[go: up one dir, main page]

CN117896081A - A roadside equipment MQTT connection authentication method and system - Google Patents

A roadside equipment MQTT connection authentication method and system Download PDF

Info

Publication number
CN117896081A
CN117896081A CN202211251135.6A CN202211251135A CN117896081A CN 117896081 A CN117896081 A CN 117896081A CN 202211251135 A CN202211251135 A CN 202211251135A CN 117896081 A CN117896081 A CN 117896081A
Authority
CN
China
Prior art keywords
authentication
road side
request
side equipment
password
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211251135.6A
Other languages
Chinese (zh)
Inventor
张锦煌
李彦琪
杨俊辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xiamen Yaxon Networks Co Ltd
Original Assignee
Xiamen Yaxon Networks Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xiamen Yaxon Networks Co Ltd filed Critical Xiamen Yaxon Networks Co Ltd
Priority to CN202211251135.6A priority Critical patent/CN117896081A/en
Publication of CN117896081A publication Critical patent/CN117896081A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Traffic Control Systems (AREA)

Abstract

The invention relates to a method and a system for MQTT connection authentication of road side equipment, wherein the method comprises the following steps: the user sends a user name registration and password generation request to the cloud; the cloud performs user name registration and authentication password generation, and returns to the user; the cloud end performs salted hash operation based on the authentication password to generate a corresponding salted hash ciphertext; a user initiates an authentication request from road side equipment to an MQTT server by adopting a user name and an authentication password; the MQTT server inquires corresponding salt values, salt adding modes and salt adding hash ciphertexts from a database based on the user name in the authentication request; and performing salted hash operation on the authentication password based on the query result, comparing the operation result with the salted hash ciphertext obtained by the query to obtain the authentication result, and returning the authentication result to the road side equipment. The method solves the potential information safety hazard possibly existing in the password transmission process and the database disclosure, and increases the safety of the cloud platform.

Description

MQTT connection authentication method and system for road side equipment
Technical Field
The invention relates to the technical field of intelligent manufacturing, in particular to a method and a system for MQTT connection authentication of road side equipment.
Background
V2X car way cooperation belongs to the category of internet of things (IoT), and a large number of road side devices (such as road side communication units RSU, edge servers MEC, cameras, radars and the like) are accessed to the cloud through the internet in the implementation process, and at present, interaction between the devices and cloud data is realized mainly by using an MQTT protocol. In order to prevent an unknown device from accessing, the MQTT server performs authentication operation before the device accesses, and an authentication flow is shown in fig. 1, and includes: the device carries a user name and a password to issue an authentication request to the MQTT server, and the MQTT server checks the validity of the password, and the following problems may exist in the mode:
(1) The communication safety hidden trouble exists in the transmission of the cipher plaintext;
(2) The password plaintext is stored in a database, and when the database data is leaked, the password potential safety hazard exists.
Disclosure of Invention
In order to solve the problems, the invention provides a method and a system for MQTT connection authentication of road side equipment, so as to solve the potential safety hazard of the authentication storage of the existing equipment.
The specific scheme is as follows:
the MQTT connection authentication method of the road side equipment comprises the following steps:
s1: the user sends a user name registration and password generation request to the cloud;
s2: after receiving the request, the cloud end registers the user name contained in the request, and simultaneously, after generating an authentication password based on the encryption of the equipment key contained in the request, the cloud end returns the user name and the authentication password to the user;
s3: the cloud end randomly distributes corresponding salt values and salt adding modes according to the registered user names, and performs salt adding hash operation on the basis of the authentication passwords, the salt values and the salt adding modes to generate corresponding salt adding hash ciphertext; storing a salt value, a salt adding mode and a salt adding hash ciphertext corresponding to the user name in a database;
s4: a user initiates an authentication request from the road side equipment to an MQTT server of the cloud by adopting a user name and an authentication password;
s5: the MQTT server inquires corresponding salt values, salt adding modes and salt adding hash ciphertexts from a database based on the user name in the authentication request;
s6: the MQTT server carries out salted hash operation on the authentication password in the authentication request based on the salt value obtained by inquiry and a salted mode, compares the operation result with the salted hash ciphertext obtained by inquiry, and if the operation result is consistent with the salted hash ciphertext obtained by inquiry, sets the authentication result as authentication passing; otherwise, setting the authentication result as that the authentication is not passed;
s7: the MQTT server returns an authentication result to the road side equipment;
s8: when the authentication result received by the road side equipment is that the authentication passes, the road side equipment accesses the MQTT server.
Further, in step S1, the user sends a request to the cloud through a portal or a console.
Further, the encryption algorithm employs SHA256.
Further, in step S4, after the user sets the user name and the authentication password for the authentication request by the roadside device through the upper computer in communication with the roadside device, the roadside device initiates the authentication request to the MQTT server by using the set user name and authentication password.
The MQTT connection authentication system for the road side equipment comprises the road side equipment and a cloud end, and the system realizes the steps of the method in the embodiment of the invention.
According to the technical scheme, through two different hash algorithms, the potential information safety hazards possibly existing in the password transmission process and the database leakage are respectively solved, the access of illegal equipment and the transmission of sensitive data are effectively resisted in the field of Internet of things such as vehicle-road cooperation, and the security of a cloud platform is improved.
Drawings
Fig. 1 is a schematic diagram of an authentication flow before a conventional device accesses an MQTT server.
Fig. 2 is a schematic diagram of a salt hash ciphertext generation process according to a first embodiment of the invention.
Fig. 3 is a flow chart of a method according to a first embodiment of the invention.
Detailed Description
For further illustration of the various embodiments, the invention is provided with the accompanying drawings. The accompanying drawings, which are incorporated in and constitute a part of this disclosure, illustrate embodiments and together with the description, serve to explain the principles of the embodiments. With reference to these matters, one of ordinary skill in the art will understand other possible embodiments and advantages of the present invention.
The invention will now be further described with reference to the drawings and detailed description.
Embodiment one:
the embodiment of the invention provides a method for authenticating MQTT connection of road side equipment, which is shown in figure 3 and comprises the following steps:
s1: and the user sends a user name registration and password generation request to the cloud.
When the user directly sends a request to the cloud, the request can be sent through a portal or a corresponding console.
The password generation request should include at least the device key required for generating the authentication password.
S2: and after receiving the request, the cloud end registers the user name contained in the request, and simultaneously generates an authentication password based on the encryption of the equipment key contained in the request, and returns the user name and the authentication password to the user.
The authentication password is generated by adopting a common hash encryption algorithm, and in the embodiment, the authentication password is encrypted by adopting an SHA256 algorithm based on a device secret key and a random time stamp.
S3: the cloud end randomly distributes corresponding salt values and salt adding modes according to the registered user names, and performs salt adding hash operation on the basis of the authentication passwords, the salt values and the salt adding modes to generate corresponding salt adding hash ciphertext; and storing the salt value, the salt adding mode and the salt adding hash ciphertext corresponding to the user name in a database.
The salt hash ciphertext generation process adopted in the embodiment is shown in fig. 2, and the salt hash ciphertext is obtained through SHA256 salt hash.
S4: and the user initiates an authentication request from the road side equipment to the MQTT server of the cloud by adopting the user name and the authentication password.
In the embodiment, after a user sets a user name and an authentication password for an authentication request of a road side device through an upper computer communicated with the road side device, the road side device initiates the authentication request to an MQTT server by adopting the set user name and the set authentication password.
S5: the MQTT server inquires corresponding salt values, salt adding modes and salt adding hash ciphertexts from the database based on the user names in the authentication requests.
S6: the MQTT server carries out salted hash operation on the authentication password in the authentication request based on the salt value obtained by inquiry and a salted mode, compares the operation result with the salted hash ciphertext obtained by inquiry, and if the operation result is consistent with the salted hash ciphertext obtained by inquiry, sets the authentication result as authentication passing; otherwise, the authentication result is set as that the authentication is not passed.
The salification hash operation adopted in step S6 is the same as the algorithm of the salification hash operation adopted in step S3.
S7: and the MQTT server returns the authentication result to the road side equipment.
S8: when the authentication result received by the road side equipment is that the authentication is passed, the road side equipment accesses the MQTT server to realize the interaction of data and information; when the authentication result received by the road side equipment is that the authentication is not passed, the road side equipment cannot access the MQTT server.
When the database password is leaked, if the authentication password is directly stored in the database, the authentication password can be easily stolen and directly used for authentication of other unknown equipment, if the salinized hash algorithm adopted in the embodiment is adopted to perform salinized hash calculation on the authentication password to form irreversible salinized hash, the irreversible salinized hash is stored in the database, when the equipment is authenticated, the MQTT server performs salinized hash calculation on the received authentication password and a corresponding salt value in the database in the same salinized mode, and the result is consistent with the hash value of the database, and the authentication is passed.
According to the embodiment of the invention, through two different hash algorithms, the potential information safety hazards possibly existing in the password transmission process and the database disclosure are respectively solved, the access of illegal equipment and the transmission of sensitive data are effectively resisted in the field of Internet of things such as vehicle-road cooperation, and the security of a cloud platform is increased.
Embodiment two:
the invention also provides an MQTT connection authentication system of the road side equipment, which comprises the road side equipment and a cloud end, wherein the cloud end comprises a database, an MQTT server and other service modules for executing the methods of the steps S2 and S3, and the system realizes the steps in the method embodiment of the first embodiment of the invention.
While the invention has been particularly shown and described with reference to a preferred embodiment, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (5)

1. The MQTT connection authentication method for the road side equipment is characterized by comprising the following steps of:
s1: the user sends a user name registration and password generation request to the cloud;
s2: after receiving the request, the cloud end registers the user name contained in the request, and simultaneously, after generating an authentication password based on the encryption of the equipment key contained in the request, the cloud end returns the user name and the authentication password to the user;
s3: the cloud end randomly distributes corresponding salt values and salt adding modes according to the registered user names, and performs salt adding hash operation on the basis of the authentication passwords, the salt values and the salt adding modes to generate corresponding salt adding hash ciphertext; storing a salt value, a salt adding mode and a salt adding hash ciphertext corresponding to the user name in a database;
s4: a user initiates an authentication request from the road side equipment to an MQTT server of the cloud by adopting a user name and an authentication password;
s5: the MQTT server inquires corresponding salt values, salt adding modes and salt adding hash ciphertexts from a database based on the user name in the authentication request;
s6: the MQTT server carries out salted hash operation on the authentication password in the authentication request based on the salt value obtained by inquiry and a salted mode, compares the operation result with the salted hash ciphertext obtained by inquiry, and if the operation result is consistent with the salted hash ciphertext obtained by inquiry, sets the authentication result as authentication passing; otherwise, setting the authentication result as that the authentication is not passed;
s7: the MQTT server returns an authentication result to the road side equipment;
s8: when the authentication result received by the road side equipment is that the authentication passes, the road side equipment accesses the MQTT server.
2. The roadside device MQTT connection authentication method of claim 1, wherein: in step S1, the user sends a request to the cloud through a portal or a console.
3. The roadside device MQTT connection authentication method of claim 1, wherein: the encryption algorithm employs SHA256.
4. The roadside device MQTT connection authentication method of claim 1, wherein: in step S4, after the user sets the user name and the authentication password for the authentication request by the road side equipment through the upper computer communicated with the road side equipment, the road side equipment initiates the authentication request to the MQTT server by adopting the set user name and the authentication password.
5. The road side device MQTT connection authentication system is characterized in that: the system comprises road side equipment and a cloud end, wherein the system realizes the method as claimed in any one of claims 1 to 4.
CN202211251135.6A 2022-10-13 2022-10-13 A roadside equipment MQTT connection authentication method and system Pending CN117896081A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211251135.6A CN117896081A (en) 2022-10-13 2022-10-13 A roadside equipment MQTT connection authentication method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211251135.6A CN117896081A (en) 2022-10-13 2022-10-13 A roadside equipment MQTT connection authentication method and system

Publications (1)

Publication Number Publication Date
CN117896081A true CN117896081A (en) 2024-04-16

Family

ID=90640043

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211251135.6A Pending CN117896081A (en) 2022-10-13 2022-10-13 A roadside equipment MQTT connection authentication method and system

Country Status (1)

Country Link
CN (1) CN117896081A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118827031A (en) * 2024-07-10 2024-10-22 浪潮通信技术有限公司 Dynamic authentication method and system based on MQTT server plug-in

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118827031A (en) * 2024-07-10 2024-10-22 浪潮通信技术有限公司 Dynamic authentication method and system based on MQTT server plug-in

Similar Documents

Publication Publication Date Title
CN112671798B (en) Service request method, device and system in Internet of vehicles
CN111708991B (en) Service authorization method, device, computer equipment and storage medium
US8584218B2 (en) Disconnected credential validation using pre-fetched service tickets
CN103517273B (en) Authentication method, managing platform and Internet-of-Things equipment
CN113691502B (en) Communication method, device, gateway server, client and storage medium
JP7421771B2 (en) Methods, application servers, IOT devices and media for implementing IOT services
CN111970299A (en) Block chain-based distributed Internet of things equipment identity authentication device and method
US8977857B1 (en) System and method for granting access to protected information on a remote server
CN104216907A (en) Method, device and system for providing database access control
KR20210095093A (en) Method for providing authentification service by using decentralized identity and server using the same
US11757877B1 (en) Decentralized application authentication
CN103475666A (en) Internet of things resource digital signature authentication method
CN115277168A (en) Method, device and system for accessing server
CN116074028B (en) Access control method, device and system for encrypted traffic
CN119484898B (en) Encrypted video playing method and device, storage medium and computer equipment
CN116707983A (en) Authorization authentication method and device, access authentication method and device, equipment, medium
CN118102301B (en) Vehicle network identity authentication method, device and storage medium based on vehicle trust
JP2024501326A (en) Access control methods, devices, network equipment, terminals and blockchain nodes
RU2698424C1 (en) Authorization control method
CN114091009A (en) Method for establishing secure link by using distributed identity
CN118214586A (en) Identity authentication method, system, equipment and storage medium
CN108599936A (en) A kind of OpenStack increases income the safety certifying method of cloud user
CN108667800B (en) Access authority authentication method and device
CN117896081A (en) A roadside equipment MQTT connection authentication method and system
WO2018164673A1 (en) Data message authentication based on a random number

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
CB02 Change of applicant information

Country or region after: China

Address after: 303-e, Zone C, innovation building, software park, Xiamen Torch hi tech Zone, Xiamen, Fujian, 361000

Applicant after: Xiamen Yaxun Zhilian Technology Co.,Ltd.

Address before: 303-e, Zone C, innovation building, software park, Xiamen Torch hi tech Zone, Xiamen, Fujian, 361000

Applicant before: XIAMEN YAXON NETWORK Co.,Ltd.

Country or region before: China

CB02 Change of applicant information
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination