CN-121984789-A - Unmanned aerial vehicle-oriented key management method, medium and equipment

Abstract

The invention relates to the technical field of key management, in particular to an unmanned aerial vehicle-oriented key management method, medium and equipment, which are used for cooperatively generating symmetric session keys uniquely associated with a flying session identifier through symmetric key generation nodes with a number not less than a first preset number threshold, getting rid of single node dependence, realizing accurate matching of the keys and the flying session life cycle, synchronizing the key state and the flying session state by continuously maintaining the key effective state and detecting the triggering condition of a revocation condition in real time in the flying session operation, avoiding the potential safety hazard caused by the key effective state when the session is abnormal, marking the key invalid when the number of the proposed revocation nodes reaches a second preset number threshold after the revocation condition is triggered, avoiding abnormal revocation of the key caused by misoperation or malicious behavior of a single node, dispersing the node load, solving the performance bottleneck of centralized key management, and improving the processing efficiency and expandability.

Inventors

• HU PENG
• JIANG HAOYUN
• TANG TAO
• WU PANPAN
• ZOU XIANG
• LIU HUAN

Assignees

• 中国民用航空总局第二研究所

Dates

Publication Date

20260505

Application Date

20260407

Claims (10)

1. 1. The unmanned aerial vehicle-oriented key management method is characterized by comprising the following steps of: S1, when an unmanned aerial vehicle triggers a flight session establishment request, generating a symmetrical session key uniquely associated with identification information of a flight session by using symmetrical key generation nodes not less than a first preset number threshold in a cooperative manner, wherein the identification information at least comprises a flight task identification and a flight start time stamp; s2, the unmanned aerial vehicle terminal encrypts and signs the original flight dynamic data corresponding to the flight session by using the received symmetric session key and the private key of the corresponding unmanned aerial vehicle manufacturer to obtain a data ciphertext and a digital signature; s3, the security check node decrypts and checks the received data ciphertext and the digital signature by using the received symmetric session key and the public key of the corresponding unmanned aerial vehicle manufacturer to obtain a flight dynamic data plaintext; S4, maintaining the symmetric session key to be in a valid state during normal operation of the flight session, and detecting whether a preset revocation condition is triggered or not in real time; S5, when a preset revocation condition is triggered, each symmetric key generation node respectively outputs a revocation judgment result, wherein the revocation judgment result is that revocation is recommended or not recommended; And S6, if the number of the symmetrical key generation nodes recommended to be revoked is not less than a second preset number threshold, marking the symmetrical session key as a failure state.
2. 2. The unmanned aerial vehicle-oriented key management method of claim 1, wherein S1 comprises the steps of: S11, splicing the flight task identifier, the flight starting time stamp and the disposable random number cooperatively generated by the symmetric key generation node according to a preset splicing sequence to obtain an information character string; s12, calculating the information character string according to the cryptographic hash function to obtain a core key state quantity corresponding to the flight session; S13, constructing a reference polynomial of a t-1 order according to the symmetric key generation node in a preset finite field, wherein t is a first preset quantity threshold value, and the state quantity of the core key is a constant term of the reference polynomial; S14, calculating the value of the self node identifier of each symmetric key generation node on the reference polynomial, and taking the value as the key share of each symmetric key generation node which is correspondingly held; s15, the core key state quantity is cooperatively restored through a Lagrangian interpolation algorithm according to the symmetric key generation nodes which are not less than the first preset quantity threshold and the key shares which are correspondingly held; s16, generating the symmetrical session key through a key derivative function according to the recovered core key state quantity; and S17, the symmetrical session keys are respectively sent to the corresponding unmanned aerial vehicle terminal and the corresponding security check node.
3. 3. The unmanned aerial vehicle-oriented key management method according to claim 1, wherein before S1, the unmanned aerial vehicle-oriented key management method further performs system initialization, comprising the steps of: Respectively generating a unique corresponding public key and a private key for each unmanned aerial vehicle manufacturer; writing the private key into a corresponding unmanned aerial vehicle terminal, and synchronizing the public key to a corresponding security check node; registering each symmetric key generation node and distributing unique node identification; Identity registration is carried out on each unmanned aerial vehicle terminal, and unique equipment identification of the unmanned aerial vehicle terminal and manufacturer identification of a corresponding unmanned aerial vehicle manufacturer are bound.
4. 4. A drone-oriented key management method according to claim 3, wherein S2 comprises the steps of: s21, the unmanned aerial vehicle terminal encrypts the original flight dynamic data by using the symmetric session key to obtain the data ciphertext; S22, carrying out hash digest calculation on the original flight dynamic data to obtain a data digest; s23, encrypting the data abstract by using a private key corresponding to the unmanned aerial vehicle terminal to obtain a digital signature; s24, uploading the data ciphertext and the digital signature to the security check node.
5. 5. A drone-oriented key management method according to claim 3, wherein S3 comprises the steps of: s31, the security check node decrypts the data ciphertext by using the symmetric session key to obtain a reference data plaintext to be checked; s32, carrying out hash digest calculation on the reference data plaintext to obtain a check digest; S33, decrypting the digital signature by using a public key corresponding to the security check node to obtain an original data abstract; And S34, if the check digest is consistent with the original data digest, determining that the reference data plaintext is the flight dynamic data plaintext.
6. 6. The unmanned aerial vehicle-oriented key management method of claim 5, wherein S3 further comprises the steps of: if the check digest is inconsistent with the original data digest, judging that the check fails, and executing data discarding, abnormal recording or alarming operation according to a preset rule.
7. 7. The unmanned aerial vehicle-oriented key management method of claim 1, wherein the preset revocation condition comprises one of an end of flight planning time, an anomaly in unmanned aerial vehicle state, receipt of a forced revocation instruction, and an unreported flight dynamic data for a continuous preset duration of unmanned aerial vehicle.
8. 8. The unmanned aerial vehicle-oriented key management method according to claim 1, further comprising the steps of: S7, stopping providing the symmetric session key to the unmanned aerial vehicle terminal and the security check node; s8, clearing the symmetric session key stored in the symmetric key generation node; s9, prohibiting processing of a request for data decryption or verification based on the symmetric session key.
9. 9. A non-transitory computer readable storage medium having at least one instruction or at least one program stored therein, wherein the at least one instruction or the at least one program is loaded and executed by a processor to implement the drone-oriented key management method of any one of claims 1-8.
10. 10. An electronic device comprising a processor and the non-transitory computer readable storage medium of claim 9.

