阅读说明：本技术 基于量子密钥的北斗短报文的通信系统 (Communication system of big dipper short message based on quantum key ) 是由 肖波 于 2021-09-16 设计创作，主要内容包括：本发明提供一种基于量子密钥的北斗短报文的通信系统,所述通信系统包括站点A和站点B,所述站点A包括客户端北斗通信终端,客户端服务器,客户端QKD设备；所述站点B包括服务端北斗通信终端,服务端服务器,服务端QKD设备；所述客户端QKD设备和所述服务端QKD设备之间通过量子网络进行通信,协商产生出了一个相同的量子密钥K；所述客户端服务器和所述服务端服务器之间通过所述客户端北斗通信终端和所述服务端北斗通信终端来实现北斗短报文通信。本发明综合应用量子通信技术、对称密钥加密技术来实现了北斗短报文通信数据的安全性；应用超时重传机制技术实现了北斗短报文通信的可靠性；应用大包拆分机制技术提高了北斗短报文通信的容量。(The invention provides a quantum key-based Beidou short message communication system, which comprises a site A and a site B, wherein the site A comprises a client Beidou communication terminal, a client server and client QKD equipment; the station B comprises a service end Beidou communication terminal, a service end server and a service end QKD device; the client QKD device and the server QKD device communicate through a sub-network, and a same quantum key K is generated through negotiation; the client server and the server realize Beidou short message communication through the client Beidou communication terminal and the server Beidou communication terminal. The Beidou short message communication data security is realized by comprehensively applying a quantum communication technology and a symmetric key encryption technology; the reliability of Beidou short message communication is realized by applying an overtime retransmission mechanism technology; the big packet splitting mechanism technology is applied to improve the communication capacity of the Beidou short message.)

1. The communication system of the Beidou short message based on the quantum key is characterized by comprising a site A and a site B, wherein the site A comprises a client Beidou communication terminal, a client server and client QKD equipment; the station B comprises a service end Beidou communication terminal, a service end server and a service end QKD device;

the client-side QKD equipment and the server-side QKD equipment communicate through a sub-network, a same quantum key K is generated through negotiation, and then the quantum key K is respectively sent to the client-side server and the server-side server;

the client server and the server realize Beidou short message communication through the client Beidou communication terminal and the server Beidou communication terminal;

the client server compresses data to be sent to the server by using a compression algorithm, and then encrypts the compressed data by using a symmetric key encryption algorithm and a quantum key K; the server side server decrypts data by using a quantum key K and a symmetric key encryption algorithm, and then decompresses a data packet by using a decompression algorithm.

2. The communication system of claim 1, wherein the client server sends a request for a quantum key to the client QKD device telling the client QKD that it wants to obtain a session key for communication with the server, and wherein the request parameters include the address of the server.

3. The communication system according to claim 2, wherein the client QKD obtains the address of the server from request parameters after receiving a request for a key from the client server; finding out the address of the corresponding server QKD equipment according to the address of the server; the client QKD device and the server QKD device then communicate via a subnetwork, negotiating which yields the same quantum key K.

4. The communication system according to claim 1, wherein the client server packages the encrypted data according to a data encapsulation format of a beidou short message, the data encapsulation format of the beidou short message comprising: the first field is the protocol header; the second field is a sequence number, used to prevent replay; the third field is a flag to distinguish whether it is a request packet or a response packet; the fourth field is the source address, which represents the address of the client server; the fifth field is the total number of packets, indicating the total number of packets; the sixth is a packet sequence number, which indicates the number of the split large packet; the seventh field is payload, which represents the actual data transmitted; and the eighth field is a packet tail and is used for indicating a check value of the HMAC algorithm for performing integrity authentication and identity authentication operation on the authentication area data.

5. The communication system according to claim 4, wherein the whole encapsulated data packet is used as the information content of the Beidou short message, the size of the encapsulated data packet is calculated, and if the size of the transmitted information content exceeds the information content capacity limit of one-time transmission of the Beidou short message, the load is split into a plurality of sub-loads for transmission; and if the capacity limit of the Beidou short message is not more than the capacity limit of the Beidou short message, calling an interface of the Beidou communication terminal to send the packaged whole data packet to the server side server by using a Beidou short message channel.

