CN110191469B - Certificate-based wireless body area network group authentication and key agreement method - Google Patents

Certificate-based wireless body area network group authentication and key agreement method Download PDF

Info

Publication number
CN110191469B
CN110191469B CN201910529658.4A CN201910529658A CN110191469B CN 110191469 B CN110191469 B CN 110191469B CN 201910529658 A CN201910529658 A CN 201910529658A CN 110191469 B CN110191469 B CN 110191469B
Authority
CN
China
Prior art keywords
value
user
key
certificate
public key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910529658.4A
Other languages
Chinese (zh)
Other versions
CN110191469A (en
Inventor
张文芳
余东海
王小敏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xi'an Zhima Xinchuang Technology Co.,Ltd.
Original Assignee
Southwest Jiaotong University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Southwest Jiaotong University filed Critical Southwest Jiaotong University
Priority to CN201910529658.4A priority Critical patent/CN110191469B/en
Publication of CN110191469A publication Critical patent/CN110191469A/en
Application granted granted Critical
Publication of CN110191469B publication Critical patent/CN110191469B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • H04L9/0833Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3218Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using proof of knowledge, e.g. Fiat-Shamir, GQ, Schnorr, ornon-interactive zero-knowledge proofs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3252Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0433Key management protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC

Abstract

The invention discloses a certificate-based wireless body area network group authentication and key agreement method, which constructs a long-term private key sk of a network management NM of a wireless body area networknAnd the public key pknThe method comprises the steps of establishing a group manager GM of the wireless body area network, establishing a user of the wireless body area network, adding an application service provider AP to the wireless body area network, adding the user to the wireless body area network, applying for service from the application service provider AP by the user, requesting a session key, authenticating the user and performing key agreement, authenticating the application service provider AP, realizing the session between the application service provider AP and the user, and solving the problems that anonymity of the user at the AP, conditional privacy protection and high system efficiency cannot be simultaneously met under the environment of the wireless body area network in the prior art.

