KR100995360B1 - A Method of Heterogenous Network Management Scheme based on Static TTP. - Google Patents

Abstract

The present invention relates to a method for managing a heterogeneous network based on a tipipi, and more particularly, to secure a network in a heterogeneous network environment, using a secure mutual authentication and a 1-out-2 lost communication path based on a static TTP. The present invention relates to a TITP-based heterogeneous network management method that provides not only safety but efficiency of a network by performing communication.

The heterogeneous network management method of the present invention Titipi,

Generating an independent value of the mobile entity, generating a public key in the intermediate entity to generate mutual authentication values between the mobile entities, and verifying the mutual authentication value;

A second step of generating an initial value for initializing a group between arbitrary moving objects and registering a public key of the moving object in the intermediate object;

And a third step of performing mutual authentication between arbitrary mobile entities.

According to the present invention, an independent value assigned from a central entity and an arbitrary public key can be generated and verified based on this, and then mutually authenticated communication can be performed.

Ubiquitous environment, heterogeneous network security, overlay network, user authentication.

Description

A method of Heterogenous Network Management Scheme based on Static TTP.

The present invention relates to a TTP-based heterogeneous network management method, and more particularly, to secure mutual authentication and 1-out-2 lost communication based on a static trusted third party (TTP) for secure network management in a heterogeneous network environment. The present invention relates to a TITP-based heterogeneous network management method that provides not only security but also efficiency for a network by performing cryptographic communication using a furnace.

The prior art can be classified into a method using a threshold public key, an improved threshold public key method, and an ID base. Each method is as follows.

Threshold public key was proposed in 1999 by Zhou et al. And used threshold public key management.

The proposed scheme is a scheme in which the public key is known to all nodes and the secret key is threshold shared by n nodes. The characteristic is that each node performs mutual authentication using the secret key shared by the selected node. That's the way.

However, the above method includes the following vulnerabilities.

First, a problem arises regarding who will select n nodes among the nodes in the management policy.

In other words, if an unauthorized node is selected as a node sharing a secret key, a problem may arise in the security policy.

Therefore, consistency of security management by trusted entities is required.

Second, in mutual authentication, one node must be aware of when public key signing is required, and there is no way to verify whether public key signing is required if a particular node requests n selected nodes for the threshold number.

Therefore, mutual authentication between nodes is required, and for this purpose, mutual authentication between separate nodes is required.

Third, there is a problem of network availability and robustness according to the use of threshold value in the efficiency of network management.

If the threshold value is large, availability will decrease but robustness will increase.

Therefore, safety and efficiency must be maintained.

Secondly, the Threshold public key scheme is proposed to improve the fairness and availability of the threshold public key scheme, and all nodes play the role of a public key authority.

If authentication of a node is required, the nodes that receive the threshold number update or generate authentication elements through communication with neighboring nodes.

However, the enhanced threshold public key approach has the following security vulnerabilities:

First, the proposed scheme in terms of network efficiency is that participating nodes play the role of public key authority, so the computational efficiency of participating nodes increases the resources of participating nodes as the number of network configuration entities increases.

Second, in terms of security against external attackers, an attacker can obtain sufficient forms of resources to select many authentication information.

In the network configuration, an attacker can acquire enough private key and public key information of the nodes, resulting in security vulnerability of the new attack.

Finally, the ID-Based network management scheme proposed in 2004 by Deng et al. Creates a public / private key pair by all nodes collaborating in the initial state.

The ID-Based method assumes that each node has a unique IP address or participates in the network with authentication information, so that each node shares only a part of the system's private key and sends authentication information in response.

During the initialization process, each node must connect to at least t neighbor nodes, and the t nodes perform a joint operation to generate a private secret key and transmit it safely.

However, the above method includes the following vulnerabilities.

First, in the efficiency of the nodes, as each node participates in generating the secret key to the neighbor nodes, not only the computational efficiency of the nodes participating in the entire network is lowered but also the network efficiency is lowered.

Second, in mutual authentication, each node must search for nodes around it to generate a secret key.

