A kind of handshake protocol method of suitable ultra-wide band network
Technical field
The present invention relates to a kind of handshake protocol method of suitable ultra-wide band network.
Background technology
(ECMA) standard to describe is ultra-wide band network (Ultra Wideband) physical layer and MAC layer standard to ECMA368 for European manufacturer computer association, European Computer ManufacturersAssociation.Ultra-wide band network is a kind of carrierfree communication technology, utilizes the sinusoidal wave burst pulse transmission data of nanosecond to the microsecond level.Design a kind of Handshake Protocol in the ECMA368 standard, be used to set up the pair temporal key PTK (Pairwise Temporal Key) between the ultra-wide band network equipment.This Handshake Protocol is:
1) promoter sends message 1=MN||SC||PTKID||MKID||I-Nonce||PTK-MIC to the respondent, message sequence number MN=1 wherein, conditional code SC=0, presentation protocol is in normal condition, pair temporal key sign PTKID be promoter's picked at random value (not with this locality storage or ongoing Handshake Protocol or the temporary key sign TKID (Temporal Key Identifier) that uses in temporary key GTK (the Group Temporal Key) distribution protocol in groups identical), master key sign MKID is the sign of pairwise master key PMK, I-Nonce is the random number that the promoter produces, pair temporal key message integrity code PTK-MIC=0, pair temporal key message integrity code PTK-MIC is not calculated in expression;
2) after the respondent receives message 1, if message sequence number MN=1, conditional code SC=0 and pair temporal key message integrity code PTK-MIC=0 are false, and then abandon this message, otherwise whether checking master key sign MKID is the sign of promoter and the pre-pairwise master key PMK that shares of respondent; If not, then abandon this message, otherwise whether checking exists the Handshake Protocol that uses this master key sign MKID carrying out; If exist, then abandon this message and conditional code SC=2 (there is the Handshake Protocol that uses this master key sign MKID carrying out in expression) is set and report protocol status to the promoter, otherwise checking pair temporal key sign PTKID; If pair temporal key sign PTKID and local storage or ongoing Handshake Protocol or the temporary key that uses in the temporary key GTK distribution protocol in groups to identify TKID identical, then abandon this message and be provided with that conditional code SC=3 (represent this pair temporal key sign PTKID and local storage or ongoing Handshake Protocol or the temporary key sign TKID that uses in the temporary key GTK distribution protocol in groups identical) is next to report protocol status to the promoter, otherwise generate random number R-Nonce and utilize spread function pairwise master key PMK, I-Nonce, R-Nonce, promoter's MAC Address I-MAC and respondent's MAC Address R-MAC calculate pair temporal key PTK and key confirmation key K CK (KeyConfirmation Key), send message 2=MN||SC||PTKID||MKID||R-Nonce||PTK-MIC to the promoter then, message sequence number MN=2 wherein, conditional code SC=0, pair temporal key sign PTKID and master key sign MKID are identical with respective value in the message 1, and pair temporal key message integrity code PTK-MIC utilizes local key confirmation key K CK to message 2 (other parameters except that pair temporal key message integrity code PTK-MIC), the message integrity code MIC (MessageIntegrity Code) that promoter's MAC Address I-MAC and respondent's MAC Address R-MAC calculate;
3) after the promoter receives message 2, if message sequence number MN=2, conditional code SC=0, pair temporal key sign PTKID and master key sign MKID are that the respective value in the message 1 is false, then abandon this message, otherwise utilize spread function to pairwise master key PMK, I-Nonce, R-Nonce, promoter's MAC Address I-MAC and respondent's MAC Address R-MAC calculate pair temporal key PTK and key confirmation key K CK, utilize local key confirmation key K CK to recomputate message 2 (other parameters except that pair temporal key message integrity code PTK-MIC) then, the message integrity code MIC of promoter's MAC Address I-MAC and respondent's MAC Address R-MAC