Description

Certificate-based wireless body area network group authentication and key agreement method
Technical Field
The invention belongs to the field of wireless body area networks, in particular to a certificate-based wireless body area network group authentication and key agreement method.
Background
With the rapid development of wireless communication technology and wearable biosensor technology, wearable biosensors move from theory to practical application. Under the background, a Wireless Body Area Network (WBAN) capable of monitoring the health condition of a human Body in real time by taking the human Body as a center has been developed. The wireless body area network mainly comprises the following communication entities: a User (User) equipped with sensors, smart devices, a Group Manager (GM) responsible for updating credentials for application service providers (AP) and users, an application service provider (AP) responsible for providing services to users, and a Network Management (NM) acting as a credential generation center. The WBAN information acquisition sensor can be deployed in the home or worn on the body of a user, acquired physiological information is shared by user intelligent equipment to an application service provider (AP) in real time, Network Management (NM) generates a certificate for each communication participant, then under the monitoring of the Network Management (NM), the user and a Group Manager (GM) establish communication through an IEEE 802.15.6 communication protocol, the Group Manager (GM) updates the certificate for the user and the application service provider (AP), and finally the user and the application service provider (AP) realize authentication and key agreement by using the new certificate. In order to ensure the authenticity of the identity between the user and the application service provider (AP), secure identity authentication and key agreement are required.
In the prior art, in order to meet the anonymity of a user, Network Management (NM) needs to frequently update a certificate for the user, and the problem of low system efficiency exists. Therefore, in order to satisfy the requirements of anonymity, conditional privacy protection and system efficiency of a user at an application service provider (AP) under a wireless body area network environment, a safe and efficient wireless body area network authentication and key agreement scheme needs to be designed.
Disclosure of Invention
Aiming at the defects in the prior art, the certificate-based wireless body area network group authentication and key agreement method solves the problems that anonymity of users at an application service provider (AP) cannot be met, condition privacy protection is realized, and system efficiency is high under the wireless body area network environment in the prior art.
In order to achieve the purpose of the invention, the invention adopts the technical scheme that: a wireless body area network group authentication and key agreement method based on certificates comprises the following steps:
s1 Long-term private key sk of network management NM for constructing wireless body area networknAnd the public key pkn
S2, managing the long-term private key sk of NM according to networknAnd the public key pknIssuing a certificate cert to a group administrator GM by a network management NMGMBuilding a group manager GM of the wireless body area network;
s3, managing the long-term private key sk of NM according to networknAnd the public key pknIssuing a certificate cert to a user by a network management NMiConstructing users of the wireless body area network;
s4, certificate cert according to group administrator GMGMLong term private key xGMAnd public key XGMAdding an application service provider (AP) to a wireless body area network which constructs a Group Manager (GM) and users;
s5, cert according to the certificate of the useriLong-term private key x of group administrator GMGMPublic key X of group administrator GMGMAdding a user to the wireless body area network with the AP;
s6, cert according to the user certificateiSigning the introduced random parameter to obtain a user signature sigmaiApplying for service from application service provider AP and requesting session key;
s7, signing sigma according to useriAnd a user session key service value k 'in communication with the user'iAuthenticating the user and negotiating a key;
and S8, authenticating the application service provider AP.
Further: the step S1 includes the steps of:
s101, selecting random number sk by network management NMnAs a long-term private key;
s102, enabling the long-term private key sknCarrying out elliptic curve-based point multiplication operation with the element P generated by the elliptic curve to obtain a public key pk of the NMn
Further: the step S2 includes the steps of:
s201, selecting random parameter x from group administrator GMGMAs a long-term private key;
s202, long-term private key xGMPerforming elliptic curve-based point multiplication with the element P generated by the elliptic curve to obtain the public key X of the group administrator GMGM
S203, random number r selected by NM for network managementGMPerforming elliptic curve-based point multiplication operation with the element P generated by the elliptic curve to obtain the group administrator GM certificate commitment value RGM
S204, the public key X of the group administrator GMGMGroup administrator GM certificate acceptance value RGMAnd ID of group administrator GMGMCarrying out Hash operation to obtain a Hash value hGM
S205, the hash value hGMLong-term private key sk with network management NMnPerforming multiplication to obtain a multiplication value PGM
S206, multiplying value PGMAnd a random number rGMAdding to obtain a group administrator GM certificate certGM
S207, managing the group administrator GM certificate cert through the network NMGMAnd a certificate acceptance value RGMTo the group administrator GM together with the group administrator GM certificate certGMCertificate acceptance value RGMPublic key XGMAnd an identity IDGMAdding to a database of a network management NM;
s208, using network management NM public key pknCertificate acceptance value R of group administrator GMGMPublic key X of group administrator GMGMAnd an identity IDGMFor certificate certGMThe verification is carried out, if the verification is passed, the group administrator GM stores the certificate certGMCertificate acceptance value RGMPublic key XGMAnd an identity IDGMThe group administrator GM is constructed, and if the verification fails, the process jumps to step S201.
Further: the step S3 includes the steps of:
s301, selecting a random parameter x by a useriAs a long-term private key;
s302, long-term private key xiCarrying out elliptic curve-based point multiplication operation with the element P generated by the elliptic curve to obtain the user public key XiThe user public key XiAnd an identity IDiSending to a network management NM;
s303, random number r selected by NM for network managementiCarrying out elliptic curve-based point multiplication with an element P generated by an elliptic curve to obtain a user certificate commitment value Ri
S304, the user public key XiUser certificate commitment value RiAnd a user identity IDiCarrying out Hash operation to obtain a Hash value hi
S305, the hash value hiLong-term private key sk with network management NMnPerforming multiplication to obtain a multiplication value pi
S306, multiplying value piAnd a random number riAdding to obtain the user certificate certi
S307, managing the long-term private key sk of NM by the networknWith the user public key XiPerforming elliptic curve-based multiple point operation to obtain the shared key value sknXi
S308, sharing the key value sknXiWith the user identity IDiPerforming Hash operation to obtain a temporary identity initial value Pid0
S309, setting the temporary identity initial value Pid0And a shared key value sknXiPerforming Hash operation to obtain a user temporary identity value Pid1
S310, user certificate acceptance value R is managed by NM through networkiAnd a user certificate certiSending the public key X to the useriCertificate certiTemporary user identity value Pid1Certificate acceptance value RiAnd a user identity IDiAdding to a database of a network management NM;
s311, managing NM public key pk by networknUser public key XiTemporary user identity value Pid1Certificate acceptance value RiAnd a user identity IDiFor certificate certiThe verification is carried out, if the verification is passed, the user stores the public key XiTemporary identity value Pid1Certificate certiCertificate acceptance value RiAnd an identity IDiAnd completing the construction of the wireless body area network user, and jumping to the step S301 if the verification is not passed.
Further: the step S4 includes the steps of:
s401, random number x selected by application service provider APjAs a long-term private key;
s402, long-term private key xjCarrying out elliptic curve-based point multiplication operation with the generation element P of the elliptic curve to obtain the AP public key X of the application service providerj
S403, applying the public key X of the service provider AP through the application service provider APjAnd an identity ID of the application service provider APjSending the information to a group manager GM;
s404, selecting random number r from group manager GMjCarrying out elliptic curve-based point multiplication with the element P generated by the elliptic curve to obtain the certificate acceptance value R of the application service provider APj
S405, applying public key X of service provider APjCertificate acceptance value R of application service provider APjAnd an identity ID of the application service provider APjPerforming hash operation to obtain a hash value hj1
S406, the hash value hj1Private key x with group administrator GMGMPerforming multiplication to obtain a multiplication value pj1
S407, applying public key X of service provider APjPublic key X of group administrator GMGMAnd an identity ID of the application service provider APjPerforming hash operation to obtain a hash value hj2
S408, the hash value hj2And a random number rjPerforming multiplication to obtain a multiplication value pj2
S409, the group administrator GM certificate certGMMultiplication value pj1And a multiplication value pj2Adding to obtain the application service provider AP certificate certj
S410, applying the service provider AP certificate cert through the group administrator GMjAnd a certificate acceptance value R of the application service provider APjSending it to the application service provider AP, and sending the certificate cert of the application service provider APjPublic key XjAnd a certificate acceptance value RjData added to group administrator GMIn a library;
s411, applying certificate acceptance value R of service provider APjPublic key XjPublic key X of group administrator GMGMAnd network management NM public key pknCertificate cert for verifying an application service provider APjIf the verification is passed, the application service provider AP stores the certificate acceptance value RjPublic key XjAnd certificate certjAnd completing the addition of the application service provider AP into the wireless body area network, and if the verification is not passed, jumping to the step S401.
Further: the step S5 includes the steps of:
s501, selecting the random number y by the useriAs a temporary private key;
