1.

Introduction

For the smart ship industry, data is its core, and the data chain that connects data collection, secure transmission, storage management, and analysis and mining is a very important part of the entire smart ship system, in which data security is particularly important one ring. In January 2021, IMO requires that each ship’s safety management system must incorporate cybersecurity risk assessment.

The importance of data communication between ship-shore and ship interior is self-evident in modern ocean transportation. Data communication can be used to monitor ship status, navigation information, cargo status and other important information, which is crucial to ship operation and management.

However, these data may face various security threats during transmission, such as data leakage, data tampering, network attacks, etc. These security threats may lead to serious consequences such as interruption of ship operations, loss of data, and threats to ship safety.

Therefore, the use of data encryption technology is one of the important means to ensure the security of data communication between the ship and the ship. Data encryption technology can convert communication data into an encrypted form, making it impossible for unauthorized personnel to read and understand the data, thereby ensuring data confidentiality. At the same time, data encryption technology can also prevent data from being tampered with during transmission and ensure data integrity.

At present, the commonly used encryption methods are mainly symmetric encryption represented by DES and AES, although the speed is fast, but there are problems such as low security strength, and the asymmetric encryption represented by RSA, although the asymmetric encryption method is safe High strength, but generally low efficiency. In intelligent ship data communication, there are high requirements for data transmission efficiency and data transmission security. Taking the intelligent ship oil-water control system as an example, the use of asymmetric encryption for data transmission can effectively protect the security of data, but there may be a certain impact on the efficiency of data transmission; the use of symmetric encryption for data transmission cannot effectively protect Data security, but data transmission efficiency will be better.

This paper takes the data transmission security of the oil-water control system as an example, introduces two encryption methods, and discusses their respective advantages and disadvantages. On this basis, we combined the advantages of the two encryption methods and adopted a fusion encryption method which not only ensures the encryption speed, but also ensures the security of the encryption.

2.

The overall structure of the data transmission of the oil-water control system

The overall architecture of the oil-water control system^[1] is divided into three parts, namely data collection and processing, security gateway and cloud service platform. Data receiving and processing will analyze the analog and switching data transmitted by sensors such as pressure and temperature to ensure the orderly transmission of data; the data gateway part will encrypt the received data to ensure the safety of data transmission The data cloud service part will store the transmitted data and monitor the sensor data in real time. The overall architecture of the system is shown in Figure 1:

Figure 1.

Overall system architecture diagram

As shown in Figure 1, the system is mainly divided into three parts:

Perception layer: mainly divided into data collection and processing. The data is collected through various sensors such as temperature and pressure, and the data is processed through an industrial computer. This layer is mainly responsible for receiving data from various sensors on the ship, and processing, decoding and converting it^[2].

Data encryption layer: This part is the core part of the entire oil-water control system. It is mainly responsible for the secure data transmission and communication between the perception layer and the platform layer. The data at the sensor side of the perception layer can be encrypted, compressed and optimized through the industrial computer, so that the data can be transmitted to the cloud faster and more securely^[3].

Platform layer: The platform layer can perform real-time monitoring, data analysis, data mining, data modeling and other operations on the sensor end data of the perception layer to provide more accurate ship status assessment and prediction services. The platform layer can also be integrated with other applications, such as intelligent navigation system, intelligent port management system, ship repair and maintenance system, etc., to improve ship operation efficiency and safety.

In order to ensure the security of sensor-side data such as pressure and speed in the oil-water control system, encryption operations are required during transmission to prevent sensitive data from being stolen or tampered with. Take the encrypted transmission of wind direction and speed data as an example. As shown in formula 1:

Use the RSA encryption algorithm^[4] to encrypt and get the ciphertext C.As shown in formula 2:

Encryption is used to encrypt sensitive data such as wind direction and wind speed in the oil-water control system. Even if the data is stolen, the stolen data information cannot be understood to ensure data security.

The traditional symmetric encryption algorithm is excellent in terms of encryption speed and efficiency, but due to the inconvenience of key management and the difficulty of ensuring security^[5], it is not suitable for data transmission encryption that requires high real-time performance in intelligent ship systems. Therefore, the hybrid encryption algorithm came into being, combining the advantages of symmetric encryption algorithm and asymmetric encryption algorithm, which not only ensures the encryption efficiency, but also improves the security of data transmission. Next, we will focus on the hybrid encryption algorithm^[6] in the oil-water control system.

3.

Hybrid encrypted data transmission scheme

Due to the high requirements for real-time and security of data transmission in the oil-water control system, neither the traditional symmetric encryption algorithm nor the asymmetric encryption algorithm can meet the requirements. Therefore, this paper proposes a hybrid encryption algorithm based on RC2 and RSA, in which RC2 encrypts sensitive information in plaintext, and makes full use of the speed of RC2 symmetric encryption and the security strength of RSA asymmetric encryption to form a safe and efficient hybrid encryption method^[7].

RC2 algorithm^[8] is a symmetric encryption algorithm, which has the characteristics of fast encryption speed and high encryption efficiency. It uses a variable-length key, supporting key lengths from 1 to 128 bytes. The core of the RC2 algorithm is a 128-bit data block encryptor, which can encrypt or decrypt data blocks. RC2 algorithm is widely used in network transmission and data storage, but its key management is inconvenient and security problems. The specific implementation of RC2 algorithm encryption and decryption is as follows:

Encryption: first divide the plaintext into several w-bit blocks, then use key expansion for each block to obtain a round key, then perform multiple rounds of encryption operations, and finally connect the encrypted blocks to obtain the ciphertext. As shown in formula 3:

Decryption: first divide the ciphertext into several w-bit blocks, then use key expansion for each block to obtain the round key, then perform multiple rounds of decryption operations, and finally connect the decrypted blocks to obtain the plaintext. As shown in formula 4:

Among them, ⊕ represents XOR operation, << represents left shift operation, >>> represents right shift operation, w is a fixed parameter (for example, w=16), x is a plaintext, and k is a w-bit round key.

The RSA algorithm^[9] is an asymmetric encryption algorithm. The core of the RSA algorithm is a public key and a private key. The public key can be disclosed to anyone, and the private key can only be used by the owner. The RSA algorithm can realize functions such as digital signature, identity authentication, and key agreement. However, due to its slow encryption speed, it is not suitable for large amounts of data encryption^[10]. The specific implementation of RSA algorithm encryption and decryption is as follows:

Encryption process: Convert plaintext M to an integer m such that 0 ≤ m < n. Compute the ciphertext C. As shown in formula 5:

Decryption process: After receiving the ciphertext C, use the private key (n,d) to calculate the plaintext M.As shown in formula 6:

Among them, C stands for ciphertext, mod stands for modulo operation, n stands for the product of two prime numbers, and M stands for plaintext.

Combining the advantages of the two encryption algorithms, this paper proposes a hybrid encryption algorithm based on the two: use the symmetric key encryption algorithm (RC2) to encrypt data, and then use the asymmetric key encryption algorithm (RSA) to encrypt the symmetric key, Finally, the encrypted symmetric key is transmitted along with the encrypted data. The receiver uses the asymmetric key to decrypt to obtain the symmetric key, and then uses the symmetric key to decrypt the data. This hybrid encryption method has a high degree of security and efficiency.

The encryption and decryption process of the hybrid encryption algorithm is shown in the Figure 2:

Figure 2.

RC2 and RSA hybrid encryption flow chart

As shown in Figure 2, the specific implementation of the hybrid encryption algorithm is as follows:

Generate RC2 symmetric key: The communication parties agree on an RC2 key length in advance, and the sender generates a random RC2 key. Generate key K as shown in formula 7:

The above key is composed of hexadecimal characters, and each character occupies 4 bits, that is, a total of 32*4=128 bits.

Generate an RSA key pair and use it as an asymmetric encryption algorithm. Among them, the public key is used to encrypt the RC2 key, and the private key is used to decrypt the RC2 key. The specific process of key generation is as follows:

Choose two large prime numbers p and q, calculate their product. As shown in formula 8:

Calculate ϕ (n), ϕ (n) represents the Euler function of n, that is, the number of positive integers smaller than n and relatively prime to n. As shown in formula 9:

Calculate φ(n), φ(n) represents the Euler function of n, that is, the number of positive integers smaller than n and relatively prime to n.

Compute d as the private key exponent. As shown in formula 10:

Get public and private keys. As shown in formula 11 and 12:

Use the RSA public key to encrypt the RC2 key: the sender uses the receiver’s RSA public key to encrypt the generated RC2 key, so that only the receiver can use its private key to decrypt the RC2 key. The encrypted RC2 key formula 13 is as follows:

Among them, K represents the RC2 key, mod represents the modulo operation, and C represents the encrypted ciphertext. At this time, C is used as the encrypted key Ke of RC2.

Use the encrypted RC2 key Ke to encrypt the message to be encrypted. As shown in formula 14:

Among them, Ke is the key, X is the plaintext, P1 to Pn are the generated round keys, and C is the encrypted data at this time. Take the following wind direction and wind speed data as plaintext X. As shown in formula 15:

Get ciphertext C. As shown in formula 16:

Send the encrypted RC2 key Ke and ciphertext C to the receiver, and the receiver uses its private key S to decrypt the received RC2 key Ke to obtain the symmetric key K for decrypting data. The decryption formula 17 is as follows:

Among them, mod represents the modulus operation, ke represents the ciphertext, d represents the exponent in the RSA private key, N represents the modulus in the RSA private key, and M represents the decrypted RC2 key. As shown in formula 18:

The receiver uses the decrypted symmetric key M to decrypt the received data. The specific implementation is as shown in formula 19:

Among them, K is the key, C is the ciphertext, P1 to Pn are the generated round keys, and X is the decryption result. From this we can get X.As shown in formula 20:

Through this hybrid encryption method, the problem that the traditional encryption algorithm is not suitable for data encryption transmission with high real-time requirements in the intelligent ship system is solved. The ship’s data transmission is double protected. The RC2 key encrypted with the RSA public key provides the protection of the symmetric key, while the data encrypted with the symmetric key provides the protection of the data itself.

4.

Experiment and result analysis

The experiment is to use the corresponding data collected by the analog quantity acquisition and processing unit and the switch quantity acquisition and processing unit to convert the data into the standard format data that meets the ship-to-shore transmission. It mainly includes AIS data, GPS data, wind direction and speed data and total data package. Different types of data are encrypted with different algorithms and compared. In order to facilitate observation and research, the encrypted data is displayed in hexadecimal characters. The results are shown in the following table shown:

Table 1 shows the encrypted data obtained after encrypting the AIS data using different encryption algorithms. The original data includes the content and checksum of an AIS packet, and the encryption algorithms include RSA, AES+RSA and RC2+RSA. The encrypted data is a hexadecimal string encrypted with the corresponding algorithm.

Table 1.

AIS data encryption

Table 2 shows the encrypted data obtained after using different encryption algorithms to encrypt the wind direction and wind speed data. The original data includes the content and checksum of a wind direction and wind speed data packet, and the encryption algorithms include RSA, AES+RSA and RC2+RSA. The encrypted data is a hexadecimal string encrypted with the corresponding algorithm.

Table 2.

Wind direction and wind speed data encryption

It can be seen from Table 3 that when encrypting and decrypting AIS data, GPS data, and wind direction and speed data, compared with RSA asymmetric encryption, hybrid encryption has better encryption and decryption efficiency, and when the number of encrypted bytes is large, The traditional encryption key bits do not support the encryption and decryption of more byte data. The use of hybrid algorithms for encryption and decryption does not require the number of bytes of encrypted data; compared with AES and RSA hybrid encryption algorithms¹¹, RC2 and RSA hybrid encryption algorithms are faster than AES and RSA hybrid encryption algorithms in terms of encryption and decryption speed. Not only that, compared with the common symmetric encryption algorithm, the hybrid encryption algorithm proposed in this paper solves the security problem of the key management department in the traditional sense of the symmetric encryption algorithm, and improves the security performance of the algorithm.

Table 3.

Comparison of encryption and decryption time

5.

Conclusion

In the smart ship industry, data security is a very important part. The use of data encryption technology can ensure the security of data communication between ship and shore and inside the ship. Commonly used symmetric encryption methods are fast but not high in security strength, and asymmetric encryption methods are high in security strength but low in efficiency. Therefore, the encryption method that combines symmetric encryption and asymmetric encryption proposed in this paper can improve the encryption speed on the basis of ensuring encryption speed. The security of encryption meets the requirements of data transmission efficiency and data transmission security in intelligent ship data communication.