CN120165847A - Authentication method, device, equipment and storage medium based on quantum key and PUF - Google Patents

Authentication method, device, equipment and storage medium based on quantum key and PUF Download PDF

Info

Publication number
CN120165847A
CN120165847A CN202510289991.8A CN202510289991A CN120165847A CN 120165847 A CN120165847 A CN 120165847A CN 202510289991 A CN202510289991 A CN 202510289991A CN 120165847 A CN120165847 A CN 120165847A
Authority
CN
China
Prior art keywords
authentication
puf
quantum key
environment
quantum
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202510289991.8A
Other languages
Chinese (zh)
Inventor
谈剑锋
付宗玉
龚蔚
钱金金
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Guzi Cultural Technology Co ltd
Original Assignee
Hangzhou Guzi Cultural Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Guzi Cultural Technology Co ltd filed Critical Hangzhou Guzi Cultural Technology Co ltd
Priority to CN202510289991.8A priority Critical patent/CN120165847A/en
Publication of CN120165847A publication Critical patent/CN120165847A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/001Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using chaotic signals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Theoretical Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the application provides an authentication method, device, equipment and storage medium based on a quantum key and a PUF. The method comprises the steps of obtaining an authentication request of the mobile terminal and extracting a quantum random source from the authentication request. And evaluating the authentication environment according to the environment data and the abnormality detection model, and judging whether the authentication environment is abnormal. And if the authentication environment is normal, performing chaotic mapping on the quantum random source to generate a dynamic challenge code, and if the authentication environment is abnormal, terminating the authentication process. And packaging the dynamic challenge code and the multi-mode PUF array, obtaining a quantum key, sending the quantum key to an authentication end, performing intelligent contract authentication on the quantum key by the authentication end, and sending an authentication result to the mobile terminal through a blockchain authentication node. In this way, the security and reliability of the authentication process can be improved, and the authentication requirement of multi-device cooperation can be met.

