CN101159538A - 一种密钥管理方法 - Google Patents
一种密钥管理方法 Download PDFInfo
- Publication number
- CN101159538A CN101159538A CNA2007100190909A CN200710019090A CN101159538A CN 101159538 A CN101159538 A CN 101159538A CN A2007100190909 A CNA2007100190909 A CN A2007100190909A CN 200710019090 A CN200710019090 A CN 200710019090A CN 101159538 A CN101159538 A CN 101159538A
- Authority
- CN
- China
- Prior art keywords
- message
- authenticator
- key
- requestor
- key management
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
- H04L9/0841—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
- H04L9/0844—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
- H04L9/3273—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0433—Key management protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/126—Anti-theft arrangements, e.g. protection against subscriber identity module [SIM] cloning
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Small-Scale Networks (AREA)
Abstract
本发明涉及一种密钥管理方法,为一种增强的RSNA的4步握手协议。其包括以下步骤:1认证器在消息(1)上添加密钥协商标识KNID和消息完整性码MIC后,发送给请求者;2请求者收到消息(1)后验证其中的MIC字段是否正确,不正确则直接丢弃;否则进行其他验证,验证成功则向认证器发送消息(2);3认证器收到消息(2)后进行验证,验证成功则向请求者发送消息(3);4请求者收到消息(3)后进行验证,验证成功则向认证器发送消息(4);5认证器收到消息(4)后进行验证,验证成功则4步握手协议成功完成,认证器和请求者协商出一致的单播临时密钥UTK,并各自得到对方的组播主密钥GMK。本发明解决了目前RSNA安全机制中密钥管理协议存在的DoS攻击问题。
Description
技术领域
本发明涉及一种密钥管理方法,尤其是一种用于RSNA的密钥管理方法。
背景技术
为了解决无线局域网WLAN(Wireless Local Area Network)国际标准ISO/IEC 8802-11中定义的WEP(Wired Equivalent Privacy)安全机制存在的安全漏洞,IEEE组织颁布了IEEE 802.11i标准,在后向兼容的基础上,提出了鲁棒安全网络关联RSNA(Robust Security Network Association)技术弥补WEP存在的安全漏洞。
RSNA通过基于扩展认证协议EAP(Extended Authentication Protocol)的IEEE 802.1x与4步握手协议(4-way Handshake),实现认证与密钥分发功能。该安全机制均较好地解决了WLAN的安全问题,但由于这种机制在设计时更多考虑了安全性,而没有过多考虑协议的可用性,因此其4步握手协议存在DoS攻击问题。这是由于4步握手协议的第一个消息未采取保护措施,裸露的消息1可被攻击者利用。
对于认证器(Authenticator),最多与每个请求者(Supplicant)存在一个握手,并具有超时重发功能,但请求者却不能采用同样的策略。若请求者配置成完全状态的,即仅期望某个特定消息的应答,现考虑请求者接收到消息1并发出消息2这种情况,若消息2由于各种原因丢失了,认证器将得不到期望的消息2,因此认证器超时之后会重传消息1,但由于请求者仅期望收到消息3,则会丢弃该重传的消息1,引起协议失败,则攻击者利用这一点可以抢先在合法消息1之前发送伪造的消息1,造成请求者阻塞协议。因此在握手过程中,请求者必须允许接受多个消息1以保证协议能够继续,即请求者必须允许多个握手实例同时运行。
协议阻塞攻击是由于消息1的薄弱性造成的,为回避此问题,在协议实施时,请求者可存储多个单播临时密钥UTK(Unicast Temporal Key),一个为合法的单播临时密钥,其余为临时的单播临时密钥。收到消息1时仅更新临时的单播临时密钥,只有收到带有有效消息完整性码MIC(MessageIntegrity Code)的消息3时才更新合法的单播临时密钥。若攻击者发送多个携带不同Nonce的消息1,为了确保不阻塞合法认证器的协议执行,请求者必须采用相当大的存储空间来存储所有收到的消息1中的Nonce、本地新产生的Nonce及对应的临时的单播临时密钥,直到它完成握手并得到一个合法的单播临时密钥。单播临时密钥的计算虽然花费不大,不会造成CPU耗尽攻击,但攻击者若有意提高伪造消息1的发送频率,则存在存储耗尽的危险。这种伪造攻击易于实施,造成的危害也比较严重,一次成功的攻击将使得先期的对认证过程的种种努力化为泡影。
发明内容
本发明为解决背景技术中存在的上述技术问题,而提供一种可防止DoS攻击的密钥管理方法。
本发明的技术解决方案是:本发明为一种密钥管理方法,其特殊之处在于:该方法为一种增强的RSNA的4步握手协议,其包括以下步骤:
