Search

CN-121486109-B - Unmanned aerial vehicle mutual authentication key negotiation method, device, equipment and medium

CN121486109BCN 121486109 BCN121486109 BCN 121486109BCN-121486109-B

Abstract

The invention discloses a key negotiation method, device, equipment and medium for unmanned aerial vehicle mutual authentication, which relate to the technical field of data security, wherein the key negotiation method for unmanned aerial vehicle mutual authentication generates a temporary token based on identity authentication of an unmanned aerial vehicle operator logging in a cloud; the method comprises the steps of verifying a connection request between a ground control station and an unmanned aerial vehicle through a temporary token, generating a temporary asymmetric key pair after the connection request passes verification, performing bidirectional authentication on the unmanned aerial vehicle and a cloud terminal through the temporary asymmetric key pair and a random verification code, encrypting public information of the unmanned aerial vehicle and the cloud terminal by adopting a key negotiation algorithm after the bidirectional authentication of the unmanned aerial vehicle and the cloud terminal passes, and generating a session key, wherein the session key is used for encrypting transmission data between the unmanned aerial vehicle and the cloud terminal.

Inventors

  • LANG SONG
  • QIU YILUN
  • WANG JIAN
  • LIU KUILIN

Assignees

  • 融鼎岳(北京)科技有限公司

Dates

Publication Date
20260505
Application Date
20260112

Claims (8)

  1. 1. The key negotiation method for the unmanned aerial vehicle mutual authentication is characterized by comprising the following steps of: Generating a temporary token based on identity authentication of an unmanned aerial vehicle operator logging in a cloud; Verifying a connection request between the ground control station and the unmanned aerial vehicle through the temporary token, and generating a temporary asymmetric key pair after the connection request passes the verification; Performing bidirectional authentication on the unmanned aerial vehicle and the cloud through the temporary asymmetric key pair and the random verification code; After the two-way authentication of the unmanned aerial vehicle and the cloud passes, encrypting public information of the unmanned aerial vehicle and the cloud by adopting a key negotiation algorithm to generate a session key, wherein the session key is used for encrypting transmission data between the unmanned aerial vehicle and the cloud; The encryption of the public information of the unmanned aerial vehicle and the cloud end by adopting a key negotiation algorithm to generate a session key comprises the following steps: Determining a shared secret point of the cloud end and the unmanned aerial vehicle through a temporary private key in the asymmetric key pair and a temporary public key obtained through exchange, wherein the shared secret point is a point of a preset elliptic curve in a national secret algorithm; Performing key calculation on the shared secret point through a key derivation function by combining public information of the unmanned aerial vehicle and the cloud to generate the session key; The step of performing key calculation on the shared secret point by combining public information of the unmanned aerial vehicle and the cloud through a key derivation function to generate the session key comprises the following steps: Combining the public information of the unmanned aerial vehicle and the cloud, adopting the following formula: ; performing a key calculation on the shared secret point, generating the session key, wherein, Representing the session key; representing an SM3 key derivation function; Representing the abscissa of the shared secret point on a preset elliptic curve; representing the ordinate of the shared secret point in a preset elliptic curve; representing public information of the unmanned aerial vehicle and the cloud; representing a preset length of the session key.
  2. 2. The method for key agreement for two-way authentication of a drone according to claim 1, wherein the two-way authentication of the drone and the cloud through the temporary asymmetric key pair and the random verification code includes: performing key exchange through the unmanned aerial vehicle and the cloud so that the unmanned aerial vehicle and the cloud respectively obtain temporary public keys in an asymmetric key pair of the other party, signing the random verification code by adopting a signature algorithm, and generating signature data for verifying identities of the unmanned aerial vehicle and the cloud; And performing signature data exchange and mutual signature data verification through the unmanned aerial vehicle and the cloud, and finishing bidirectional authentication between the unmanned aerial vehicle and the cloud.
  3. 3. The method for key agreement for two-way authentication of a drone according to claim 2, wherein the signing the random verification code by a signature algorithm generates signature data for verifying the identity of the drone and the cloud, comprising: carrying out hash operation on the random verification code by adopting a hash algorithm to generate a first hash value; determining a first random point of a preset elliptic curve according to a base point matrix, wherein the base point matrix and the preset elliptic curve are generated based on a national encryption algorithm; determining a first portion of the signature data based on the first hash value, the first random point, and the order of the base point matrix; And determining a second part of the signature data according to the preset random number, the temporary private key and the first part of the signature data, wherein the signature data consists of the first part and the second part of the signature data.
  4. 4. The method for key agreement for mutual authentication of unmanned aerial vehicle according to claim 2, wherein the steps of performing signature data exchange and mutual signature data verification by the unmanned aerial vehicle and cloud terminal, and completing mutual authentication between the unmanned aerial vehicle and cloud terminal include: carrying out hash operation on the random verification code by adopting a hash algorithm to generate a second hash value; Determining an intermediate number according to the signature data and the order of the base point matrix; Determining a second random point of a preset elliptic curve according to the signature data, the base point matrix, the intermediate number and the temporary public key obtained by exchange, wherein the base point matrix and the preset elliptic curve are generated based on a national cryptographic algorithm; Determining target verification data according to the second random point, the second hash value and the order of the base point matrix; And verifying the signature data based on the target verification data and the intermediate number to finish the bidirectional authentication between the unmanned aerial vehicle and the cloud.
  5. 5. The unmanned aerial vehicle mutual authentication key agreement method of claim 1, further comprising: acquiring identity identifiers of the unmanned aerial vehicle and the cloud; and splicing the identity identifiers of the unmanned aerial vehicle and the cloud end, and determining public information of the unmanned aerial vehicle and the cloud end.
  6. 6. A key agreement device for two-way authentication of an unmanned aerial vehicle, which is applied to the key agreement method for two-way authentication of an unmanned aerial vehicle according to any one of claims 1 to 5, and is characterized by comprising: The token generation unit is used for generating a temporary token based on identity authentication of the unmanned aerial vehicle operator logging in the cloud; The asymmetric key generation unit is used for verifying the connection request between the ground control station and the unmanned aerial vehicle through the temporary token, and generating a temporary asymmetric key pair after the connection request passes the verification; the bidirectional authentication unit is used for performing bidirectional authentication on the unmanned aerial vehicle and the cloud through the temporary asymmetric key pair and the random verification code; And the session key generation unit is used for encrypting the public information of the unmanned aerial vehicle and the cloud terminal by adopting a key negotiation algorithm after the two-way authentication of the unmanned aerial vehicle and the cloud terminal is passed, so as to generate a session key, wherein the session key is used for encrypting the transmission data between the unmanned aerial vehicle and the cloud terminal.
  7. 7. An electronic device, comprising: A processor; A memory for storing the processor-executable instructions; the processor is configured to execute the key agreement method for two-way authentication of the unmanned aerial vehicle according to any one of claims 1 to 5 by executing the instructions in the memory.
  8. 8. A computer storage medium having instructions stored therein which, when executed by a processor, implement the method of key agreement for two-way authentication of a drone of any one of claims 1 to 5.

