform verifies the aggregation gateway's digital signature. After confirming that the data has not been tampered with and its source is legitimate, it stores the data and analyzes the device status. When monitored parameters exceed preset thresholds, it automatically issues an early warning signal, alerting staff to address the device anomaly promptly.
[0051] In this case study, the various units of the system work together to achieve end-to-end security protection: the security binding unit generates an initial shared key based on physical environment characteristics to eliminate the risk of key transmission; the key chain and covert sequence number generation unit enables dynamic updates and anonymous transmission of communication keys; the random time slot scheduling unit eliminates timing characteristics to prevent tracking; the matching and decryption unit of the aggregation gateway enables secure verification and anti-packet loss synchronization; and the data reconstruction and uploading unit ensures data integrity and secure cloud transmission.
[0052] In actual operation, the system effectively resisted attacks such as eavesdropping, tampering, and tracking in the wireless channel. The identity information of the sensor nodes and the data transmission patterns were not leaked, and the data transmission success rate reached 99.2%. In the event of packet loss, communication could be quickly restored through the resynchronization mechanism. At the same time, through adaptive block adjustment, the transmission efficiency was improved by 15% while ensuring security. It fully meets the security and efficiency requirements of equipment status monitoring in industrial workshops and realizes the safe, reliable, and efficient collection and uploading of multi-sensor data.
[0053] The above are all preferred embodiments of the present invention and are not intended to limit the scope of protection of the present invention. Therefore, all equivalent changes made in accordance with the structure, shape and principle of the present invention should be covered within the scope of protection of the present invention.
Claims
1. A method for securely transmitting multi-sensor data acquisition, characterized in that, Includes the following steps: Step 1: During the registration phase, each sensor node and the aggregation gateway securely bind to each other based on shared environmental context features, generate an initial shared key for the sensor node, and synchronously initialize the packet sequence counter. The aggregation gateway creates a security status record for each sensor node, which includes the initial shared key and the current expected sequence value. Step 2: When the sensor node needs to transmit collected data, the collected data is divided into at least one data block. For each data block, the following steps are performed: incrementing the packet sequence counter to obtain the current sequence value; iteratively calculating the current communication key through a one-way hash chain starting from the initial shared key; and deriving the data encryption key and integrity verification key based on the communication key; encrypting the plaintext data containing the sensor identifier and data block index using the data encryption key to obtain ciphertext; generating an integrity verification code using the integrity verification key; and generating a hidden sequence number that does not display the sequence value and sensor identifier information using the current communication key and the ciphertext according to a preset algorithm; and combining the hidden sequence number, ciphertext, and integrity verification code into a ciphertext data packet. Step 3: The sensor node generates a pseudo-random delay based on the current communication key and sends the encrypted data packet within a randomized transmission time slot window with upper and lower bounds. Step 4: After receiving the encrypted data packet, the aggregation gateway extracts the hidden sequence number from it; for the expected sequence value and the sequence value within the preset synchronization window of each registered sensor node, it calculates the candidate communication key using the corresponding initial shared key, and generates the expected hidden sequence number according to the preset algorithm and compares it with the received hidden sequence number. If the match is found and the integrity check passes, the ciphertext is decrypted using the data encryption key corresponding to the candidate communication key, the data block is recovered, and the expected sequence value of the corresponding sensor node is updated. Step 5: The aggregation gateway reassembles the data based on the recovered sensor identifiers and data block indexes, generates sensor data messages, and uploads them to the cloud platform through a secure channel.
2. The multi-sensor data acquisition method for secure transmission according to claim 1, characterized in that, The environmental context features in step 1 include the received signal strength indication change sequence or environmental noise envelope features of the wireless channel between the sensor node and the aggregation gateway; The secure binding process includes quantifying environmental context features, information reconciliation, and privacy amplification, ultimately generating the initial shared key.
3. The method for securely transmitting multi-sensor data acquisition according to claim 2, characterized in that, The calculation formula for the one-way hash chain iteration in step 2 is: , For the initial shared key, The current communication key corresponding to the current sequence value seq. The previous sequence value of the current sequence value seq The corresponding communication key, Hash is the cryptographic hash function; The Hidden Serial Number (HSN) is generated using the following formula: Where C is the ciphertext obtained after encrypting the plaintext data using the data encryption key in step 2. As a preset constant separator, Here is the truncation function, and L is the preset length. Based on the current communication key The hash message authentication code algorithm.