1)、认证器在消息1原有定义内容的基础上,添加密钥协商标识KNID和消息完整性码MIC,构成新的消息1后,发送给请求者;
2)、请求者收到新的消息1之后,验证其中的MIC字段是否正确,若不正确,则直接丢弃;否则,进行原有验证,若验证成功,则向认证器发送消息2;
3)、认证器收到消息2之后,进行原有验证,若验证成功,则向请求者发送消息3;
4)、请求者收到消息3之后,进行原有验证,若验证成功,则向认证器发送消息4;
5)、认证器收到消息4之后,进行原有验证,若验证成功,则4步握手协议成功完成,认证器和请求者协商出一致的单播临时密钥UTK,并各自得到对方的组播主密钥GMK。
上述步骤1)中MIC为认证器利用认证阶段已协商的成对主密钥PMK对MIC字段之前的所有字段计算的杂凑值。
上述步骤1)中的KNID,若此次过程为RSNA认证成功后的首次4步握手协议,则其为认证器产生的随机数,若为密钥更新过程,则其为上一次4步握手协议成功后,认证器根据PMK、NonceA、NonceS计算得到的值。
若为密钥更新过程,步骤2)中请求者还要验证KNID是否正确,不正确,则直接丢弃。
上述消息1原有定义内容以及消息2、消息3和消息4的内容分别与IEEE802.11i-2004标准文本中的定义相同。
上述原有验证均为IEEE 802.11i-2004标准文本中的验证过程。
本发明通过在原有的RSNA的4步握手方法的消息1的基础上添加消息完整性码MIC和密钥协商标识KNID,防止对消息1的伪造和重放,以增强协议的安全性和健壮性,解决了目前RSNA安全机制中密钥管理协议存在的DoS攻击问题。
具体实施方式
本发明的具体方法如下:
1)、认证器在消息1原有定义内容的基础上,添加密钥协商标识KNID(Key Negotiation IDentifier)和消息完整性码MIC,构成新的消息1后,发送给请求者;
2)、请求者收到新的消息1之后,验证其中的MIC字段是否正确,若不正确,则直接丢弃;否则,进行原有验证,若验证成功,则向认证器发送消息2;消息2的内容与原有定义相同;
需说明的是:新消息1中的MIC为认证器利用认证阶段已协商的成对主密钥PMK(Pairwise Master Key)对MIC字段之前的所有字段计算的杂凑值;新消息1中的KNID,若此次过程为RSNA认证成功后的首次4步握手协议,则其为认证器产生的随机数,若为密钥更新过程,则其为上一次4步握手协议成功后,认证器根据PMK、NonceA、NonceS计算得到的值。MIC字段的添加杜绝了攻击者对消息1的伪造,KNID的这种设计使认证器和请求者能够实现同步功能,杜绝了攻击者对消息1的重放。在密钥更新过程中,请求者对消息1的验证还应包含对KNID的验证,
3)、认证器收到消息2之后,进行原有验证,若验证成功,则向请求者发送消息3;消息3的内容与原有定义相同;
4)、请求者收到消息3之后,进行原有验证,若验证成功,则向认证器发送消息4;消息4的内容与原有定义相同;
5)、认证器收到消息4之后,进行原有验证,若验证成功,则4步握手协议成功完成,认证器和请求者协商出一致的单播临时密钥UTK,并各自得到对方的组播主密钥GMK(Group Master Key)。
名词解释:
NonceA:认证器产生的一次性随机数;
NonceS:请求者产生的一次性随机数。
原有定义和原有验证指的是IEEE 802.11i-2004标准文本中的定义和验证。
Claims (6)
1.一种密钥管理方法,其特征在于:该方法为一种增强的RSNA的4步握手协议,其包括以下步骤:
1)、认证器在消息(1)原有定义内容的基础上,添加密钥协商标识KNID和消息完整性码MIC,构成新的消息(1)后,发送给请求者;
2)、请求者收到新的消息(1)之后,验证其中的MIC字段是否正确,若不正确,则直接丢弃;否则,进行原有验证,若验证成功,则向认证器发送消息(2);
3)、认证器收到消息(2)之后,进行原有验证,若验证成功,则向请求者发送消息(3);
4)、请求者收到消息(3)之后,进行原有验证,若验证成功,则向认证器发送消息(4);
5)、认证器收到消息(4)之后,进行原有验证,若验证成功,则4步握手协议成功完成,认证器和请求者协商出一致的单播临时密钥UTK,并各自得到对方的组播主密钥GMK。
2.根据权利要求1所述的密钥管理方法,其特征在于:所述步骤1)中消息完整性码MIC为认证器利用认证阶段已协商的成对主密钥PMK对MIC字段之前的所有字段计算的杂凑值。
3.根据权利要求1所述的密钥管理方法,其特征在于:所述步骤1)中的密钥协商标识KNID,若此次过程为RSNA认证成功后的首次4步握手协议,则其为认证器产生的随机数,若为密钥更新过程,则其为上一次4步握手协议成功后,认证器根据成对主密钥PMK、NonceA、NonceS计算得到的值。
4.根据权利要求1或2或3所述的密钥管理方法,其特征在于:若为密钥更新过程,所述步骤2)中请求者还要验证KNID是否正确,不正确,则直接丢弃。
5.根据权利要求4所述的密钥管理方法,其特征在于:所述消息(1)原有定义内容以及消息(2)、消息(3)和消息(4)的内容分别与IEEE802.11i-2004标准文本中的定义相同。
6.根据权利要求4所述的密钥管理方法,其特征在于:所述原有验证均为IEEE 802.11i-2004标准文本中的验证过程。
Priority Applications (7)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNA2007100190909A CN101159538A (zh) | 2007-11-16 | 2007-11-16 | 一种密钥管理方法 |
RU2010123869/08A RU2010123869A (ru) | 2007-11-16 | 2008-11-14 | Способ управления ключами |
EP08855262A EP2211496A1 (en) | 2007-11-16 | 2008-11-14 | Key management method |
PCT/CN2008/073051 WO2009067933A1 (fr) | 2007-11-16 | 2008-11-14 | Procédé de gestion de clé |