Description

Unmanned aerial vehicle mutual authentication key negotiation method, device, equipment and medium Technical Field The present invention relates to the field of data security technologies, and in particular, to a method, an apparatus, a device, and a medium for key negotiation for two-way authentication of an unmanned aerial vehicle. Background Along with the rapid development of low-altitude economy, unmanned aerial vehicles are increasingly wide in application in various fields such as mapping exploration, logistics transportation, emergency rescue, urban management and the like, and communication safety guarantee of unmanned aerial vehicles becomes a core key of unmanned aerial vehicle safe and stable operation. The existing unmanned aerial vehicle authentication and key negotiation scheme is firstly one-way certificate authentication based on the traditional PKI system, and secondly symmetric authentication based on a pre-shared key (PSK). The method comprises the steps that a digital certificate is issued for each unmanned aerial vehicle and a ground station, when the unmanned aerial vehicle and the ground station are connected, the unmanned aerial vehicle presents the certificate to the ground station, the ground station verifies the validity of the certificate to confirm the identity of the unmanned aerial vehicle, and then, the two parties use public keys in the certificate to conduct key agreement, and an encryption channel is established. The latter pre-deploys the same symmetric key in the drone and the ground station, mutually verifies identities through a challenge-response mechanism during authentication, and derives a session key based on the key. However, most of traditional PKI schemes are one-way authentication, the identity of the unmanned aerial vehicle is only verified through a ground station, and the unmanned aerial vehicle cannot verify the legitimacy of the ground station or cloud service communicated with the unmanned aerial vehicle, so that the unmanned aerial vehicle is extremely vulnerable to man-in-the-middle or pseudo-base station attack, a control instruction is tampered, sensitive data is stolen, and the PSK-based scheme is two-way authentication, but belongs to weak two-way authentication in nature, the security depends on the confidentiality of a shared secret key, and the protection capability is limited. Therefore, developing an unmanned aerial vehicle authentication and key negotiation method with bidirectional authentication capability and forward security becomes a technical problem to be solved by those skilled in the art. Disclosure of Invention In view of the above state of the art, the present invention provides a key negotiation method, apparatus, device and medium for unmanned aerial vehicle mutual authentication, so that unmanned aerial vehicle authentication has mutual authentication capability and forward security. A key agreement method for unmanned aerial vehicle mutual authentication comprises the steps of generating a temporary token based on identity authentication of an unmanned aerial vehicle operator logging in a cloud, verifying a connection request between a ground control station and the unmanned aerial vehicle through the temporary token, generating a temporary asymmetric key pair after the connection request passes verification, performing mutual authentication on the unmanned aerial vehicle and the cloud through the temporary asymmetric key pair and a random verification code, encrypting public information of the unmanned aerial vehicle and the cloud after the mutual authentication of the unmanned aerial vehicle and the cloud passes, and generating a session key, wherein the session key is used for encrypting transmission data between the unmanned aerial vehicle and the cloud. In an optional embodiment of the application, the bidirectional authentication of the unmanned aerial vehicle and the cloud terminal is performed through the temporary asymmetric key pair and the random verification code, and the method comprises the steps of performing key exchange through the unmanned aerial vehicle and the cloud terminal, enabling the unmanned aerial vehicle and the cloud terminal to respectively obtain temporary public keys in the asymmetric key pair of the other party, signing the random verification code through a signature algorithm, generating signature data for verifying the identities of the unmanned aerial vehicle and the cloud terminal, performing signature data exchange through the unmanned aerial vehicle and the cloud terminal, and mutually performing signature data verification, so that the bidirectional authentication between the unmanned aerial vehicle and the cloud terminal is completed. In an optional implementation manner of the method, the method for generating signature data for verifying the identity of the unmanned aerial vehicle and the cloud end by adopting the signature algorithm to sign the random verification code comprises the