CN106209802A - A kind of electric power 4G network security certification based on group policy and cryptographic key negotiation method - Google Patents

Abstract

The invention provides a kind of electric power 4G network security certification based on group policy and cryptographic key negotiation method, including；First substantial amounts of MTC device being grouped, group head collects the certification solicited message of group membership, and is polymerized these information；Then head (Group Header) and mobile management entity (MME) are organized, user ascription area server (HSS) completes to be mutually authenticated, judge to organize head by timestamp the most legal, user ascription area server generation group authentication vector (GAV) simultaneously；Then MME stores GAV, compares timestamp, the legitimacy that further checking group is first；Finally, group head is mutually authenticated with group membership, and after certification completes, corresponding negotiation information is sent to group membership by group head, and group membership verifies the information of HSS, and generates session key SSK.This invention when great amount of terminals equipment accesses core net simultaneously, can greatly alleviate network congestion and the burden of core net, and reduces communication overhead, additionally it is possible to reduces authentication time delay, is effective against common attack.

Description

A kind of electric power 4G network security certification based on group policy and cryptographic key negotiation method

Technical field

The invention belongs to technical field of power system communication, be specifically related to a kind of electric power 4G network security based on group policy Authentication and Key Agreement method.

Background technology

Now with the continuous growth of mobile device (MTC), when large number quipments accesses core network simultaneously, network can be produced Congested, how to propose general Authentication and Key Agreement scheme and become key issue.For 4G network, it has been proposed that single set Standby and group certificate scheme.Secure accessing scheme about AKA (Authentication and Key Agreement) is the most ripe at present.But these schemes All can not process large number quipments well and access core network and the network congestion problem that produces simultaneously.And AKA of based on group It is one of effective way alleviating network congestion, the most also by academia and the extensive concern of industrial circle.Current based on It is congested and alleviate traffic load that the scheme of the AKA of group policy is devoted to solve signal.

3GPP committee has been defined for the demand for security of MTC, and the agreement of the EPS-AKA of extension is as the side of a kind of standard Method realizes these safety requirements.Although these schemes having been proposed that are for solving MTC group Authentication and Key Agreement scheme, but It is to be not suitable for large number quipments transmission information and the scene of low bandwidth.A kind of based on group policy the AKA that Chen et al. proposes (GAKA) agreement realizes one group of equipment and roams to another one service network from a home network, but can not process a large amount of Equipment accesses the network congestion that core network produces simultaneously, because the certification request that each equipment sends is independent.And not Man-in-the-middle attack and redirection attack can be resisted.Lai et al. proposes all of attack in work before SE-AKA can resist, Greatly simplifie the verification process during Chen proposes a plan, it addition, point out that in the scheme of Cao, aggregate signature cost is very big, its Scheme improves the safety of AKA agreement, but the same with G-AKA scheme there is network congestion problem.Li et al. propose a kind of based on The dynamic Policy Updates AKA scheme of group policy, scheme is used without certificate aggregate signature method, is applied simultaneously in LTE-A network. Although scheme can one group of equipment of certification the most effectively, but be not suitable for resource-constrained equipment.Lai et al. proposes a kind of base In the light-weight authentication scheme of group policy, scheme is applied to resource-constrained M2M communication.Scheme is based on public key encryp, Effective and safe group certification can be realized in 3GPP and non-3 GPP access.But scheme be not carried out Group Header and Being mutually authenticated between Group Member.

Meanwhile, above method is in terms of traffic load, and bandwidth consumption performance is unsatisfactory.In sum, existing based on The Authentication and Key Agreement method of group policy is in the case of large number quipments accesses core network simultaneously, and Congestion Avoidance is far from full The demand of full border application.

Summary of the invention

For overcoming above-mentioned the deficiencies in the prior art, the present invention provides the safety based on group policy of a kind of electric power 4G network to recognize Card and cryptographic key negotiation method, the method can resist common attack, such as redirection attack, man-in-the-middle attack；And reduce logical Letter load and number of communications, especially when large number quipments accesses core network simultaneously in the case of more preferably.

Realizing the solution that above-mentioned purpose used is:

A kind of electric power 4G network security certification based on group policy and cryptographic key negotiation method, described safety certification and key association Business's method includes:

Step 1: initial phase, group head distribution solicited message；

The step 2:GBS-AKA-I stage, group is first and mobile management entity, user ascription area server complete whole certification and Cipher key agreement process；

In the step 3:GBS-AKA-II stage, group is first and group membership completes to be mutually authenticated.

Preferably, described step 1 includes:

(1-1) give the ID that the distribution of each mobile device is privately owned, and allow mobile device to register in 3GPP network；

(1-2) grouping algorithm is used will to belong to the MTC device packet of same region, same application, same behavior, often Group includes group head and group membership, provides group key GK to each group_iWith group # ID_Gi。

Further, described MTC device has key k shared with user ascription area server_GMij。

Preferably, described step 2 includes:

(2-1) each group membership generates request access authentication information, and sends information to group head；

(2-2) organizing the first information carrying out collection to be polymerized, the information after being polymerized sends to described mobile management entity；

(2-3) legitimacy that described mobile management entity judges group is first, if legal, then the information after processing sends to institute State user ascription area server；

(2-4) described user ascription area server judges information whether overtime stamp, if exceeding, abandons these information, And return failure to described mobile management entity；Otherwise verify the correctness of wherein group membership, generate after being proved to be successful Group authentication vector GAV, forwards information to mobile management entity simultaneously；

(2-5) data received are divided into two parts by described mobile management entity, and a part is used for verifying group membership, and one Part is for key agreement, and mobile management entity send authentication information to group is starting；

(2-6) group head receives the data that mobile management entity sends over and carries out calculating process, it may be judged whether overtime Stamp thresholding, if not less than timestamp thresholding, then group is first sends corresponding response message to mobile management entity；

(2-7) mobile management entity receives the first authentication response information of group, and mobile management entity will be stored for generating key The information consulted sends to organizing head.

Preferably, described step 3 includes:

(3-1) corresponding certification and negotiation data are sent to organizing head by mobile management entity, and group head uses authentication data and group Member realizes mutual certification, and the distribution request of group head accesses data to group membership；

(3-2) group membership receives data, the message authentication codes of checking mobile management entity and user ascription area server Message authentication codes legitimacy, if being verified, then sends and is proved to be successful response message to organizing head；

(3-3), after group head receives response message, the data being used for consulting are sent to group membership；

(3-4) group membership is according to negotiation data, generates the session key with core network.

Compared with immediate prior art, the technical scheme that the present invention provides has the advantages that

1, the method for the present invention can resist common attack, it is adaptable to bandwidth and traffic load are required smaller be System.

2, the present invention is in the case of large number quipments accesses core network simultaneously, has preferably Congestion Avoidance performance, more It is applicable to the actual application of electric power 4G wireless security Authentication and Key Agreement.

Accompanying drawing explanation

Fig. 1 is the method frame figure of the present invention.

Fig. 2 is GBS-AKA agreement schematic diagram of the present invention.

Fig. 3 be the present invention under 4G wireless communications environment, authentication vector is n=10, group number=10 bandwidth consumption signal Figure.

Fig. 4 be the present invention under 4G wireless communications environment, authentication vector is n=50, group number=2 bandwidth consumption signal Figure.

Fig. 5 be the present invention under 4G wireless communications environment, authentication vector is n=10, group number=2 bandwidth consumption signal Figure.

Fig. 6 be the present invention under 4G wireless communications environment, authentication vector is n=10, group number=5 bandwidth consumption signal Figure.

Detailed description of the invention

Below in conjunction with the accompanying drawings the detailed description of the invention of the present invention is described in further detail.

Information fusion, based on new technology, syndication message authentication code (aggregate message authentication Codes, AMACs) core network can all of MTC device in one group of certification simultaneously.AMACs has the property that, no With sender send multiple information, these information can be calculated as MAC label, and these MAC labels can be polymerized Become the shortest label.AMACs is probabilistic polynomial time tuple algorithm (MAC, Agg, Vrfy):

Identifying algorithm Mac: input a key k={0,1}ⁿ{ 0,1}*, Mac algorithm exports one with message m ∈ Tag label, by tag ← Mac_k(m)。

Aggregating algorithm Agg: input two and gather message/identifier1 couple With respective labels tag¹, tag², algorithm Agg exports a label tag, this algorithm It it is unencrypted.

Verification algorithm Vrfy: receive a set key/identifier to { (k₁,id₁),...,(k_t,id_t), one Message/identifier pairWith a tag label.Algorithm Vrfy exports a list Bi, " 1 " represents acceptance, and " 0 " represents refusal.

If be givenWith message/identifier to (m_i, i), we can be polymerized institute by XOR There is the value of these labels

$tag={\mathrm{tag}}_1\⊕{\mathrm{tag}}_2\⊕...\⊕{\mathrm{tag}}_l$

Based on above-mentioned theory, under wireless communications environment, the certification that the present invention utilizes AMACs to obtain Group Member is asked Seeking information, then with MME (mobile management entity), HSS (user ascription area server) realizes mutual certification.And judge it The legitimacy of Group Member.The present invention is divided into three processes, initial phase, GBS-AKA-I stage and GBS-AKA-II Stage.

One, GBS-AKA frame model is set up

Authentication and Key Agreement is exactly the legitimacy of certification user, and negotiates as the most mutual session with core network Key.

As it is shown in figure 1, first, according to existing prescription method, by a large amount of MTC (Machine Type Communication) Machine type communication device is grouped, and Group Header and Group Member, Group Header collect other compositions The certification solicited message of member, by other members and MME in Group Header replacement group, HSS completes whole mutual authentication process. Then MTC device and HSS negotiate session key SSK (preparing for follow-up mutual and data transmission).Wherein, Group Header Need the Group Member data aggregate that collection is come up, and be polymerized employing AMACs technology.Judge the legitimacy of certification user Use timestamp thresholding t_threshold, in verification process, if overtime stamp thresholding, then authentification failure.

Two, concrete GBS-AKA method realizes

As in figure 2 it is shown, the process that specifically performs of GBS-AKA agreement.

(1) verification process

The most each GM generates request access information, comprisesID_GMj, R_GMij, time stamp T_GMi, in order to stop playback to be attacked Hitting, man-in-the-middle attack, inserted by timestamp in solicited message, then, GM generates

${\mathrm{MAC}}_{{\mathrm{GM}}_{Gij}}=f_{k_{ij}}^1\left({\mathrm{ID}}_{GMj}\right|\left|{\mathrm{ID}}_{{\mathrm{GM}}_{ij}}\right|\left|R_{{\mathrm{GM}}_{ij}}\right|\left|T_{{\mathrm{GM}}_{ij}}\right)---\left(1\right)$

With generate authentication information:

${\mathrm{AuM}}_{{\mathrm{GM}}_{ij}}=\left({\mathrm{ID}}_{GMj}\right|\left|{\mathrm{ID}}_{{\mathrm{GM}}_{ij}}\right|\left|R_{{\mathrm{GM}}_{ij}}\right|\left|T_{{\mathrm{GM}}_{ij}}\right)---\left(2\right)$

Similarly, other equipment performs same operation.These information is sent extremely by last all of equipment GroupHeader。

The GM information that in b.GH collection group, all requests access, is polymerized these information, wherein comprises the LAI (region of base station Identifier), and LAI is used for resisting redirection attack, because by verification LAI, HSS can judge whether it is false base station Calculating process sees below:

${\mathrm{MAC}}_{GMi}={\mathrm{MAC}}_{{\mathrm{GM}}_{i1}}\⊕{\mathrm{MAC}}_{{\mathrm{GM}}_{i2}}\⊕\mathrm{...}\⊕{\mathrm{MAC}}_{{\mathrm{GM}}_{in}}\⊕f_{{\mathrm{GK}}_i}^1\left(LAI\right)---\left(3\right)$

Wherein,Represent XOR, GH to generate

${\mathrm{AUTH}}_{Gi}=\left({\mathrm{AuM}}_{{\mathrm{GM}}_{i1}}\right||...|\left|{\mathrm{AuM}}_{{\mathrm{GM}}_{im}}\right|\left|{\mathrm{MAC}}_{GMi}\right)---\left(4\right)$

Then, these information is sent to MME by GH.

C. when MME receive GH certification request, MME can verify LAI' because MME knows the LAI' of BS, additionally by than Relatively thresholding t_threshold,Whether the timestamp of MME verification GH exceedes thresholding.Once surpass Cross, authentication information AUTH_GiWill be abandoned, and return authentication failed message.If certification success, then the information received is sent out by MME Deliver to HSS；

D. receive, as HSS, the information that MME sends over, it is first determined whether exceed threshold value t_threshold.If it is super Cross, then HSS uses k_GMijCalculate AUTH_GiIn MAC_GMi, use GK_iObtain LAI', it is judged that the LAI' in MME whether with in GH LAI is equal.In order to verify AUTH_Gi, HSS generation group authentication vector GAV (Group Authentication Vector),

GAV=(R_HSS||XRES_GMi||T_HSS||AUTH_HSS) (5)

Wherein

AUTH_HSS=(R_HSS||T_HSS||MAC_HSS) (6)

${\mathrm{MAC}}_{HSS}=f_{{\mathrm{GK}}_i}^1\left({\mathrm{ID}}_{HSS}\right|\left|R_{HSS}\right|\left|T_{HSS}\right)---\left(7\right)$

And data GAV are sent to MME

(2) negotiations process

The most once MME receives the success identity information that HSS sends, and MME stores these GAV information, MME and GH performs mutually Verification process, and generate

AUTH_MME=(IDMME | | MAC_MME||MAC_HSS||R_MME||R_HSS) (8)

And these data are divided into two parts, a part is used for verifying GM, and a part is for key agreement, and MME sends card Real information.

After b.GH receives checking information, GH checks T_MMEWhether exceed threshold value.If confirming successfully, then GH generates corresponding Response message is to MME.

C.MME receives confirmatory message, and MME will be used for information of verifying and key agreement information sends to GH.

D.GH distribution checking information is to asking the GM that accesses in group；

E.GM detects time stamp T_MMEWhether exceed thresholding t_thresholdIf confirming successfully, then send success response value GH.

F.GH receives the confirmation signal that GM sends, according to the data for certification GM of storage, it is judged that the legitimacy of GM. GM_ijCalculate

${\mathrm{MAC}}_{HSS}^{\′}=f_{{\mathrm{GK}}_i}^1\left({\mathrm{ID}}_{HSS}\right|\left|R_{HSS}\right|\left|T_{HSS}\right)---\left(9\right)$

Confirm MAC '_HSSWhether with MAC_HSSEqual.GM_ijCalculate

${\mathrm{MAC}}_{MME}^{\′}=f_{{\mathrm{GK}}_i}^1\left({\mathrm{ID}}_{HSS}\right|\left|R_{HSS}\right|\left|T_{HSS}\right|\left|{\mathrm{MAC}}_{HSS}\right|\left|R_{MME}\right)---\left(10\right)$

Then, GM_ijConfirm MAC'_MMEWhether with MAC_MMEEqual.If MAC'_MMEWith MAC_MMEUnequal, then GM_ijTerminate Verification process, the failure of transmission negotiation simultaneously to GH.If being proved to be successful, then GM_ijGenerate the session key with core network SSK:

SSK=(MAC_MME||IV) (11)

(3) bandwidth analysis

The bandwidth consumption of the bandwidth analysis of GBS-AKA: GH and core network is

${\mathrm{bw}}_{overall}=\underset{i=1}{\overset{4}{\Σ}}\left|{\mathrm{Messages}}_i\right|=802\frac{m}{s}+1234bits---\left(12\right)$

${\mathrm{Message}}_1=\left|{\mathrm{AuM}}_{{\mathrm{GM}}_{1j}}\right|\frac{m}{s}+\left|MAC\right|=384\frac{m}{s}+64bits$

${\mathrm{Message}}_2={\mathrm{Message}}_1=401\frac{m}{s}+64bits$

Message₃=| R_HSS|+|AMF|+|AUTH_HSS|=594bits

Message₄=2 | R |+| ID |+2 | MAC |=512bits

The bandwidth consumption of m MTCD equipment isM represents the quantity of MTC device, and s represents The group number that equipment divides.Message_1-4Represent the bandwidth that each conversation procedure is consumed.

As it is shown on figure 3, given parameters authentication vector n=10 of the present invention, organizing number s=10, the quantitative range of MTC device is 100-1000, is demonstrated out with at present other group certificate scheme.From the figure, it can be seen that the GBS-AKA that the present invention provides Method can reach the requirement of the least bandwidth consumption, and other scheme increases along with the equipment of MTC, and the consumption of bandwidth is the fastest The increase of speed.Meanwhile, GBS-AKA scheme compares the very slow, this is because MTC device is inversely proportional to of increase with group number.

Fig. 4 with Fig. 5 illustrate at group number identical, in the case of authentication vector difference, the method bandwidth consumption of the present invention Performance comparision.It can be seen that along with the increase of MTC device quantity, the solution of the present invention is not affected by authentication vector.

Illustrating in Fig. 5 and Fig. 6, in the case of group number is identical, authentication vector is identical, the situation of group number change, different Group certificate scheme bandwidth consumption contrast, as seen from the figure, along with the increase of group number, the bandwidth consumption of this method reduces on the contrary, enters In the case of one step illustrates that this programme disclosure satisfy that the requirement that bandwidth consumption is less, especially large number quipments.

Finally should be noted that: above example is merely to illustrate the technical scheme of the application rather than to its protection domain Restriction, although being described in detail the application with reference to above-described embodiment, those of ordinary skill in the field should Understand；Those skilled in the art read the application after still can to application detailed description of the invention carry out all changes, amendment or Person's equivalent, but these changes, amendment or equivalent, all within the claims that application is awaited the reply.

Claims (5)

1. an electric power 4G network security certification based on group policy and cryptographic key negotiation method, it is characterised in that described safety is recognized Card and cryptographic key negotiation method include:

Step 1: group head distribution solicited message；

Step 2: group is first and mobile management entity, user ascription area server complete whole Authentication and Key Agreement process；

Step 3: group is first and group membership completes to be mutually authenticated.

2. safety certification as claimed in claim 1 and cryptographic key negotiation method, it is characterised in that described step 1 includes:

(1-1) give the ID that the distribution of each mobile device is privately owned, and allow mobile device to register in 3GPP network；

(1-2) use grouping algorithm by belonging to the MTC device packet of same region, same application, same behavior, often organize bag Include group head and group membership, provide group key GK to each group_iWith group # ID_Gi。

3. safety certification as claimed in claim 2 and cryptographic key negotiation method, it is characterised in that described MTC device has Key k shared with user ascription area server_GMij。

4. safety certification as claimed in claim 1 and cryptographic key negotiation method, it is characterised in that described step 2 includes:

(2-1) each group membership generates request access authentication information, and sends information to group head；

(2-2) organizing the first information carrying out collection to be polymerized, the information after being polymerized sends to described mobile management entity；

(2-3) legitimacy that described mobile management entity judges group is first, if legal, then the information after processing sends to described use Family ownership place server；

(2-4) described user ascription area server judges information whether overtime stamp, if exceeding, abandons these information, and to Described mobile management entity returns failure；Otherwise verifying the correctness of wherein group membership, after being proved to be successful, generation group is recognized Card vector GAV, forwards information to mobile management entity simultaneously；

(2-5) data received are divided into two parts by described mobile management entity, and a part is used for verifying group membership, a part For key agreement, mobile management entity send authentication information to group is starting；

(2-6) group head receives the data that mobile management entity sends over and carries out calculating process, it may be judged whether overtime stamp door Limit, if not less than timestamp thresholding, then group is first sends corresponding response message to mobile management entity；

(2-7) mobile management entity receives the first authentication response information of group, and mobile management entity will be stored for generating key agreement Information send to organizing head.

5. safety certification as claimed in claim 1 and cryptographic key negotiation method, it is characterised in that described step 3 includes:

(3-1) corresponding certification and negotiation data are sent to organizing head by mobile management entity, and group head uses authentication data and group membership Realizing mutual certification, the distribution request of group head accesses data to group membership；

(3-2) group membership receives data, the message authentication codes of checking mobile management entity and the information of user ascription area server Identifying code legitimacy, if being verified, then sends and is proved to be successful response message to organizing head；

(3-3), after group head receives response message, the data being used for consulting are sent to group membership；

(3-4) group membership is according to negotiation data, generates the session key with core network.