s502, temporary private key yiCarrying out elliptic curve-based point multiplication operation with the element P generated by the elliptic curve to obtain a user temporary public key Yi
S503, the user certificate certiCarrying out elliptic curve-based point multiplication operation with an element P generated by an elliptic curve to obtain a partial zero knowledge proof value c1
S504, the user temporary identity value Pid is used1With the user public key XiCarrying out point doubling operation based on an elliptic curve to obtain a partial zero knowledge proof value c2
S505, proving the knowledge of part zero value c1And c2Performing addition operation to obtain zero knowledge proof value veri
S506, temporarily private key y of useriWith group administrator GM public key XGMPerforming point doubling calculation based on an elliptic curve to obtain a user temporary public key verification value Y'i
S507, verifying the user temporary public key to obtain a value Y'iAnd zero proof of knowledge value veriCarrying out Hash operation to obtain a Hash value h'i
S508, mixing the hash value h'iWith the user temporary identity value Pid1Carrying out XOR operation to obtain a user identity hidden value mi
S509, proving the zero knowledge value veriThe user identity hidden value miAnd a user temporary public key YiSending the information to a group manager GM;
s510, the long-term private key x of the group administrator GMGMWith the user's temporary public key YiPerforming point doubling calculation based on an elliptic curve to obtain a user temporary public key verification value Y'i,Y’′i=Y′i
S511, zero knowledge proof value ver is obtained through group administrator GMiSending to a network management NM;
s512, the long-term private key sk of the network management NM is used for managing the NM through the network management NMnPublic key X of group administrator GMGMPerforming elliptic curve-based point multiplication operation to obtain a public key verification value p of the group administrator GM1
S513, verifying the public key with the value p1And zero proof of knowledge value veriCarrying out Hash operation to obtain a Hash value hpidi
S514, the hash value hpidiWith the user temporary identity value Pid1Carrying out XOR operation to obtain a user identity verification value mpidi
S515, user identity verification value m through network management NMpidiSending the information to a group manager GM;
s516, utilizing long-term private key xGMPublic key pknAnd zero proof of knowledge value veriFor the user temporary identity value Pid1Verifying, if the verification is passed, selecting a random number c as a zero knowledge proof challenge value by the group administrator GM, and if the verification is not passed, jumping to the step S501;
s517, verifying the user temporary public key to obtain a value Y'iAnd user zero knowledge proof value veriCarrying out Hash operation to obtain a Hash value hi
S518, the hash value h ″iPerforming XOR operation with the zero knowledge proof challenge value c to obtain a hidden value mveri
S519, verifying the user temporary public key to obtain a value Y'iZero proof of knowledge challenge value c and zero proof of knowledge value veriPerforming Hash operation to obtain HaHis value hc
S520, hiding the value m through the group administrator GMveriHash value hcAnd a user temporary identity value Pid1Sending the information to a user;
s521, according to the received hash value hcAnd a user temporary identity value Pid1Verifying the value Y 'with the temporary public key'iZero proof of knowledge challenge value c and zero proof of knowledge value veriFor the hash value hcPerforming verification, if the verification is not passed, jumping to the step S501, if the verification is passed, the user temporary identity value Pid is used1And a long-term private key xiPerforming multiplication to obtain a multiplication value pj3
S522, multiplying value pj3With the user certificate certiAdding to obtain an added value k1
S523, adding the value k1Multiplying the zero knowledge proof challenge value c to obtain a multiplication value pk1
S524, multiplying value pk1With the user's temporary private key yiPerforming addition operation to obtain zero knowledge proof response value zi
S525, proving the zero knowledge to the response value ziAnd a hash value hiPerforming XOR operation to obtain a response hidden value mc
S526, hiding the response with the value mcAnd the zero knowledge proof challenge value c is sent to a group administrator GM;
s527, through group administrator GM, hash value h'iAnd the response hidden value mcExclusive OR operation is carried out to obtain a zero knowledge proof answer value z'i
S528, verifying the value Y 'through the user temporary public key'iZero proof of knowledge challenge value c and zero proof of knowledge value veriProof of knowledge to zero answer value z'iThe verification is carried out, if the verification is not passed, the step S501 is jumped to, if the verification is passed, the random number r selected by the group administrator GM is usedgiCarrying out elliptic curve-based point multiplication with an element P generated by an elliptic curve to obtain a user certificate commitment value Rgi
S529, timestamp t selected according to group administrator GMgiThe user public key XiUser certificate commitment value RgiAnd a time stamp tgiPerforming hash operation to obtain a hash value hi1
S530, the hash value hi1Private key x with group administrator GMGMPerforming multiplication to obtain a multiplication value pi1
S531, the user public key XiGroup administrator GM public key XGMAnd a time stamp tgiPerforming hash operation to obtain a hash value hi2
S532, the hash value hi2And a random number rgiPerforming multiplication to obtain a multiplication value pi2
S533 certificate cert of group administrator GMGMMultiplication value pi1And a multiplication value pi2Adding to obtain the user certificate certgi
S534, the user certificate cert is sent through the group administrator GMgiUser certificate commitment value RgiAnd a time stamp tgiSending the certificate cert to the usergiTemporary public key YiCertificate acceptance value RgiAnd a time stamp tgiAdding to a database of group administrators GM;
s535, commitment value R through user certificategiTime stamp tgiGroup administrator GM public key XGMAnd a user temporary public key YiFor the user certificate certgiVerifying, if not, jumping to step S501, if passing, user stores user certificate acceptance value RgiTime stamp tgiUser certificate certgiAnd a temporary public key YiAnd finishing the user joining the wireless body area network.
Further: the step S6 includes the steps of:
s601, selecting random number r by userijAs a user temporary secret value;
s602, temporarily secret value r of userijWith the user's temporary public key YiCarrying out the processObtaining user session key commitment value R by elliptic curve multiple point operationij
S603, selecting the random number d selected by the useriCarrying out elliptic curve-based point doubling operation with the generation element P of the elliptic curve to obtain a signature hidden value Di
S604, temporarily secret value r of userijAnd a temporary private key yiPerforming multiplication to obtain a multiplication value pj4
S605, multiplying value pj4With application service provider AP public key XjPerforming elliptic curve-based point multiplication operation to obtain a user session key service value ki
S606, adopting user session key service value kiCommitment value R to user certificategiUser temporary public key YiAnd a time stamp tgiEncrypting to obtain an encrypted value Ei
S607, selecting the time stamp t by the userijUser session key service value kiAnd a signature hidden value DiCarrying out Hash operation to obtain a Hash value hi3
S608, the hash value h is processedi3With the user's temporary private key yiPerforming multiplication to obtain a multiplication value pyi
S609, the temporary public key Y of the user is usediUser session key commitment value RijAnd a time stamp tijCarrying out Hash operation to obtain a Hash value hi4
S610, hash value hi4And a random number diPerforming multiplication to obtain a multiplication value pdi
S611, user certificate certgiMultiplication value pyiAnd a multiplication value pdiAdding to obtain user signature sigmai
S612, encrypting the value EiSignature hiding value DiUser session key commitment value RijUser signature σiAnd a time stamp tijSending the request to the AP, applying for service from the AP, and requesting for meetingThe session key.
Further: the step S7 includes the steps of:
s701, according to the encryption value E received by the APiSignature hiding value DiUser session key commitment value RijUser signature σiAnd a time stamp tijLong-term private key x by application service provider APjValue of commitment of secret key R for conversation with userijPerforming point doubling calculation based on elliptic curve to obtain user session key service value k'i
S702, service value k 'through user session key'iDecrypting the encrypted value EiObtaining the user's certificate acceptance value RgiUser temporary public key YiAnd a time stamp tgi
S703, passing the certificate acceptance value R of the usergiUser temporary public key YiTime stamp tgiSignature hiding value DiAnd user session key commitment value RijSigning a user sigmaiVerifying, if not, jumping to step S6, if passing, applying random number r selected by service provider APjiAs a temporary secret value, and converting the temporary secret value rjiWith the application service provider AP long-term public key XjPerforming elliptic curve-based point multiplication to obtain a commitment value R of the AP session key of the application service providerji
S704, applying the temporary secret value r of the service provider APjiWith a temporary private key xjPerforming multiplication to obtain a multiplication value pji1
S705, multiplying value pji1Value of commitment of secret key R for conversation with userijCarrying out point doubling operation based on the elliptic curve to obtain a session key k of the APji
S706, the promising value R of the AP session key of the application service providerjiSession key kjiAnd a time stamp tijCarrying out Hash operation to obtain a session key verification value macji(ii) a Application service provider AP verifies the value mac of the session keyjiAnd a session key commitment value RjiSending to the user, and storing the user certificate acceptance value RgiUser temporary public key YiUser signature σiSignature hiding value DiTime stamp tgiAnd a session key kjiAnd finishing the authentication and key agreement of the user.
Further: the step S8 includes the steps of:
s801, verifying value mac according to session key received by userjiAnd a session key commitment value RjiBy the user, the temporary secret value rijAnd a temporary private key yiPerforming multiplication to obtain a multiplication value pji2
S802, multiplying value pji2Value of commitment of session key R with application service provider APjiCarrying out point doubling operation based on the elliptic curve to obtain a session key k of the userij
S803, utilizing session key kijAP session key commitment value R of application service providerjiAnd a time stamp tijVerifying a value mac for a session keyjiAnd performing verification, if the verification is not passed, jumping to the step S6, and if the verification is passed, realizing the authentication of the application service provider AP by the user.