KR1020107013125A KR20100082374A (ko) | 2007-11-16 | 2008-11-14 | 키 관리 방법 |
JP2010533418A JP2011504025A (ja) | 2007-11-16 | 2008-11-14 | キー管理方法 |
US12/743,168 US20100257361A1 (en) | 2007-11-16 | 2008-11-14 | Key management method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNA2007100190909A CN101159538A (zh) | 2007-11-16 | 2007-11-16 | 一种密钥管理方法 |
Publications (1)
Publication Number | Publication Date |
---|---|
CN101159538A true CN101159538A (zh) | 2008-04-09 |
Family
ID=39307475
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNA2007100190909A Pending CN101159538A (zh) | 2007-11-16 | 2007-11-16 | 一种密钥管理方法 |
Country Status (7)
Country | Link |
---|---|
US (1) | US20100257361A1 (zh) |
EP (1) | EP2211496A1 (zh) |
JP (1) | JP2011504025A (zh) |
KR (1) | KR20100082374A (zh) |
CN (1) | CN101159538A (zh) |
RU (1) | RU2010123869A (zh) |
WO (1) | WO2009067933A1 (zh) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2009067933A1 (fr) * | 2007-11-16 | 2009-06-04 | China Iwncomm Co., Ltd | Procédé de gestion de clé |
CN101908961A (zh) * | 2010-07-29 | 2010-12-08 | 北京交通大学 | 一种短密钥环境下多方秘密握手方法 |
CN101442531B (zh) * | 2008-12-18 | 2011-06-29 | 西安西电捷通无线网络通信股份有限公司 | 一种安全协议第一条消息的保护方法 |
WO2011075976A1 (zh) * | 2009-12-21 | 2011-06-30 | 西安西电捷通无线网络通信股份有限公司 | 用户终端之间安全连接的建立方法及系统 |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102883316B (zh) * | 2011-07-15 | 2015-07-08 | 华为终端有限公司 | 建立连接的方法、终端和接入点 |
CN107995151B (zh) * | 2016-10-27 | 2020-02-21 | 腾讯科技(深圳)有限公司 | 登录验证方法、装置及系统 |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI268083B (en) * | 2004-11-17 | 2006-12-01 | Draytek Corp | Method used by an access point of a wireless LAN and related apparatus |
WO2006093161A1 (ja) * | 2005-03-04 | 2006-09-08 | Matsushita Electric Industrial Co., Ltd. | 鍵配信制御装置、無線基地局装置および通信システム |
KR101248906B1 (ko) * | 2005-05-27 | 2013-03-28 | 삼성전자주식회사 | 무선 랜에서의 키 교환 방법 |
CN100579010C (zh) * | 2007-05-09 | 2010-01-06 | 中兴通讯股份有限公司 | 密钥生成及传输方法和系统 |
CN101159538A (zh) * | 2007-11-16 | 2008-04-09 | 西安西电捷通无线网络通信有限公司 | 一种密钥管理方法 |
-
2007
- 2007-11-16 CN CNA2007100190909A patent/CN101159538A/zh active Pending
-
2008
- 2008-11-14 EP EP08855262A patent/EP2211496A1/en not_active Withdrawn
- 2008-11-14 WO PCT/CN2008/073051 patent/WO2009067933A1/zh active Application Filing
- 2008-11-14 KR KR1020107013125A patent/KR20100082374A/ko not_active Application Discontinuation
- 2008-11-14 JP JP2010533418A patent/JP2011504025A/ja not_active Withdrawn
- 2008-11-14 US US12/743,168 patent/US20100257361A1/en not_active Abandoned
- 2008-11-14 RU RU2010123869/08A patent/RU2010123869A/ru not_active Application Discontinuation