4. The multi-sensor data acquisition method for secure transmission according to claim 3, characterized in that, The plaintext data in step 2 is specifically as follows: ,in The data consists of raw sensor data collected by the sensor. Encryption and integrity verification use the AES-GCM authentication encryption algorithm. The ciphertext C and the integrity verification code T are generated synchronously by the same authentication encryption process, where the integrity verification code T is the authentication tag generated by the authentication encryption algorithm.
5. The multi-sensor data acquisition method for secure transmission according to claim 4, characterized in that, Pseudo-random delay in step 3 The formula for determining it is: ; in Based on the current communication key The pseudo-random function, with the current communication key As a key, in constant string As input, output a fixed-length pseudo-random bit string; The upper bound of the randomized transmission time slot window, To provide a lower bound for the randomized transmission time slot window, Pair the pseudo-random bit strings Take the mold.
6. The multi-sensor data acquisition method for secure transmission according to claim 5, characterized in that, In step 4, the preset synchronization window size is W; during matching, the aggregation gateway uses the expected sequence values sequentially. to All sequence values within the range are used as candidate sequence values. The corresponding candidate communication keys are calculated and matched with the received covert sequence number. Once a match is successful and the integrity verification is passed, the expected sequence value of the sensor node is updated to the successfully matched sequence value plus 1, thus achieving forward security and out-of-step recovery.
7. The multi-sensor data acquisition method for secure transmission according to claim 6, characterized in that, In step 4, when a match cannot be successfully achieved within the preset synchronization window, the aggregation gateway uses the old communication key used by the sensor node during its last successful communication to encrypt and send a resynchronization request. After verifying the resynchronization request, the sensor node adjusts its own packet sequence counter to match the expected sequence value and retransmits the missing data blocks to achieve robust synchronization against packet loss.
8. The method for secure transmission of multi-sensor data acquisition according to claim 7, characterized in that, Step 5, reorganization and fusion, includes the following steps: First, the aggregation gateway restores all data blocks of the same sensor node into a complete single-node sensing message according to the index order based on the decrypted sensor identifier and data block index; then, based on the decrypted acquisition timestamp, it aligns and fuses the single-node sensing messages of different sensor nodes within the same time period to generate a multi-dimensional synchronous sensing data frame; the aggregation gateway signs the multi-dimensional synchronous sensing data frame using its own private key, and then uploads the signed data frame to the cloud platform via a TLS encrypted connection.
9. A method for securely transmitting multi-sensor data acquisition according to claim 8, characterized in that, When dividing data into blocks, the sensor node adaptively adjusts the data block length according to the rate of change of the sensing data. The data block length decreases as the rate of change of the sensing data increases and increases as the rate of change decreases, in order to balance data transmission efficiency and transmission security.
10. A secure multi-sensor data acquisition system, characterized in that: To implement the secure transmission multi-sensor data acquisition method of claim 9, the system includes multiple sensor nodes, a convergence gateway, and a cloud platform, characterized in that... The sensor node includes a secure binding unit, a key chain and covert sequence number generation unit, a data encryption and segmentation unit, a random time slot scheduling unit, and a wireless transceiver unit. The secure binding unit is used to perform secure binding with the aggregation gateway during the registration phase, generate an initial shared key, and initialize the packet sequence counter. The data encryption and segmentation unit is used to divide the collected data into data blocks, construct plaintext data, and perform encryption operations. The key chain and covert sequence number generation unit is used to generate the current communication key, derive the encryption and verification key, and generate a covert sequence number through a one-way hash chain; the random time slot scheduling unit is used to generate a pseudo-random delay based on the current communication key and determine the data packet transmission time slot; the wireless transceiver unit is used to send encrypted data packets and receive resynchronization requests. The aggregation gateway includes a security binding and status management unit, a multi-node covert sequence number matching and decryption unit, a data reconstruction and uploading unit, and a communication unit. The security binding and status management unit is used to perform security binding with each sensor node and maintain the security status record of each sensor node. The multi-node covert sequence number matching and decryption unit is used to parse encrypted data packets, traverse the candidate sequence values of each sensor node for covert sequence number matching, perform integrity verification and decryption, update the expected sequence values of the sensor nodes, and send resynchronization requests. The data reconstruction and uploading unit is used to reconstruct single-node data, fuse multi-node data to generate multi-dimensional synchronous sensing data frames, sign the data frames, and upload them to the cloud platform through a secure channel. The communication unit is used to interact with sensor nodes and the cloud platform.