6. The communication system according to claim 5, wherein when the encapsulated whole data packet is larger than the capacity limit of the Beidou short message and the load to be transmitted is split into a plurality of sub-loads, each sub-load is re-packaged according to the data encapsulation format, and each re-packaged packet cannot exceed the capacity limit of the Beidou short message; each small packet takes the sequence number, the total number of the packets and the packet sequence number as a sub-packet identifier; and then, respectively sending each assembled packet to the server side server by using a Beidou short message channel.

7. The communication system according to claim 5, wherein the server determines whether the data packet is a duplicate packet by the sequence number and the packet sequence number, and filters the data packet if the data packet is a duplicate packet.

8. The communication system of claim 5, wherein the server determines whether the data packet is a complete data packet or a split sub-data packet according to the sequence number, the total number of packets, and the packet sequence number, and if the total number of packets is equal to 1, it indicates that the data packet is a complete data packet, and the payload plaintext is the complete content sent by the client server; if the total number is greater than 1, the sub-packets are split sub-packets, and the load plaintext obtained by splitting the sub-packets with different packet sequence numbers under the same sequence number is needed to be spliced to obtain the complete content sent by the client server.

9. The communication system according to claim 1, wherein said client server sets a message timeout time t and a maximum number of times n of message retransmission, said client server re-transmits a message again if no response from said server is received after t time after sending a request message, and re-detects whether a response from said server is received within t time after retransmission; if the server does not receive the message, the server continues to retransmit the message, if the server does not receive the response after retransmitting the message for n times, the server is considered to have a fault and does not retransmit the message in a short time until the server is confirmed to have eliminated the fault.

10. The communication system according to claim 1, wherein the server side server sends a response packet to the client side server through a beidou short message channel after receiving the beidou short message from the client side server, so as to tell the client side server that the message has been received.

Technical Field

The invention relates to the field of quantum communication, in particular to a quantum key-based Beidou short message communication system.

Background

In the prior art, when Beidou short messages are used for communication, in order to ensure the security of data, the data are usually encrypted by combining a traditional secret key with a symmetric secret key encryption technology and then transmitted.

In the prior art, only data of the Beidou short message is encrypted, reliable communication of the Beidou short message is not realized (Beidou short message sending data does not guarantee that an opposite end can receive the data) and the limitation of communication bandwidth of the Beidou short message is not solved (the Beidou short message communication can transmit data with the size of 78 bytes at most once).

The prior art adopts the traditional key combined with the symmetric key encryption technology to encrypt the data. Conventional session key generation typically employs a public-private key mechanism to distribute or a provisioning key to negotiate distribution of the session key. The method adopts a public and private key mechanism to distribute the session key or adopts a preset key to negotiate and distribute the session key, and has no unconditional security in theory, and the possibility that the traditional key is cracked is improved along with the operation of a computer. The key is a main parameter of encryption operation, the security of the key determines the security of encrypted data, and if the session key cannot be ensured, the security of the data cannot be ensured.

Disclosure of Invention

In order to solve the problems, the invention provides a quantum key-based Beidou short message communication system, which comprises a site A and a site B, wherein the site A comprises a client Beidou communication terminal, a client server and a client QKD device; the station B comprises a service end Beidou communication terminal, a service end server and a service end QKD device; the client-side QKD equipment and the server-side QKD equipment communicate through a sub-network, a same quantum key K is generated through negotiation, and then the quantum key K is respectively sent to the client-side server and the server-side server; the client server and the server realize Beidou short message communication through the client Beidou communication terminal and the server Beidou communication terminal; the client server compresses data to be sent to the server by using a compression algorithm, and then encrypts a compressed data packet by using a symmetric key encryption algorithm and a quantum key K; the server side server decrypts the data packet by using a quantum key K and a symmetric key encryption algorithm, and then decompresses the data packet by using a decompression algorithm.

In one embodiment, the client server sends a request for quantum key to the client QKD device, telling the client QKD that it wants to obtain a session key for communication with the server, and the request parameters include the address of the server.

In one embodiment, after receiving a key application request from the client server, the client QKD obtains an address of the server from request parameters; finding out the address of the corresponding server QKD equipment according to the address of the server; the client QKD device and the server QKD device then communicate via a subnetwork, negotiating which yields the same quantum key K.

In one embodiment, the client server packages the encrypted data according to a data encapsulation format of a beidou short message, where the data encapsulation format of the beidou short message includes: the first field is the protocol header; the second field is a sequence number, used to prevent replay; the third field is a flag to distinguish whether it is a request packet or a response packet; the fourth field is the source address, which represents the address of the client server; the fifth field is the total number of packets, indicating the total number of packets; the sixth is a packet sequence number, which indicates the number of the split large packet; the seventh field is payload, which represents the actual data transmitted; and the eighth field is a packet tail and is used for indicating a check value of the HMAC algorithm for performing integrity authentication and identity authentication operation on the authentication area data.

In one implementation mode, the whole packaged data packet is taken as the information content of the Beidou short message, the size of the packaged data packet is calculated, and if the size of the transmitted information content exceeds the information content capacity limit of one-time transmission of the Beidou short message, the load is split into a plurality of sub-loads to be transmitted; and if the capacity limit of the Beidou short message is not more than the capacity limit of the Beidou short message, calling an interface of the Beidou communication terminal to send the packaged whole data packet to the server side server by using a Beidou short message channel.

In one embodiment, when the packaged whole data packet is larger than the capacity limit of the Beidou short message and the load to be transmitted is split into a plurality of sub-loads, each sub-load is re-packaged according to the data packaging format, and each recombined packet cannot exceed the capacity limit of the Beidou short message; each small packet takes the sequence number, the total number of the packets and the packet sequence number as a sub-packet identifier; and then, respectively sending each assembled packet to the server side server by using a Beidou short message channel.

In one embodiment, the server determines whether the data packet is a duplicate packet according to a sequence number and a packet sequence number, and filters the data packet if the data packet is a duplicate packet.

In one embodiment, the server determines whether the data packet is a complete data packet or a split sub-data packet according to the sequence number, the total number of packets, and the packet sequence number, and if the total number of packets is equal to 1, it indicates that the packet is a complete data packet, and the payload plaintext is the complete content sent by the client server; if the total number is greater than 1, the sub-packets are split sub-packets, and the load plaintext obtained by splitting the sub-packets with different packet sequence numbers under the same sequence number is needed to be spliced to obtain the complete content sent by the client server.

In one implementation mode, the client server sets a message timeout time t and a maximum message retransmission number n, and after sending a request message, if no response of the server is received after t time, the client server retransmits the message again, and after retransmitting the message, whether a response of the server is received within t time is detected again; if the server does not receive the message, the server continues to retransmit the message, if the server does not receive the response after retransmitting the message for n times, the server is considered to have a fault and does not retransmit the message in a short time until the server is confirmed to have eliminated the fault.

In an embodiment, after receiving the beidou short message information sent by the client server, the server sends a response packet to the client server through a beidou short message channel, so as to tell the client server that the message has been received.

The quantum key is based on quantum mechanics, the safety of the quantum key is guaranteed by the unclonable principle and the Heisenberg inaccuracy measuring principle in the quantum mechanics, and the quantum key distributed by using the quantum communication technology is proved to be unconditionally safe. The Beidou short message communication data security is realized by comprehensively applying a quantum communication technology and a symmetric key encryption technology; the reliability of Beidou short message communication is realized by applying an overtime retransmission mechanism technology; the big packet splitting mechanism technology is applied to improve the communication capacity of the Beidou short message.

In the quantum key-based Beidou short message communication system, the QKD quantum key distribution technology is used for replacing the traditional public and private key mechanism, so that the problems of limited key replacement frequency and key replacement cost are solved, and the problem of safety in the key distribution process is solved. The quantum key replaces the traditional session key, and the quantum key is higher in security than the traditional key. The invention realizes the sharing of the session key by relying on the quantum communication network and the quantum key distribution technology, and improves the security of the distribution of the session key.

According to the Beidou short message communication system based on the quantum key, encryption transmission is carried out, and data transmission is encrypted by using a symmetric key algorithm, so that the safety of Beidou message communication is guaranteed. The invention solves the problem of Beidou short message communication safety through an encryption technology.