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2009067933A1 (fr) * | 2007-11-16 | 2009-06-04 | China Iwncomm Co., Ltd | Procédé de gestion de clé |
CN101442531B (zh) * | 2008-12-18 | 2011-06-29 | 西安西电捷通无线网络通信股份有限公司 | 一种安全协议第一条消息的保护方法 |
WO2011075976A1 (zh) * | 2009-12-21 | 2011-06-30 | 西安西电捷通无线网络通信股份有限公司 | 用户终端之间安全连接的建立方法及系统 |
US8831227B2 (en) | 2009-12-21 | 2014-09-09 | China Iwncomm Co., Ltd. | Method and system for establishing secure connection between stations |
CN101908961A (zh) * | 2010-07-29 | 2010-12-08 | 北京交通大学 | 一种短密钥环境下多方秘密握手方法 |
CN101908961B (zh) * | 2010-07-29 | 2012-07-11 | 北京交通大学 | 一种短密钥环境下多方秘密握手方法 |
Also Published As
Publication number | Publication date |
---|---|
EP2211496A1 (en) | 2010-07-28 |
US20100257361A1 (en) | 2010-10-07 |
JP2011504025A (ja) | 2011-01-27 |
KR20100082374A (ko) | 2010-07-16 |
WO2009067933A1 (fr) | 2009-06-04 |
RU2010123869A (ru) | 2011-12-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN100566240C (zh) | 一种wapi单播密钥协商方法 | |
He et al. | Analysis of the 802.11 i 4-way handshake | |
US8312278B2 (en) | Access authentication method applying to IBSS network | |
Singh et al. | Detecting and Reducing the Denial of Service attacks in WLANs | |
JP5301680B2 (ja) | セキュリティ・プロトコルの最初のメッセージの保護方法 | |
CN101159538A (zh) | 一种密钥管理方法 | |
WO2010135890A1 (zh) | 基于对称加密算法的双向认证方法及系统 | |
US8705734B2 (en) | Method and system for authenticating a mobile terminal in a wireless communication system | |
CN115038084A (zh) | 一种面向蜂窝基站的去中心化可信接入方法 | |
Zha et al. | Security improvements of IEEE 802.11 i 4-way handshake scheme | |
Malekzadeh et al. | Security improvement for management frames in IEEE 802.11 wireless networks | |
WO2011079426A1 (zh) | 一种防止安全协议第一条消息被伪造的方法 | |
Singh et al. | A key refreshing technique to reduce 4-way handshake latency in 802.11 i based networks | |
Yadav et al. | Enhanced 3-way handshake protocol for key exchange in IEEE 802. 11i | |
Vanhoef | Recent Wi-Fi attacks & defenses: general lessons learned & open problems | |
Dong et al. | Formal analysis of authentication in 802.11 i | |
Yadav et al. | Authentication process in ieee 802.11: Current issues and challenges | |
Khamudis | Preventing Deauthentication and Disassociation Denial of Service Attacks | |
Kumar et al. | Understanding DoS attack on WLAN using IEEE 802.11 i | |
He et al. | IEEE P802. 11 | |
WO2011075880A1 (zh) | 一种适合超宽带网络的握手协议方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C12 | Rejection of a patent application after its publication | ||
RJ01 | Rejection of invention patent application after publication |
Open date: 20080409 |