CN104301973B - A kind of method of wireless body area network fast wake-up association - Google Patents

Abstract

The invention discloses a method for fast wake-up association of a wireless body area network. The method for fast wake-up association of a wireless body area network includes determining the frame header, frame body and frame tail of the wake-up frame; adopting unicast wake-up association includes brand new unicast Wakeup frame and unicast wakeup association mechanism; multicast wakeup association includes multicast wakeup frame, address index number comparison table and multicast wakeup association mechanism. The invention shortens the time required from wake-up to MK establishment, reduces the waiting time of nodes, thereby reduces the energy loss of nodes to a certain extent, and can be used in the wake-up association process of sensor nodes in wireless body area networks.

Description

A method for fast wake-up association of wireless body area network

technical field

The invention belongs to the technical field of communication, and in particular relates to a method for quickly waking up an association of a wireless body area network.

Background technique

Wireless Body Area Network (WBAN), that is, Wireless Body Area Network, can be regarded as a special application of Wireless Sensor Network (WSN), which refers to a wireless network composed of a series of wearable wireless sensor devices. WBAN will turn the human body into a part of the communication network, making people more and more dependent on wireless networks in daily life, thus realizing the ubiquity of the network in a true sense.

The human body sensor network is mainly used for patient monitoring and physiological parameter measurement. The data measured by various sensors are transmitted to dedicated monitoring instruments or various communication devices through wireless network transmission. The important application of WBAN in medical health makes the importance of WBAN better reflected. The International Standards Organization Institute of Electrical and Electronics Engineers (IEEE) has completed the formulation of international standards related to WBAN - IEEE802.15.6. The standard defines a connection technology with a transmission rate of up to 10Mbps and a maximum distance of about 3 meters. Unlike other short-range, low-power wireless technologies, the new standard specifically considers applications on or inside the human body. The WBAN includes a wireless body area network controller Hub and multiple wireless body area network sensor nodes BN. BN can be distributed in every corner of the organism, and is mainly responsible for collecting biological information and sending the collected information to Hub; Hub is responsible for controlling BN, sending instruction information to sensor nodes, and collecting and processing signals transmitted by sensor nodes. The server communicates with the Hub through the transmission network, and monitors various characteristic indicators of the human body in real time.

Sensor technology is an important foundation of WBAN. Miniaturized, intelligent, high-precision, and low-power sensors are necessary conditions for supporting WBAN. Most of these sensors are powered by batteries. For implantable nodes, the limited battery energy needs to support the sensor's work for a long life cycle, and it is very difficult to charge or replace the battery. Therefore, the power consumption of BAN nodes is a very important performance indicator.

In the current WBAN standard 802.15.6 published by IEEE, four states of the node and the Hub are set in the MAC layer, namely Orphan, Associated, Secured, and Connected. leap state.

In the Orphan state, the node (or Hub) interacts with the Hub (or node) through the security association frame to realize the establishment of MK and the mutual authentication between the node and the Hub. There are five modes of security association frames to choose from, namely MK pre Shared associations, non-authenticated associations, public-key hidden associations, password-authenticated associations, and explicit-authenticated associations. Among them, the MK pre-shared association adopts the symmetric key system, and the other four adopt the elliptic curve cryptosystem. The association request is generally initiated by the node by default. If the MK is activated or generated successfully, the node and the Hub enter the next state, otherwise continue to the Orphan state.

In the Associated state, the node and the Hub use the MK generated or activated in the previous step to generate PTK through the symmetric key system. After the PTK is successfully generated, the node and the Hub enter the next state together, otherwise continue to the Associated state, if the MK is invalid in the Associated state, the node will return to the Orphan state, and the node (or Hub) can terminate the current association and the current MK by separating the request frame and Return to Orphan state.

In the Secured state, the node establishes a connection with the Hub through a connection request (or connection allocation, the connection point allocation frame is sent by the Hub to the node) frame, and enters the final Connected state after the connection is successfully established. If the PTK is invalid or the Connected_NID is lost, it returns to the Associated state, and the current association and the current MK can be terminated by separating the request frame and returns to the Orphan state.

In the Connected state, when the node is in the connected state, it saves the assigned Connected_NID and a wake-up plan. Nodes and Hubs can transmit any frame that guarantees security. If the MK is lost or invalid during PTK regeneration, the node will return to the Orphan state. Nodes and Hubs need to go back to the Associated state if their PTKs are missing or invalid. The current association and the current MK can be terminated by detaching the request frame and returning to the Orphan state. The current connection can be terminated by the disconnect frame and return to the Associated state.

Since WBAN has very strict requirements on power consumption, IEEE802.15.6 stipulates that nodes in the Connected state perform periodic sleep/wake up according to the provisions in the wake-up policy field in the connection request (or connection allocation) frame to save energy. For a node in the Orphan state, its processor works in a low-power mode, waiting for the Hub's Wakeup or T-Poll frame to wake up to enter the working mode. Through the research on the current IEEE802.15.6 standard, the wake-up strategy to wake up the nodes in the Orphan state will have the following problems.

1. For non-authentication association, public key hidden association, password authentication association and display authentication association, it is necessary to send a wake-up signal first, and then the node initiates an association request to complete MK negotiation and mutual authentication with the Hub. The above process is cumbersome and will cause a certain degree of power loss.

2. When distributing GTK, it will be necessary for the Hub to associate with multiple nodes at the same time, which is not described in detail in the IEEE802.15.6 standard. If a single sequence of association is still used, it will cause the node to wait for the time process, resulting in Waste of node energy.

Contents of the invention

The purpose of the embodiment of the present invention is to provide a wireless body area network fast wake-up association method, aiming to solve the existing wireless body area network fast wake-up association method in the process of waking up and establishing MK between the Hub and the node Lengthy and complex issues of time and steps.