The invention has the beneficial effects that: a wireless body area network group authentication and key agreement method based on certificate, the scheme adopts the mode of grouping AP of application service provider, transfers the partial certificate distribution authority of NM of network management to GM of group manager, effectively reduces NM calculation burden of network management and AP revocation cost of application service provider, improves system efficiency, in the authentication stage, through introducing zero knowledge proof protocol, under the condition of managing the certificate at NM, it is not necessary to update users, makes the scheme simultaneously implement authentication of users and GM of group manager and anonymity at AP of application service provider, utilizes the zero knowledge proof value of users and temporary identity of users in GM to implement tracing of user identity, and implements condition privacy protection of users.
Drawings
Fig. 1 is a flowchart of a certificate-based wireless body area network group authentication and key agreement method.
Detailed Description
The following description of the embodiments of the present invention is provided to facilitate the understanding of the present invention by those skilled in the art, but it should be understood that the present invention is not limited to the scope of the embodiments, and it will be apparent to those skilled in the art that various changes may be made without departing from the spirit and scope of the invention as defined and defined in the appended claims, and all matters produced by the invention using the inventive concept are protected.
As shown in fig. 1, a certificate-based wireless body area network group authentication and key agreement method includes the following steps:
s1 Long-term private key sk of network management NM for constructing wireless body area networknAnd the public key pknThe network management NM groups the AP of the application service provider and selects a group administrator GM;
the step S1 includes the steps of:
s101, selecting random number sk by network management NMnAs a long-term private key;
s102, enabling the long-term private key sknCarrying out elliptic curve-based point multiplication operation with the element P generated by the elliptic curve to obtain a public key pk of the NMn
S2, managing the long-term private key sk of NM according to networknAnd the public key pknIssuing a certificate cert to a group administrator GM by a network management NMGMBuilding a group manager GM of the wireless body area network;
the step S2 includes the steps of:
s201, selecting random parameter x from group administrator GMGMAs a long-term private key;
s202, long-term private key xGMPerforming elliptic curve-based point multiplication with the element P generated by the elliptic curve to obtain the public key X of the group administrator GMGM
S203, random number r selected by NM for network managementGMPerforming elliptic curve-based point multiplication with an element P generated by an elliptic curveObtaining group administrator GM certificate commitment value RGM
S204, the public key X of the group administrator GMGMGroup administrator GM certificate acceptance value RGNAnd ID of group administrator GMGMCarrying out Hash operation to obtain a Hash value hGM
S205, the hash value hGMLong-term private key sk with network management NMnPerforming multiplication to obtain a multiplication value PGM
S206, multiplying value PGMAnd a random number rGMAdding to obtain a group administrator GM certificate certGM
S207, managing the group administrator GM certificate cert through the network NMGMAnd a certificate acceptance value RGMTo the group administrator GM together with the group administrator GM certificate certGMCertificate acceptance value RGMPublic key XGMAnd an identity IDGMAdding to a database of a network management NM;
s208, using network management NM public key pknCertificate acceptance value R of group administrator GMGMPublic key X of group administrator GMGMAnd an identity IDGMFor certificate certGMThe verification is carried out, if the verification is passed, the group administrator GM stores the certificate certGMCertificate acceptance value RGMPublic key XGMAnd an identity IDGMThe group administrator GM is constructed, and if the verification fails, the process jumps to step S201.
S3, managing the long-term private key sk of NM according to networknAnd the public key pknIssuing a certificate cert to a user by a network management NMiConstructing users of the wireless body area network;
the step S3 includes the steps of:
s301, selecting a random parameter x by a useriAs a long-term private key;
s302, long-term private key xiCarrying out elliptic curve-based point multiplication operation with the element P generated by the elliptic curve to obtain the user public key XiThe user public key XiAnd an identity IDiSending to a network management NM;
s303, random number r selected by NM for network managementiCarrying out elliptic curve-based point multiplication with an element P generated by an elliptic curve to obtain a user certificate commitment value Ri
S304, the user public key XiUser certificate commitment value RiAnd a user identity IDiCarrying out Hash operation to obtain a Hash value hi
S305, the hash value hiLong-term private key sk with network management NMnPerforming multiplication to obtain a multiplication value pi
S306, multiplying value piAnd a random number riAdding to obtain the user certificate certi
S307, managing the long-term private key sk of NM by the networknWith the user public key XiPerforming elliptic curve-based multiple point operation to obtain the shared key value sknXi
S308, sharing the key value sknXiWith the user identity IDiPerforming Hash operation to obtain a temporary identity initial value Pid0
S309, setting the temporary identity initial value Pid0And a shared key value sknXiPerforming Hash operation to obtain a user temporary identity value Pid1
S310, user certificate acceptance value R is managed by NM through networkiAnd a user certificate certiSending the public key X to the useriCertificate certiTemporary user identity value Pid1Certificate acceptance value RiAnd a user identity IDiAdding to a database of a network management NM;
s311, managing NM public key pk by networknUser public key XiTemporary user identity value Pid1Certificate acceptance value RiAnd a user identity IDiFor certificate certiThe verification is carried out, if the verification is passed, the user stores the public key XiTemporary identity value Pid1Certificate certiCertificate acceptance value RiAnd an identity IDiAnd completing the construction of the wireless body area network user, and jumping to the step S301 if the verification is not passed.
S4, certificate cert according to group administrator GMGMLong term private key xGMAnd public key XGMAdding an application service provider (AP) to a wireless body area network which constructs a Group Manager (GM) and users;
the step S4 includes the steps of:
s401, random number x selected by application service provider APjAs a long-term private key;
s402, long-term private key xjCarrying out elliptic curve-based point multiplication operation with the generation element P of the elliptic curve to obtain the AP public key X of the application service providerj
S403, applying the public key X of the service provider AP through the application service provider APjAnd an identity ID of the application service provider APjSending the information to a group manager GM;
s404, selecting random number r from group manager GMjCarrying out elliptic curve-based point multiplication with the element P generated by the elliptic curve to obtain the certificate acceptance value R of the application service provider APj
S405, applying public key X of service provider APjCertificate acceptance value R of application service provider APjAnd an identity ID of the application service provider APjPerforming hash operation to obtain a hash value hj1
S406, the hash value hj1Private key x with group administrator GMGMPerforming multiplication to obtain a multiplication value pj1
S407, applying public key X of service provider APjPublic key X of group administrator GMGMAnd an identity ID of the application service provider APjPerforming hash operation to obtain a hash value hj2
S408, the hash value hj2And a random number rjPerforming multiplication to obtain a multiplication value pj2
S409, the group administrator GM certificate certGMMultiplication value pj1And a multiplication value pj2Adding to obtain the application service provider AP certificate certj
S410, applying the service provider AP certificate cert through the group administrator GMjAnd a certificate acceptance value R of the application service provider APjSending it to the application service provider AP, and sending the certificate cert of the application service provider APjPublic key XjAnd a certificate acceptance value RjAdding to a database of group administrators GM;
s411, applying certificate acceptance value R of service provider APjPublic key XjPublic key X of group administrator GMGMAnd network management NM public key pknCertificate cert for verifying an application service provider APjIf the verification is passed, the application service provider AP stores the certificate acceptance value RjPublic key XjAnd certificate certjAnd completing the addition of the application service provider AP into the wireless body area network, and if the verification is not passed, jumping to the step S401.
S5, cert according to the certificate of the useriLong-term private key x of group administrator GMGMPublic key X of group administrator GMGMAdding a user to the wireless body area network with the AP;
the step S5 includes the steps of:
s501, selecting the random number y by the useriAs a temporary private key;
s502, temporary private key yiCarrying out elliptic curve-based point multiplication operation with the element P generated by the elliptic curve to obtain a user temporary public key Yi
S503, the user certificate certiCarrying out elliptic curve-based point multiplication operation with an element P generated by an elliptic curve to obtain a partial zero knowledge proof value c1
S504, the user temporary identity value Pid is used1With the user public key XiCarrying out point doubling operation based on an elliptic curve to obtain a partial zero knowledge proof value c2
S505, proving the knowledge of part zero value c1And c2Performing addition operation to obtain zero knowledgeProof value veri
S506, temporarily private key y of useriWith group administrator GM public key XGMPerforming point doubling calculation based on an elliptic curve to obtain a user temporary public key verification value Y'i
S507, verifying the user temporary public key to obtain a value Y'iAnd zero proof of knowledge value veriCarrying out Hash operation to obtain a Hash value h'i
S508, mixing the hash value h'iWith the user temporary identity value Pid1Carrying out XOR operation to obtain a user identity hidden value mi
S509, proving the zero knowledge value veriThe user identity hidden value miAnd a user temporary public key YiSending the information to a group manager GM;
s510, the long-term private key x of the group administrator GMGMWith the user's temporary public key YiPerforming point doubling calculation based on an elliptic curve to obtain a user temporary public key verification value Y'i,Y’′i=Y′i