Description

Authentication method, device, equipment and storage medium based on quantum key and PUF
Technical Field
Embodiments of the present application relate to the field of identity authentication, and in particular, to an authentication method, apparatus, device, and storage medium based on a quantum key and PUF.
Background
With the widespread use of the internet of things (IoT, internet of Things) and the industrial internet of things (IIoT, INTELLIGENT INTERCONNECTION OF THINGS), device identity authentication has become a core requirement for guaranteeing system security. Physical unclonable (PUF, physical Unclonable Functions) is widely used for device identification and authentication by virtue of its uniqueness generated based on hardware features. However, the prior PUF technology faces multiple bottlenecks in complex application scenarios. Firstly, the traditional PUF is sensitive to environmental factors, so that the physical characteristic response of the traditional PUF is easy to drift, and the authentication stability is reduced. Secondly, the PUF mechanism relies on a fixed key store, and an attacker can acquire a response rule through machine learning modeling or side channel analysis, so that security risks are caused. In addition, the existing PUF scheme also lacks a defense mechanism for resisting quantum attack, and the authentication scheme focuses on a single problem, so that comprehensive challenges such as dynamic environment adaptability, resistance to machine learning modeling attack, quantum security and the like cannot be systematically solved.
Therefore, an innovative authentication method integrating environmental robustness, dynamic security mechanism and quantum defense capability is needed to meet the authentication requirements of high security, high reliability and multi-device cooperation of the industrial internet of things.
Disclosure of Invention
According to the embodiment of the application, an authentication scheme based on a quantum key and a PUF is provided, so that the safety and reliability of an authentication process can be improved, and the safety authentication requirement of Internet of things equipment can be met.
In a first aspect of the application, an authentication method based on a quantum key and a PUF is provided. The method comprises the following steps:
acquiring an authentication request of a mobile terminal, and extracting a quantum random source from the authentication request;
Evaluating the authentication environment according to the environment data and the abnormality detection model, and judging whether the authentication environment is abnormal;
if the authentication environment is normal, chaotic mapping is carried out on the quantum random source, a dynamic challenge code is generated, and if the authentication environment is abnormal, the authentication process is terminated;
Packaging the dynamic challenge code and the multi-mode PUF array, obtaining a quantum key, and sending the quantum key to an authentication end;
the authentication end performs intelligent contract authentication on the quantum key, and sends an authentication result to the mobile terminal through the blockchain authentication storage node.
In one possible implementation, the anomaly detection model includes an input layer, a convolution layer, a pooling layer, a full connection layer, and an output layer;
the anomaly detection model is trained from historical authentication request frequency, historical authentication response time, historical environmental parameters and historical environmental security tags.
In one possible implementation, if the authentication environment is normal, performing chaotic mapping on the quantum random source to generate a dynamic challenge code, including:
Using a quantum random source as an initial value of a chaotic mapping function, and generating a chaotic sequence by using the chaotic mapping function;
injecting a time stamp into the chaotic sequence to obtain an enhanced chaotic sequence;
and inputting the enhanced chaotic sequence into the SHA-256 hash function to generate a dynamic challenge code.
In one possible implementation, the multi-modal PUF array includes a timing PUF, an optical PUF, and a hysteresis PUF;
The multi-mode PUF array is calculated according to the response value of the time sequence PUF, the response value of the optical PUF, the response value of the hysteresis PUF, the environmental noise parameter and the environmental stability index.
In one possible implementation, packaging the dynamic challenge code and the multi-modal PUF array to obtain the quantum key includes:
the dynamic challenge code and the multi-modal PUF array are encapsulated using the CRYSTALS-Kyber algorithm.
In one possible implementation, the authenticating terminal performs smart contract authentication on the quantum key, including:
Carrying out hash value verification, multi-mode response fusion verification, environment parameter verification and timestamp verification on the quantum key in sequence;
The hash value verification is to verify the hash value generated by carrying out hash calculation on the quantum key;
The multi-mode response fusion verification is to verify the multi-mode PUF array in the quantum key;
verifying environmental parameters to detect whether the temperature, the humidity and the illumination intensity are in preset ranges;
timestamp validation is the validation of the validity of a quantum key.
Optionally, the hash value verification further includes:
storing a hash value generated by carrying out hash calculation on the quantum key to a block chain evidence storage node;
when the mobile terminal acquires the authentication result, carrying out hash calculation on the quantum key again to generate a verification hash value;
comparing the hash value with the verification hash value, judging whether the quantum key is tampered, if so, failing authentication, and if not, successful authentication.
In a second aspect of the application, an authentication device based on a quantum key and a PUF is provided. The device comprises:
the acquisition module is used for acquiring an authentication request of the mobile terminal and extracting a quantum random source from the authentication request;
The authentication environment evaluation module is used for evaluating the authentication environment according to the environment data and the abnormality detection model and judging whether the authentication environment is abnormal or not;
The judging module carries out chaotic mapping on the quantum random source to generate a dynamic challenge code if the authentication environment is normal, and terminates the authentication process if the authentication environment is abnormal;
The packaging module is used for packaging the dynamic challenge code and the multi-mode PUF array, obtaining a quantum key and sending the quantum key to the authentication end;
And the authentication module performs intelligent contract authentication on the quantum key by the authentication end and sends an authentication result to the mobile terminal through the blockchain authentication storage node.