The embodiment of the present invention is achieved in this way, a method for fast wake-up association of wireless body area network, the method for fast wake-up association of wireless body area network includes determining the frame header, frame body and frame tail of the wake-up frame; adopting unicast wake-up association Including brand new unicast wakeup frame and unicast wakeup association mechanism; multicast wakeup association includes multicast wakeup frame, address index number comparison table and multicast wakeup association mechanism.

Further, the frame header of the wake-up frame includes FC, HID/NID, BAN ID, wherein FC is frame header control, including frame control information such as protocol version, Ack policy, security level, frame type, etc., and the type of frame is set in frame control as Control type, the subtype is Wakeup frame; HID/NID is the address shortening code of Hub and BN, which is used to receive frame data; BAN ID is the shortening address of the currently working body area network, which is used to mark the location of the frame data body area network.

Further, in step 2, the wake-up frame body includes Add_a, Add_b, SSS, Asso_ctrl, SAD; wherein Add_a is the address retrieval code of the BN node address or BN that the Hub requires to authenticate with it, M=6 bytes during unicast, more The size of M is variable when broadcasting; Add_b is the Hub address currently sending the wake-up association signal; SSS is the secure socket selection field, which is used to determine the current security association protocol, security level, frame authentication control, and a series of cryptographic functions for Information required for security association; Asso_ctrl is security association control, including association serial number and association state; SAD is security association data, including Hub’s public key and random number Nonce_b generated by the current Hub, between 0 and (2 ¹²⁸ -1) Randomly selected from among, it is used for the authentication work after wake-up.

Further, the wake-up frame tail is composed of FCS, and the cyclic redundancy sequence CRC check is adopted;

Further, the unicast association process specifically includes:

Step 1. The Hub sets the SSS and Asso_ctrl fields to corresponding values according to the current communication needs, selects its own private key SK _b , calculates PK _b = SK _b ×G, and constructs a Wakeup frame; after sending the Wakeup frame, it sends T to the node - Poll frame;

Step 2: After receiving the wake-up frame, the node obtains the configuration information of this association and the public key PK _b of the Hub, and then selects its own private key SK _{a with a} length of 256 bits, calculates the public key PK _a = SK _a × G, and calculates After the public key is issued, the node calculates the password-based public key again, PK _a '=PK _a -Q(PW), where Q(PW)=(Q _X , Q _Y ), Q _X ＝2 ³² ×PW+M _X . The node calculates according to the Nonce_b in the received Wakeup frame and the Nonce_a selected by itself:

KMAC_1A=CMAC(Temp_1,Add_a||Add_b||Nonce_a||Nonce_b||SSS,64)

KMAC_2A=CMAC(Temp_1,Add_b||Add_a||Nonce_b||Nonce_a||SSS,64);

The node uses the information PK _a ' and KMAC_2A calculated above to construct the first association request frame and send it to the Hub;

Step 3, after the Hub receives the first association request frame, it first restores the public key of the current node PK _a =PK _a '+Q(PW), Q(PW)=(Q _X , Q _Y ), Q _X =2 ³² ×PW+M _X ; M _X is the smallest non-negative integer that makes Q _X satisfy the points on the elliptic curve; calculate DHKey=X(SK _b ×PK _a )=X(SK _a ×SK _b ×G), where X( ) function is to take the X coordinate value of the elliptic curve key, Temp_1=RMB_128 (DHKey), and calculate according to the received information and the calculated information:

KMAC_1B=CMAC(Temp_1,Add_a||Add_b||Nonce_a||Nonce_b||SSS,64)

KMAC_2B=CMAC(Temp_1,Add_b||Add_a||Nonce_b||Nonce_a||SSS,64)

Comparing the received KMAC_2A and the calculated KMAC_2B, if they are the same, continue to construct the second association request frame according to KMAC_1B and enter step five of this association request, if they are different, cancel this association request;

Step 4, the node receives the second association request frame, compares the KMAC_1A calculated in step 2 with the received KMAC_1B, if they are different, cancel this association request, and if they are the same, enter step 5 of this association;

Step 5, the node and the Hub calculate MK=CMAC(Temp_2,Nonce_a||Nonce_b,128), where Temp_2=LMB(DHKey), which is the leftmost 128 bits of DHKey; both parties complete the wake-up association.

Further, the multicast association process specifically includes:

Step 1. The Hub sets the SSS and Asso_ctrl fields to corresponding values according to the needs of current communication, selects its own private key SK _b , calculates PK _b = SK _b ×G; constructs a Wakeup frame for broadcast, and broadcasts a T-Poll frame until receiving to the first association request frame sent by all nodes that need to communicate;

Step 2: After receiving the Wakeup frame, a certain node i selects the private key SK _ai according to the address, calculates the public key PK _ai =SK _ai ×G, and calculates the public key based on the password, PK _ai '=PK _ai -Q(PW _i ), Q(PW _i )=(Q _X , Q _Y ); Q _X ＝2 ³² ×PW _i +M _X ; choose random number Nonce_a _i , calculate DHKey=X(SK _ai ×PK _b )=X(SK _ai ×SK _b ×G), Temp_1=RMB_128 (DHKey), the node calculates according to the received Wakeup frame information and the Nonce_a _i selected by itself:

KMAC_1A＝CMAC(Temp_1,Add_a _i ||Add_b||Nonce_a _i ||Nonce_b||SSS,64)

KMAC_2A＝CMAC(Temp_1,Add_b||Add_a _i ||Nonce_b||Nonce_a _i ||SSS,64)

The node uses the calculated PK _ai ', KMAC_2A to construct the first association request frame and send it;

Step 3, after the Hub receives the first association request frame from the i-th node, it first restores the public key of the i-th node: PK _ai =PK _ai '+Q(PW _i ), Q(PW _i )=(Q _X , Q _Y ), Q _X ＝2 ³² ×PW _i +M _X , Q _Y is a positive even number; calculate DHKey＝X(SK _b ×PK _ai )＝X(SK _ai ×SK _b ×G), Temp_1＝RMB_128(DHKey) , calculated based on the received information and the calculated information:

KMAC_1B＝CMAC(Temp_1,Add_a _i ||Add_b||Nonce_a _i ||Nonce_b||SSS,64)

KMAC_2B＝CMAC(Temp_1,Add_b||Add_a _i ||Nonce_b||Nonce_a _i ||SSS,64)

Comparing the received KMAC_2A and the calculated KMAC_2B, if they are the same, continue to construct the second association request frame according to KMAC_1B, if they are different, cancel this association request, and after sending the second association request frame, the Hub calculates MK _i =CMAC(Temp_2, Nonce_a _i ||Nonce_b,128) is the master key of the Hub and the i-th node;

Step 4, the i-th node receives the second association request frame, compares the KMAC_1A calculated in step 2 with the received KMAC_1B, if they are different, cancel this association request, if they are the same, calculate MK _i =CMAC(Temp_2,Nonce_a _i | |Nonce_b,128) is the master key of the i-th node and the Hub.

Further, in the method for quickly waking up the association of the wireless body area network, the nodes are all in a non-connected state.

The wireless body area network fast wake-up association method provided by the present invention adopts a unicast wake-up association including a brand-new unicast Wakeup frame and a unicast wake-up association mechanism; a multicast wake-up association includes a multicast Wakeup frame, an address index number comparison table, and a multicast Broadcast wake-up association mechanism. The invention reduces frame transmission in the association process and saves energy consumption in the data transmission process. The invention realizes that the wireless body area network sensor node starts to associate when it is safely awakened, reduces the number of frames required to be transmitted from awakening to MK establishment, and reduces the waiting time of nodes; the public key is hidden in the IEEE802.15.6 standard Taking association as an example, 4480 bits of data need to be transmitted during the entire association process, and 5 frame exchanges are required. In the present invention, 3112-bit data needs to be transmitted, and three frame exchanges are required, which saves data transmission by 30% and reduces the transmission of 2 frames of data compared with the public key hidden association.

Description of drawings

FIG. 1 is a flow chart of a method for fast wake-up association of a wireless body area network provided by an embodiment of the present invention;

FIG. 2 is a schematic diagram of a Wakeup frame structure provided by an embodiment of the present invention;

FIG. 3 is a flowchart of a unicast wake-up association process provided by an embodiment of the present invention;

Fig. 4 is an address index number comparison table diagram provided by the embodiment of the present invention;

Fig. 5 is a flowchart of a multicast wake-up association process provided by an embodiment of the present invention.

Detailed ways

In order to make the object, technical solution and advantages of the present invention more clear, the present invention will be further described in detail below in conjunction with the examples. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

The application principle of the present invention will be further described below in conjunction with the accompanying drawings and specific embodiments.

As shown in FIG. 1, the method for quickly waking up the association of the wireless body area network according to the embodiment of the present invention includes the following steps:

S101: Determine the frame header, frame body and frame tail of the wake-up frame;

S102: Using unicast wakeup association includes a new unicast Wakeup frame and a unicast wakeup association mechanism;

S103: The multicast wakeup association includes a multicast Wakeup frame, an address index number comparison table, and a multicast wakeup association mechanism.

The present invention specifically comprises the following steps:

In the first step, the Wakeup frame structure of the body area network is designed:

Step 1, the frame header of the wake-up frame includes FC (Frame Control), HID/NID (Hub/NodeIdentifier), BAN ID (BAN Identifier), where FC is frame header control, including protocol version, Ack policy, security level, frame type Such as frame control information, in the frame control, you can set the frame type as the control type, and the subtype as Wakeup frame; HID/NID is the address shortening code of Hub and BN, which is used to receive frame data; BAN ID is the current working body The shortened address of the domain network is used to mark the body area network where the frame data is located;

Step 2, the wake-up frame body includes Add_a (Recipient Address), Add_b (Sender Address), SSS (Security Suite Selector), Asso_ctrl (Association Control), SAD (SecurityAssociation Data); where Add_a is the BN node that the Hub requires to authenticate with Address or the address retrieval code of BN, M=6 bytes during unicast, and the size of M during multicast is variable; Add_b is the Hub address currently sending the wake-up association signal; SSS is the secure socket selection field, used to determine A series of information required for security associations such as the current security association protocol, security level, frame authentication control, and cryptographic functions; Asso_ctrl is the security association control, including the associated serial number and association status; SAD is the security association data, which includes Hub The public key and the random number Nonce_b generated by the current Hub are randomly selected from 0 to (2 ¹²⁸ -1) and used for authentication after wake-up;

Step 3, the wake-up frame tail is composed of FCS, and the cyclic redundancy sequence CRC is used for checking;

The second step, the unicast association process:

Step 1. The Hub sets the SSS and Asso_ctrl fields to corresponding values according to the current communication needs, selects its own private key SK _b , calculates PK _b = SK _b ×G, and constructs a Wakeup frame; after sending the Wakeup frame, it sends T to the node - Poll frame;

Step 2: After receiving the wake-up frame, the node obtains the configuration information of this association and the public key PK _b of the Hub, and then selects its own private key SK _{a with a} length of 256 bits, calculates the public key PK _a = SK _a × G, and calculates After the public key is issued, the node calculates the password-based public key again, PK _a '=PK _a -Q(PW), Q(PW)=(Q _X , Q _Y ), Q _X ＝2 ³² ×PW+M _X ; The node calculates according to the Nonce_b in the received Wakeup frame and the Nonce_a selected by itself:

KMAC_1A=CMAC(Temp_1,Add_a||Add_b||Nonce_a||Nonce_b||SSS,64)

KMAC_2A=CMAC(Temp_1,Add_b||Add_a||Nonce_b||Nonce_a||SSS,64);

Using the information PK _a ' and KMAC_2A calculated above to construct a first association request frame and send it to the Hub;

