Certificate-based wireless body area network group authentication and key agreement method
Technical Field
The invention belongs to the field of wireless body area networks, in particular to a certificate-based wireless body area network group authentication and key agreement method.
Background
With the rapid development of wireless communication technology and wearable biosensor technology, wearable biosensors move from theory to practical application. Under the background, a Wireless Body Area Network (WBAN) capable of monitoring the health condition of a human Body in real time by taking the human Body as a center has been developed. The wireless body area network mainly comprises the following communication entities: a User (User) equipped with sensors, smart devices, a Group Manager (GM) responsible for updating credentials for application service providers (AP) and users, an application service provider (AP) responsible for providing services to users, and a Network Management (NM) acting as a credential generation center. The WBAN information acquisition sensor can be deployed in the home or worn on the body of a user, acquired physiological information is shared by user intelligent equipment to an application service provider (AP) in real time, Network Management (NM) generates a certificate for each communication participant, then under the monitoring of the Network Management (NM), the user and a Group Manager (GM) establish communication through an IEEE 802.15.6 communication protocol, the Group Manager (GM) updates the certificate for the user and the application service provider (AP), and finally the user and the application service provider (AP) realize authentication and key agreement by using the new certificate. In order to ensure the authenticity of the identity between the user and the application service provider (AP), secure identity authentication and key agreement are required.
In the prior art, in order to meet the anonymity of a user, Network Management (NM) needs to frequently update a certificate for the user, and the problem of low system efficiency exists. Therefore, in order to satisfy the requirements of anonymity, conditional privacy protection and system efficiency of a user at an application service provider (AP) under a wireless body area network environment, a safe and efficient wireless body area network authentication and key agreement scheme needs to be designed.
Disclosure of Invention
Aiming at the defects in the prior art, the certificate-based wireless body area network group authentication and key agreement method solves the problems that anonymity of users at an application service provider (AP) cannot be met, condition privacy protection is realized, and system efficiency is high under the wireless body area network environment in the prior art.
In order to achieve the purpose of the invention, the invention adopts the technical scheme that: a wireless body area network group authentication and key agreement method based on certificates comprises the following steps:
s1 Long-term private key sk of network management NM for constructing wireless body area networknAnd the public key pkn;
S2, managing the long-term private key sk of NM according to networknAnd the public key pknIssuing a certificate cert to a group administrator GM by a network management NMGMBuilding a group manager GM of the wireless body area network;
s3, managing the long-term private key sk of NM according to networknAnd the public key pknIssuing a certificate cert to a user by a network management NMiConstructing users of the wireless body area network;
s4, certificate cert according to group administrator GMGMLong term private key xGMAnd public key XGMAdding an application service provider (AP) to a wireless body area network which constructs a Group Manager (GM) and users;
s5, cert according to the certificate of the useriLong-term private key x of group administrator GMGMPublic key X of group administrator GMGMAdding a user to the wireless body area network with the AP;
s6, cert according to the user certificateiSigning the introduced random parameter to obtain a user signature sigmaiApplying for service from application service provider AP and requesting session key;
s7, signing sigma according to useriAnd a user session key service value k 'in communication with the user'iAuthenticating the user and negotiating a key;
and S8, authenticating the application service provider AP.
Further: the step S1 includes the steps of:
s101, selecting random number sk by network management NMnAs a long-term private key;
s102, enabling the long-term private key sknCarrying out elliptic curve-based point multiplication operation with the element P generated by the elliptic curve to obtain a public key pk of the NMn。
Further: the step S2 includes the steps of:
s201, selecting random parameter x from group administrator GMGMAs a long-term private key;
s202, long-term private key xGMPerforming elliptic curve-based point multiplication with the element P generated by the elliptic curve to obtain the public key X of the group administrator GMGM;
S203, random number r selected by NM for network managementGMPerforming elliptic curve-based point multiplication operation with the element P generated by the elliptic curve to obtain the group administrator GM certificate commitment value RGM;
S204, the public key X of the group administrator GMGMGroup administrator GM certificate acceptance value RGMAnd ID of group administrator GMGMCarrying out Hash operation to obtain a Hash value hGM;
S205, the hash value hGMLong-term private key sk with network management NMnPerforming multiplication to obtain a multiplication value PGM;
S206, multiplying value PGMAnd a random number rGMAdding to obtain a group administrator GM certificate certGM;
S207, managing the group administrator GM certificate cert through the network NMGMAnd a certificate acceptance value RGMTo the group administrator GM together with the group administrator GM certificate certGMCertificate acceptance value RGMPublic key XGMAnd an identity IDGMAdding to a database of a network management NM;
s208, using network management NM public key pknCertificate acceptance value R of group administrator GMGMPublic key X of group administrator GMGMAnd an identity IDGMFor certificate certGMThe verification is carried out, if the verification is passed, the group administrator GM stores the certificate certGMCertificate acceptance value RGMPublic key XGMAnd an identity IDGMThe group administrator GM is constructed, and if the verification fails, the process jumps to step S201.
Further: the step S3 includes the steps of:
s301, selecting a random parameter x by a useriAs a long-term private key;
s302, long-term private key xiCarrying out elliptic curve-based point multiplication operation with the element P generated by the elliptic curve to obtain the user public key XiThe user public key XiAnd an identity IDiSending to a network management NM;
s303, random number r selected by NM for network managementiCarrying out elliptic curve-based point multiplication with an element P generated by an elliptic curve to obtain a user certificate commitment value Ri;
S304, the user public key XiUser certificate commitment value RiAnd a user identity IDiCarrying out Hash operation to obtain a Hash value hi;
S305, the hash value hiLong-term private key sk with network management NMnPerforming multiplication to obtain a multiplication value pi;
S306, multiplying value piAnd a random number riAdding to obtain the user certificate certi;
S307, managing the long-term private key sk of NM by the networknWith the user public key XiPerforming elliptic curve-based multiple point operation to obtain the shared key value sknXi;
S308, sharing the key value sknXiWith the user identity IDiPerforming Hash operation to obtain a temporary identity initial value Pid0;
S309, setting the temporary identity initial value Pid0And a shared key value sknXiPerforming Hash operation to obtain a user temporary identity value Pid1;
S310, user certificate acceptance value R is managed by NM through networkiAnd a user certificate certiSending the public key X to the useriCertificate certiTemporary user identity value Pid1Certificate acceptance value RiAnd a user identity IDiAdding to a database of a network management NM;
s311, managing NM public key pk by networknUser public key XiTemporary user identity value Pid1Certificate acceptance value RiAnd a user identity IDiFor certificate certiThe verification is carried out, if the verification is passed, the user stores the public key XiTemporary identity value Pid1Certificate certiCertificate acceptance value RiAnd an identity IDiAnd completing the construction of the wireless body area network user, and jumping to the step S301 if the verification is not passed.
Further: the step S4 includes the steps of:
s401, random number x selected by application service provider APjAs a long-term private key;
s402, long-term private key xjCarrying out elliptic curve-based point multiplication operation with the generation element P of the elliptic curve to obtain the AP public key X of the application service providerj;
S403, applying the public key X of the service provider AP through the application service provider APjAnd an identity ID of the application service provider APjSending the information to a group manager GM;
s404, selecting random number r from group manager GMjCarrying out elliptic curve-based point multiplication with the element P generated by the elliptic curve to obtain the certificate acceptance value R of the application service provider APj;
S405, applying public key X of service provider APjCertificate acceptance value R of application service provider APjAnd an identity ID of the application service provider APjPerforming hash operation to obtain a hash value hj1;
S406, the hash value hj1Private key x with group administrator GMGMPerforming multiplication to obtain a multiplication value pj1
S407, applying public key X of service provider APjPublic key X of group administrator GMGMAnd an identity ID of the application service provider APjPerforming hash operation to obtain a hash value hj2;
S408, the hash value hj2And a random number rjPerforming multiplication to obtain a multiplication value pj2;
S409, the group administrator GM certificate certGMMultiplication value pj1And a multiplication value pj2Adding to obtain the application service provider AP certificate certj;
S410, applying the service provider AP certificate cert through the group administrator GMjAnd a certificate acceptance value R of the application service provider APjSending it to the application service provider AP, and sending the certificate cert of the application service provider APjPublic key XjAnd a certificate acceptance value RjData added to group administrator GMIn a library;
s411, applying certificate acceptance value R of service provider APjPublic key XjPublic key X of group administrator GMGMAnd network management NM public key pknCertificate cert for verifying an application service provider APjIf the verification is passed, the application service provider AP stores the certificate acceptance value RjPublic key XjAnd certificate certjAnd completing the addition of the application service provider AP into the wireless body area network, and if the verification is not passed, jumping to the step S401.
Further: the step S5 includes the steps of:
s501, selecting the random number y by the useriAs a temporary private key;
s502, temporary private key yiCarrying out elliptic curve-based point multiplication operation with the element P generated by the elliptic curve to obtain a user temporary public key Yi;
S503, the user certificate certiCarrying out elliptic curve-based point multiplication operation with an element P generated by an elliptic curve to obtain a partial zero knowledge proof value c1;
S504, the user temporary identity value Pid is used1With the user public key XiCarrying out point doubling operation based on an elliptic curve to obtain a partial zero knowledge proof value c2;
S505, proving the knowledge of part zero value c1And c2Performing addition operation to obtain zero knowledge proof value veri;
S506, temporarily private key y of useriWith group administrator GM public key XGMPerforming point doubling calculation based on an elliptic curve to obtain a user temporary public key verification value Y'i;
S507, verifying the user temporary public key to obtain a value Y'iAnd zero proof of knowledge value veriCarrying out Hash operation to obtain a Hash value h'i;
S508, mixing the hash value h'iWith the user temporary identity value Pid1Carrying out XOR operation to obtain a user identity hidden value mi;
S509, proving the zero knowledge value veriThe user identity hidden value miAnd a user temporary public key YiSending the information to a group manager GM;
s510, the long-term private key x of the group administrator GMGMWith the user's temporary public key YiPerforming point doubling calculation based on an elliptic curve to obtain a user temporary public key verification value Y'i,Y’′i=Y′i;
S511, zero knowledge proof value ver is obtained through group administrator GMiSending to a network management NM;
s512, the long-term private key sk of the network management NM is used for managing the NM through the network management NMnPublic key X of group administrator GMGMPerforming elliptic curve-based point multiplication operation to obtain a public key verification value p of the group administrator GM1;
S513, verifying the public key with the value p1And zero proof of knowledge value veriCarrying out Hash operation to obtain a Hash value hpidi;
S514, the hash value hpidiWith the user temporary identity value Pid1Carrying out XOR operation to obtain a user identity verification value mpidi;
S515, user identity verification value m through network management NMpidiSending the information to a group manager GM;
s516, utilizing long-term private key xGMPublic key pknAnd zero proof of knowledge value veriFor the user temporary identity value Pid1Verifying, if the verification is passed, selecting a random number c as a zero knowledge proof challenge value by the group administrator GM, and if the verification is not passed, jumping to the step S501;
s517, verifying the user temporary public key to obtain a value Y'iAnd user zero knowledge proof value veriCarrying out Hash operation to obtain a Hash value hi;
S518, the hash value h ″iPerforming XOR operation with the zero knowledge proof challenge value c to obtain a hidden value mveri;
S519, verifying the user temporary public key to obtain a value Y'iZero proof of knowledge challenge value c and zero proof of knowledge value veriPerforming Hash operation to obtain HaHis value hc;
S520, hiding the value m through the group administrator GMveriHash value hcAnd a user temporary identity value Pid1Sending the information to a user;
s521, according to the received hash value hcAnd a user temporary identity value Pid1Verifying the value Y 'with the temporary public key'iZero proof of knowledge challenge value c and zero proof of knowledge value veriFor the hash value hcPerforming verification, if the verification is not passed, jumping to the step S501, if the verification is passed, the user temporary identity value Pid is used1And a long-term private key xiPerforming multiplication to obtain a multiplication value pj3;
S522, multiplying value pj3With the user certificate certiAdding to obtain an added value k1;
S523, adding the value k1Multiplying the zero knowledge proof challenge value c to obtain a multiplication value pk1;
S524, multiplying value pk1With the user's temporary private key yiPerforming addition operation to obtain zero knowledge proof response value zi;
S525, proving the zero knowledge to the response value ziAnd a hash value hiPerforming XOR operation to obtain a response hidden value mc;
S526, hiding the response with the value mcAnd the zero knowledge proof challenge value c is sent to a group administrator GM;
s527, through group administrator GM, hash value h'iAnd the response hidden value mcExclusive OR operation is carried out to obtain a zero knowledge proof answer value z'i;
S528, verifying the value Y 'through the user temporary public key'iZero proof of knowledge challenge value c and zero proof of knowledge value veriProof of knowledge to zero answer value z'iThe verification is carried out, if the verification is not passed, the step S501 is jumped to, if the verification is passed, the random number r selected by the group administrator GM is usedgiCarrying out elliptic curve-based point multiplication with an element P generated by an elliptic curve to obtain a user certificate commitment value Rgi;
S529, timestamp t selected according to group administrator GMgiThe user public key XiUser certificate commitment value RgiAnd a time stamp tgiPerforming hash operation to obtain a hash value hi1;
S530, the hash value hi1Private key x with group administrator GMGMPerforming multiplication to obtain a multiplication value pi1;
S531, the user public key XiGroup administrator GM public key XGMAnd a time stamp tgiPerforming hash operation to obtain a hash value hi2;
S532, the hash value hi2And a random number rgiPerforming multiplication to obtain a multiplication value pi2;
S533 certificate cert of group administrator GMGMMultiplication value pi1And a multiplication value pi2Adding to obtain the user certificate certgi;
S534, the user certificate cert is sent through the group administrator GMgiUser certificate commitment value RgiAnd a time stamp tgiSending the certificate cert to the usergiTemporary public key YiCertificate acceptance value RgiAnd a time stamp tgiAdding to a database of group administrators GM;
s535, commitment value R through user certificategiTime stamp tgiGroup administrator GM public key XGMAnd a user temporary public key YiFor the user certificate certgiVerifying, if not, jumping to step S501, if passing, user stores user certificate acceptance value RgiTime stamp tgiUser certificate certgiAnd a temporary public key YiAnd finishing the user joining the wireless body area network.
Further: the step S6 includes the steps of:
s601, selecting random number r by userijAs a user temporary secret value;
s602, temporarily secret value r of userijWith the user's temporary public key YiCarrying out the processObtaining user session key commitment value R by elliptic curve multiple point operationij;
S603, selecting the random number d selected by the useriCarrying out elliptic curve-based point doubling operation with the generation element P of the elliptic curve to obtain a signature hidden value Di;
S604, temporarily secret value r of userijAnd a temporary private key yiPerforming multiplication to obtain a multiplication value pj4;
S605, multiplying value pj4With application service provider AP public key XjPerforming elliptic curve-based point multiplication operation to obtain a user session key service value ki;
S606, adopting user session key service value kiCommitment value R to user certificategiUser temporary public key YiAnd a time stamp tgiEncrypting to obtain an encrypted value Ei;
S607, selecting the time stamp t by the userijUser session key service value kiAnd a signature hidden value DiCarrying out Hash operation to obtain a Hash value hi3;
S608, the hash value h is processedi3With the user's temporary private key yiPerforming multiplication to obtain a multiplication value pyi;
S609, the temporary public key Y of the user is usediUser session key commitment value RijAnd a time stamp tijCarrying out Hash operation to obtain a Hash value hi4;
S610, hash value hi4And a random number diPerforming multiplication to obtain a multiplication value pdi;
S611, user certificate certgiMultiplication value pyiAnd a multiplication value pdiAdding to obtain user signature sigmai;
S612, encrypting the value EiSignature hiding value DiUser session key commitment value RijUser signature σiAnd a time stamp tijSending the request to the AP, applying for service from the AP, and requesting for meetingThe session key.
Further: the step S7 includes the steps of:
s701, according to the encryption value E received by the APiSignature hiding value DiUser session key commitment value RijUser signature σiAnd a time stamp tijLong-term private key x by application service provider APjValue of commitment of secret key R for conversation with userijPerforming point doubling calculation based on elliptic curve to obtain user session key service value k'i;
S702, service value k 'through user session key'iDecrypting the encrypted value EiObtaining the user's certificate acceptance value RgiUser temporary public key YiAnd a time stamp tgi;
S703, passing the certificate acceptance value R of the usergiUser temporary public key YiTime stamp tgiSignature hiding value DiAnd user session key commitment value RijSigning a user sigmaiVerifying, if not, jumping to step S6, if passing, applying random number r selected by service provider APjiAs a temporary secret value, and converting the temporary secret value rjiWith the application service provider AP long-term public key XjPerforming elliptic curve-based point multiplication to obtain a commitment value R of the AP session key of the application service providerji;
S704, applying the temporary secret value r of the service provider APjiWith a temporary private key xjPerforming multiplication to obtain a multiplication value pji1;
S705, multiplying value pji1Value of commitment of secret key R for conversation with userijCarrying out point doubling operation based on the elliptic curve to obtain a session key k of the APji;
S706, the promising value R of the AP session key of the application service providerjiSession key kjiAnd a time stamp tijCarrying out Hash operation to obtain a session key verification value macji(ii) a Application service provider AP verifies the value mac of the session keyjiAnd a session key commitment value RjiSending to the user, and storing the user certificate acceptance value RgiUser temporary public key YiUser signature σiSignature hiding value DiTime stamp tgiAnd a session key kjiAnd finishing the authentication and key agreement of the user.
Further: the step S8 includes the steps of:
s801, verifying value mac according to session key received by userjiAnd a session key commitment value RjiBy the user, the temporary secret value rijAnd a temporary private key yiPerforming multiplication to obtain a multiplication value pji2;
S802, multiplying value pji2Value of commitment of session key R with application service provider APjiCarrying out point doubling operation based on the elliptic curve to obtain a session key k of the userij;
S803, utilizing session key kijAP session key commitment value R of application service providerjiAnd a time stamp tijVerifying a value mac for a session keyjiAnd performing verification, if the verification is not passed, jumping to the step S6, and if the verification is passed, realizing the authentication of the application service provider AP by the user.
The invention has the beneficial effects that: a wireless body area network group authentication and key agreement method based on certificate, the scheme adopts the mode of grouping AP of application service provider, transfers the partial certificate distribution authority of NM of network management to GM of group manager, effectively reduces NM calculation burden of network management and AP revocation cost of application service provider, improves system efficiency, in the authentication stage, through introducing zero knowledge proof protocol, under the condition of managing the certificate at NM, it is not necessary to update users, makes the scheme simultaneously implement authentication of users and GM of group manager and anonymity at AP of application service provider, utilizes the zero knowledge proof value of users and temporary identity of users in GM to implement tracing of user identity, and implements condition privacy protection of users.
Drawings
Fig. 1 is a flowchart of a certificate-based wireless body area network group authentication and key agreement method.
Detailed Description
The following description of the embodiments of the present invention is provided to facilitate the understanding of the present invention by those skilled in the art, but it should be understood that the present invention is not limited to the scope of the embodiments, and it will be apparent to those skilled in the art that various changes may be made without departing from the spirit and scope of the invention as defined and defined in the appended claims, and all matters produced by the invention using the inventive concept are protected.
As shown in fig. 1, a certificate-based wireless body area network group authentication and key agreement method includes the following steps:
s1 Long-term private key sk of network management NM for constructing wireless body area networknAnd the public key pknThe network management NM groups the AP of the application service provider and selects a group administrator GM;
the step S1 includes the steps of:
s101, selecting random number sk by network management NMnAs a long-term private key;
s102, enabling the long-term private key sknCarrying out elliptic curve-based point multiplication operation with the element P generated by the elliptic curve to obtain a public key pk of the NMn。
S2, managing the long-term private key sk of NM according to networknAnd the public key pknIssuing a certificate cert to a group administrator GM by a network management NMGMBuilding a group manager GM of the wireless body area network;
the step S2 includes the steps of:
s201, selecting random parameter x from group administrator GMGMAs a long-term private key;
s202, long-term private key xGMPerforming elliptic curve-based point multiplication with the element P generated by the elliptic curve to obtain the public key X of the group administrator GMGM;
S203, random number r selected by NM for network managementGMPerforming elliptic curve-based point multiplication with an element P generated by an elliptic curveObtaining group administrator GM certificate commitment value RGM;
S204, the public key X of the group administrator GMGMGroup administrator GM certificate acceptance value RGNAnd ID of group administrator GMGMCarrying out Hash operation to obtain a Hash value hGM;
S205, the hash value hGMLong-term private key sk with network management NMnPerforming multiplication to obtain a multiplication value PGM;
S206, multiplying value PGMAnd a random number rGMAdding to obtain a group administrator GM certificate certGM;
S207, managing the group administrator GM certificate cert through the network NMGMAnd a certificate acceptance value RGMTo the group administrator GM together with the group administrator GM certificate certGMCertificate acceptance value RGMPublic key XGMAnd an identity IDGMAdding to a database of a network management NM;
s208, using network management NM public key pknCertificate acceptance value R of group administrator GMGMPublic key X of group administrator GMGMAnd an identity IDGMFor certificate certGMThe verification is carried out, if the verification is passed, the group administrator GM stores the certificate certGMCertificate acceptance value RGMPublic key XGMAnd an identity IDGMThe group administrator GM is constructed, and if the verification fails, the process jumps to step S201.
S3, managing the long-term private key sk of NM according to networknAnd the public key pknIssuing a certificate cert to a user by a network management NMiConstructing users of the wireless body area network;
the step S3 includes the steps of:
s301, selecting a random parameter x by a useriAs a long-term private key;
s302, long-term private key xiCarrying out elliptic curve-based point multiplication operation with the element P generated by the elliptic curve to obtain the user public key XiThe user public key XiAnd an identity IDiSending to a network management NM;
s303, random number r selected by NM for network managementiCarrying out elliptic curve-based point multiplication with an element P generated by an elliptic curve to obtain a user certificate commitment value Ri;
S304, the user public key XiUser certificate commitment value RiAnd a user identity IDiCarrying out Hash operation to obtain a Hash value hi;
S305, the hash value hiLong-term private key sk with network management NMnPerforming multiplication to obtain a multiplication value pi;
S306, multiplying value piAnd a random number riAdding to obtain the user certificate certi;
S307, managing the long-term private key sk of NM by the networknWith the user public key XiPerforming elliptic curve-based multiple point operation to obtain the shared key value sknXi;
S308, sharing the key value sknXiWith the user identity IDiPerforming Hash operation to obtain a temporary identity initial value Pid0;
S309, setting the temporary identity initial value Pid0And a shared key value sknXiPerforming Hash operation to obtain a user temporary identity value Pid1;
S310, user certificate acceptance value R is managed by NM through networkiAnd a user certificate certiSending the public key X to the useriCertificate certiTemporary user identity value Pid1Certificate acceptance value RiAnd a user identity IDiAdding to a database of a network management NM;
s311, managing NM public key pk by networknUser public key XiTemporary user identity value Pid1Certificate acceptance value RiAnd a user identity IDiFor certificate certiThe verification is carried out, if the verification is passed, the user stores the public key XiTemporary identity value Pid1Certificate certiCertificate acceptance value RiAnd an identity IDiAnd completing the construction of the wireless body area network user, and jumping to the step S301 if the verification is not passed.
S4, certificate cert according to group administrator GMGMLong term private key xGMAnd public key XGMAdding an application service provider (AP) to a wireless body area network which constructs a Group Manager (GM) and users;
the step S4 includes the steps of:
s401, random number x selected by application service provider APjAs a long-term private key;
s402, long-term private key xjCarrying out elliptic curve-based point multiplication operation with the generation element P of the elliptic curve to obtain the AP public key X of the application service providerj;
S403, applying the public key X of the service provider AP through the application service provider APjAnd an identity ID of the application service provider APjSending the information to a group manager GM;
s404, selecting random number r from group manager GMjCarrying out elliptic curve-based point multiplication with the element P generated by the elliptic curve to obtain the certificate acceptance value R of the application service provider APj;
S405, applying public key X of service provider APjCertificate acceptance value R of application service provider APjAnd an identity ID of the application service provider APjPerforming hash operation to obtain a hash value hj1;
S406, the hash value hj1Private key x with group administrator GMGMPerforming multiplication to obtain a multiplication value pj1
S407, applying public key X of service provider APjPublic key X of group administrator GMGMAnd an identity ID of the application service provider APjPerforming hash operation to obtain a hash value hj2;
S408, the hash value hj2And a random number rjPerforming multiplication to obtain a multiplication value pj2;
S409, the group administrator GM certificate certGMMultiplication value pj1And a multiplication value pj2Adding to obtain the application service provider AP certificate certj;
S410, applying the service provider AP certificate cert through the group administrator GMjAnd a certificate acceptance value R of the application service provider APjSending it to the application service provider AP, and sending the certificate cert of the application service provider APjPublic key XjAnd a certificate acceptance value RjAdding to a database of group administrators GM;
s411, applying certificate acceptance value R of service provider APjPublic key XjPublic key X of group administrator GMGMAnd network management NM public key pknCertificate cert for verifying an application service provider APjIf the verification is passed, the application service provider AP stores the certificate acceptance value RjPublic key XjAnd certificate certjAnd completing the addition of the application service provider AP into the wireless body area network, and if the verification is not passed, jumping to the step S401.
S5, cert according to the certificate of the useriLong-term private key x of group administrator GMGMPublic key X of group administrator GMGMAdding a user to the wireless body area network with the AP;
the step S5 includes the steps of:
s501, selecting the random number y by the useriAs a temporary private key;
s502, temporary private key yiCarrying out elliptic curve-based point multiplication operation with the element P generated by the elliptic curve to obtain a user temporary public key Yi;
S503, the user certificate certiCarrying out elliptic curve-based point multiplication operation with an element P generated by an elliptic curve to obtain a partial zero knowledge proof value c1;
S504, the user temporary identity value Pid is used1With the user public key XiCarrying out point doubling operation based on an elliptic curve to obtain a partial zero knowledge proof value c2;
S505, proving the knowledge of part zero value c1And c2Performing addition operation to obtain zero knowledgeProof value veri;
S506, temporarily private key y of useriWith group administrator GM public key XGMPerforming point doubling calculation based on an elliptic curve to obtain a user temporary public key verification value Y'i;
S507, verifying the user temporary public key to obtain a value Y'iAnd zero proof of knowledge value veriCarrying out Hash operation to obtain a Hash value h'i;
S508, mixing the hash value h'iWith the user temporary identity value Pid1Carrying out XOR operation to obtain a user identity hidden value mi;
S509, proving the zero knowledge value veriThe user identity hidden value miAnd a user temporary public key YiSending the information to a group manager GM;
s510, the long-term private key x of the group administrator GMGMWith the user's temporary public key YiPerforming point doubling calculation based on an elliptic curve to obtain a user temporary public key verification value Y'i,Y’′i=Y′i;
S511, zero knowledge proof value ver is obtained through group administrator GMiSending to a network management NM;
s512, the long-term private key sk of the network management NM is used for managing the NM through the network management NMnPublic key X of group administrator GMGMPerforming elliptic curve-based point multiplication operation to obtain a public key verification value p of the group administrator GM1;
S513, verifying the public key with the value p1And zero proof of knowledge value veriCarrying out Hash operation to obtain a Hash value hpidi;
S514, the hash value hpidiWith the user temporary identity value Pid1Carrying out XOR operation to obtain a user identity verification value mpidi;
S515, user identity verification value m through network management NMpidiSending the information to a group manager GM;
s516, utilizing long-term private key xGMPublic key pknAnd zero proof of knowledge value veriFor the user temporary identity value Pid1The verification is carried out in such a way that,if the verification is passed, the group administrator GM selects a random number c as a zero knowledge proof challenge value, and if the verification is not passed, the step S501 is skipped to;
s517, verifying the user temporary public key to obtain a value Y'iAnd user zero knowledge proof value veriCarrying out Hash operation to obtain a Hash value hi;
S518, the hash value h ″iPerforming XOR operation with the zero knowledge proof challenge value c to obtain a hidden value mveri;
S519, verifying the user temporary public key to obtain a value Y'iZero proof of knowledge challenge value c and zero proof of knowledge value veriCarrying out Hash operation to obtain a Hash value hc;
S520, hiding the value m through the group administrator GMveriHash value hcAnd a user temporary identity value Pid1Sending the information to a user;
s521, according to the received hash value hcAnd a user temporary identity value Pid1Verifying the value Y 'with the temporary public key'iZero proof of knowledge challenge value c and zero proof of knowledge value veriFor the hash value hcPerforming verification, if the verification is not passed, jumping to the step S501, if the verification is passed, the user temporary identity value Pid is used1And a long-term private key xiPerforming multiplication to obtain a multiplication value pj3;
S522, multiplying value pj3With the user certificate certiAdding to obtain an added value k1;
S523, adding the value k1Multiplying the zero knowledge proof challenge value c to obtain a multiplication value pk1;
S524, multiplying value pk1With the user's temporary private key yiPerforming addition operation to obtain zero knowledge proof response value zi;
S525, proving the zero knowledge to the response value ziAnd a hash value hiPerforming XOR operation to obtain a response hidden value mc;
S526, hiding the response with the value mcAnd zero knowledge proof challenge value c sendGiving a group administrator GM;
s527, through group administrator GM, hash value h'iAnd the response hidden value mcExclusive OR operation is carried out to obtain a zero knowledge proof answer value z'i;
S528, verifying the value Y 'through the user temporary public key'iZero proof of knowledge challenge value c and zero proof of knowledge value veriProof of knowledge to zero answer value z'iThe verification is carried out, if the verification is not passed, the step S501 is jumped to, if the verification is passed, the random number r selected by the group administrator GM is usedgiCarrying out elliptic curve-based point multiplication with an element P generated by an elliptic curve to obtain a user certificate commitment value Rgi;
S529, timestamp t selected according to group administrator GMgiThe user public key XiUser certificate commitment value RgiAnd a time stamp tgiPerforming hash operation to obtain a hash value hi1;
S530, the hash value hi1Private key x with group administrator GMGMPerforming multiplication to obtain a multiplication value pi1;
S531, the user public key XiGroup administrator GM public key XGMAnd a time stamp tgiPerforming hash operation to obtain a hash value hi2;
S532, the hash value hi2And a random number rgiPerforming multiplication to obtain a multiplication value pi2;
S533 certificate cert of group administrator GMGMMultiplication value pi1And a multiplication value pi2Adding to obtain the user certificate certgi;
S534, the user certificate cert is sent through the group administrator GMgiUser certificate commitment value RgiAnd a time stamp tgiSending the certificate cert to the usergiTemporary public key YiCertificate acceptance value RgiAnd a time stamp tgiAdding to a database of group administrators GM;
s535, commitment value R through user certificategiTime stamp tgiGroup administrator GM public key XGMAnd a user temporary public key YiFor the user certificate certgiVerifying, if not, jumping to step S501, if passing, user stores user certificate acceptance value RgiTime stamp tgiUser certificate certgiAnd a temporary public key YiAnd finishing the user joining the wireless body area network.
S6, cert according to the user certificateiSigning the introduced random parameter to obtain a user signature sigmaiApplying for service from application service provider AP and requesting session key;
the step S6 includes the steps of:
s601, selecting random number r by userijAs a user temporary secret value;
s602, temporarily secret value r of userijWith the user's temporary public key YiPerforming elliptic curve-based point multiplication to obtain a user session key commitment value Rij;
S603, selecting the random number d selected by the useriCarrying out elliptic curve-based point doubling operation with the generation element P of the elliptic curve to obtain a signature hidden value Di;
S604, temporarily secret value r of userijAnd a temporary private key yiPerforming multiplication to obtain a multiplication value pj4;
S605, multiplying value pj4With application service provider AP public key XjPerforming elliptic curve-based point multiplication operation to obtain a user session key service value ki;
S606, adopting user session key service value kiCommitment value R to user certificategiUser temporary public key YiAnd a time stamp tgiEncrypting to obtain an encrypted value Ei;
S607, selecting the time stamp t by the userijUser session key service value kiAnd a signature hidden value DiCarrying out Hash operation to obtain a Hash value hi3;
S608, the hash value h is processedi3With the user's temporary private key yiTo carry outMultiplication operation to obtain a multiplication value pyi;
S609, the temporary public key Y of the user is usediUser session key commitment value RijAnd a time stamp tijCarrying out Hash operation to obtain a Hash value hi4;
S610, hash value hi4And a random number diPerforming multiplication to obtain a multiplication value pdi;
S611, user certificate certgiMultiplication value pyiAnd a multiplication value pdiAdding to obtain user signature sigmai;
S612, encrypting the value EiSignature hiding value DiUser session key commitment value RijUser signature σiAnd a time stamp tijSending the request to the application service provider AP, applying for service from the application service provider AP and requesting a session key.
S7, signing sigma according to useriAnd a user session key service value k 'in communication with the user'iAuthenticating the user and negotiating a key;
the step S7 includes the steps of:
s701, according to the encryption value E received by the APiSignature hiding value DiUser session key commitment value RijUser signature σiAnd a time stamp tijLong-term private key x by application service provider APjValue of commitment of secret key R for conversation with userijPerforming point doubling calculation based on elliptic curve to obtain user session key service value k'i;
S702, service value k 'through user session key'iDecrypting the encrypted value EiObtaining the user's certificate acceptance value RgiUser temporary public key YiAnd a time stamp tgi;
S703, passing the certificate acceptance value R of the usergiUser temporary public key YiTime stamp tgiSignature hiding value DiAnd user session key commitment value RijSigning a user sigmaiCarry out verificationIf the verification is not passed, the process goes to step S6, and if the verification is passed, the random number r selected by the application service provider AP is appliedjiAs a temporary secret value, and converting the temporary secret value rjiWith the application service provider AP long-term public key XjPerforming elliptic curve-based point multiplication to obtain a commitment value R of the AP session key of the application service providerji;
S704, applying the temporary secret value r of the service provider APjiWith a temporary private key xjPerforming multiplication to obtain a multiplication value pji1;
S705, multiplying value pji1Value of commitment of secret key R for conversation with userijCarrying out point doubling operation based on the elliptic curve to obtain a session key k of the APji;
S706, the promising value R of the AP session key of the application service providerjiSession key kjiAnd a time stamp tijCarrying out Hash operation to obtain a session key verification value macji(ii) a Application service provider AP verifies the value mac of the session keyjiAnd a session key commitment value RjiSending to the user, and storing the user certificate acceptance value RgiUser temporary public key YiUser signature σiSignature hiding value DiTime stamp tgiAnd a session key kjiAnd finishing the authentication and key agreement of the user.
And S8, authenticating the application service provider AP.
The step S8 includes the steps of:
s801, verifying value mac according to session key received by userjiAnd a session key commitment value RjiBy the user, the temporary secret value rijAnd a temporary private key yiPerforming multiplication to obtain a multiplication value pji2;
S802, multiplying value pji2Value of commitment of session key R with application service provider APjiCarrying out point doubling operation based on the elliptic curve to obtain a session key k of the userij;
S803, utilizing session key kijApplication clothesService provider AP session key commitment value RjiAnd a time stamp tijVerifying a value mac for a session keyjiAnd performing verification, if the verification is not passed, jumping to the step S6, and if the verification is passed, realizing the authentication of the application service provider AP by the user.
The invention has the beneficial effects that: a wireless body area network group authentication and key agreement method based on certificate, the scheme adopts the mode of grouping AP of application service provider, transfers the partial certificate distribution authority of NM of network management to GM of group manager, effectively reduces NM calculation burden of network management and AP revocation cost of application service provider, improves system efficiency, in the authentication stage, through introducing zero knowledge proof protocol, under the condition of managing the certificate at NM, it is not necessary to update users, makes the scheme simultaneously implement authentication of users and GM of group manager and anonymity at AP of application service provider, utilizes the zero knowledge proof value of users and temporary identity of users in GM to implement tracing of user identity, and implements condition privacy protection of users.