S511, zero knowledge proof value ver is obtained through group administrator GMiSending to a network management NM;
s512, the long-term private key sk of the network management NM is used for managing the NM through the network management NMnPublic key X of group administrator GMGMPerforming elliptic curve-based point multiplication operation to obtain a public key verification value p of the group administrator GM1
S513, verifying the public key with the value p1And zero proof of knowledge value veriCarrying out Hash operation to obtain a Hash value hpidi
S514, the hash value hpidiWith the user temporary identity value Pid1Carrying out XOR operation to obtain a user identity verification value mpidi
S515, user identity verification value m through network management NMpidiSending the information to a group manager GM;
s516, utilizing long-term private key xGMPublic key pknAnd zero proof of knowledge value veriFor the user temporary identity value Pid1The verification is carried out in such a way that,if the verification is passed, the group administrator GM selects a random number c as a zero knowledge proof challenge value, and if the verification is not passed, the step S501 is skipped to;
s517, verifying the user temporary public key to obtain a value Y'iAnd user zero knowledge proof value veriCarrying out Hash operation to obtain a Hash value hi
S518, the hash value h ″iPerforming XOR operation with the zero knowledge proof challenge value c to obtain a hidden value mveri
S519, verifying the user temporary public key to obtain a value Y'iZero proof of knowledge challenge value c and zero proof of knowledge value veriCarrying out Hash operation to obtain a Hash value hc
S520, hiding the value m through the group administrator GMveriHash value hcAnd a user temporary identity value Pid1Sending the information to a user;
s521, according to the received hash value hcAnd a user temporary identity value Pid1Verifying the value Y 'with the temporary public key'iZero proof of knowledge challenge value c and zero proof of knowledge value veriFor the hash value hcPerforming verification, if the verification is not passed, jumping to the step S501, if the verification is passed, the user temporary identity value Pid is used1And a long-term private key xiPerforming multiplication to obtain a multiplication value pj3
S522, multiplying value pj3With the user certificate certiAdding to obtain an added value k1
S523, adding the value k1Multiplying the zero knowledge proof challenge value c to obtain a multiplication value pk1
S524, multiplying value pk1With the user's temporary private key yiPerforming addition operation to obtain zero knowledge proof response value zi
S525, proving the zero knowledge to the response value ziAnd a hash value hiPerforming XOR operation to obtain a response hidden value mc
S526, hiding the response with the value mcAnd zero knowledge proof challenge value c sendGiving a group administrator GM;
s527, through group administrator GM, hash value h'iAnd the response hidden value mcExclusive OR operation is carried out to obtain a zero knowledge proof answer value z'i
S528, verifying the value Y 'through the user temporary public key'iZero proof of knowledge challenge value c and zero proof of knowledge value veriProof of knowledge to zero answer value z'iThe verification is carried out, if the verification is not passed, the step S501 is jumped to, if the verification is passed, the random number r selected by the group administrator GM is usedgiCarrying out elliptic curve-based point multiplication with an element P generated by an elliptic curve to obtain a user certificate commitment value Rgi
S529, timestamp t selected according to group administrator GMgiThe user public key XiUser certificate commitment value RgiAnd a time stamp tgiPerforming hash operation to obtain a hash value hi1
S530, the hash value hi1Private key x with group administrator GMGMPerforming multiplication to obtain a multiplication value pi1
S531, the user public key XiGroup administrator GM public key XGMAnd a time stamp tgiPerforming hash operation to obtain a hash value hi2
S532, the hash value hi2And a random number rgiPerforming multiplication to obtain a multiplication value pi2
S533 certificate cert of group administrator GMGMMultiplication value pi1And a multiplication value pi2Adding to obtain the user certificate certgi
S534, the user certificate cert is sent through the group administrator GMgiUser certificate commitment value RgiAnd a time stamp tgiSending the certificate cert to the usergiTemporary public key YiCertificate acceptance value RgiAnd a time stamp tgiAdding to a database of group administrators GM;
s535, commitment value R through user certificategiTime stamp tgiGroup administrator GM public key XGMAnd a user temporary public key YiFor the user certificate certgiVerifying, if not, jumping to step S501, if passing, user stores user certificate acceptance value RgiTime stamp tgiUser certificate certgiAnd a temporary public key YiAnd finishing the user joining the wireless body area network.
S6, cert according to the user certificateiSigning the introduced random parameter to obtain a user signature sigmaiApplying for service from application service provider AP and requesting session key;
the step S6 includes the steps of:
s601, selecting random number r by userijAs a user temporary secret value;
s602, temporarily secret value r of userijWith the user's temporary public key YiPerforming elliptic curve-based point multiplication to obtain a user session key commitment value Rij
S603, selecting the random number d selected by the useriCarrying out elliptic curve-based point doubling operation with the generation element P of the elliptic curve to obtain a signature hidden value Di
S604, temporarily secret value r of userijAnd a temporary private key yiPerforming multiplication to obtain a multiplication value pj4
S605, multiplying value pj4With application service provider AP public key XjPerforming elliptic curve-based point multiplication operation to obtain a user session key service value ki
S606, adopting user session key service value kiCommitment value R to user certificategiUser temporary public key YiAnd a time stamp tgiEncrypting to obtain an encrypted value Ei
S607, selecting the time stamp t by the userijUser session key service value kiAnd a signature hidden value DiCarrying out Hash operation to obtain a Hash value hi3
S608, the hash value h is processedi3With the user's temporary private key yiTo carry outMultiplication operation to obtain a multiplication value pyi
S609, the temporary public key Y of the user is usediUser session key commitment value RijAnd a time stamp tijCarrying out Hash operation to obtain a Hash value hi4
S610, hash value hi4And a random number diPerforming multiplication to obtain a multiplication value pdi
S611, user certificate certgiMultiplication value pyiAnd a multiplication value pdiAdding to obtain user signature sigmai
S612, encrypting the value EiSignature hiding value DiUser session key commitment value RijUser signature σiAnd a time stamp tijSending the request to the application service provider AP, applying for service from the application service provider AP and requesting a session key.
S7, signing sigma according to useriAnd a user session key service value k 'in communication with the user'iAuthenticating the user and negotiating a key;
the step S7 includes the steps of:
s701, according to the encryption value E received by the APiSignature hiding value DiUser session key commitment value RijUser signature σiAnd a time stamp tijLong-term private key x by application service provider APjValue of commitment of secret key R for conversation with userijPerforming point doubling calculation based on elliptic curve to obtain user session key service value k'i
S702, service value k 'through user session key'iDecrypting the encrypted value EiObtaining the user's certificate acceptance value RgiUser temporary public key YiAnd a time stamp tgi
S703, passing the certificate acceptance value R of the usergiUser temporary public key YiTime stamp tgiSignature hiding value DiAnd user session key commitment value RijSigning a user sigmaiCarry out verificationIf the verification is not passed, the process goes to step S6, and if the verification is passed, the random number r selected by the application service provider AP is appliedjiAs a temporary secret value, and converting the temporary secret value rjiWith the application service provider AP long-term public key XjPerforming elliptic curve-based point multiplication to obtain a commitment value R of the AP session key of the application service providerji
S704, applying the temporary secret value r of the service provider APjiWith a temporary private key xjPerforming multiplication to obtain a multiplication value pji1
S705, multiplying value pji1Value of commitment of secret key R for conversation with userijCarrying out point doubling operation based on the elliptic curve to obtain a session key k of the APji
S706, the promising value R of the AP session key of the application service providerjiSession key kjiAnd a time stamp tijCarrying out Hash operation to obtain a session key verification value macji(ii) a Application service provider AP verifies the value mac of the session keyjiAnd a session key commitment value RjiSending to the user, and storing the user certificate acceptance value RgiUser temporary public key YiUser signature σiSignature hiding value DiTime stamp tgiAnd a session key kjiAnd finishing the authentication and key agreement of the user.
And S8, authenticating the application service provider AP.
The step S8 includes the steps of:
s801, verifying value mac according to session key received by userjiAnd a session key commitment value RjiBy the user, the temporary secret value rijAnd a temporary private key yiPerforming multiplication to obtain a multiplication value pji2
S802, multiplying value pji2Value of commitment of session key R with application service provider APjiCarrying out point doubling operation based on the elliptic curve to obtain a session key k of the userij
S803, utilizing session key kijApplication clothesService provider AP session key commitment value RjiAnd a time stamp tijVerifying a value mac for a session keyjiAnd performing verification, if the verification is not passed, jumping to the step S6, and if the verification is passed, realizing the authentication of the application service provider AP by the user.
The invention has the beneficial effects that: a wireless body area network group authentication and key agreement method based on certificate, the scheme adopts the mode of grouping AP of application service provider, transfers the partial certificate distribution authority of NM of network management to GM of group manager, effectively reduces NM calculation burden of network management and AP revocation cost of application service provider, improves system efficiency, in the authentication stage, through introducing zero knowledge proof protocol, under the condition of managing the certificate at NM, it is not necessary to update users, makes the scheme simultaneously implement authentication of users and GM of group manager and anonymity at AP of application service provider, utilizes the zero knowledge proof value of users and temporary identity of users in GM to implement tracing of user identity, and implements condition privacy protection of users.

Claims (9)

1. A certificate-based wireless body area network group authentication and key agreement method is characterized by comprising the following steps:
s1 Long-term private key sk of network management NM for constructing wireless body area networknAnd the public key pkn
S2, managing the long-term private key sk of NM according to networknAnd the public key pknIssuing a certificate cert to a group administrator GM by a network management NMGMBuilding a group manager GM of the wireless body area network;
s3, managing the long-term private key sk of NM according to networknAnd the public key pknIssuing a certificate cert to a user by a network management NMiConstructing users of the wireless body area network;
s4, certificate cert according to group administrator GMGMLong term private key xGMAnd public key XGMAdding an application service provider (AP) to a wireless body area network which constructs a Group Manager (GM) and users;
s5, cert according to the certificate of the useriLong-term private key x of group administrator GMGMPublic key X of group administrator GMGMAdding a user to the wireless body area network with the AP;
s6, cert according to the user certificateiSigning the introduced random parameter to obtain a user signature sigmaiApplying for service from application service provider AP and requesting session key;
s7, signing sigma according to useriAnd a user session key service value k 'in communication with the user'iAuthenticating the user and negotiating a key;
and S8, authenticating the application service provider AP.
2. The certificate-based wireless body area network group authentication and key agreement method according to claim 1, wherein the step S1 comprises the steps of:
s101, selecting random number sk by network management NMnAs a long-term private key;
s102, enabling the long-term private key sknCarrying out elliptic curve-based point multiplication operation with the element P generated by the elliptic curve to obtain a public key pk of the NMn
3. The certificate-based wireless body area network group authentication and key agreement method according to claim 2, wherein the step S2 comprises the steps of:
s201, selecting random parameter x from group administrator GMGMAs a long-term private key;
s202, long-term private key xGMPerforming elliptic curve-based point multiplication with the element P generated by the elliptic curve to obtain the public key X of the group administrator GMGM
S203, random number r selected by NM for network managementGMPerforming elliptic curve-based point multiplication operation with the element P generated by the elliptic curve to obtain the group administrator GM certificate commitment value RGM
S204, the public key X of the group administrator GMGMGroup administrator GM certificate acceptance value RGMAnd group managerIdentity ID of GMGMCarrying out Hash operation to obtain a Hash value hGM
S205, the hash value hGMLong-term private key sk with network management NMnPerforming multiplication to obtain a multiplication value PGM
S206, multiplying value PGMAnd a random number rGMAdding to obtain a group administrator GM certificate certGM
S207, managing the group administrator GM certificate cert through the network NMGMAnd a certificate acceptance value RGMTo the group administrator GM together with the group administrator GM certificate certGMCertificate acceptance value RGMPublic key XGMAnd an identity IDGMAdding to a database of a network management NM;
s208, using network management NM public key pknCertificate acceptance value R of group administrator GMGMPublic key X of group administrator GMGMAnd an identity IDGMFor certificate certGMThe verification is carried out, if the verification is passed, the group administrator GM stores the certificate certGMCertificate acceptance value RGMPublic key XGMAnd an identity IDGMThe group administrator GM is constructed, and if the verification fails, the process jumps to step S201.
4. The certificate-based wireless body area network group authentication and key agreement method according to claim 3, wherein the step S3 comprises the steps of:
s301, selecting a random parameter x by a useriAs a long-term private key;
s302, long-term private key xiCarrying out elliptic curve-based point multiplication operation with the element P generated by the elliptic curve to obtain the user public key XiThe user public key XiAnd an identity IDiSending to a network management NM;
s303, random number r selected by NM for network managementiCarrying out elliptic curve-based point multiplication with an element P generated by an elliptic curve to obtain a user certificate commitment value Ri
S304, the user is sentPublic key XiUser certificate commitment value RiAnd a user identity IDiCarrying out Hash operation to obtain a Hash value hi
S305, the hash value hiLong-term private key sk with network management NMnPerforming multiplication to obtain a multiplication value pi
S306, multiplying value piAnd a random number riAdding to obtain the user certificate certi
S307, managing the long-term private key sk of NM by the networknWith the user public key XiPerforming elliptic curve-based multiple point operation to obtain the shared key value sknXi
S308, sharing the key value sknXiWith the user identity IDiPerforming Hash operation to obtain a temporary identity initial value Pid0
S309, setting the temporary identity initial value Pid0And a shared key value sknXiPerforming Hash operation to obtain a user temporary identity value Pid1
S310, user certificate acceptance value R is managed by NM through networkiAnd a user certificate certiSending the public key X to the useriCertificate certiTemporary user identity value Pid1Certificate acceptance value RiAnd a user identity IDiAdding to a database of a network management NM;
s311, managing NM public key pk by networknUser public key XiTemporary user identity value Pid1Certificate acceptance value RiAnd a user identity IDiFor certificate certiThe verification is carried out, if the verification is passed, the user stores the public key XiTemporary identity value Pid1Certificate certiCertificate acceptance value RiAnd an identity IDiAnd completing the construction of the wireless body area network user, and jumping to the step S301 if the verification is not passed.
5. The certificate-based wireless body area network group authentication and key agreement method according to claim 4, wherein the step S4 comprises the steps of:
s401, random number x selected by application service provider APjAs a long-term private key;
s402, long-term private key xjCarrying out elliptic curve-based point multiplication operation with the generation element P of the elliptic curve to obtain the AP public key X of the application service providerj
S403, applying the public key X of the service provider AP through the application service provider APjAnd an identity ID of the application service provider APjSending the information to a group manager GM;
s404, selecting random number r from group manager GMjCarrying out elliptic curve-based point multiplication with the element P generated by the elliptic curve to obtain the certificate acceptance value R of the application service provider APj
S405, applying public key X of service provider APjCertificate acceptance value R of application service provider APjAnd an identity ID of the application service provider APjPerforming hash operation to obtain a hash value hj1
S406, the hash value hj1Private key x with group administrator GMGMPerforming multiplication to obtain a multiplication value pj1
S407, applying public key X of service provider APjPublic key X of group administrator GMGMAnd an identity ID of the application service provider APjPerforming hash operation to obtain a hash value hj2
S408, the hash value hj2And a random number rjPerforming multiplication to obtain a multiplication value pj2
S409, the group administrator GM certificate certGMMultiplication value pj1And a multiplication value pj2Adding to obtain the application service provider AP certificate certj
S410, applying the service provider AP certificate cert through the group administrator GMjAnd a certificate acceptance value R of the application service provider APjSending it to the application service provider AP, and sending the certificate cert of the application service provider APjPublic key XjAnd a certificate acceptance value RjAdding to a database of group administrators GM;
s411, applying certificate acceptance value R of service provider APjPublic key XjPublic key X of group administrator GMGMAnd network management NM public key pknCertificate cert for verifying an application service provider APjIf the verification is passed, the application service provider AP stores the certificate acceptance value RjPublic key XjAnd certificate certjAnd completing the addition of the application service provider AP into the wireless body area network, and if the verification is not passed, jumping to the step S401.
6. The certificate-based wireless body area network group authentication and key agreement method according to claim 5, wherein the step S5 comprises the steps of:
s501, selecting the random number y by the useriAs a temporary private key;
s502, temporary private key yiCarrying out elliptic curve-based point multiplication operation with the element P generated by the elliptic curve to obtain a user temporary public key Yi
S503, the user certificate certiCarrying out elliptic curve-based point multiplication operation with an element P generated by an elliptic curve to obtain a partial zero knowledge proof value c1
S504, the user temporary identity value Pid is used1With the user public key XiCarrying out point doubling operation based on an elliptic curve to obtain a partial zero knowledge proof value c2
S505, proving the knowledge of part zero value c1And c2Performing addition operation to obtain zero knowledge proof value veri
S506, temporarily private key y of useriWith group administrator GM public key XGMPerforming point doubling calculation based on an elliptic curve to obtain a user temporary public key verification value Y'i
S507, verifying the user temporary public key to obtain a value Y'iAnd zero proof of knowledge value veriCarrying out Hash operation to obtain a Hash value h'i
S508, mixing the hash value h'iWith the user temporary identity value Pid1Carrying out XOR operation to obtain a user identity hidden value mi
S509, proving the zero knowledge value veriThe user identity hidden value miAnd a user temporary public key YiSending the information to a group manager GM;
s510, the long-term private key x of the group administrator GMGMWith the user's temporary public key YiPerforming elliptic curve-based point doubling operation to obtain a user temporary public key verification value Yi,Y’'i=Y′i