However, there is a disadvantage that privacy protection of nodes is difficult because all neighboring nodes must be searched without secure mutual authentication process.

Third, in the temporary security key usage, the temporary public key is used for communication with t nodes.

However, the temporary public key is generated by each node and transmits the value for private key generation based on this. Therefore, a session key establishment process for secure communication is required along with mutual authentication between nodes.

Accordingly, the present invention has been made to solve the above conventional problems,

An object of the present invention is to provide a heterogeneous network management method based on a static trusted third party (TTP) to secure the safety of internal network users through secure and efficient network management in a heterogeneous network environment.

Another object of the present invention is to provide security of users and networks from unauthorized attackers by providing confidentiality, integrity, and validity for protecting users' privacy in heterogeneous network environments, as well as secure communication between users. .

In order to achieve the problem to be solved by the present invention,

The heterogeneous network management method of the present invention Titipi,

Generating an independent value of the mobile entity, generating a public key in the intermediate entity to generate mutual authentication values between the mobile entities, and verifying the mutual authentication value;

A second step of generating an initial value for initializing a group between arbitrary moving objects and registering a public key of the moving object in the intermediate object;

And a third step of performing mutual authentication between arbitrary mobile entities.

Titipi-based heterogeneous network management method according to the present invention,

Independent values assigned from the central entity and arbitrary public keys can be generated, verified based on them, and mutually authenticated communications can be performed.

In addition, when transmitting privacy information of the user, the confidentiality and integrity of the data can be provided as follows to maintain the security of the transmitted data.

In other words, in terms of the confidentiality of the internal communication between the objects, the internal communication between the objects uses the modified 1-out-2 lost communication channel to receive the information through the public key signature, and the obtained message is the intermediate object. Only those entities that are mutually authenticated in communication with will provide the advantage of this.

In terms of confidentiality and integrity of the transmitted data, the confidentiality and integrity of the transmitted message during the transmission and reception of data in a heterogeneous network is maintained using information generated from a central entity, and is provided through a secure hash function. .

In addition, in the computational efficiency of participating nodes, independent values are securely received from a central trusted entity before they are generated, and independent values are generated based on them. By generating and using a key, each node generates a secret value for independent public key generation, but the actual public key operation increases efficiency for participating nodes by utilizing intermediate entities.

In addition, by performing operations related to public keys on trusted central and intermediate entities in the efficiency of network management, not only have the computational efficiency for the final nodes, but also through the 1-out-2 lost communication path for communication efficiency. By providing the efficiency of communication method, it can satisfy various security requirements for securing the safety of mobile objects by providing the safe and efficient network management method of heterogeneous network in ubiquitous environment for building a secure u-knowledge society. Providing consistent safety and efficiency contributes to the development of network and application services.

Titipi-based heterogeneous network management method according to an embodiment of the present invention for achieving the above object,

Generating a mutually independent value assigned by the central entity in the mobile entity;

A second step of generating a secret value for authentication with neighboring entities and performing communication between the intermediate entity and the central entity when the moving entities randomly move through the first step;

 Performing a communication based on a secret value between the central entity and any mobile entities;

And a fourth step of performing communication for mutual authentication between arbitrary mobile entities.

At this time, the fourth step,

It is characterized in that three arbitrary entities are configured to perform communication for mutual authentication with arbitrary mobile entities 2 and 3 in any mobile entity 1.

At this time, the arbitrary entities,

It is characterized by using a lost communication path to improve the efficiency of communication during mutual authentication.

Meanwhile, a method for managing heterogeneous networks based on TITI according to another embodiment of the present invention,

Generating an independent value of the mobile entity, generating a public key in the intermediate entity to generate mutual authentication values between the mobile entities, and verifying the mutual authentication value;

A second step of generating an initial value for initializing a group between arbitrary moving objects and registering a public key of the moving object in the intermediate object;

And a third step of performing mutual authentication between arbitrary mobile entities.

At this time, the first step,

A moving object independent value generating step of generating independent values of the moving object,

A public key generation step of generating a public key from an intermediate object,

A mutual authentication value generation step of generating mutual authentication values for moving objects;

An encryption value calculation step of calculating an encrypted value from an arbitrary mobile object and transmitting it to an intermediate object;

The intermediate entity is characterized in that it comprises a mutual authentication value verification step of transmitting the encrypted value to the central entity and verifying the mutual authentication value in the central entity.

At this time, the second step,

An initial value generation step of generating an initial value for initializing a group among arbitrary moving objects and transmitting the initial value to an intermediate object;

A public key registration step of transmitting an initial value transmitted from the moving object to the central object in the intermediate object and registering the public key of the moving object in an arbitrary group;

A verification result transmission step of verifying the transmission information in the central object and then transmitting the result to the intermediate object;

And a registration result notification step of notifying any group of the registration result of the mobile object.

At this time, the third step,

A mutual authentication value transmission step of performing mutual authentication between arbitrary moving objects;

And a mutual authentication message transmission step of transmitting a message for mutual authentication between arbitrary mobile entities to an intermediate entity.

At this time, when transmitting a message for the mutual authentication,

In order to improve the efficiency of the communication is characterized in that the use of the lost communication path.

Hereinafter, with reference to the accompanying drawings will be described in detail a preferred embodiment of the present invention Titipi-based heterogeneous network management method.

1 is a flowchart illustrating a method for managing a heterogeneous network based on TITI according to an embodiment of the present invention.

2 is a detailed flowchart of a method for managing a heterogeneous network based on TITI according to an embodiment of the present invention.

First, the following prerequisites must be satisfied for safe and efficient management of heterogeneous networks that can be implemented by the present invention.

That is, firstly, secure mutual authentication in mutual authentication should be generated through authentication information based on secret value, and through this, it should be able to maintain overall network safety.

Second, in case of transmitting user privacy information between network entities in confidentiality and integrity, it should be able to maintain safety by providing confidentiality and integrity of transmitted data.

In other words, when communicating internally between entities, communication within the network must provide confidentiality to keep it safe from attackers.

Therefore, network security for unauthorized nodes should be guaranteed as new nodes join / leave.

On the other hand, if the confidentiality and integrity of the transmission data does not provide the confidentiality and integrity of the transmission message in the transmission and reception of data in a heterogeneous network, it is very vulnerable to personal privacy information, so a security service for the transmission data is required.

Third, if a heterogeneous network is configured for the attacker, it must be possible to maintain the safety of authorized nodes by the attacker or an unauthorized third party.

The security of the network must be able to maintain safety from trusted entities in order to secure not only internal attackers but also external attackers.

Fourth, in the network management method using the public key in the computational efficiency of the participating node, only the entities requiring the secret communication should participate in the communication for the secure communication and management between the configuration entities.

In particular, due to the nature of using a public key, the overhead required for generating a security key should not affect the overall network efficiency.

Fifth, the efficiency of network management should not impede the efficiency of the entire network due to the increased amount of security services.

Therefore, there is a need for a network management method that is balanced with safety and efficiency.

Sixth, consistent management based on trusted entities is required to maintain the safety of heterogeneous networks in the consistency of management policies.

As shown in FIG. 1, the present invention provides a method for managing a heterogeneous network based on TTI,

A first step S100 of generating mutually independent values assigned from the central entity in the mobile entity;

A second step (S200) of generating a secret value for authentication with neighboring entities and performing communication between the intermediate entity and the central entity when the moving entities randomly move through the first step;

A third step (S300) of performing communication based on a secret value between the central entity and any mobile entities;

And a fourth step (S400) of performing communication for mutual authentication between arbitrary mobile entities.

In the present invention, when the mobile entities are composed of TTP (Trusted Third Party), which is a static trust authority in the heterogeneous network environment, and mobile entities, which are terminal terminals based on intermediate entities, the mobile entities perform reliable communication between the TTP and the intermediate entities when they move. Secure authentication and group them together.

Therefore, it is a safe and efficient management method of heterogeneous network through mutual authentication between mobile entities.

This completes the provision of various services and network security services for users of heterogeneous networks.

Symbols displayed in the present invention are defined as follows.

)p, q: two prime p, q (

)

)g: water g (

)

P (): probability function (probability distribution D = (U, P), U is non-empty set, u ∈ U,

,

,

)

,

,

)

)s, w, x, r: random random number (

)

F: Finite field

a: secret value for secret communication

X _i :

E (), D (): encryption, decryption algorithm

G (): public function

c: R {0,1} k

H (): safe hash function

First, the first step (S100) will be described in detail.

① Each moving object stores the functions of X ₁ , ..., X _n and g ₁ , ...., g _n , which are independent of each other, in a safe procedure from the central object in advance, and It has a value of (S110).

g ₁ (X ₁ ), ..., g _n (X _n )

Specifically, X has a random value when U is a set of X.

If X is a subset of real numbers, X has a real random value.

If X: U → X has a random value f: X → Y is a function

f (X): = fоX also has a random value.

if i = 1, ..., n, then y _i is any value of g _i (X _i )

Can be summed up as χ _i = g _i ^-1 (y _i ).

=

=

=

...

=

...

...

=

...

...

=

...

The central trust entity sends the generated (y ₁ , ..., y _n ) to the intermediate trust entity.

After transmission, the intermediate trust entity selects y _i ∈y _n to generate the following public key PU (S120).

(For mobile entity 1, the public key is PU ₁ and the private key is y _1. )

③ The intermediate entity ends the initial setting process by releasing the generated public key PU _i .

Next is the communication phase between the intermediate entity and the central entity, which proceed in the following order:

① (if n = 3 il) n pieces of any movement of the object cross If authentication is required, any object 1 is then created for Y _1, based on g ₁ has received in advance the intermediate this by calculating a _first object Send to (S130).

,

,

② The intermediate object sends a _{1 and} then sends c to the central object and the moving object 1.

③ The moving object 1 transmits V to the intermediate object after calculating S = w-cx based on c (S140).

V = E _y1 (S)

④ The intermediate entity sends V to the central entity and the central entity performs verification through the following process (S150).

The above process is performed by all mobile entities requiring mutual authentication in the same process.

The following is a second step (S200) of initializing a group and registering a mobile object between mobile objects as follows.

① The mobile entity 1 encrypts (a ₁ ) shared with the central entity with the public key PU _T and transmits the following to the intermediate entity (S210).

② The intermediate entity transmits the V transmitted from the mobile entity 1 to the central entity, and then registers the public key of the mobile entity 1 in an arbitrary group A. (S220)

③ The central entity that has received V decrypts it with its private key y _T , checks a ₁ , and sends the result to the intermediate entity. (S230)

④ The intermediate entity transmits that mobile entity 1 is registered in group A. (S240)

Reg_Message

Through the above steps, the central entity checks the authentication information of the mobile entity, and the intermediate entity manages this by arbitrarily grouping the mobile entity.

Finally, the third step, which is a step (S300) for mutual authentication between arbitrary entities, is performed by the following process.

를 생성한후 이를 공개키로 암호화하여 중간 개체에 V₁, TS를 전송한다.(S310)① Moving object 1 is a random value to send to any intermediate object

After generating V and encrypting it with the public key, V ₁ and TS are transmitted to the intermediate entity (S310).

를 임 시 저장하고 r_i와 x_ri( r_i ={0, 1}, x_ri ∈ _UZ_n )를 선택하고 w와 TS를 이동 개체 1에 전송한다.② In the intermediate object, check V ₁ from any moving object 1

Is temporarily stored, select r _i and x _ri (r _i = {0, 1}, x _ri ∈ _U Z _n ) and transfer w and TS to mobile entity 1.

을 검증한 뒤 그룹 초기화 단계에서 중앙 개체와 공유한 a₁을 이용하여

과

를 다음과 같이 계산하여 중간 개체에 전송한다. (S320)③ The moving object 1

After verifying, we use a ₁ shared with the central entity in the group initialization stage.

and

Calculate as follows and send it to the intermediate object. (S320)

(M ₀ and M ₁ are messages for mutual authentication between arbitrary mobile entities)

,

,

을 전송받은 중간 개체는

을 계산하여

을 중앙 개체에 전송한다.④

The intermediate object that received the

By calculating

To the central object.

를 복호화한 뒤 상호 인증 메시지 M₀를 중간 개체에 전송한다.⑤ The central entity

After decrypting, the mutual authentication message M ₀ is transmitted to the intermediate entity.

=

을 비교한 뒤 올바른 경우 설정된 임시 그룹의 인증 정보 등록하며, 이동 개체 2와 3에 인증 결과를 전송한 뒤 이동 개체 1과 의 통신을 종료한다.⑥ The intermediate object temporarily stores M ₀ transmitted from the central object and transfers it from the moving object 1.

=

After comparing the information, register the authentication information of the set temporary group if correct, and transmit the authentication result to the mobile objects 2 and 3, and then terminate the communication with the mobile object 1.

Through the above operation principle, it is possible to generate independent values and random public keys assigned from the central entity, verify them based on them, and perform mutual authentication. When transmitting privacy information, confidentiality of data And integrity can be provided as follows to maintain the safety of transmitted data.

Those skilled in the art to which the present invention pertains as described above may understand that the present invention may be implemented in other specific forms without changing the technical spirit or essential features of the present invention. Therefore, the above-described embodiments are to be understood as illustrative in all respects and not restrictive.

The scope of the present invention is defined by the appended claims rather than the detailed description and all changes or modifications derived from the meaning and scope of the claims and their equivalents are to be construed as being included within the scope of the present invention do.

Titipi-based heterogeneous network management method according to the present invention,

It will be widely used in ubiquitous applications as it can generate independent values and random public keys assigned from central entities, verify them based on them, and perform mutually authenticated communication.

1 is a flowchart illustrating a method for managing a heterogeneous network based on TITI according to an embodiment of the present invention.

2 is a detailed flowchart of a method for managing a heterogeneous network based on TITI according to an embodiment of the present invention.

Claims (8)

A first step of generating, at the mobile entities, mutually independent values assigned from the central entity; A second step of generating a secret value for authentication with neighboring entities and performing communication between the intermediate entity and the central entity when the moving entities randomly move through the first step;  Performing a communication based on a secret value between the central entity and the mobile entities; And a fourth step of performing communication for mutual authentication between the moving entities. The method of claim 1, The fourth step, TIP-based heterogeneous network management method, characterized in that three random entities are configured to perform communication for mutual authentication with arbitrary mobile entities 2 and 3 in any mobile entity 1. delete Generating independent values of the moving objects, generating a public key in the intermediate object, generating a mutual authentication value between the moving objects, and verifying the mutual authentication value; Generating an initial value for initializing a group between moving objects and registering a public key of the moving objects in the intermediate object; And a third step of performing mutual authentication between the moving entities. The method of claim 4, wherein The first step, A moving object independent value generating step of generating independent values of moving objects, A public key generation step of generating a public key from an intermediate object, A mutual authentication value generation step of generating mutual authentication values for moving objects; An encryption value calculation step of calculating an encrypted value from moving objects and transmitting the encrypted value to an intermediate object; The intermediate entity transmits an encrypted value to the central entity and comprises a mutual authentication value verification step of verifying mutual authentication values at the central entity. The method of claim 4, wherein The second step, An initial value generation step of generating an initial value for initializing a group between moving objects and transmitting the initial value to an intermediate object; A public key registration step of transmitting an initial value transmitted from moving objects from the intermediate object to the central object and registering the public keys of the moving objects in an arbitrary group; A verification result transmission step of verifying the transmission information in the central object and then transmitting the result to the intermediate object; TIP-based heterogeneous network management method comprising the step of notifying the registration result of the registration of the mobile entities to any group. The method of claim 4, wherein The third step, A mutual authentication value transmission step of performing mutual authentication between moving objects; A method for managing a heterogeneous network based on a TIP, comprising the step of transmitting a mutual authentication message for transmitting a message for mutual authentication between moving objects to an intermediate object. delete

Images