Description

Unmanned aerial vehicle-oriented key management method, medium and equipment Technical Field The present invention relates to the field of key management technologies, and in particular, to a method, medium, and device for managing a key for an unmanned aerial vehicle. Background With the rapid development of low-altitude economy, unmanned aerial vehicles are widely applied to various fields such as urban inspection, logistics transportation, emergency rescue, environmental monitoring and the like, and the original flight dynamic data generated in the flight process of the unmanned aerial vehicle contains sensitive information such as position, speed, flight track and the like, so that the safety of transmission and management is directly related to airspace running order and public safety. In order to ensure the transmission safety of flight dynamic data, a key management method is generally adopted in the prior art to carry out encryption protection on the unmanned aerial vehicle flight dynamic data, and the main key management mode is mainly divided into two types of centralized key management and simple distributed key management. The method is simple to realize in the scene of small unmanned aerial vehicle scale and low concurrency of flight tasks, but when facing the dynamic operation scene of a large-scale unmanned aerial vehicle, the single node is difficult to deal with key generation requests of a large number of flight sessions, the performance bottleneck of calculation and concurrency processing is easy to form, and once the core node breaks down or suffers attack, the whole unmanned aerial vehicle secret key management system is directly paralyzed, serious single-point fault risks exist, meanwhile, the centrally generated secret key is difficult to be bound with the depth of the unmanned aerial vehicle body flight session, the secret key life cycle is disjointed with the flight task state, the revocation operation depends on manual or single-node instructions, and the response efficiency is extremely low. In the simple distributed key management method, although a plurality of nodes are introduced to participate in key generation, the revocation judgment actions of the nodes are not subjected to standardized constraint, so that key revocation decision is disordered, the situation that the keys are revoked by mistake or are not timely revoked easily occurs, and the fine and reliable management and control of the unmanned aerial vehicle flying session keys cannot be realized. In addition, in the prior art, the encryption of the flight dynamic data and the verification of the identity signature are not effectively combined, the data encryption is completed only through a single key, the legality of the unmanned aerial vehicle terminal cannot be verified, the problems of data counterfeiting and illegal terminal masquerading are easy to occur, and the transmission safety of the flight dynamic data is further reduced. Therefore, how to realize the distributed collaborative generation of the secret key deeply bound with the unmanned aerial vehicle flight session, complete the standardized and highly reliable collaborative revocation of the secret key, and improve the safety, reliability and suitability of the secret key management in a large-scale unmanned aerial vehicle scene becomes a problem to be solved urgently. Disclosure of Invention Aiming at the technical problems, the technical scheme adopted by the invention is an unmanned aerial vehicle-oriented key management method, which comprises the following steps: S1, when an unmanned aerial vehicle triggers a flight session establishment request, symmetric key generation nodes which are not less than a first preset quantity threshold value cooperatively generate symmetric session keys uniquely associated with identification information of a flight session, wherein the identification information at least comprises a flight task identification and a flight start time stamp. S2, the unmanned aerial vehicle terminal encrypts and signs the original flight dynamic data corresponding to the flight session by using the received symmetric session key and the private key of the corresponding unmanned aerial vehicle manufacturer to obtain a data ciphertext and a digital signature. And S3, the security check node decrypts and checks the received data ciphertext and the digital signature by using the received symmetric session key and the public key of the corresponding unmanned aerial vehicle manufacturer to obtain a flight dynamic data plaintext. And S4, maintaining the symmetric session key to be in a valid state during normal operation of the flight session, and detecting whether a preset revocation condition is triggered or not in real time. And S5, when a preset revocation condition is triggered, each symmetric key generation node respectively outputs a revocation judgment result, wherein the revocation judgment result is that revocation is recommended or