Step 3, after the Hub receives the first association request frame, it first restores the public key of the current node PK _a =PK _a '+Q(PW), Q(PW)=(Q _X , Q _Y ), Q _X =2 ³² ×PW+M _X ; M _X is the smallest non-negative integer that makes Q _X satisfy the points on the elliptic curve; calculate DHKey=X(SK _b ×PK _a )=X(SK _a ×SK _b ×G), where X( ) function is to take the X coordinate value of the elliptic curve key, Temp_1=RMB_128 (DHKey), and calculate according to the received information and the calculated information:

KMAC_1B=CMAC(Temp_1,Add_a||Add_b||Nonce_a||Nonce_b||SSS,64)

KMAC_2B=CMAC(Temp_1,Add_b||Add_a||Nonce_b||Nonce_a||SSS,64)

Comparing the received KMAC_2A and the calculated KMAC_2B, if they are the same, continue to construct the second association request frame according to KMAC_1B and enter step five of this association request, if they are different, cancel this association request;

Step 4, the node receives the second association request frame, compares the KMAC_1A calculated in step 2 with the received KMAC_1B, if they are different, cancel this association request, and if they are the same, enter step 5 of this association;

Step 5, the node and the Hub calculate MK=CMAC(Temp_2,Nonce_a||Nonce_b,128), where Temp_2=LMB(DHKey), which is the leftmost 128 bits of DHKey; both parties complete the wake-up association;

The third step, the multicast association process:

Step 1. The Hub sets the SSS and Asso_ctrl fields to corresponding values according to the current communication needs, selects its own private key SK _b , and calculates PK _b = SK _b ×G; constructs a broadcast Wakeup frame, and broadcasts a T-Poll frame until Receive the first association request frame sent by all nodes that need to communicate;

Step 2: After receiving the Wakeup frame, a certain node i selects the private key SK _ai according to the address, calculates the public key PK _ai =SK _ai ×G, and calculates the public key based on the password, PK _ai '=PK _ai -Q(PW _i ), Q(PW _i )=(Q _X , Q _Y ); Q _X ＝2 ³² ×PW _i +M _X ; choose random number Nonce_a _i , calculate DHKey=X(SK _ai ×PK _b )=X(SK _ai ×SK _b ×G), Temp_1=RMB_128 (DHKey), the node calculates according to the received Wakeup frame information and the Nonce_a _i selected by itself:

KMAC_1A＝CMAC(Temp_1,Add_a _i ||Add_b||Nonce_a _i ||Nonce_b||SSS,64)

KMAC_2A＝CMAC(Temp_1,Add_b||Add_a _i ||Nonce_b||Nonce_a _i ||SSS,64)

The node uses the calculated PK _ai ', KMAC_2A to construct the first association request frame and send it;

Step 3, after the Hub receives the first association request frame from the i-th node, it first restores the public key of the i-th node: PK _ai =PK _ai '+Q(PW _i ), Q(PW _i )=(Q _X , Q _Y ), Q _X ＝2 ³² ×PW _i +M _X , Q _Y is a positive even number; calculate DHKey＝X(SK _b ×PK _ai )＝X(SK _ai ×SK _b ×G), Temp_1＝RMB_128(DHKey) , calculated based on the received information and the calculated information:

KMAC_1B＝CMAC(Temp_1,Add_a _i ||Add_b||Nonce_a _i ||Nonce_b||SSS,64)

KMAC_2B＝CMAC(Temp_1,Add_b||Add_a _i ||Nonce_b||Nonce_a _i ||SSS,64)

Comparing the received KMAC_2A and the calculated KMAC_2B, if they are the same, continue to construct the second association request frame according to KMAC_1B, if they are different, cancel this association request, and after sending the second association request frame, the Hub calculates MK _i =CMAC(Temp_2, Nonce_a _i ||Nonce_b,128) is the master key of the Hub and the i-th node;

Step 4, the i-th node receives the second association request frame, compares the KMAC_1A calculated in step 2 with the received KMAC_1B, if they are different, cancel this association request, if they are the same, calculate MK _i =CMAC(Temp_2,Nonce_a _i | |Nonce_b,128) is the master key of the i-th node and the Hub.

Working principle of the present invention:

The invention realizes that the wireless body area network sensor node starts to associate when it is safely awakened, shortens the time required from awakening to MK establishment, and reduces the waiting time of nodes; at the same time, the association mode of the Hub and multiple nodes is Design; for this purpose, a new wake-up signal and a new association mechanism are designed. When the Hub starts to establish a WBAN network or needs to communicate with a node that is not in the Connected state, it will need to wake up the node; the wake-up operation is through the control type The frame Wakeup and T-Poll can be implemented, and the combination of the two methods can be used, or the T-Poll method can be used alone; IEEE802.15.6 stipulates that the node is awakened by the Wakeup frame, and the time slot allocated by T-Poll is used for the Associated frame exchange; in the present invention, the above-mentioned wake-up operation is performed by using the combination of Wakeup and T-Poll.

Specific embodiments of the present invention:

The present invention proposes a fast and secure wake-up association mechanism based on body area network, so as to realize that the wireless body area network sensor nodes start to associate while being safely awakened, shortening the time required from wake-up to MK establishment, and reducing the number of nodes During the waiting time, the association mode between the Hub and multiple nodes is designed; the nodes of the body area network in the present invention are all in a non-connected state.

When the Hub starts to establish a WBAN network or needs to communicate with nodes that are not in the Connected state, it will need to wake up the nodes. The wake-up operation is realized through the control type frame Wakeup and T-Poll, and the combination of the two methods can be used, or the T-Poll method can be used alone. It is stipulated in IEEE802.15.6 that nodes are awakened by Wakeup frames, and time slots are allocated by T-Poll for the exchange of Associated frames. In the present invention, the above-mentioned wake-up operation is performed by using the combination of Wakeup and T-Poll.