In a third aspect of the application, an electronic device is provided. The electronic device comprises a memory and a processor, the memory having stored thereon a computer program, the processor implementing the method as described above when executing the program.
In a fourth aspect of the application, there is provided a computer readable storage medium having stored thereon a computer program which when executed by a processor implements a method as according to the first aspect of the application.
According to the authentication method based on the quantum key and the PUF, provided by the embodiment of the application, the authentication request of the mobile terminal is obtained, and the quantum random source is extracted from the authentication request. And evaluating the authentication environment according to the environment data and the abnormality detection model, and judging whether the authentication environment is abnormal. And if the authentication environment is normal, performing chaotic mapping on the quantum random source to generate a dynamic challenge code, and if the authentication environment is abnormal, terminating the authentication process. The dynamic challenge code and the multi-mode PUF array are packaged, the quantum key is obtained and sent to the authentication end, the authentication end carries out intelligent contract authentication on the quantum key, and an authentication result is sent to the mobile terminal through the blockchain authentication storage node, so that efficient, safe and reliable identity authentication is realized, and meanwhile, the safety of the whole Internet of things system is guaranteed.
It should be understood that the description in this summary is not intended to limit the critical or essential features of the embodiments of the application, nor is it intended to limit the scope of the application. Other features of the present application will become apparent from the description that follows.
Drawings
The above and other features, advantages and aspects of embodiments of the present application will become more apparent by reference to the following detailed description when taken in conjunction with the accompanying drawings. In the drawings, wherein like or similar reference numerals denote like or similar elements, in which:
fig. 1 is a flow chart of a method of quantum key and PUF based authentication according to an embodiment of the application;
FIG. 2 is a schematic diagram of an abnormality detection model according to an embodiment of the present application;
FIG. 3 is a flow chart of generating a dynamic challenge code according to an embodiment of the present application;
fig. 4 is a block diagram of a quantum key and PUF based authentication device according to an embodiment of the application;
fig. 5 is a schematic diagram of a structure of a terminal device or a server suitable for implementing an embodiment of the present application.
Detailed Description
For the purposes of making the objects, technical solutions and advantages of the embodiments of the present disclosure more apparent, the technical solutions of the embodiments of the present disclosure will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present disclosure, and it is apparent that the described embodiments are some embodiments of the present disclosure, but not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments in this disclosure without inventive faculty, are intended to be within the scope of this disclosure.
In addition, the term "and/or" is merely an association relation describing the association object, and means that three kinds of relations may exist, for example, a and/or B, and that three kinds of cases where a exists alone, while a and B exist alone, exist alone. In addition, the character "/" herein generally indicates that the front and rear associated objects are an "or" relationship.
Fig. 1 is a flow chart of a method of authentication based on a quantum key and PUF according to an embodiment of the application. Referring to fig. 1, the method includes:
s101, acquiring an authentication request of the mobile terminal, and extracting a quantum random source from the authentication request.
The quantum random source is a high-entropy random number seed generated by a quantum random number generator by utilizing the inherent randomness of quantum physics (such as quantum vacuum fluctuation and the like). The quantum random source in the application is 512 bits in size.
In the embodiment, the quantum random source generated based on the quantum mechanics principle is adopted, so that the unpredictability and true randomness are realized, and the mathematical loophole of the traditional pseudo-random algorithm is avoided.
S102, evaluating the authentication environment according to the environment data and the abnormality detection model, and judging whether the authentication environment is abnormal.
In the embodiment, the abnormal environment is detected in real time through the environment data and the abnormal detection model, so that the safety of the authentication process is ensured, and the hysteresis of the traditional static rule base is avoided.
Optionally, the anomaly detection model includes an input layer, a convolution layer, a pooling layer, a full connection layer, and an output layer;
the anomaly detection model is trained from historical authentication request frequency, historical authentication response time, historical environmental parameters and historical environmental security tags.
Fig. 2 is a schematic structural diagram of an abnormality detection model according to an embodiment of the present application, as shown in fig. 2:
The anomaly detection model comprises an input layer, a convolution layer, a pooling layer, a full connection layer and an output layer. The input layer is used to receive feature data from the authentication system including, but not limited to, authentication request frequency, authentication response time, and environmental parameters. The convolution layers 1 and 2 are used for extracting local features of data, the convolution kernel size of the convolution layer 1 is 3×3, the step length is 1, the filling is 1, the output channel number is 16, the convolution kernel size of the convolution layer 2 is 3×3, the step length is 1, the filling is 1, and the output channel number is 32. The ReLU activation layer uses ReLU activation functions to increase the non-linear characteristics in the model. The pooling layer 1 and the pooling layer 2 adopt maximum pooling to extract the maximum value in the local area, the pooling core size is 2 multiplied by 2, and the step length is 2, so that the dimension of data is reduced, and the calculation amount of a model is reduced. The full connection layer 1 and the full connection layer 2 are used for globally classifying local features extracted by the convolution layer and the pooling layer, outputting an abnormality detection result, wherein the output dimension of the full connection layer 1 is 64, the input dimension of the full connection layer 2 is 64, and the output dimension is 2. The output layer adopts a Softmax activation function for outputting a detection result of whether the authentication environment is abnormal or not.