S511, zero knowledge proof value ver is obtained through group administrator GMiSending to a network management NM;
s512, the long-term private key sk of the network management NM is used for managing the NM through the network management NMnPublic key X of group administrator GMGMPerforming elliptic curve-based point multiplication operation to obtain a public key verification value p of the group administrator GM1
S513, verifying the public key with the value p1And zero proof of knowledge value veriCarrying out Hash operation to obtain a Hash value hpidi
S514, the hash value hpidiWith the user temporary identity value Pid1Carrying out XOR operation to obtain a user identity verification value mpidi
S515, user identity verification value m through network management NMpidiSending the information to a group manager GM;
s516, utilizing long-term private key xGMPublic key pknAnd zero proof of knowledge value veriFor the user temporary identity value Pid1Verifying, if the verification is passed, selecting a random number c as a zero knowledge proof challenge value by the group administrator GM, and if the verification is not passed, jumping to the step S501;
s517, verifying the user temporary public key to obtain a value Y'iAnd user zero knowledge proof value veriCarrying out Hash operation to obtain a Hash value hi
S518, the hash value h ″iPerforming XOR operation with the zero knowledge proof challenge value c to obtain a hidden value mveri
S519, verifying the user temporary public key to obtain a value Y'iZero proof of knowledge challenge value c and zero proof of knowledge value veriCarrying out Hash operation to obtain a Hash value hc
S520, hiding the value m through the group administrator GMveriHash value hcAnd a user temporary identity value Pid1Sending the information to a user;
s521, according to the received hash value hcAnd a user temporary identity value Pid1Verifying the value Y 'with the temporary public key'iZero proof of knowledge challenge value c and zero proof of knowledge value veriFor the hash value hcPerforming verification, if the verification is not passed, jumping to the step S501, if the verification is passed, the user temporary identity value Pid is used1And a long-term private key xiPerforming multiplication to obtain a multiplication value pj3
S522, multiplying value pj3With the user certificate certiAdding to obtain an added value k1
S523, adding the value k1Multiplying the zero knowledge proof challenge value c to obtain a multiplication value pk1
S524, multiplying value pk1With the user's temporary private key yiPerforming addition operation to obtain zero knowledge proof response value zi
S525, proving the zero knowledge to the response value ziAnd a hash value hiPerforming XOR operation to obtain a response hidden value mc
S526, hiding the response with the value mcAnd the zero knowledge proof challenge value c is sent to a group administrator GM;
s527, through group administrator GM, hash value h'iAnd the response hidden value mcExclusive OR operation is carried out to obtain a zero knowledge proof answer value z'i
S528, verifying the value Y 'through the user temporary public key'iZero proof of knowledge challenge value c and zero proof of knowledge value veriProof of knowledge to zero answer value z'iVerifying, if not, jumping to step S501, if not, jumping toBy authentication, the random number r selected by the group administrator GMgiCarrying out elliptic curve-based point multiplication with an element P generated by an elliptic curve to obtain a user certificate commitment value Rgi
S529, timestamp t selected according to group administrator GMgiThe user public key XiUser certificate commitment value RgiAnd a time stamp tgiPerforming hash operation to obtain a hash value hi1
S530, the hash value hi1Private key x with group administrator GMGMPerforming multiplication to obtain a multiplication value pi1
S531, the user public key XiGroup administrator GM public key XGMAnd a time stamp tgiPerforming hash operation to obtain a hash value hi2
S532, the hash value hi2And a random number rgiPerforming multiplication to obtain a multiplication value pi2
S533 certificate cert of group administrator GMGMMultiplication value pi1And a multiplication value pi2Adding to obtain the user certificate certgi
S534, the user certificate cert is sent through the group administrator GMgiUser certificate commitment value RgiAnd a time stamp tgiSending the certificate cert to the usergiTemporary public key YiCertificate acceptance value RgiAnd a time stamp tgiAdding to a database of group administrators GM;
s535, commitment value R through user certificategiTime stamp tgiGroup administrator GM public key XGMAnd a user temporary public key YiFor the user certificate certgiVerifying, if not, jumping to step S501, if passing, user stores user certificate acceptance value RgiTime stamp tgiUser certificate certgiAnd a temporary public key YiAnd finishing the user joining the wireless body area network.
7. The certificate-based wireless body area network group authentication and key agreement method according to claim 6, wherein the step S6 comprises the steps of:
s601, selecting random number r by userijAs a user temporary secret value;
s602, temporarily secret value r of userijWith the user's temporary public key YiPerforming elliptic curve-based point multiplication to obtain a user session key commitment value Rij
S603, selecting the random number d selected by the useriCarrying out elliptic curve-based point doubling operation with the generation element P of the elliptic curve to obtain a signature hidden value Di
S604, temporarily secret value r of userijAnd a temporary private key yiPerforming multiplication to obtain a multiplication value pj4
S605, multiplying value pj4With application service provider AP public key XjPerforming elliptic curve-based point multiplication operation to obtain a user session key service value ki
S606, adopting user session key service value kiCommitment value R to user certificategiUser temporary public key YiAnd a time stamp tgiEncrypting to obtain an encrypted value Ei
S607, selecting the time stamp t by the userijUser session key service value kiAnd a signature hidden value DiCarrying out Hash operation to obtain a Hash value hi3
S608, the hash value h is processedi3With the user's temporary private key yiPerforming multiplication to obtain a multiplication value pyi
S609, the temporary public key Y of the user is usediUser session key commitment value RijAnd a time stamp tijCarrying out Hash operation to obtain a Hash value hi4
S610, hash value hi4And a random number diPerforming multiplication to obtain a multiplication value pdi
S611, user certificate certgiMultiplication value pyiAnd a multiplication value pdiAdding to obtain user signature sigmai
S612, encrypting the value EiSignature hiding value DiUser session key commitment value RijUser signature σiAnd a time stamp tijSending the request to the application service provider AP, applying for service from the application service provider AP and requesting a session key.
8. The certificate-based wireless body area network group authentication and key agreement method according to claim 7, wherein the step S7 comprises the steps of:
s701, according to the encryption value E received by the APiSignature hiding value DiUser session key commitment value RijUser signature σiAnd a time stamp tijLong-term private key x by application service provider APjValue of commitment of secret key R for conversation with userijPerforming point doubling calculation based on elliptic curve to obtain user session key service value k'i
S702, service value k 'through user session key'iDecrypting the encrypted value EiObtaining the user's certificate acceptance value RgiUser temporary public key YiAnd a time stamp tgi
S703, passing the certificate acceptance value R of the usergiUser temporary public key YiTime stamp tgiSignature hiding value DiAnd user session key commitment value RijSigning a user sigmaiVerifying, if not, jumping to step S6, if passing, applying random number r selected by service provider APjiAs a temporary secret value, and converting the temporary secret value rjiWith the application service provider AP long-term public key XjPerforming elliptic curve-based point multiplication to obtain a commitment value R of the AP session key of the application service providerji
S704, applying the temporary secret value r of the service provider APjiWith a temporary private key xjPerforming multiplication to obtain a multiplication value pji1
S705, multiplying value pji1And useUser session key commitment value RijCarrying out point doubling operation based on the elliptic curve to obtain a session key k of the APji
S706, the promising value R of the AP session key of the application service providerjiSession key kjiAnd a time stamp tijCarrying out Hash operation to obtain a session key verification value macji(ii) a Application service provider AP verifies the value mac of the session keyjiAnd a session key commitment value RjiSending to the user, and storing the user certificate acceptance value RgiUser temporary public key YiUser signature σiSignature hiding value DiTime stamp tgiAnd a session key kjiAnd finishing the authentication and key agreement of the user.
9. The certificate-based wireless body area network group authentication and key agreement method according to claim 8, wherein the step S8 comprises the steps of:
s801, verifying value mac according to session key received by userjiAnd a session key commitment value RjiBy the user, the temporary secret value rijAnd a temporary private key yiPerforming multiplication to obtain a multiplication value pji2
S802, multiplying value pji2Value of commitment of session key R with application service provider APjiCarrying out point doubling operation based on the elliptic curve to obtain a session key k of the userij
S803, utilizing session key kijAP session key commitment value R of application service providerjiAnd a time stamp tijVerifying a value mac for a session keyjiAnd performing verification, if the verification is not passed, jumping to the step S6, and if the verification is passed, realizing the authentication of the application service provider AP by the user.
CN201910529658.4A 2019-06-19 2019-06-19 Certificate-based wireless body area network group authentication and key agreement method Active CN110191469B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910529658.4A CN110191469B (en) 2019-06-19 2019-06-19 Certificate-based wireless body area network group authentication and key agreement method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910529658.4A CN110191469B (en) 2019-06-19 2019-06-19 Certificate-based wireless body area network group authentication and key agreement method