Based on the IEEE802.15.6 wakeup frame, a new Wakeup frame is designed; the structure of the wakeup associated unicast frame designed this time is explained with reference to Figure 2;

Frame header:

FC (Frame Control): Frame header control, including frame control information such as protocol version, Ack policy, security level, frame type, etc. In frame control, the type of frame can be set as control type, and the subtype is Wakeup frame;

HID/NID (Hub/Node Identifier): The address shortening codes of Hub and BN respectively, used for receiving frame data;

BAN ID (BAN Identifier): It is the shortened address of the current working body area network, which is used to mark the body area network where the frame data is located;

Frame body: the longest length is pMaxFrameBodyLength, which is 255 bytes according to IEEE802.15.6;

Add_a (Recipient Address): It is the BN node address or BN address retrieval code that the Hub requires to authenticate with it, M=6 bytes in unicast, and the size of M is variable in multicast;

Add_b(Sender Address): It is the address of the Hub currently sending the wake-up association signal;

SSS (Security Suite Selector): The secure socket selection field is used to determine a series of information required for security associations such as the current security association protocol, security level, frame authentication control, and cryptographic functions;

Asso_ctrl(Association Control): Security association control, including association serial number and association status;

SAD (Security Association Data): Security association data, including the Hub's public key and the random number generated by the current Hub, randomly selected from 0 to (2 ¹²⁸ -1), used for authentication after wake-up;

end of frame:

FCS: It is a frame detection sequence, which adopts cyclic redundancy sequence CRC check;

After completing the design of the wake-up frame, the unicast association process specified in IEEE802.15.6 is optimized. Taking the password authentication association as an example, the premise of the association is that the Hub and the node must share the PW (Pass Word), that is, the user password; In the following, a detailed discussion will be made with reference to FIG. 3 , including:

The first step is initialization. The Hub sets the SSS and Asso_ctrl domains to corresponding values according to the needs of current communication; the Hub selects its private key SKb to be 256 bits long, and calculates the public key PK _b =SK _b ×G, where G=(Gx ，Gy)为IEEE802.15.6中规定的椭圆曲线的基点，其中Gx＝6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296；Gy＝4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5，

× is the scalar multiplication based on the elliptic curve; the Hub selects a random number Nonce_b from 0 to (2 ¹²⁸ -1), sets the SAD field and constructs the above Wakeup frame; after sending the Wakeup frame, the Hub will send a T-Poll to the node Frame, the T-Poll frame is to allocate time slots for the exchange of the associated frame; in the present invention, if the Hub does not receive the first associated frame, it will always send the T-Poll frame until the first associated frame is received;

In the second step, after the node receives the wake-up frame, it first stores the wake-up frame. If Add_a is not its own address, the current state remains unchanged; if Add_a is its own address, the processor enters the working state; the node takes out From the stored wake-up frame, take out the information in the SSS, Asso_ctrl, and SAD fields, obtain the associated configuration information and the Hub’s public key PK _b selection, and then select your own private key SK _{a with a} length of 256 bits, and calculate the public key PK _a =SK _a ×G, where G is the base point of the elliptic curve stipulated in IEEE802.15.6, which is the same as the node selection, and × is the scalar multiplication based on the elliptic curve. After the public key is calculated, the node calculates the public key based on the password. key,

PK _a '=PK _a -Q(PW);

Q(PW)=( _QX , _QY );

Q _X ＝2 ³² ×PW+M _X , Q _Y is a positive even number;

M _X is the smallest non-negative integer that makes Q _X satisfy the points on the elliptic curve;

After the calculation is completed, if PK _a ' is valid, update the public key PK _a of the current node, select the random number Nonce_a, and calculate X(), where the X() function is to take the X coordinate value of the elliptic curve key; Temp_1=RMB_128( DHKey), which is the rightmost 128 bits of DHKey; the node calculates according to the Nonce_b in the received Wakeup frame and the Nonce_a selected by itself:

KMAC_1A=CMAC(Temp_1,Add_a||Add_b||Nonce_a||Nonce_b||SSS,64)

KMAC_2A=CMAC(Temp_1,Add_b||Add_a||Nonce_b||Nonce_a||SSS,64)

The node uses the information PKa and KMAC_2A calculated above to construct the first association request frame; this frame is a standard request frame specified by IEEE802.15.6; if the node wants to give up this association for some reason, it needs to set the association control field of the association request frame The association status option in , the length of this option is one byte, and the decimal value 0 represents joining the current association; 1 represents abandoning the association due to different SSS domain selection; 2 represents abandoning the association due to lack of required security credentials; 3 represents insufficient current resources And give up the association; 4 means giving up the association due to the restrictions of the administrator or owner's security policy options; 5-15 reserved; so the node still needs to send the first association request frame if it wants to give up this association, and fill in the corresponding form according to the above requirements Association state option; when sending the first association request frame, the frame shall be sent according to the time slot allocated by the T-Poll frame sent by the Hub;

In the third step, after the Hub receives the first association request frame, it first restores the public key of the current node:

PK _a =PK _a '+Q(PW);

Q(PW)=( _QX , _QY );

Q _X ＝2 ³² ×PW+M _X , Q _Y is a positive even number;

M _X is the smallest non-negative integer that makes Q _X satisfy the points on the elliptic curve;

Calculate DHKey=X(SK _b ×PK _a )=X(SK _a ×SK _b ×G), where the X() function is to take the X coordinate value of the elliptic curve key, Temp_1=RMB_128(DHKey), according to the received Information and calculated information calculations:

KMAC_1B=CMAC(Temp_1,Add_a||Add_b||Nonce_a||Nonce_b||SSS,64)

KMAC_2B=CMAC(Temp_1,Add_b||Add_a||Nonce_b||Nonce_a||SSS,64)

Compare the received KMAC_2A with the calculated KMAC_2B. If they are the same, continue to construct the second association request frame and enter the fifth step of this association request. If they are different, cancel this association request. Similar to the node, you also need to set the association status option ; According to SSS, Asso_ctrl selected in the first step, fill random number Nonce_b, Hub public key, and KMAC_1B in the SAD field to construct the second association request frame, which is the standard request frame specified by IEEE802.15.6;

In the fourth step, the node receives the second association request frame, compares the KMAC_1A calculated in the second step with the received KMAC_1B, if they are different, cancel this association request, and if they are the same, enter the fifth step of this association;

Step 5: The node and the Hub calculate MK=CMAC(Temp_2,Nonce_a||Nonce_b,128), where Temp_2=LMB(DHKey), which is the leftmost 128 bits of DHKey;

The above steps complete the Hub-to-node awakening association process in the case of unicast, and simplify the key negotiation and authentication process between the two parties; the multicast association process will be described below.

In the process of multicasting, the Hub needs to issue GTK to each node participating in the communication process, but in IEEE802.15.6, the issuance of GTK requires the Hub to share a PTK with each node participating in the communication, and the generation of PTK is based on MK Existence is the premise; therefore, in the multicast process, the Hub needs to associate with multiple nodes to activate or generate the MK between them; if the sequential wake-up association method is used, it will cause a large network delay and node waiting time Too long; So adopt the form of multicast Wakeup frame to wake up correlation, be about to set ID to Multicast_NID in the receiving ID domain in the Wakeup frame header that the present invention discusses, just need all the nodes that need to communicate according to Wakeup frame of the present invention The address is put into Add_a; if the address encoding method of EUI-48 is adopted, this will cause a huge overhead of the wake-up signal; so the address of BN in multicast is redesigned;

In the present invention, the method of indexing will be adopted, that is, the address encoding of BN is carried out in a one-to-one correspondence mode between address and index; according to the regulations in the IEEE802.15.6 standard, the maximum number of nodes in each WBAN is 64, so 6-bit binary The number indicates that the address index code is enough, representing the EUI-48 type address of the node in the WBAN; Hub sends the address index code correspondence table of the BN node to the node when building the network, and the node stores it; the Hub stores the address of the BN node The index code correspondence table, when constructing the wake-up frame, the address index code corresponding to the node address needs to be written into Add_a; after the node receives the multicast wake-up signal, it searches Add_a according to the address index code correspondence table stored by itself. If there is an index code, it will respond to the wake-up frame, if not, it will not respond and continue to sleep;

After completing the above address correspondence process, the following describes the multicast wake-up association with reference to Figure 5, specifically including:

The first step is initialization. The Hub sets the SSS and Asso_ctrl fields to corresponding values according to the current communication needs; the Hub selects its private key SK _b and calculates the public key PK _b = SK _b × G, where G is specified in IEEE802.15.6 The base point of the elliptic curve, × is the scalar multiplication based on the elliptic curve; Hub selects a random number Nonce_b in 0～(2 ¹²⁸ -1), when setting the Add_a domain, according to the address index mode defined in the present invention, will need The address index code of the communicating node is written into Add_a in sequence; set the SAD field and construct the above Wakeup frame; while sending the Wakeup frame, the Hub will send a T-Poll frame to the node, and the T-Poll frame is an associated frame To exchange and allocate time slots; the T-Poll frame here is a broadcast type frame, that is, the receiving ID of the frame header is Unconnected_Broadcast_NID, and all unconnected nodes can receive the T-Poll frame, and the T-Poll frame is an associated frame The exchange allocates time slots; until the first association request frame sent by all nodes is received, the Hub will stop broadcasting the T-Poll frame;

The second step is the i-th node, where the value range of i is 1 to n, and n is the number of nodes that the current Hub needs to communicate with. After receiving the multicast wake-up frame, it is considered that the Add_a field of the wake-up frame is based on the address The index code is filled in; then the node retrieves the Add_a field;

If you have your own address retrieval code in the Add_a field, enter the working mode and restore your own address Add_a _i according to the address index table. Here, the node calculation method is the same as that in unicast. First, select the private key SK _ai and calculate the public key calculation Public key PK _ai = SK _ai × G, where G is the base point of the elliptic curve specified in IEEE802.15.6, × is the scalar multiplication based on the elliptic curve, and then calculate the public key based on the password,

PK _ai '=PK _ai -Q(PW _i );

Q(PW _i )=(Q _X , Q _Y );

Q _X ＝2 ³² ×PW _i +M _X , Q _Y is a positive even number;

MX is the smallest non-negative integer that makes QX satisfy the points on the elliptic curve;

After the calculation is completed, if PK _ai ' is valid, update the public key PK _ai of the current node, select the random number Nonce_a _i , and calculate DHKey=X(SK _ai ×PK _b )=X(SK _ai ×SK _b ×G), where The X() function is to take the X coordinate value of the elliptic curve key; Temp_1=RMB_128 (DHKey), which is the rightmost 128 bits of the DHKey; the node calculates according to the received Wakeup frame information and the Nonce_a _i selected by itself:

KMAC_1A＝CMAC(Temp_1,Add_a _i ||Add_b||Nonce_a _i ||Nonce_b||SSS,64)

KMAC_2A＝CMAC(Temp_1,Add_b||Add_a _i ||Nonce_b||Nonce_a _i ||SSS,64)

The node uses the information calculated above to construct the first association request frame; this frame is a standard request frame specified by IEEE802.15.6; if the node wants to give up this association for some reason, it needs to set the association in the association control field of the association request frame Status option, the length of this option is one byte, the decimal value 0 means joining the current association; 1 means abandoning the association due to different SSS domain selections; 2 means abandoning the association due to lack of required security credentials; 3 means abandoning the association due to insufficient current resources ; 4 means that the association is abandoned due to the restriction of the administrator or owner's security policy options; 5-15 is reserved; so if the node wants to abandon the association request, it still needs to send the first association request frame, and fill in the corresponding association status options according to the above requirements; When sending the first association request frame, the frame should be sent according to the time slot allocated by the T-Poll frame broadcast by the Hub;