In addition, the anomaly detection model is trained by the historical authentication request frequency, the historical authentication response time, the historical environmental parameters and the historical environmental security tags, and training data examples of the anomaly detection model are as follows:
in this embodiment, the simplest neural network is used to realize a lightweight model structure combination, and it is able to accurately determine whether the authentication environment is abnormal while effectively extracting local features of data.
S103, if the authentication environment is normal, chaotic mapping is carried out on the quantum random source, a dynamic challenge code is generated, and if the authentication environment is abnormal, the authentication process is terminated.
In this embodiment, the authentication is directly terminated by the abnormal authentication environment predicted by the abnormal detection model, so that the waste of resources and potential attack heuristics are avoided.
Optionally, if the authentication environment is normal, performing chaotic mapping on the quantum random source to generate a dynamic challenge code, including:
Using a quantum random source as an initial value of a chaotic mapping function, and generating a chaotic sequence by using the chaotic mapping function;
injecting a time stamp into the chaotic sequence to obtain an enhanced chaotic sequence;
and inputting the enhanced chaotic sequence into the SHA-256 hash function to generate a dynamic challenge code.
Fig. 3 is a flowchart of generating a dynamic challenge code according to an embodiment of the present application, as shown in fig. 3.
In one possible implementation, the chaotic mapping function uses a Logistic mapping function, where the Logistic mapping is a quadratic polynomial mapping, and is often used to show how a system transitions from simple behavior to complex chaotic behavior, and the calculation formula is as follows:
xn+1=μxn(1-xn),
Wherein x n+1 is the (n+1) th value in the generated chaotic sequence, x n is the (n) th value in the generated chaotic sequence, mu is a chaotic super-parameter, is generally set to 3.99, approaches to the chaotic region boundary of the chaotic map, and ensures that the generated sequence has high randomness and unpredictability. Furthermore, an initial value x 0 of the chaotic sequence is a quantum random source generated by a quantum random generator. Finally, the length of the chaotic sequence generated in the application is 1024 bits. Furthermore, in order to further enhance the randomness and uniqueness of the chaotic sequence, the current time stamp (accurate to microseconds) is spliced with the chaotic sequence to obtain an enhanced chaotic sequence, so that the challenge code generated each time is ensured to have uniqueness in time.
In addition, SHA-256 (Secure Hash Algorithm-bit, cryptographic hash function) is a cryptographic hash function that outputs a 256-bit hash value over multiple rounds of complex processing, compressing long input sequences into a fixed-length output, while preserving the randomness and unpredictability of the input sequences. In the application, the SHA-256 hash function is used for processing the enhanced chaotic sequence to generate the 256-bit dynamic challenge code, so that the security of the finally generated dynamic challenge code is ensured.
In the embodiment, the combination of the quantum random source and the chaotic mapping function ensures the unpredictability, uniqueness, collision resistance and irreversibility of the dynamic challenge code so as to meet the safety requirement of the identity authentication of the equipment of the Internet of things.
S104, packaging the dynamic challenge code and the multi-mode PUF array, obtaining a quantum key, and sending the quantum key to an authentication end.
In the embodiment, the quantum key is formed by packaging the dynamic challenge code and the multi-mode PUF array, so that the uniqueness of hardware is enhanced, side channel analysis and cloning are effectively resisted, and the quantum key generation process is guaranteed to have the capability of resisting man-in-the-middle attack.
Optionally, the multi-modal PUF array includes a timing PUF, an optical PUF, and a hysteresis PUF;
The multi-mode PUF array is calculated according to the response value of the time sequence PUF, the response value of the optical PUF, the response value of the hysteresis PUF, the environmental noise parameter and the environmental stability index.
Wherein the multi-modal PUF array enhances the security and robustness of the system by integrating the timing PUF, the optical PUF and the hysteresis PUF. The timing PUF is based on a delay chain design, consisting of a plurality of delay cells including but not limited to a ring oscillator (RO, ring OSCillatior) or Look-Up Table (LUT) based delay module and an arbiter. Timing PUF (Timing PUF) produces a unique response by comparing the propagation times of the signals on different delay paths, which is very sensitive to process variations in the manufacturing process, thus ensuring its unclonability. The optics PUF (Optical PUF) use the scattering properties of the optical material (including but not limited to VO2 nanocrystalline films) to generate a response, generate a unique speckle pattern by laser irradiation, capture the speckle pattern by an optical sensor, and convert it to a digital signal as a response, have a high degree of randomness and unclonability, and are very resistant to machine learning attacks. Hysteresis PUF (Hysteresis PUF) uses magnetic materials (including but not limited to magnetic nanoparticles or thin films) to make the hysteresis curve a part of the response with obvious hysteresis characteristics, since the hysteresis response is not only dependent on the current state, but also related to the historical state, describing the challenge-response behavior provides additional security. In the present application, the timing PUF, the optical PUF and the hysteresis PUF are integrated on a chip in an array form, and each PUF module works independently but is coordinated by a central control unit. The time sequence PUF module is located in the center area of the chip, is convenient to integrate with other circuits, the optical PUF module is close to the edge of the chip, is convenient for inputting and outputting optical signals, and the hysteresis PUF module is located on the other side of the chip so as to avoid electromagnetic interference with other modules. Each PUF module is connected to the central control unit via a dedicated interface for transmitting challenge signals and response signals.
In one possible implementation, the response weights of the modal PUFs are dynamically adjusted by the environmental noise parameter, the environmental stability index, and the response value of each PUF module, thereby generating a final multi-modal PUF array. The calculation formula of the multi-modal array is as follows:
Wherein R all is a multi-mode PUF array, W i is the dynamic weight of the ith module PUF, R i is the response value of the ith module PUF, and M is the number of PUFs in the multi-mode PUF array. The calculation formula of the dynamic weight W i of the i-th module PUF is as follows:
wherein W i is the weight of the ith modality PUF, sigma i is the environmental noise parameter of the ith modality PUF, which is obtained by calculating the current environmental noise variance, E i is the environmental stability index of the ith modality PUF, and alpha and beta are super parameters for balancing the environmental noise and the environmental stability.
In addition, the environmental stability index is a dynamic index for measuring the stability of the ith modal PUF under the current environmental condition, and is calculated by collecting environmental parameters and response values of each modal PUF, and dynamically updated according to real-time data. The calculation formula of the environmental stability index E i is as follows:
Wherein var (R i) is the variance of the response value of the ith mode PUF, var (e) is the variance of the environmental parameter corresponding to each PUF, the environmental parameter corresponding to the time sequence PUF is the temperature parameter, the environmental parameter corresponding to the optical PUF is the humidity parameter, and the environmental parameter corresponding to the hysteresis PUF is the illumination parameter. For example, the response value R 1 = [0.1,0.2,0.3,0.4,0.5] of the timing PUF, the response value R 2 = [0.2,0.3,0.4,0.5,0.6] of the optical PUF, the response value R 3 = [0.3,0.4,0.5,0.6,0.7] of the hysteresis PUF, the environmental parameters collected by the environmental sensor are in turn the temperature parameter e T = [25,26,27,28,29] (unit: ° C), the humidity parameter e H = [40,45,50,55,60] (unit:%), the illumination parameter e L = [500,600,700,800,900] (unit: lux), the environmental stability index is in turn :var(R1)=0.02,var(R2)=0.02,var(R3)=0.02,var(eT)=2.5,var(eH)=25,var(eL)=10000,:
in the embodiment, through integrating PUFs of multiple modes, the anti-attack capability of the system, particularly the defending capability on quantum computing attack is enhanced, and the dynamic weight distribution mechanism can automatically adjust response weights according to environmental changes, so that the robustness of the system is improved.
Optionally, packaging the dynamic challenge code and the multi-mode PUF array to obtain the quantum key, including:
the dynamic challenge code and the multi-modal PUF array are encapsulated using the CRYSTALS-Kyber algorithm.
The CRYSTALS-Kyber algorithm is a post quantum public key encryption and key packaging mechanism based on Lattice cryptography (Lattice-Based Cryptography), is based on a modularized error learning problem (MLWE, module LEARNING WITH Errors), and is used for attributing security to the shortest vector problem (SVP, shortest Vector Problem) in Lattice theory, and the generated quantum key can effectively resist quantum computing attacks.
In the embodiment, the dynamic challenge code and the multi-mode PUF array are packaged and packaged through a CRYSTALS-Kyber algorithm, so that the security of the quantum key can be effectively enhanced, and the lightweight key package is realized under the condition that the resources of the Internet of things equipment are limited.
S105, the authentication end performs intelligent contract authentication on the quantum key, and an authentication result is sent to the mobile terminal through the blockchain authentication storage node.
In the embodiment, the intelligent contract can automatically execute the key matching logic, so that the risk of human intervention is eliminated, and the authentication result is stored and sent in a distributed manner through the blockchain storage certificate node, so that single-point tampering or repudiation is effectively prevented.
Optionally, the authenticating terminal performs intelligent contract authentication on the quantum key, including:
Carrying out hash value verification, multi-mode response fusion verification, environment parameter verification and timestamp verification on the quantum key in sequence;
The hash value verification is to verify the hash value generated by carrying out hash calculation on the quantum key;
The multi-mode response fusion verification is to verify the multi-mode PUF array in the quantum key;
verifying environmental parameters to detect whether the temperature, the humidity and the illumination intensity are in preset ranges;
timestamp validation is the validation of the validity of a quantum key.
The hash value verification is used for carrying out hash calculation on the quantum key to generate a hash value, and when verification is needed, the hash value of the quantum key is recalculated, and then is compared with the hash value calculated before, so that the quantum key is ensured not to be tampered. The multi-modal response fusion verification is to verify the multi-modal PUF array in the quantum key, and the authentication reliability is ensured by utilizing the uniqueness of the multi-modal PUF array. The environmental parameters are verified to be whether the detected temperature, humidity and illumination are within a preset range, for example, the temperature preset range is 20-30 ℃, the humidity preset range is 35% -65%, and the illumination preset range is 400-1000 lux. If the environmental parameter is outside the preset range, the authentication result is marked as failed or needs further verification. The time stamp verification is to verify the validity of the quantum key, and if the time stamp of the authentication result and related data (environmental parameters and the like) is abnormal (such as time reversal or unreasonable time interval), the authentication result is marked as invalid.
In the embodiment, hash value verification, multi-mode response fusion verification, environment parameter verification and time stamp verification are sequentially adopted in intelligent contract authentication, and the credibility of authentication is guaranteed from multiple dimensions.
Optionally, the hash value verification further includes:
storing a hash value generated by carrying out hash calculation on the quantum key to a block chain evidence storage node;
when the mobile terminal acquires the authentication result, carrying out hash calculation on the quantum key again to generate a verification hash value;
comparing the hash value with the verification hash value, judging whether the quantum key is tampered, if so, failing authentication, and if not, successful authentication.
For example, after the quantum key is packaged, performing hash calculation on the quantum key to generate a first hash value, storing the first hash value to a blockchain storage node, then, when the mobile terminal needs to acquire an authentication result, performing hash calculation on the quantum key again to generate a second hash value, comparing the first hash value with the second hash value, judging whether the quantum key is tampered, if so, performing authentication failure, and if not, performing authentication success. When the Internet of things equipment reports data each time, the quantum key hash value needs to be recalculated and compared with the on-chain record, so that the data is effectively prevented from being forged by a middleman.
In the embodiment, the hash value of the quantum key is stored to the blockchain storage certificate node in a distributed mode, so that the stored hash value cannot be tampered or deleted, and the trust barrier among heterogeneous systems is solved.
According to the embodiment of the disclosure, the following technical effects are achieved:
1) The non-decryptability of the quantum key and the hardware uniqueness of the PUF are fused, and the double safety protection of the authentication process is realized.
2) Dynamic challenge codes are generated through chaotic mapping, each authentication process is unique and unpredictable, and replay attacks are effectively resisted.
3) By introducing the environment data and the anomaly detection model, the situational dynamic adjustment of the authentication process is realized, and the blocking capability of the anomaly scene is improved.
4) The non-tamperable record of the authentication result is verified through the blockchain memory, and the auditing transparency and multiparty cooperation trust are enhanced.
It should be noted that, for simplicity of description, the foregoing method embodiments are all described as a series of acts, but it should be understood by those skilled in the art that the present application is not limited by the order of acts described, as some steps may be performed in other orders or concurrently in accordance with the present application. Further, those skilled in the art will also appreciate that the embodiments described in the specification are alternative embodiments, and that the acts and modules referred to are not necessarily required for the present application.
The above description of the method embodiments further describes the solution of the present application by means of device embodiments.
Fig. 4 shows a block diagram of a quantum key and PUF based authentication device according to an embodiment of the application, as shown in fig. 4 comprising:
an obtaining module 401, configured to obtain an authentication request of a mobile terminal, and extract a quantum random source from the authentication request;
the authentication environment evaluation module 402 is configured to evaluate the authentication environment according to the environment data and the anomaly detection model, and determine whether the authentication environment is anomaly;
the judging module 403 performs chaotic mapping on the quantum random source to generate a dynamic challenge code if the authentication environment is normal, and terminates the authentication process if the authentication environment is abnormal;
the packaging module 404 is configured to package the dynamic challenge code and the multi-mode PUF array, obtain a quantum key, and send the quantum key to the authentication end;
and the authentication module 405 performs intelligent contract authentication on the quantum key by an authentication end and sends an authentication result to the mobile terminal through the blockchain authentication node.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the described modules may refer to corresponding procedures in the foregoing method embodiments, which are not described herein again.
Fig. 5 shows a schematic diagram of a structure of a terminal device or server suitable for implementing an embodiment of the application.
As shown in fig. 5, the terminal device or the server includes a Central Processing Unit (CPU) 501, which can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 502 or a program loaded from a storage section 508 into a Random Access Memory (RAM) 503. In the RAM 503, various programs and data required for the operation of the terminal device or the server are also stored. The CPU 501, ROM 502, and RAM 503 are connected to each other through a bus 504. An input/output (I/O) interface 505 is also connected to bus 504.
Connected to the I/O interface 505 are an input section 506 including a keyboard, a mouse, and the like, an output section 507 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, a speaker, and the like, a storage section 508 including a hard disk, and the like, and a communication section 509 including a network interface card such as a LAN card, a modem, and the like. The communication section 509 performs communication processing via a network such as the internet. The drive 510 is also connected to the I/O interface 505 as needed. A removable medium 511 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 510 as needed so that a computer program read therefrom is mounted into the storage section 508 as needed.
In particular, the above method flow steps may be implemented as a computer software program according to an embodiment of the application. For example, embodiments of the application include a computer program product comprising a computer program embodied on a machine-readable medium, the computer program comprising program code for performing the method shown in the flowcharts. In such an embodiment, the computer program may be downloaded and installed from a network via the communication portion 509, and/or installed from the removable media 511. The above-described functions defined in the system of the present application are performed when the computer program is executed by a Central Processing Unit (CPU) 501.
The computer readable medium shown in the present application may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of a computer-readable storage medium may include, but are not limited to, an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present application, however, the computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with the computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units or modules involved in the embodiments of the present application may be implemented in software or in hardware. The described units or modules may also be provided in a processor. Wherein the names of the units or modules do not in some cases constitute a limitation of the units or modules themselves.
As another aspect, the present application also provides a computer-readable storage medium that may be included in the electronic device described in the above embodiment, or may exist alone without being incorporated in the electronic device. The computer-readable storage medium stores one or more programs that when executed by one or more processors perform the methods described herein.
The above description is only illustrative of the preferred embodiments of the present application and of the principles of the technology employed. It will be appreciated by persons skilled in the art that the scope of the application is not limited to the specific combinations of the features described above, but also covers other embodiments which may be formed by any combination of the features described above or their equivalents without departing from the spirit of the application. Such as the above-mentioned features and the technical features having similar functions (but not limited to) applied for in the present application are replaced with each other.