The communication system of the Beidou short message based on the quantum key realizes reliable communication, the Beidou short message is an unreliable transmission mode, and an overtime retransmission mechanism is utilized in the communication system, so that the problem that the Beidou short message is likely to lose packets in the transmission process is solved, and each transmitted data packet can be ensured to be received certainly. The invention solves the problem of unreliable Beidou short message transmission through an overtime retransmission mechanism.

The communication system of the Beidou short message based on the quantum key is a reliable communication big packet splitting mechanism, and the Beidou satellite network has limitation on bandwidth, so that the Beidou short message can only transmit 78 bytes of messages at most at one time. By utilizing a big packet unpacking mechanism and a data compression algorithm, the message with more than 78 bytes is split into a plurality of small messages and then is sent, so that the limitation of the bandwidth of the Beidou short message in the transmission process is solved. The invention solves the problem of the limitation of the Beidou short message transmission bandwidth through a big packet splitting transmission mechanism.

Drawings

In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments described in the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.

FIG. 1 is a schematic structural diagram of a quantum key-based Beidou short message communication system of the invention;

fig. 2 is a schematic diagram of the communication data encapsulation format of the beidou short message.

Detailed Description

In order to make those skilled in the art better understand the technical solutions in the present application, the present invention will be further described with reference to the following examples, and it is obvious that the described examples are only a part of the examples of the present application, and not all examples. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application. The invention is further described with reference to the following figures and examples.

Fig. 1 is a schematic structural diagram of a quantum key-based beidou short message communication system, in which Alice indicates a client or a message initiator, and Bob indicates a server or a message receiver. The quantum network in fig. 1 uses a quantum communication network; in fig. 1, the beidou short message channel used by the beidou short message is a beidou satellite network.

The communication system of the Beidou short message based on the quantum key shown in FIG. 1 comprises a site A and a site B, wherein the site A comprises a client Beidou communication terminal, a server Alice and a client QKD device (A); and the station B comprises a service end Beidou communication terminal, a server Bob and a service end QKD device (B).

The client QKD device (a) and the QKD device (B) communicate via subnetworks, negotiate to generate an identical quantum key K, which is then sent to server Alice and server Bob, respectively.

The server Alice and the server Bob realize Beidou short message communication through a client Beidou communication terminal and a server Beidou communication terminal through a Beidou short message channel;

the server Alice compresses the data to be sent to the server Bob by using a compression algorithm, and then encrypts the compressed data packet by using a symmetric key encryption algorithm and a quantum key K; the server Bob decrypts the data packet by using the sub-key K and the symmetric key encryption algorithm, and then decompresses the data packet by using the decompression algorithm.

The method for the server Alice and Bob to communicate safely and reliably by using the Beidou short message comprises the following steps:

1. the server Alice sends a request to the QKD device (a) for a quantum key, telling the QKD device (a) that it wants to obtain a session key for communication with the server Bob, the request parameters containing the address of the server Bob.

And 2, after receiving the key application request of the server Alice, the QKD device (A) obtains the address of the server Bob from the request parameters. The address of the corresponding QKD device (B) is found from the address of server Bob. The QKD device (a) then initiates quantum key agreement with QKD (b). The QKD device (a) and the QKD device (B) have negotiated a same quantum key K.

The QKD device (A) sends the quantum key K to the server Alice.

The QKD device (B) sends the quantum key K to the server Bob.

5. The server Alice compresses the data to be sent to the server Bob by using a compression algorithm, and then encrypts the compressed data by using a symmetric key encryption algorithm and a quantum key K.

6. And the server Alice packages the encrypted data (recorded as EncryptData) according to a safe and reliable data packaging format (shown in figure 2) of the Beidou short message. The first field is the protocol header; the second field is a sequence number, used to prevent replay; the third field is a flag to distinguish whether it is a request packet or a response packet; the fourth field is a source address, which represents the address of the server Alice; the fifth field is the total number of packets, indicating the total number of packets; the sixth is a packet sequence number, which indicates the number of the split large packet; the seventh field is payload, which represents the actual data transmitted; and the eighth field is a packet tail and is used for indicating a check value of the HMAC algorithm for performing integrity authentication and identity authentication operation on the authentication area data.

7. The packaged whole data packet (marked as FullData) is taken as the information content of the Beidou short message, and as the information content transmitted once by the Beidou short message has capacity limitation (maximum 78 bytes at one time), if the size of the transmitted information content exceeds the capacity limitation, the information content needs to be split into a plurality of sub-information contents for transmission.

8. And calculating the size of the packed FullData packet, and if the size is not more than the capacity limit of the Beidou short message, calling an interface of the Beidou communication terminal to send the FullData to the server Bob by using a Beidou short message channel.

9. Calculating the size of the packed data packet FullData, if the size is larger than the capacity limit of the Beidou short message, splitting the encrypted load EncryptData into a plurality of small packets, repacking each small packet according to a data packing format, wherein the load size of each small packet can not exceed the capacity limit of the Beidou short message: and taking the sequence number, the total number of the packets and the packet sequence number as a sub-packet identifier. When the total number of the packets is equal to 1, the packets are not divided; when the total number of the packets is more than 1, the packets are divided into packets, and the packet sequence number represents the number of the packets with the corresponding sequence number; a packet sequence number equal to the total number of packets indicates the last packet of the corresponding sequence number. And respectively sending each assembled packet to a server Bob by using a Beidou short message channel.

10. In order to ensure the reliability of Beidou short message transmission and ensure that a server Bob can receive messages sent by a server Alice, the server Alice of a message sending party sets a message timeout time t and a maximum message retransmission time n. If the response of the receiver server Bob is not received after the server Alice sends the request message for t time, the message is sent again, the message is re-sent again after the re-sending, whether the response of the receiver server Bob is received within the t time is re-detected again after the re-sending, if the response is not received yet, the re-sending is continued, if the response is not received after the re-sending for n times, the server Bob is considered to have faults of equipment, networks and the like, and the re-sending is not carried out again within a short time until the server Bob is confirmed to have eliminated the faults. If the message received by the receiver is sub-packaged, the receiver returns a response to the sender after receiving the complete message package.

11. After receiving the message sent by the server Alice, the receiver server Bob calls the Beidou communication terminal interface to send a response packet to the server Alice through the Beidou short message channel, and tells the server Alice that the message is received. The rules are sent to ensure the reliability of the transmission in step 10.

12. The server Bob judges whether the packet is a duplicate packet or not through the sequence number and the packet sequence number, and filters the packet if the packet is a duplicate packet.

13. And the server Bob decrypts the load in the data packet by using the sub-key K and the symmetric key encryption algorithm to obtain a plaintext. The sequence number, the total number of the packets and the packet sequence number are used for judging whether the data packet is a complete packet or a split sub-packet, if the total number of the packets is equal to 1, the data packet is a complete packet, and the load plaintext is the complete content sent by the server Alice. If the total number is greater than 1, the sub-packet is a split sub-packet, and the load plaintext obtained by splitting the sub-packets with different packet sequence numbers under the same sequence number is needed to be spliced to obtain the complete content sent by the server Alice.

In the present application, the key: key information or parameters controlling the operation of the cryptographic algorithm.

Symmetric encryption: by adopting the encryption method of the single-key cryptosystem, the same key can be used for encrypting and decrypting information at the same time.

An asymmetric cryptosystem: the asymmetric cryptosystem is also called a dual-key cryptosystem or a public-key cryptosystem, and means that two different keys are used for encryption and decryption operations, respectively, and it is impossible to derive a decryption key from an encryption key.

The quantum communication technology comprises the following steps: quantum communication is an important branch of Quantum information science, and is a communication technology for performing information interaction by using a Quantum state as an information carrier, and Quantum Key Distribution (QKD) is the Quantum information technology which is put into practical use at first and is an important direction of Quantum communication. Quantum key distribution may share keys between spatially separated users in an information theoretically secure manner.

QKD device: the basic principle based on quantum mechanics ensures that a string of identical random numbers which cannot be used as a device for sharing a secret key by an attacker can be generated between two communication parties.

Reliability: ensuring that the transmitted data can be received by the opposite party.

Safety: and carrying out encrypted transmission on the data.

It is readily understood by a person skilled in the art that the advantageous ways described above can be freely combined, superimposed without conflict.

The present invention is not limited to the above preferred embodiments, and any modifications, equivalent substitutions and improvements made within the spirit and principle of the present invention should be included in the protection scope of the present invention. The above is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, several improvements and modifications can be made without departing from the technical principle of the present invention, and these improvements and modifications should also be regarded as the protection scope of the present invention.