Publications (2)

Publication Number Publication Date
CN110191469A CN110191469A (en) 2019-08-30
CN110191469B true CN110191469B (en) 2020-05-12

Family

ID=67722369

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910529658.4A Active CN110191469B (en) 2019-06-19 2019-06-19 Certificate-based wireless body area network group authentication and key agreement method

Country Status (1)

Country Link
CN (1) CN110191469B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112152813B (en) * 2020-09-11 2022-06-07 中南民族大学 Certificateless content extraction signcryption method supporting privacy protection
CN114760060B (en) * 2022-06-15 2022-09-23 杭州天舰信息技术股份有限公司 Service scheduling method for edge calculation
CN116232771B (en) * 2023-05-08 2023-07-28 深圳市博视系统集成有限公司 Safe login management method for intelligent household cloud platform

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102624530A (en) * 2012-03-14 2012-08-01 西安电子科技大学 Certificate-free remote anonymous authentication method for wireless body area network
CN104052608A (en) * 2014-07-07 2014-09-17 西安电子科技大学 Certificate-free remote anonymous authentication method based on third party in cloud application
CN105978918A (en) * 2016-07-26 2016-09-28 厦门大学 Bilinear identity authentication method suitable for wireless body area network communication access

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101800641B (en) * 2009-12-29 2012-09-12 河南城建学院 Group signature method suitable for large groups
CN104135727B (en) * 2014-04-15 2017-09-08 中国计量学院 A kind of wireless body area network safe transmission method
EP3288444A1 (en) * 2015-05-01 2018-03-07 Assa Abloy AB Invisible indication of duress via wearable
CN107040367B (en) * 2016-02-04 2020-11-20 宁波巨博信息科技有限公司 Method, device and system for session key negotiation

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102624530A (en) * 2012-03-14 2012-08-01 西安电子科技大学 Certificate-free remote anonymous authentication method for wireless body area network
CN104052608A (en) * 2014-07-07 2014-09-17 西安电子科技大学 Certificate-free remote anonymous authentication method based on third party in cloud application
CN105978918A (en) * 2016-07-26 2016-09-28 厦门大学 Bilinear identity authentication method suitable for wireless body area network communication access

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
《An Efficient Remote Authentication Scheme for Wireless Body Area Network》;Anyembe Andrew Omala et al.;《SYSTEMS-LEVEL QUALITY IMPROVEMENT》;20161221;全文 *
《Scheme on Cross-Domain Identity Authentication Based on Group Signature for Cloud Computing》;YANG Yanyan et al.;《Wuhan University Journal of Natural Sciences武汉大学自然科学学报(英文版)》;20190430;第24卷(第2期);全文 *
Anyembe Andrew Omala.《 无线体域网中的安全协议设计与分析》.《中国博士学位论文全文数据库 信息科技辑》.2018,全文. *

Also Published As

Publication number Publication date
CN110191469A (en) 2019-08-30

Similar Documents

Publication Publication Date Title
CN111355745B (en) Cross-domain identity authentication method based on edge computing network architecture
Saxena et al. Authentication scheme for flexible charging and discharging of mobile vehicles in the V2G networks
CN113194469B (en) 5G unmanned aerial vehicle cross-domain identity authentication method, system and terminal based on block chain
Su et al. ePASS: An expressive attribute-based signature scheme with privacy and an unforgeability guarantee for the Internet of Things
Lu et al. A dynamic privacy-preserving key management scheme for location-based services in VANETs
EP3014803B1 (en) A method and apparatus for anonymous and trustworthy authentication in pervasive social networking
CN110191469B (en) Certificate-based wireless body area network group authentication and key agreement method
CN101222325B (en) Wireless multi-hop network key management method based on ID
WO2018137352A1 (en) Network verification method, user equipment, network authentication node and system
JP5519633B2 (en) Method for distributing cryptographic means
KR20100134745A (en) Method for distributed identification, a station in a network
CN108574699B (en) Communication connection method and system, Internet of things equipment system and storage medium
WO2018126340A1 (en) Blockchain-based data processing method, device and system
CN104205898A (en) Method and system for group based service bootstrap in M2M environment
CN105978918B (en) Bilinear identity authentication method suitable for wireless body area network communication access
CN108964896A (en) A kind of Kerberos identity authorization system and method based on group key pond
CN101980557B (en) Method for generating random number in cognitive radio network and communication key generation method
Nanda et al. A hybrid encryption technique for Secure-GLOR: The adaptive secure routing protocol for dynamic wireless mesh networks
Nikooghadam et al. A provably secure ECC-based roaming authentication scheme for global mobility networks
Lyu et al. Privacy-preserving data sharing scheme over cloud for social applications
Han et al. A secure trust-based key distribution with self-healing for internet of things
Haddad et al. Secure and efficient AKA scheme and uniform handover protocol for 5G network using blockchain
Lei et al. Mobile services access and payment through reusable tickets
CN103796200A (en) Method for achieving key management in wireless mobile ad hoc network based on identities
Smys et al. Secured WBANs for pervasive m-healthcare social networks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20230721

Address after: Building 2, Phase 1, E-commerce Park, Jinggang Road, Economic Development Zone, Shushan District, Hefei City, Anhui Province, 230000

Patentee after: Hefei Hongkou Health Management Co.,Ltd.

Address before: 610031 north section of two ring road, Sichuan, Chengdu

Patentee before: SOUTHWEST JIAOTONG University

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20230803

Address after: Room 208, Hard Technology Innovation Community, No. 266 Taibai North Road, Beilin District, Xi'an City, Shaanxi Province, 710000

Patentee after: Xi'an Zhima Xinchuang Technology Co.,Ltd.

Address before: Building 2, Phase 1, E-commerce Park, Jinggang Road, Economic Development Zone, Shushan District, Hefei City, Anhui Province, 230000

Patentee before: Hefei Hongkou Health Management Co.,Ltd.