Claims (10)

1. An authentication method based on a quantum key and a PUF, comprising:
acquiring an authentication request of a mobile terminal, and extracting a quantum random source from the authentication request;
evaluating an authentication environment according to environment data and an abnormality detection model, and judging whether the authentication environment is abnormal or not;
if the authentication environment is normal, performing chaotic mapping on the quantum random source to generate a dynamic challenge code, and if the authentication environment is abnormal, terminating the authentication process;
packaging the dynamic challenge code and the multi-mode PUF array, obtaining a quantum key, and sending the quantum key to an authentication end;
and the authentication end performs intelligent contract authentication on the quantum key and sends an authentication result to the mobile terminal through a blockchain authentication node.
2. The authentication method based on quantum keys and PUFs of claim 1, wherein the anomaly detection model includes an input layer, a convolution layer, a pooling layer, a fully connected layer, and an output layer;
the anomaly detection model is trained by historical authentication request frequency, historical authentication response time, historical environment parameters and historical environment security tags.
3. The authentication method based on quantum key and PUF according to claim 1, wherein the chaotic mapping is performed on the quantum random source to generate a dynamic challenge code if the authentication environment is normal, including:
using the quantum random source as an initial value of a chaotic mapping function, and generating a chaotic sequence by using the chaotic mapping function;
injecting a time stamp into the chaotic sequence to obtain an enhanced chaotic sequence;
and inputting the enhanced chaotic sequence into an SHA-256 hash function to generate the dynamic challenge code.
4. The authentication method based on quantum keys and PUFs according to claim 1, wherein the multi-modal PUF array includes a timing PUF, an optical PUF and a hysteresis PUF;
the multi-mode PUF array is calculated according to the response value of the time sequence PUF, the response value of the optical PUF, the response value of the hysteresis PUF, the environmental noise parameter and the environmental stability index.
5. The authentication method based on quantum keys and PUFs according to claim 1, wherein said encapsulating the dynamic challenge code and the multi-modal PUF array to obtain quantum keys includes:
And packaging the dynamic challenge code and the multi-mode PUF array by adopting a CRYSTALS-Kyber algorithm.
6. The authentication method based on quantum key and PUF according to claim 1, wherein the authenticating terminal performs smart contract authentication on the quantum key, including:
Carrying out hash value verification, multi-mode response fusion verification, environment parameter verification and timestamp verification on the quantum key in sequence;
the hash value verification is to verify a hash value generated by carrying out hash calculation on the quantum key;
the multi-mode response fusion verification is to verify the multi-mode PUF array in the quantum key;
The environmental parameters are verified to be whether the detected temperature, humidity and illumination intensity are in a preset range or not;
the timestamp verification is to verify the validity of the quantum key.
7. The quantum key and PUF based authentication method of claim 6, wherein the hash value verification further comprises:
Storing a hash value generated by carrying out hash calculation on the quantum key to a blockchain certification node;
When the mobile terminal acquires the authentication result, carrying out hash calculation on the quantum key again to generate a verification hash value;
Comparing the hash value with the verification hash value, judging whether the quantum key is tampered, if so, failing authentication, and if not, successful authentication.
8. An authentication device based on a quantum key and a PUF, comprising:
The acquisition module is used for acquiring an authentication request of the mobile terminal and extracting a quantum random source from the authentication request;
the authentication environment evaluation module is used for evaluating the authentication environment according to the environment data and the abnormality detection model and judging whether the authentication environment is abnormal or not;
The judging module is used for carrying out chaotic mapping on the quantum random source to generate a dynamic challenge code if the authentication environment is normal, and terminating the authentication process if the authentication environment is abnormal;
The packaging module is used for packaging the dynamic challenge code and the multi-mode PUF array, obtaining a quantum key and sending the quantum key to an authentication end;
And the authentication module performs intelligent contract authentication on the quantum key by the authentication end and sends an authentication result to the mobile terminal through a blockchain authentication storage node.
9. An electronic device comprising a memory and a processor, the memory having stored thereon a computer program, characterized in that the processor, when executing the computer program, implements the method according to any of claims 1-7.
10. A computer readable storage medium, on which a computer program is stored, which computer program, when being executed by a processor, implements the method according to any of claims 1-7.
CN202510289991.8A 2025-03-12 2025-03-12 Authentication method, device, equipment and storage medium based on quantum key and PUF Pending CN120165847A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202510289991.8A CN120165847A (en) 2025-03-12 2025-03-12 Authentication method, device, equipment and storage medium based on quantum key and PUF

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202510289991.8A CN120165847A (en) 2025-03-12 2025-03-12 Authentication method, device, equipment and storage medium based on quantum key and PUF

Publications (1)

Publication Number Publication Date
CN120165847A true CN120165847A (en) 2025-06-17

Family

ID=96003048

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202510289991.8A Pending CN120165847A (en) 2025-03-12 2025-03-12 Authentication method, device, equipment and storage medium based on quantum key and PUF

Country Status (1)

Country Link
CN (1) CN120165847A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN120561912A (en) * 2025-07-30 2025-08-29 苏州元脑智能科技有限公司 Server security authentication method, device, electronic device, medium and product

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN120561912A (en) * 2025-07-30 2025-08-29 苏州元脑智能科技有限公司 Server security authentication method, device, electronic device, medium and product

Similar Documents

Publication Publication Date Title
US11580321B2 (en) Systems, devices, and methods for machine learning using a distributed framework
US11153098B2 (en) Systems, devices, and methods for recording a digitally signed assertion using an authorization token
US10742421B1 (en) Methods and systems for anonymous hardware attestation
US11444769B2 (en) Systems, devices, and methods for signal localization and verification of sensor data
US11374771B2 (en) Methods and systems for implementing mixed protocol certificates
US11593488B2 (en) Systems and methods for a cryptographic agile bootloader for upgradable secure environment
CN119783138B (en) Blockchain-driven distributed privacy data storage and access control method and system
Peelam et al. Enhancing security using quantum blockchain in consumer IoT networks
CN114884714B (en) Task processing method, device, equipment and storage medium
Mohammed et al. Web application authentication using ZKP and novel 6D chaotic system
CN120165847A (en) Authentication method, device, equipment and storage medium based on quantum key and PUF
Zhou et al. A strong PUF based security protocol to protect ai model parameters against privacy information leakage
Roy et al. Device-specific security challenges and solution in IoT edge computing: a review: A. Roy et al.
CN107026729B (en) Method and apparatus for transferring software
Khalil et al. Lightweight hardware security and physically unclonable functions
CN118300785A (en) Data encryption method and device for power Internet of Things security
Cirillo et al. Practical evaluation of a quantum physical unclonable function and design of an authentication scheme
CN120979701A (en) Data analysis methods, apparatus, computer equipment and storage media
CN118051891B (en) A computer software encryption protection method
Appiah et al. Secure IoT firmware updates against supply chain attacks: B. Appiah et al.
Maulana et al. Beccak: Combination of Blockchain and Keccak Algorithm for Improved Digital Signature Performace
Sakthivel et al. Enhancing Internet of Things (IOT) Security Through Quantum Cryptography
Falas et al. Hardware-enabled secure firmware updates in embedded systems
CN120358025B (en) A method, device, equipment and medium for secure transmission of power system information
Hanif et al. Alexis: Anomaly-Based Intrusion Detection in FPGA-Enabled Cyber-Physical Systems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination