CN101364865A - Multicast key management method for wireless city region network - Google Patents

Abstract

The invention relates to a multicast key management method of wireless metropolitan area network. The method comprises the following steps: (1) distribution of multicast private keys: (1.1) transmitting a multicast private key request grouping from a requester entities to a responder entities, (1.2) transmitting a multicast private key response grouping from the responder entities to the requester entities, and (1.3) transmitting a multicast private key confirm grouping from the requester entities to the responder entities; and (2) distribution or updating of encrypted keys of the multicast private keys; (2.1) broadcasting the encrypted keys broadcasting grouping of the multicast private keys by the responder entities to all of the requester entities, and (2.2) deciphering the encrypted keys of the multicast private keys from the encrypted keys broadcasting grouping of the multicast private keys by the requester entities. The multicast key management method solves the problems of the poor key safety and low updating efficiency of the multicast keys of the multicast key management of the wireless metropolitan area network.

Description

A kind of multicast key management method for wireless city region network

Invention field

The present invention relates to a kind of multicast key management method for wireless city region network.

Background technology

The safety problem of wireless network is serious more than wired ethernet.U.S. electric and electronics engineers IEEE have proposed the fail safe that security mechanism strengthens WLAN (wireless local area network) and wireless MAN in 802.11 and 802.16 series standards, provide portable terminal MT to insert to the safety of base station BS, China has also issued WLAN (wireless local area network) standard GB 15629.11 in May, 2003, is commonly referred to WAPI (WLAN (wireless local area network) is differentiated and secret architecture) agreement.The broadband radio multi-media BWM network integration data communication and broadcast communication, be a kind of new wireless network architecture, need equally to solve safety and insert and the secure communication problem.

No matter be wireless network or cable network, generally all comprise two kinds of communication patterns: point-to-point communication and multicast (or broadcasting) mode.Safe multicasting need guarantee the legitimacy and the confidentiality of multicast entity and message, simultaneously, terminal to receiving group also needs certain authority restriction, the message that the terminal that assurance is only obtained the authorization can correctly be read institute's multicast, this requirement must at first effectively solve multicast key secure distribution problem.How effectively the managing multicast key is one of key issue that solves safe multicasting.

The IEEE802.11 standard has used Wired Equivalent Privacy agreement WEP to realize the fail safe of WLAN, and its key management is very simple, and shared key promptly is set between portable terminal and access point by hand.At this moment, IEEE802.11 does not also relate to the multicast key management problem.

Because there are serious security breaches in the WEP cryptographic protocol.IEEE has proposed the safety problem that the 802.11i standard attempts to solve WEP.China has also proposed WLAN (wireless local area network) CNS GB15629.11, and promptly the WAPI agreement has overcome some disadvantages that WEP exists.Although 802.11i different with the WAPI authentication mechanism, quite similar aspect the multicast key management: the distribution of multicast session key GSK is to be distributed by the unicast session key USK encryption of prior foundation.That is to say that a multicast session key can be chosen in the base station, then, encrypt with the own unicast session key of sharing with each terminal respectively, and send to relevant terminal one by one.After each terminal receives the multicast session key message of encryption, can obtain multicast session key with the own unicast session key deciphering of sharing with the base station.After each terminal all received same multicast session key, safe multicasting just can be carried out in the base station.If the renewal multicast session key then needs the repetition said process.

The shortcoming of this method is that efficient is lower, particularly when carrying out the multicast session key renewal, above-mentioned multicast session key distribution procedure need be repeated in the base station: multicast session key of base station selection, encrypt with the own unicast session key of sharing with each terminal respectively, and send to relevant terminal one by one.

In the wireless metropolitan area network standard that American I EEE proposes is that its multicast key management has been used for reference 802.11i in 802.16 standards.But in the 802.16e standard that IEEE proposes, about the safe multicasting cipher key management considerations, propose new design concept, introduced multicast key encryption key GKEK, set up the management method of multicast key encryption key GKEK and multicast session key GSK two-stage.Its thought is: at first, the base station utilizes the unicast session key of setting up with each terminal to encrypt GKEK one by one and send to corresponding terminal; After terminal is received this message, utilize the unicast session key deciphering to obtain GKEK; Then, the base station utilizes GKEK as secret key encryption GSK, and all terminals are broadcasted; Each terminal that has GKEK can obtain identical GSK.At this moment, the multicast session key process is finished.When carrying out the multicast session key renewal, adopt same process: promptly the base station utilizes GKEK as secret key encryption GSK, and all terminals are broadcasted.

And the shortcoming of the key management method for multicast among the 802.116e is: adopt time synchronizing method, the condition managing complexity; All dependences time of enabling, forbid of new key is judged maintain synchronization clock more complicated in a distributed system.

At this situation, China has proposed to have the multicast session key management method of similar thought in wireless MAN and broadband radio multi-media field.

But this method has following shortcoming:

Although 1 has adopted the management method of GKEK and GSK two-stage, concerning all terminals, their GKEK is identical with GSK, does not possess the advantage and the characteristics of cipher key hierarchy management;

2, because GKEK is identical to all terminals, this can make that terminal is easier GKEK is leaked to other-end that fail safe is not high;

3, the update method that does not relate to GKEK.Because GKEK is identical as foundation key to all terminals, fail safe is not high, therefore, needs often to change GKEK;

4, do not provide effective GKEK update method, can only be identical with multicast key encryption key distribution method, encrypt, send to one by one terminal one by one by the base station;

5, in above-mentioned situation 4, this renewal may need the long period, and this time length is determined by terminal number.This may cause the multicast disruption occurring when key updating.

Summary of the invention

The present invention is the not high and low problem of multicast key updating efficiency of wireless MAN multicast key management foundation key safety in the solution background technology, and a kind of multicast key management method for wireless city region network is provided.

Technical solution of the present invention is: the present invention is a kind of multicast key management method for wireless city region network, and its special character is: this method may further comprise the steps:

1) multicast private key distribution:

1.1) requester entity sends the request of multicast private key and divide into groups to respondent's entity;

1.2) respondent's entity sends multicast private key respond packet to requester entity;

1.3) requester entity sends the multicast private key and confirm that grouping is to respondent's entity;

2) multicast key encryption key distribution (or renewal):

2.1) respondent's entity is to all requester entity broadcast group broadcast key-encrypting key broadcast packe;

2.2) requester entity decrypts the multicast key encryption key from multicast key encryption key broadcast packe.

Above-mentioned steps 1) also comprises the step of setting up system parameters by respondent's entity before.

The said system parameter comprises: establish (G ₁,+) and (G ₂) be the cyclic group that two rank are p, p is a prime number, and satisfies G ₁Middle Diffie-Hellman computational problem is a difficult problem; Make that P is G ₁Generator; Make that e is G ₁And G ₂On bilinear transformation, i.e. e:G ₁* G ₁→ G ₂Make that h () is a unidirectional hash function.

Above-mentioned steps 1) before, requester entity and respondent's entity authenticate and unicast key agreement; Set up a shared unicast session key.

Above-mentioned steps 1.1) the multicast private key request grouping in comprises following content:

AE

RE

N1

MIC

Wherein:

AE field: the identity information of requester entity;

RE field: respondent's identity of entity information;

N1 field: the random number that requester entity produces;

The MIC field: expression is asked the MIC value to all fields before this field, and the completeness check key is USKI here.

Above-mentioned steps 1.2) after respondent's entity is received multicast private key request grouping, recomputates MIC, and compare in,, then abandon this grouping if unequal with the MIC that receives; If equate, then construct multicast private key respond packet and send to requester entity.

Above-mentioned steps 1.2) the multicast private key respond packet in comprises following content:

RE

AE

N1

N2

C

MIC

Wherein:

RE field: respondent's identity of entity information;

AE field: the identity information of requester entity;

N1 field: the random number that requester entity produces;

N2 field: the random number that respondent's entity produces;

The C field: respondent's entity is distributed to the cipher-text information of the multicast private key GKx of requester entity, and encryption key is USKE;

The MIC field: expression is asked the MIC value to all fields before this field, and the completeness check key is USKI here.

The computational process of above-mentioned C field is as follows:

1.2.1) respondent's entity exists

In select the individual different element v of n-1 (n is more than or equal to 2) at random ₀, v ₁..., $v_{n-2}\∈Z_q^{*}$ And element Q ₁, Q ₂∈ G ₁, simultaneously, n-1 secret polynomial f of random configuration (x) ∈ Z _p[x].Then, be calculated as follows information: Q _K=f (0) P ∈ G ₁And V _i=f (v _i) P (i=0,1 ..., n-2);

1.2.2) to requester entity, calculate GK _x=f (AE) (Q ₁+ Q ₂);

1.2.3)C＝(Q _K，Q ₁，Q ₂，v ₀，...，v _n-2，V ₀，...，V _n-2)‖E(USKE；GK _x)。

Above-mentioned steps 1.3) after requester entity is received multicast private key respond packet, recomputates MIC in, and compare,, then abandon this grouping if unequal with the MIC that receives; If equate, then judge the N1 random number whether requester entity is chosen; If not then abandoning this grouping, if then utilize key USKE deciphering E (USKE; GK _x) obtain multicast private key GKx, last, structure multicast private key confirms that grouping sends to respondent's entity.

Above-mentioned steps 1.3) the multicast private key in confirms that grouping comprises following content:

AE

RE

N2

MIC

Wherein:

AE field: the identity information of requester entity;

RE field: respondent's identity of entity information;

N2 field: the random number that respondent's entity produces;

The MIC field: expression is asked the MIC value to the multicast private key GKx that all fields before this field and deciphering obtain, and the completeness check key is USKI here;

Above-mentioned steps 1.3) after respondent's entity receives that the multicast private key is confirmed grouping, recomputates MIC, and compare in the MIC that receives; If unequal, then abandon this grouping; If equate, then judge the N2 random number whether respondent's entity is chosen; If not then abandoning this grouping, if the multicast private key is distributed successfully.

Above-mentioned steps 2.1) the multicast key encryption key broadcast packe in comprises following content:

RE

Flag

Time

C1

MIC

Wherein:

RE field: respondent's identity of entity information;

Flag field: expression broadcasting classification;

The Time field: current system time, whether be used for distinguishing is duplicate message;

C1 field: the cipher-text information of the multicast key encryption key of respondent's entity broadcasts;

The MIC field: expression is asked the MIC value to all fields before this field, and the completeness check key is GKEKI (by the completeness check key of multicast key encryption key derivation) here.

The computational methods of above-mentioned C1 field are as follows:

The multicast key encryption key GKEK ∈ G that supposed respondent's entity selection ₂, respondent's entity is selected integer at random $r\∈Z_p^{*},$ And following calculating:

$C1=(P^{*},Q_1^{*},U,V_0^{*},...,V_{n-2}^{*})=(\mathrm{rP},r{Q}_1,e{(Q_K,Q_2)}^r\mathrm{GKEK},r{V}_0,...,r{V}_{n-2})$

Above-mentioned steps 2.2) after requester entity receives this grouping, decrypt the multicast key encryption key as follows in:

2.2.1) at first, requester entity is utilized public information and the device identifying information construction set of oneself:

Γ＝{e ₀，e ₁，...e _n-1}＝{v ₀，...，v _n-2，AE}

2.2.2) then, and to each e _i∈ Γ calculates ${\mathrm{\σ}}_{e_i,\mathrm{\Γ}}=\underset{e_j\∈\mathrm{\Γ},j\≠i}{\mathrm{\Π}}\frac{e_j}{e_j-e_i};$

2.2.3) then, it is as follows to calculate the multicast key encryption key:

$\mathrm{GKEK}=\frac{e(Q_1^{*},Q_K)U}{e(Q_1+Q_2,\underset{i=0}{\overset{n-2}{\mathrm{\Σ}}}{\mathrm{\σ}}_{e_i,\mathrm{\Γ}}{V}_i^{*})e({\mathrm{\σ}}_{e_{n-1},\mathrm{\Γ}}{\mathrm{GK}}_x,P^{*})}.$

Above-mentioned steps 2.2) after requester entity calculates the multicast key encryption key, derives completeness check key and encryption key and come in; Then, utilize the completeness check key to recomputate MIC, judge whether grouping is effective; Simultaneously, judge whether system's repetition message according to the Time field.

Above-mentioned steps 2) also comprise step 3) multicast session key distribution (or renewal) afterwards:

3.1) respondent's entity is to all requester entity broadcast group broadcast session key broadcast packe;

3.2) requester entity decrypts multicast session key from the multicast session key broadcast packe.

Above-mentioned steps 3.1) the multicast session key broadcast packe in comprises following content:

RE

Flag

Time

C2

MIC

Wherein:

RE field: respondent's identity of entity information;

Flag field: expression broadcasting classification;

The Time field: current system time, whether be used for distinguishing is duplicate message;

The C2 field: the cipher-text information of the multicast session key of respondent's entity broadcasts, encryption key are GKEKE;

The MIC field: expression is asked the MIC value to all fields before this field, and the completeness check key is GKEKI here.

Above-mentioned steps 3.2) after requester entity receives the multicast session key broadcast packe, utilizes completeness check key GKEKI to recomputate MIC in, judge whether grouping is effective; Simultaneously, judge whether system's repetition message according to the Time field; If all effective, utilize encryption key GKEKE deciphering C2 to obtain multicast session key GSK.

Above-mentioned respondent's entity and requester entity can utilize multicast session key GSK can derive multicast conversation encryption key GSKE and multicast conversation completeness check key GSKI, and respondent's entity carries out multicast service.

The present invention has the following advantages:

1, adopt the key management method for multicast of two-stage or three grades, foundation key is inequality to different terminals, and security of system is higher.

2, the fail safe of algorithm depends on the elliptic curve discrete logarithm problem, and fail safe is stronger.

3, the distribution of multicast key encryption key and multicast session key or renewal only need a multicast to get final product.

4, utilize multicast channel fully, improved system communication efficient.

Description of drawings

Fig. 1 is a multicast private key distribution schematic diagram of the present invention;

Fig. 2 is a multicast key encryption key distribution schematic diagram of the present invention;

Fig. 3 is a multicast session key distribution schematic diagram of the present invention.

Embodiment

Referring to Fig. 1,2,3, the concrete steps of a kind of multicast key management method for wireless city region network of the present invention are as follows:

1) set up system parameters by respondent's entity, system parameters comprises: establish (G ₁,+) and (G ₂) be the cyclic group that two rank are p, p is a prime number, and satisfies G ₁Middle Diffie-Hellman computational problem is a difficult problem; Make that P is G ₁Generator; Make that e is G ₁And G ₂On bilinear transformation, i.e. e:G ₁* G ₁→ G ₂Make that h () is a unidirectional hash function.

This step is just set up system parameters when first Application, set up good after, then need not this step in the repeated application afterwards;

2) requester entity and respondent's entity authenticate and unicast key agreement; Set up a shared unicast session key USK, can derive unicast session encryption key USKE and unicast session completeness check key USKI by this key USK, authentication of being adopted and unicast key negotiation method, can be any methods such as WAPI or 802.11i, also can realize by the manual wildcard method that is provided with;

Respondent's entity in the system and each requester entity row do not need this step when carrying out safety certification and unicast session key USK negotiation, if the negotiation that the respondent's entity in the system and each requester entity have been carried out safety certification and unicast session key USK then need not this step;

3) multicast private key distribution:

3.1) requester entity sends the request of multicast private key and divide into groups to respondent's entity;

This multicast private key request grouping comprises following content:

AE

RE

N1

MIC

Wherein:

AE field: the identity information of requester entity;

RE field: respondent's identity of entity information;

N1 field: the random number that requester entity produces;

The MIC field: expression is asked the MIC value to all fields before this field, and the completeness check key is USKI here.

After respondent's entity is received multicast private key request grouping, recomputate MIC, and compare with the MIC that receives, if unequal, then abandon this grouping; If equate, then construct multicast private key respond packet and send to requester entity.

3.2) respondent's entity sends multicast private key respond packet to requester entity;

This multicast private key respond packet comprises following content:

RE

AE

N1

N2

C

MIC

Wherein:

RE field: respondent's identity of entity information;

AE field: the identity information of requester entity;

N1 field: the random number that requester entity produces;

N2 field: the random number that respondent's entity produces;

The C field: respondent's entity is distributed to the cipher-text information of the multicast private key GKx of requester entity, and encryption key is USKE;

The MIC field: expression is asked the MIC value to all fields before this field, and the completeness check key is USKI here.

Wherein the computational process of C field is as follows:

3.2.1) respondent's entity exists

In select the individual different element v of n-1 (n is more than or equal to 2) at random ₀, v ₁..., $v_{n-2}\∈Z_q^{*}$ And element Q ₁, Q ₂∈ G ₁, simultaneously, n-1 secret polynomial f of random configuration (x) ∈ Z _p[x].Then, be calculated as follows information: Q _K=f (0) P ∈ G ₁And V _i=f (v _i) P (i=0,1 ..., n-2); This step respondent's entity is only done once all requester entity, concerning next requester entity, does not just need reprocessing;

3.2.2) to requester entity AE, calculate GK _x=f (AE) (Q ₁+ Q ₂);

3.2.3)C＝(Q _K，Q ₁，Q ₂，v ₀，...，v _n-2，V ₀，...，V _n-2)‖E(USKE；GK _x)。

After requester entity is received multicast private key respond packet, recomputate MIC, and compare with the MIC that receives, if unequal, then abandon this grouping; Equate, judge the random number whether N1 oneself chooses; If not then abandoning this grouping, if then utilize key USKE deciphering E (USKE; GK _x) obtain multicast private key GKx, last, structure multicast private key confirms that grouping sends to respondent's entity.

3.3) requester entity sends the multicast private key and confirm that grouping is to respondent's entity;

This multicast private key confirms that grouping comprises following content:

AE

RE

N2

MIC

Wherein:

AE field: the identity information of requester entity;

RE field: respondent's identity of entity information;

N2 field: the random number that respondent's entity produces;

The MIC field: expression is asked the MIC value to the multicast private key GKx that all fields before this field and deciphering obtain, and the completeness check key is USKI here;

After respondent's entity receives that the multicast private key is confirmed grouping, recomputate MIC, and compare with the MIC that receives; If unequal, then abandon this grouping; Equate, judge the random number whether N2 oneself chooses; If not then abandoning this grouping, if the multicast private key is distributed successfully.

4) multicast key encryption key distribution (or renewal) process

4.1) respondent's entity is to all requester entity broadcast group broadcast key-encrypting key broadcast packe;

When respondent's entity needed distribution (or renewal) multicast key encryption key GKEK, to all requester entity broadcast group broadcast key-encrypting key broadcast packe, this multicast key encryption key broadcast packe comprised following content:

RE

Flag

Time

C1

MIC

Wherein:

RE field: respondent's identity of entity information;

Flag field: expression broadcasting classification;

The Time field: current system time, whether be used for distinguishing is duplicate message;

C1 field: the cipher-text information of the multicast key encryption key of respondent's entity broadcasts;

The MIC field: expression is asked the MIC value to all fields before this field, and the completeness check key is GKEKI (by the completeness check key of multicast key encryption key derivation) here.

Wherein the computational methods of C1 field are as follows:

The multicast key encryption key GKEK ∈ G that supposed respondent's entity selection ₂, respondent's entity is selected integer at random $r\∈Z_p^{*},$ And following calculating:

$C1=(P^{*},Q_1^{*},U,V_0^{*},...,V_{n-2}^{*})=(\mathrm{rP},r{Q}_1,e{(Q_K,Q_2)}^r\mathrm{GKEK},r{V}_0,...,r{V}_{n-2})$

4.2) requester entity decrypts the multicast key encryption key from multicast key encryption key broadcast packe.

After any requester entity AE received this grouping, following method decrypted GKEK:

4.2.1) at first, requester entity is utilized public information and the device identifying information construction set of oneself:

Γ＝{e ₀，e ₁，...e _n-1}＝{v ₀，...，v _n-2，AE}

2.2.2) then, and to each e _i∈ Γ calculates ${\mathrm{\σ}}_{e_i,\mathrm{\Γ}}=\underset{e_j\∈\mathrm{\Γ},j\≠i}{\mathrm{\Π}}\frac{e_j}{e_j-e_i};$

2.2.3) then, it is as follows to calculate the multicast key encryption key:

$\mathrm{GKEK}=\frac{e(Q_1^{*},Q_K)U}{e(Q_1+Q_2,\underset{i=0}{\overset{n-2}{\mathrm{\Σ}}}{\mathrm{\σ}}_{e_i,\mathrm{\Γ}}{V}_i^{*})e({\mathrm{\σ}}_{e_{n-1},\mathrm{\Γ}}{\mathrm{GK}}_x,P^{*})}.$

After requester entity calculates multicast key encryption key GKEK, derive completeness check key GKEKI and encryption key GKEKE and come; Then, utilize completeness check key GKEKI to recomputate MIC, judge whether grouping is effective; Simultaneously, judge whether system's repetition message according to the Time field.

5) multicast session key distribution (or renewal) process

5.1) respondent's entity is to all requester entity broadcast group broadcast session key broadcast packe;

When respondent's entity needed distribution (or renewal) multicast session key GSK, to all requester entity broadcast group broadcast session key broadcast packe, this multicast session key broadcast packe comprised following content:

RE

Flag

Time

C2

MIC

Wherein:

RE field: respondent's identity of entity information;

Flag field: expression broadcasting classification;

The Time field: current system time, whether be used for distinguishing is duplicate message;

The C2 field: the cipher-text information of the multicast session key of respondent's entity broadcasts, encryption key are GKEKE;

The MIC field: expression is asked the MIC value to all fields before this field, and the completeness check key is GKEKI here.

5.2) requester entity decrypts multicast session key from the multicast session key broadcast packe.

After any requester entity receives the multicast session key broadcast packe, utilize completeness check key GKEKI to recomputate MIC, judge whether grouping is effective; Simultaneously, judge whether system's repetition message according to the Time field; If all effective, utilize encryption key GKEKE deciphering C2 to obtain multicast session key GSK.

Respondent's entity and each requester entity can utilize multicast session key GSK can derive multicast conversation encryption key GSKE and multicast conversation completeness check key GSKI, and then, respondent's entity just can begin multicast service.

What deserves to be explained is: above-mentioned steps (5) is optional.So just comprise two kinds of methods: (a) when step (5) when being selected, key management is GKx-GKEK-three grades of key managements of GSK, mainly for existing WMAN of compatibility and BWM multicast key management mechanism.But this method is more effective when upgrading GKEK, and only needing once, broadcasting gets final product; (b) when step (5) when not being selected, key management is GKx-GKEK, and at this moment we can be directly used in the multicast conversation business GKEK as being GSK, such benefit is to have improved multicast key distribution efficient, but can not compatible existing WMAN and BWM multicast key management mechanism.

Below the present invention being applied in the wireless MAN is example, and respondent's entity is base station BS, and requester entity is terminal MTx, and the present invention is described in further detail:

1) multicast private key distribution procedure

1.1) multicast private key request grouping: send to BS by MTx.

This multicast private key request grouping comprises following content:

MTx

BS

N1

MIC

Wherein:

MTx field: the identity information of terminal;

BS field: the identity information of base station;

N1 field: the random number that terminal produces;

The MIC field: expression is asked the MIC value to all fields before this field, and the completeness check key is USKI here.

After BS receives multicast private key request grouping, recomputate MIC, and compare with the MIC that receives.If unequal, then abandon this grouping; Otherwise structure multicast private key respond packet sends to MTx.

1.2) multicast private key respond packet: send to MTx by BS.

This multicast private key respond packet comprises following content:

BS

MTx

N1

N2

C

MIC

Wherein:

BS field: the identity information of base station;

MTx field: the identity information of terminal;

N1 field: the random number that terminal produces;

N2 field: the random number that the base station produces;

The C field: the base station is distributed to the cipher-text information of the multicast private key GKx of terminal, and encryption key is USKE;

The MIC field: expression is asked the MIC value to all fields before this field, and the completeness check key is USKI here.

The computational process of C field is as follows:

1.2.1) base station exists

In select the individual different element v of n-1 (n is more than or equal to 2) at random ₀, v ₁..., $v_{n-2}\∈Z_q^{*}$ And element Q ₁, Q ₂∈ G ₁, simultaneously, n-1 secret polynomial f of random configuration (x) ∈ Z _p[x].Then, be calculated as follows information: Q _K=f (0) P ∈ G ₁And V _i=f (v _i) P (i=0,1 ..., n-2).Only do once all terminals this step base station, concerning next terminal, does not just need reprocessing.

1.2.2) to terminal MTx, calculate GK _x=f (MTx) (Q ₁+ Q ₂).

1.2.3)C＝(Q _K，Q ₁，Q ₂，v ₀，...，v _n-2，V ₀，...，V _n-2)‖E(USKE；GK _x)。

After MTx receives multicast private key respond packet, recomputate MIC, and compare with the MIC that receives.If unequal, then abandon this grouping; Otherwise, judge the random number whether N1 oneself chooses.If not then abandoning this grouping, if then utilize key USKE deciphering E (USKE; GK _x) acquisition multicast private key GKx.At last, structure multicast private key confirms that grouping sends to BS.

1.3) multicast private key affirmation grouping: send to BS by MTx.

This multicast private key confirms that grouping comprises following content:

MTx

BS

N2

MIC

Wherein:

MTx field: the identity information of terminal;

BS field: the identity information of base station;

The random number that N2 field: BS produces;

The MIC field: expression is asked the MIC value to the multicast private key GKx that all fields before this field and deciphering obtain, and the completeness check key is USKI here.

After BS receives that the multicast private key is confirmed grouping, recomputate MIC, and compare with the MIC that receives.If unequal, then abandon this grouping; Otherwise, judge the random number whether N2 oneself chooses.If not then abandoning this grouping, if illustrate that the multicast private key distributes successfully.

2) multicast key encryption key distribution (or renewal) process

2.1) when BS needed distribution (or renewal) multicast key encryption key GKEK, to all terminal broadcast group broadcast key-encrypting key broadcast packe, this multicast key encryption key broadcast packe comprised following content:

BS

Flag

Time

C1

MIC

Wherein:

BS field: the identity information of base station;

Flag field: expression broadcasting classification;

The Time field: current system time, whether be used for distinguishing is duplicate message;

C1 field: the cipher-text information of the GKEK of base station broadcast;

The MIC field: expression is asked the MIC value to all fields before this field, and the completeness check key is GKEKI (by the completeness check key of GKEK derivation) here.

The computational methods of C1 field wherein:

Supposed GKEK ∈ G base station selected ₂The base station is selected integer at random $r\∈Z_p^{*},$ And following calculating:

$C1=(P^{*},Q_1^{*},U,V_0^{*},...,V_{n-2}^{*})=(\mathrm{rP},r{Q}_1,e{(Q_K,Q_2)}^r\mathrm{GKEK},r{V}_0,...,r{V}_{n-2})$

2.2) after any terminal MTx receives this grouping, decrypt GKEK as follows:

2.2.1) at first, terminal MTx utilizes public information and the device identifying information construction set of oneself:

Γ＝{e ₀，e ₁，...e _n-1}＝{v ₀，...，v _n-2，MTx}

2.2.2) then, and to each e _i∈ Γ calculates ${\mathrm{\σ}}_{e_i,\mathrm{\Γ}}=\underset{e_j\∈\mathrm{\Γ},j\≠i}{\mathrm{\Π}}\frac{e_j}{e_j-e_i};$

2.2.3) then, it is as follows to calculate the multicast key encryption key:

$\mathrm{GKEK}=\frac{e(Q_1^{*},Q_K)U}{e(Q_1+Q_2,\underset{i=0}{\overset{n-2}{\mathrm{\Σ}}}{\mathrm{\σ}}_{e_i,\mathrm{\Γ}}{V}_i^{*})e({\mathrm{\σ}}_{e_{n-1},\mathrm{\Γ}}{\mathrm{GK}}_x,P^{*})}.$

After calculating GKEK, derive GKEKI and GKEKE and come.Then, utilize GKEKI to recomputate MIC, judge whether grouping is effective.Simultaneously, judge whether system's repetition message according to the Time field.

3) multicast session key distribution (or renewal) process

3.1) when BS needed distribution (or renewal) multicast session key GSK, to all terminal broadcast group broadcast session key broadcast packe, this multicast session key broadcast packe comprised following content:

BS

Flag

Time

C2

MIC

Wherein:

BS field: the identity information of base station;

Flag field: expression broadcasting classification;

The Time field: current system time, whether be used for distinguishing is duplicate message;

The C2 field: the cipher-text information of the GSK of base station broadcast, encryption key are GKEKE;

The MIC field: expression is asked the MIC value to all fields before this field, and the completeness check key is GKEKI here.

3.2) after any terminal MTx receives this grouping, utilize GKEKI to recomputate MIC, judge whether grouping is effective.Simultaneously, judge whether system's repetition message according to the Time field.If all effective, utilize key GKEKE deciphering C2 to obtain multicast session key GSK.

Base station and each terminal can utilize GSK can derive multicast conversation encryption key GSKE and multicast conversation completeness check key GSKI, and then, the base station just can begin multicast service.

Explanation of nouns:

The multicast private key of GKx: terminal x;

RE: respondent's entity, as the base station, access point, router;

AE: requester entity, as terminal;

Nonce: disposable random number;

The multicast private key of GKx: requester entity x, i.e. foundation key;

GKEK: multicast key encryption key;

GKEKI and GKEKE: by the completeness check key and the encryption key of GKEK derivation;

GSK: multicast session key;

GSKI and GSKE: by the completeness check key and the encryption key of GSK derivation.

Claims (19)

1. multicast key management method for wireless city region network, it is characterized in that: this method may further comprise the steps:

1) multicast private key distribution:

1.1) requester entity sends the request of multicast private key and divide into groups to respondent's entity;

1.2) respondent's entity sends multicast private key respond packet to requester entity;

1.3) requester entity sends the multicast private key and confirm that grouping is to respondent's entity;

2) multicast key encryption key distribution or renewal:

2.1) respondent's entity is to all requester entity broadcast group broadcast key-encrypting key broadcast packe;

2.2) requester entity decrypts the multicast key encryption key from multicast key encryption key broadcast packe.

2. multicast key management method for wireless city region network according to claim 1 is characterized in that: also comprise the step of being set up system parameters by respondent's entity before the described step 1).

3. multicast key management method for wireless city region network according to claim 2 is characterized in that: described system parameters comprises: establish (G ₁,+) and (G ₂) be the cyclic group that two rank are p, p is a prime number, and satisfies G ₁Middle Diffie-Hellman computational problem is a difficult problem; Make that P is G ₁Generator; Make that e is G ₁And G ₂On bilinear transformation, i.e. e:G ₁* G ₁→ G ₂Make that h () is a unidirectional hash function.

4. according to claim 1 or 2 or 3 described multicast key management method for wireless city region network, it is characterized in that: before the described step 1), requester entity and respondent's entity authenticate and unicast key agreement; Set up a shared unicast session key.

5. multicast key management method for wireless city region network according to claim 1 is characterized in that: the multicast private key request grouping described step 1.1) comprises following content:

AE RE N1 MIC

Wherein:

AE field: the identity information of requester entity;

RE field: respondent's identity of entity information;

N1 field: the random number that requester entity produces;

The MIC field: expression is asked the MIC value to all fields before this field, and the completeness check key is USKI here.

6. multicast key management method for wireless city region network according to claim 5, it is characterized in that: after respondent's entity is received multicast private key request grouping, recomputate MIC, and compare described step 1.2) with the MIC that receives, if unequal, then abandon this grouping; If equate, then construct multicast private key respond packet and send to requester entity.

7. according to claim 5 or 6 described multicast key management method for wireless city region network, it is characterized in that: the multicast private key respond packet described step 1.2) comprises following content:

RE AE N1 N2 C MIC

Wherein:

RE field: respondent's identity of entity information;

AE field: the identity information of requester entity;

N1 field: the random number that requester entity produces;

N2 field: the random number that respondent's entity produces;

The C field: respondent's entity is distributed to the cipher-text information of the multicast private key GKx of requester entity, and encryption key is USKE;

The MIC field: expression is asked the MIC value to all fields before this field, and the completeness check key is USKI here.

8. multicast key management method for wireless city region network according to claim 7 is characterized in that: the computational process of described C field is as follows:

1.2.1) respondent's entity exists

In select the individual different element v of n-1 (n is more than or equal to 2) at random ₀, v ₁..., $v_{n-2}\∈Z_q^{*}$ And element Q ₁, Q ₂∈ G ₁, simultaneously, n-1 secret polynomial f of random configuration (x) ∈ Z _p[x]; Then, be calculated as follows information: Q _K=f (0) P ∈ G ₁And V _i=f (v _i) p (i=0,1 ..., n-2);

1.2.2) to requester entity, calculate GK _x=f (AE) (Q ₁+ Q ₂);

1.2.3)C＝(Q _K，Q ₁，Q ₂，v ₀，...，v _n-2，V ₀，..，V _n-2)||E(USKE；GK _x)。

9. multicast key management method for wireless city region network according to claim 8, it is characterized in that: after requester entity is received multicast private key respond packet, recomputate MIC described step 1.3), and compare with the MIC that receives, if unequal, then abandon this grouping; If equate, then judge the N1 random number whether requester entity is chosen; If not then abandoning this grouping, if then utilize key USKE deciphering E (USKE; GK _x) obtain multicast private key GKx, last, structure multicast private key confirms that grouping sends to respondent's entity.

10. multicast key management method for wireless city region network according to claim 9 is characterized in that: the multicast private key described step 1.3) confirms that grouping comprises following content:

AE RE N2 MIC

Wherein:

AE field: the identity information of requester entity;

RE field: respondent's identity of entity information;

N2 field: the random number that respondent's entity produces;

The MIC field: expression is asked the MIC value to the multicast private key GKx that all fields before this field and deciphering obtain, and the completeness check key is USKI here.

11. multicast key management method for wireless city region network according to claim 10 is characterized in that: after respondent's entity receives that the multicast private key is confirmed grouping, recomputate MIC, and compare described step 1.3) with the MIC that receives; If unequal, then abandon this grouping; If equate, then judge the N2 random number whether respondent's entity is chosen; If not then abandoning this grouping, if the multicast private key is distributed successfully.

12. multicast key management method for wireless city region network according to claim 11 is characterized in that: the multicast key encryption key broadcast packe described step 2.1) comprises following content:

RE Flag Time C1 MIC

Wherein:

RE field: respondent's identity of entity information;

Flag field: expression broadcasting classification;

The Time field: current system time, whether be used for distinguishing is duplicate message;

C1 field: the cipher-text information of the multicast key encryption key of respondent's entity broadcasts;

The MIC field: expression is asked the MIC value to all fields before this field, and the completeness check key is GKEKI (by the completeness check key of multicast key encryption key derivation) here.

13. multicast key management method for wireless city region network according to claim 12 is characterized in that: the computational methods of described C1 field are as follows:

The multicast key encryption key GKEK ∈ G that supposed respondent's entity selection ₂, respondent's entity is selected integer at random $r\∈Z_p^{*},$ And following calculating:

$C1=(P^{*},Q_1^{*},U,V_0^{*},...,V_{n-2}^{*})=(\mathrm{rP},r{Q}_1,e{(Q_K,Q_2)}^r\mathrm{GKEK},r{V}_0,...,r{V}_{n-2}).$

14. multicast key management method for wireless city region network according to claim 13 is characterized in that: after requester entity receives this grouping, decrypt the multicast key encryption key as follows described step 2.2):

2.2.1) at first, requester entity is utilized public information and the device identifying information construction set of oneself:

Γ＝{e ₀，e ₁，...e _n-1}＝{v ₀，...，v _n-2，AE}

2.2.2) then, and to each e _i∈ Γ calculates ${\mathrm{\σ}}_{e_i,\mathrm{\Γ}}=\underset{e_j\∈\mathrm{\Γ},j\≠i}{\mathrm{\Π}}\frac{e_j}{e_j-e_i};$

2.2.3) then, it is as follows to calculate the multicast key encryption key:

$\mathrm{GKEK}=\frac{e(Q_1^{*},Q_K)U}{e(Q_1+Q_2,\underset{i=0}{\overset{n-2}{\mathrm{\Σ}}}{\mathrm{\σ}}_{e_i,\mathrm{\Γ}}{V}_i^{*})e({\mathrm{\σ}}_{e_{n-1},\mathrm{\Γ}}G{K}_x,P^{*})}.$

15. multicast key management method for wireless city region network according to claim 14 is characterized in that: after requester entity calculates the multicast key encryption key, derive completeness check key and encryption key and come described step 2.2); Then, utilize the completeness check key to recomputate MIC, judge whether grouping is effective; Simultaneously, judge whether system's repetition message according to the Time field.

16. multicast key management method for wireless city region network according to claim 1 is characterized in that: described step 2) also comprise distribution of step 3) multicast session key or renewal afterwards:

3.1) respondent's entity is to all requester entity broadcast group broadcast session key broadcast packe;

3.2) requester entity decrypts multicast session key from the multicast session key broadcast packe.

17. multicast key management method for wireless city region network according to claim 1 is characterized in that: the multicast session key broadcast packe described step 3.1) comprises following content:

RE Flag Time C2 MIC

Wherein:

RE field: respondent's identity of entity information;

Flag field: expression broadcasting classification;

The Time field: current system time, whether be used for distinguishing is duplicate message;

The C2 field: the cipher-text information of the multicast session key of respondent's entity broadcasts, encryption key are GKEKE;

The MIC field: expression is asked the MIC value to all fields before this field, and the completeness check key is GKEKI here.

18. according to claim 16 or 17 described multicast key management method for wireless city region network, it is characterized in that: described step 3.2) after requester entity receives the multicast session key broadcast packe, utilize completeness check key GKEKI to recomputate MIC, judge whether grouping is effective; Simultaneously, judge whether system's repetition message according to the Time field; If all effective, utilize encryption key GKEKE deciphering C2 to obtain multicast session key GSK.

19. multicast key management method for wireless city region network according to claim 18, it is characterized in that: described respondent's entity and requester entity can utilize multicast session key GSK can derive multicast conversation encryption key GSKE and multicast conversation completeness check key GSKI, and respondent's entity carries out multicast service.

Images