If there is no own address retrieval code in the Add_a domain, then continue the low power mode without responding;

In the third step, after the Hub receives the first association request frame of the i-th node, it first restores the public key of the i-th node:

PK _ai =PK _ai '+Q(PW _i );

Q(PW _i )=(Q _X , Q _Y );

Q _X ＝2 ³² ×PW _i +M _X , Q _Y is a positive even number;

Calculate DHKey=X(SK _b ×PK _ai )=X(SK _ai ×SK _b ×G), where the X() function is to take the X coordinate value of the elliptic curve key, Temp_1=RMB_128(DHKey), according to the received Information and calculated information calculations:

KMAC_1B＝CMAC(Temp_1,Add_a _i ||Add_b||Nonce_a _i ||Nonce_b||SSS,64)

KMAC_2B＝CMAC(Temp_1,Add_b||Add_a _i ||Nonce_b||Nonce_a _i ||SSS,64)

Compare the received KMAC_2A and the calculated KMAC_2B, if they are the same, continue to construct the second association request frame, if they are different, cancel this association request; according to the SSS and Asso_ctrl selected in the first step, fill the random number Nonce_b in the SAD field , Hub public key, and KMAC_1B, this frame is a standard request frame specified by IEEE802.15.6; after the second request frame is sent, Hub calculates MK _i =CMAC(Temp_2, Nonce_a _i ||Nonce_b, 128) for Hub and i-th node The master key is stored according to the index table; when the Hub associates with the current _i -th node, it will detect the first association request frame of other nodes at the same time. After receiving the request, it needs to store it. response;

In the fourth step, the i-th node receives the second association request frame, compares the KMAC_1A calculated in the second step with the received KMAC_1B, if they are different, cancel this association request, and if they are the same, calculate MK _i = CMAC(Temp_2, Nonce_a _i ||Nonce_b,128) is the master key of the i-th node and the Hub;

The above process completes the security association process between the Hub and multiple nodes in the case of multicast, and generates the corresponding MK. On the basis of sharing the MK, the Hub and the nodes can generate PTK, and use the PTK to issue GTK;

Compared with the prior art, the present invention has the following advantages:

The following will compare 802.15.6 with this solution in terms of wake-up frame length, MK establishment steps during unicast and multicast, and energy consumed by transmission:

Steps to establish MK when waking up frame length, unicast and multicast:

1. The present invention redesigns the Wakeup frame in the 802.15.6 standard, and adds the SSS, Asso_ctrl, Nonce and public key required for the association request in the frame body; after the Wakeup frame is improved, although the frame length becomes longer , but the first association frame originally required by 802.15.6 is not needed in the association step; so the frame length is still reduced overall;

2. The present invention simplifies the steps of the association process in the body area network by the above-mentioned Wakeup frame; in the 802.15.6 standard, at least five steps are required to be awakened from the node to the establishment of the MK, but in the present invention, the wakeup from the node to the establishment of the MK only needs three steps;

3. The present invention also simplifies the association process when multicasting in the 802.15.6 standard; in the standard, when performing multicast communication, the Hub will wake up the nodes that need to communicate in turn, and then establish MK in the association process; Invented and designed a brand-new multicast wakeup association, which sends Wakeup frames through multicast to wake up all nodes that need to communicate with it at one time; then start the association process by referring to the address and association strategy in the Wakeup frame body; in the multicast Wakeup frame Among them, the present invention has designed the address correspondence table, makes the Wakeup frame overhead reduce greatly; When there are n nodes to carry out multicast communication, need 2n steps to establish MK with all nodes in 802.15.6 standard, and adopt the method of the present invention , only need n steps;

Energy consumed for transmission:

Assuming that b _s is the number of bits transmitted, e _t is the energy consumed by unit bit transmission, and e _l is the energy consumed by unit bit reception; then in WBAN, the model of energy E _s consumption is:

E _s =b _s e _t +b _s e _l

In this analysis, set e _t to 50×10 ^-9 and e _l to 50×10 ^-9 , then the comparison results of energy consumption between the present invention and 802.15.6 are shown in Table 6 below; from the table it can be seen that the present invention The invention reduces the transmission of 1368bits data and reduces energy consumption by 30%, which can prolong the life of nodes to a large extent;

Table 1: The present invention and IEEE802.15.6 energy consumption

The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the present invention. Any modifications, equivalent replacements and improvements made within the spirit and principles of the present invention should be included in the protection of the present invention. within range.

Claims (2)

1. A kind of 1. method of wireless body area network fast wake-up association, it is characterised in that the wireless body area network fast wake-up association Method includes：Construct Wakeup frame heads, frame and postamble first under clean culture wake up association；Secondly promoter Hub sends T- Poll frames, the time slot that node distributes according to T-Poll frames again receive Wakeup frames and proceed by association process with Hub；More Broadcast wake-up association under construct Wakeup frame heads, frame and postamble and allocation index table first, secondly promoter Hub to All nodes send T-Poll frames；The time slot that node distributes according to T-Poll frames again receives Wakeup frames and opened successively with Hub Beginning is associated process；

   The frame head of wake-up association includes FC, HID/NID, BAN ID, and wherein FC controls for frame head, including protocol version, Ack strategy, Level of security, frame type frame control information, the type that frame is set in frame controls is Control Cooling, and subtype is Wakeup frames； Shorten code, the reception for frame data in the address that HID/NID is Hub and BN；BAN ID are the shortening of the body area network of work at present Address, for marking the body area network residing for the frame data；