also compares with pair temporal key message integrity code PTK-MIC in the message 2; If both are inequality, then abandon this message and conditional code SC=1 (expression safety verification not by) is set and report protocol status to the respondent, otherwise send message 3=MN||SC||PTKID||MKID||I-Nonce||PTK-MIC to the respondent, message sequence number MN=3 wherein, conditional code SC=0, pair temporal key sign PTKID and master key sign MKID are identical with respective value in the message 2, and pair temporal key message integrity code PTK-MIC utilizes local key confirmation key K CK to message 3 (other parameters except that pair temporal key message integrity code PTK-MIC), the message integrity code MIC that promoter's MAC Address I-MAC and respondent's MAC Address R-MAC calculate;
4) after the respondent receives message 3, if message sequence number MN=3, conditional code SC=0, pair temporal key sign PTKID and master key sign MKID are that the respective value in the message 2 is false, then abandon this message, otherwise utilize local key confirmation key K CK recomputate message 3 (other parameters except that pair temporal key message integrity code PTK-MIC), promoter's MAC Address I-MAC and respondent MAC Address R-MAC message integrity code MIC and compare with pair temporal key message integrity code PTK-MIC in the message 3; If both are inequality, then abandon this message and conditional code SC=1 (expression safety verification not by) is set and report protocol status to the respondent, otherwise send message 4=MN||SC||PTKID||MKID||R-Nonce||PTK-MIC to the promoter, message sequence number MN=4 wherein, conditional code SC=0, pair temporal key sign PTKID and master key sign MKID are identical with respective value in the message 3, and pair temporal key message integrity code PTK-MIC utilizes local key confirmation key K CK to message 4 (other parameters except that pair temporal key message integrity code PTK-MIC), the message integrity code MIC that promoter's MAC Address I-MAC and respondent's MAC Address R-MAC calculate;
5) after the promoter receives message 4, if message sequence number MN=4, conditional code SC=0, pair temporal key sign PTKID and master key sign MKID are that the respective value in the message 3 is false, then abandon this message, otherwise utilize local key confirmation key K CK recomputate message 4 (other parameters except that pair temporal key message integrity code PTK-MIC), promoter's MAC Address I-MAC and respondent MAC Address R-MAC message integrity code MIC and compare with pair temporal key message integrity code PTK-MIC in the message 4; If both are inequality, then abandon this message and end this Handshake Protocol, otherwise promoter and respondent have completed successfully Handshake Protocol, obtained corresponding pair temporal key PTK and key confirmation key K CK separately.
Handshake Protocol from above, can find: the assailant can pretend to be the promoter to send different message 1=MN||SC||PTKID||MKID||I-Nonce||PTK-MIC to the respondent, message sequence number MN=1 wherein, conditional code SC=0, pair temporal key sign PTKID generates at random, master key sign MKID is by respondent's beacon frame or by the master key sign MKID that inquires after acquisition to the respondent, I-Nonce generates at random, pair temporal key message integrity code PTK-MIC=0.Because the message space of pair temporal key sign PTKID is 2
24The probability of collision is very little, master key sign MKID is legal master key sign MKID, I-Nonce again can not be by respondent's verification, so the respondent receives assailant's message 1 and calculates pair temporal key PTK and key confirmation key K CK, calculate the pair temporal key message integrity code PTK-MIC of message 2 (other parameters except that pair temporal key message integrity code PTK-MIC), promoter's MAC Address I-MAC and respondent's MAC Address R-MAC then, send out message 2 at last.This has caused very big computing resource waste, easily constitutes Dos and attacks.
Summary of the invention
The present invention is for solving the above-mentioned technical problem that exists in the background technology, and a kind of handshake protocol method of safe suitable ultra-wide band network is provided.
Technical solution of the present invention is: the present invention is a kind of handshake protocol method of suitable ultra-wide band network, and its special character is: this method may further comprise the steps:
1) promoter sends message 1 to the respondent, message 1 comprises MN||SC||PTKID||MKID, message sequence number MN=1 wherein, conditional code SC=0, pair temporal key sign PTKID is the value of promoter's picked at random, not with this locality storage or ongoing Handshake Protocol or the temporary key sign TKID that uses in the temporary key GTK distribution protocol in groups identical, master key sign MKID is the sign of pairwise master key PMK;
2) after the respondent receives message 1,, then abandon this message, verify then whether master key sign MKID is the sign of promoter and the pre-pairwise master key PMK that shares of respondent if set up if message sequence number MN=1 and conditional code SC=0 are false; If not, then abandon this message, be then to verify whether there is the Handshake Protocol that uses this master key sign MKID carrying out; If exist, then abandon this message and conditional code SC=2 is set and report protocol status to the promoter, if do not exist, then verify pair temporal key sign PTKID; If pair temporal key sign PTKID and local storage or ongoing Handshake Protocol or the temporary key that uses in the temporary key GTK distribution protocol in groups to identify TKID identical, then abandon this message and conditional code SC=3 is set and report protocol status to the promoter, if it is inequality, then generate random number R-Nonce and send message 2 to the promoter, message 2 comprises MN||SC||PTKID||MKID||R-Nonce, message sequence number MN=2 wherein, conditional code SC=0, pair temporal key sign PTKID and master key sign MKID are identical with respective value in the message 1;
3) after the promoter receives message 2, if message sequence number MN=2, conditional code SC=0, pair temporal key sign PTKID and master key sign MKID are that the respective value in the message 1 is false, then abandon this message, set up, then generate random number I-Nonce and utilize spread function pairwise master key PMK, I-Nonce, R-Nonce, promoter's MAC Address I-MAC and respondent's MAC Address R-MAC calculate pair temporal key PTK and local key confirmation key K CK, send message 3 to the promoter then, message 3 comprises MN||SC||PTKID||MKID||I-Nonce||R-Nonce||PTK-MIC, message sequence number MN=3 wherein, conditional code SC=0, pair temporal key sign PTKID and master key sign MKID are identical with respective value in the message 2, and pair temporal key message integrity code PTK-MIC utilizes local key confirmation key K CK to message 3 (other parameters except that pair temporal key message integrity code PTK-MIC), the message integrity code MIC that promoter's MAC Address I-MAC and respondent's MAC Address R-MAC calculate;
4) after the respondent receives message 3, if message sequence number MN=3, conditional code SC=0, pair temporal key sign PTKID and master key sign MKID are that the respective value in the message 2 is false, then abandon this message, set up, then at first utilize spread function to pairwise master key PMK, I-Nonce, R-Nonce, promoter's MAC Address I-MAC and respondent's MAC Address R-MAC calculate pair temporal key PTK and local key confirmation key K CK, utilize local key confirmation key K CK to recomputate (other parameters except that pair temporal key message integrity code PTK-MIC) in the message 3 then, the message integrity code MIC of promoter's MAC Address I-MAC and respondent's MAC Address R-MAC also compares with pair temporal key message integrity code PTK-MIC in the message 3; If both are inequality, then abandon this message and conditional code SC=1 is set and report protocol status to the promoter, otherwise send message 4 to the promoter, message 4 comprises MN||SC||PTKID||MKID||I-Nonce||PTK-MIC, message sequence number MN=4 wherein, conditional code SC=0, pair temporal key sign PTKID and master key sign MKID are identical with respective value in the message 3, and pair temporal key message integrity code PTK-MIC utilizes local key confirmation key K CK to message 4 (other parameters except that pair temporal key message integrity code PTK-MIC), the message integrity code MIC that promoter's MAC Address I-MAC and respondent's MAC Address R-MAC calculate;
5) after the promoter receives message 4, if message sequence number MN=4, conditional code SC=0, pair temporal key sign PTKID and master key sign MKID are that the respective value in the message 3 is false, then abandon this message, set up, then utilize local key confirmation key K CK recomputate message 4 (other parameters except that pair temporal key message integrity code PTK-MIC), promoter's MAC Address I-MAC and respondent MAC Address R-MAC message integrity code MIC and compare with pair temporal key message integrity code PTK-MIC in the message 4; If both are inequality, then abandon this message and end this Handshake Protocol, identical, then promoter and respondent have completed successfully Handshake Protocol, have obtained corresponding pair temporal key PTK and local key confirmation key K CK separately.
The handshake protocol method of suitable ultra-wide band network provided by the invention, after the respondent receives the 1st message, if master key sign MKID and PKID are legal, generate random number R-Nonce so and construct the 2nd message and send to the promoter,, that is to say without any amount of calculation, even the assailant forges the 1st different message and sends to the respondent, the respondent is difficult to realize thereby Dos is attacked also without the consumption calculations resource, and is safe.
Embodiment
Specific implementation method of the present invention is as follows:
1) promoter sends message 1 to the respondent, message 1 comprises MN||SC||PTKID||MKID, message sequence number MN=1 wherein, conditional code SC=0, pair temporal key sign PTKID is the value of promoter's picked at random, not with this locality storage or ongoing Handshake Protocol or the temporary key sign TKID that uses in the temporary key GTK distribution protocol in groups identical, master key sign MKID is the sign of pairwise master key PMK;
2) after the respondent receives message 1,, then abandon this message, verify then whether master key sign MKID is the sign of promoter and the pre-pairwise master key PMK that shares of respondent if set up if message sequence number MN=1 and conditional code SC=0 are false; If not, then abandon this message, be then to verify whether there is the Handshake Protocol that uses this master key sign MKID carrying out; If exist, then abandon this message and conditional code SC=2 is set and report protocol status to the promoter, if do not exist, then verify pair temporal key sign PTKID; If pair temporal key sign PTKID and local storage or ongoing Handshake Protocol or the temporary key that uses in the temporary key GTK distribution protocol in groups to identify TKID identical, then abandon this message and conditional code SC=3 is set and report protocol status to the promoter, if it is inequality, then generate random number R-Nonce and send message 2 to the promoter, message 2 comprises MN||SC||PTKID||MKID||R-Nonce, message sequence number MN=2 wherein, conditional code SC=0, pair temporal key sign PTKID and master key sign MKID are identical with respective value in the message 1;
3) after the promoter receives message 2, if message sequence number MN=2, conditional code SC=0, pair temporal key sign PTKID and master key sign MKID are that the respective value in the message 1 is false, then abandon this message, set up, then generate random number I-Nonce and utilize spread function pairwise master key PMK, I-Nonce, R-Nonce, promoter's MAC Address I-MAC and respondent's MAC Address R-MAC calculate pair temporal key PTK and local key confirmation key K CK, send message 3 to the promoter then, message 3 comprises MN||SC||PTKID||MKID||I-Nonce||R-Nonce||PTK-MIC, message sequence number MN=3 wherein, conditional code SC=0, pair temporal key sign PTKID and master key sign MKID are identical with respective value in the message 2, and pair temporal key message integrity code PTK-MIC utilizes local key confirmation key K CK to message 3 (other parameters except that pair temporal key message integrity code PTK-MIC), the message integrity code MIC that promoter's MAC Address I-MAC and respondent's MAC Address R-MAC calculate;
4) after the respondent receives message 3, if message sequence number MN=3, conditional code SC=0, pair temporal key sign PTKID and master key sign MKID are that the respective value in the message 2 is false, then abandon this message, set up, then at first utilize spread function to pairwise master key PMK, I-Nonce, R-Nonce, promoter's MAC Address I-MAC and respondent's MAC Address R-MAC calculate pair temporal key PTK and local key confirmation key K CK, utilize local key confirmation key K CK to recomputate (other parameters except that pair temporal key message integrity code PTK-MIC) in the message 3 then, the message integrity code MIC of promoter's MAC Address I-MAC and respondent's MAC Address R-MAC also compares with pair temporal key message integrity code PTK-MIC in the message 3; If both are inequality, then abandon this message and conditional code SC=1 is set and report protocol status to the promoter, otherwise send message 4 to the promoter, message 4 comprises MN||SC||PTKID||MKID||I-Nonce||PTK-MIC, message sequence number MN=4 wherein, conditional code SC=0, pair temporal key sign PTKID and master key sign MKID are identical with respective value in the message 3, and pair temporal key message integrity code PTK-MIC utilizes local key confirmation key K CK to message 4 (other parameters except that pair temporal key message integrity code PTK-MIC), the message integrity code MIC that promoter's MAC Address I-MAC and respondent's MAC Address R-MAC calculate;
5) after the promoter receives message 4, if message sequence number MN=4, conditional code SC=0, pair temporal key sign PTKID and master key sign MKID are that the respective value in the message 3 is false, then abandon this message, set up, then utilize local key confirmation key K CK recomputate message 4 (other parameters except that pair temporal key message integrity code PTK-MIC), promoter's MAC Address I-MAC and respondent MAC Address R-MAC message integrity code MIC and compare with pair temporal key message integrity code PTK-MIC in the message 4; If both are inequality, then abandon this message and end this Handshake Protocol, identical, then promoter and respondent have completed successfully Handshake Protocol, have obtained corresponding pair temporal key PTK and local key confirmation key K CK separately.