   Waking up frame includes Add_a, Add_b, SSS, Asso_ctrl, SAD；Wherein Add_a is that Hub requirements are authenticated therewith BN node address or BN address search code, the M=6 bytes in unicast, more sowing time M size is variable；Add_b is current Send the Hub addresses of wake-up correlation signal；SSS is safe socket character selects domain, for determining current security association agreement, safety A series of information for needed for security association of rank, frame certification control, cipher function；Asso_ctrl controls for security association, Including inteerelated order row number and association status；SAD is security association data, random caused by the public key comprising Hub and current Hub Number Nonce_b, 0~(2¹²⁸- 1) randomly selected in, for the certification work after wake-up；

   Wake up postamble to be made up of FCS, using cyclic redundancy sequence CRC check；

   Unicast association process specifically includes：

   Step 1, Hub are corresponding value according to SSS, Asso_ctrl domain that needs to set of present communications, select the private key of oneself SK_b, calculate PK_b=SK_b× G, construct Wakeup frames；After Wakeup frames are sent, T-Poll frames are sent to node；

   Step 2, after node receives wake-up association, obtain the configuration information of this secondary association and Hub public key PK_b, then select certainly Oneself private key SK_aA length of 256 bit, calculate public key PK_a=SK_a× G, after calculating public key, node calculates the public affairs based on password again Key, PK_a'=PK_a- Q (PW), Q (PW)=(Q_X, Q_Y), Q_X=2³²×PW+M_X；Node is according in the Wakeup frames received Nonce_b and the Nonce_a of itself selection are calculated：

   KMAC_1A=CMAC (Temp_1, Add_a | | Add_b | | Nonce_a | | Nonce_b | | SSS, 64)

   KMAC_2A=CMAC (Temp_1, Add_b | | Add_a | | Nonce_b | | Nonce_a | | SSS, 64)；

   Utilize the information PK of above-mentioned calculating_a, KMAC_2A construct the first association request frame, and to Hub send；

   Step 3, after Hub receives the first association request frame, the public key PK of present node is restored first_a=PK_a'+Q (PW), Q (PW) =(Q_X, Q_Y), Q_X=2³²×PW+M_X；M^XTo make Q^XMeet the minimum nonnegative integer of the point on elliptic curve；Calculate DHKey=X (SK_b×PK_a)=X (SK_a×SK_b× G), X () function is the X-coordinate value for taking elliptic curve key here, Temp_1=RMB_ 128 (DHKey), calculated according to the information received and the information being calculated：

   KMAC_1B=CMAC (Temp_1, Add_a | | Add_b | | Nonce_a | | Nonce_b | | SSS, 64)

   KMAC_2B=CMAC (Temp_1, Add_b | | Add_a | | Nonce_b | | Nonce_a | | SSS, 64)

   The KMAC_2A received the and KMAC_2B being calculated, if the same continuing the association of construction second according to KMAC_1B please The step of seeking frame and entering this association request five, cancels this association request if different；

   Step 4, node receive the second association request frame, contrast the KMAC_1A calculated in step 2 and the KMAC_1B received, Cancel this association request if different, if the same into the step of this secondary association five；

   Step 5, node and Hub calculating MK=CMAC (Temp_2, Nonce_a | | Nonce_b, 128) Temp_2=LMB (DHKey) it is, most left 128 of DHKey；Both sides complete to wake up association；

   Multicast association process specifically includes：

   Step 1, Hub are corresponding value according to SSS, Asso_ctrl domain that needs to set of present communications, select the private key of oneself SK_b, calculate PK_b=SK_b×G；The Wakeup frames of broadcast are constructed, and broadcast T-Poll frames, the section of communication in need until receiving The first association request frame that point is sent；

   Step 2, after some node i receives Wakeup frames, according to address choice private key SK_ai, calculate public key PK_ai=SK_ai× G, Calculate the public key based on password, PK_ai'=PK_ai-Q(PW_i), Q (PW_i)=(Q_X, Q_Y)；Q_X=2³²×PW_i+M_X；Select random number Nonce_a_i, calculate DHKey=X (SK_ai×PK_b)=X (SK_ai×SK_b× G), Temp_1=RMB_128 (DHKey), node root According to the Wakeup frame informations received and the Nonce_a of itself selection_iCalculate：

   KMAC_1A=CMAC (Temp_1, Add_a_i||Add_b||Nonce_a_i||Nonce_b||SSS,64)

   KMAC_2A=CMAC (Temp_1, Add_b | | Add_a_i||Nonce_b||Nonce_a_i||SSS,64)

   The association request frame of joint structure first is simultaneously sent；

   Step 3, after Hub receives the first association request frame of the i-th node, the public key of the i-th node is restored first：PK_ai=PK_ai'+Q (PW_i), Q (PW_i)=(Q_X, Q_Y), Q_X=2³²×PW_i+M_X, Q_YFor positive even numbers；Calculate DHKey=X (SK_b×PK_ai)=X (SK_ai× SK_b× G), Temp_1=RMB_128 (DHKey), calculated according to the information received and the information being calculated：

   KMAC_1B=CMAC (Temp_1, Add_a_i||Add_b||Nonce_a_i||Nonce_b||SSS,64)

   KMAC_2B=CMAC (Temp_1, Add_b | | Add_a_i||Nonce_b||Nonce_a_i||SSS,64)

   The KMAC_2A received and the KMAC_2B being calculated are contrasted, if the same continuing construction second according to KMAC_1B closes Join claim frame, cancel this association request if different, Hub calculates MK after sending the second association request frame_i=CMAC (Temp_2,Nonce_a_i||Nonce_b,128)

   For Hub and the master key of the i-th node；

   Step 4, the i-th node receive the second association request frame, contrast the KMAC_1A calculated in step 2 and the KMAC_ received 1B, cancel this association request if different, if identical calculations MK_i=CMAC (Temp_2, Nonce_a_i||Nonce_b, 128)

   For the i-th node and Hub master key.
2. 2. the method for wireless body area network fast wake-up association as claimed in claim 1, it is characterised in that the wireless body area network is fast The method interior joint that speed wakes up association is to be in notconnect state.