CN101489226A - Wireless local area network switching authentication method based on elliptical curve - Google Patents

Wireless local area network switching authentication method based on elliptical curve Download PDF

Info

Publication number
CN101489226A
CN101489226A CNA2009100244857A CN200910024485A CN101489226A CN 101489226 A CN101489226 A CN 101489226A CN A2009100244857 A CNA2009100244857 A CN A2009100244857A CN 200910024485 A CN200910024485 A CN 200910024485A CN 101489226 A CN101489226 A CN 101489226A
Authority
CN
China
Prior art keywords
message
basic point
current
mobile radio
radio station
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CNA2009100244857A
Other languages
Chinese (zh)
Other versions
CN101489226B (en
Inventor
万长胜
胡爱群
方昊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Southeast University
Original Assignee
Southeast University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Southeast University filed Critical Southeast University
Priority to CN2009100244857A priority Critical patent/CN101489226B/en
Publication of CN101489226A publication Critical patent/CN101489226A/en
Application granted granted Critical
Publication of CN101489226B publication Critical patent/CN101489226B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention discloses a wireless local area network switching authentication method based on elliptic curve, and belongs to the filed of network switching authentication. The method comprises the following steps: initializing an authentication server, which includes establishing two prime number sets and one elliptic curve; initializing the access point and mobile station, which comprises calculating authentication server, establishing the common and private key pair by the base point of common and private key pair of broadcast access point and mobile station to the base point, the access point and mobile station according to the secret information transmitted by authentication server; and switching authentication, which comprises executing mutual authentication with target access point and common key of mobile station and establishing sharing key with an ECDH algorithm. The method of the invention can effectively defend all known wireless local area network attack comprising denial of service and domino effect attack, and furthermore effectively reducing the computing expenditure and transmission expenditure.

Description

A kind of wireless local area network switching authentication method based on elliptic curve
Technical field
The present invention relates to the switching authentication method in a kind of network communication, relate in particular to a kind of wireless local area network switching authentication method, belong to network and switch field of authentication based on elliptic curve.
Background technology
Switching between the WAP (wireless access point) is very important for the WLAN (wireless local area network) mobile radio station, and it then is a kind of challenge that the low time delay of design safety is switched authentication protocol.
When mobile radio station when the current access point switches to target access, need authenticate in target access and associated subsequently.IEEE802.11 basic agreement in 1997 has defined two kinds of certificate schemes, that is: shared key authentication and open system authentication, however these two kinds of schemes can not be resisted multiple attack.IEEE802.11f working group and IETFSeamoby working group have formulated the context transfer protocol that is used to switch authentication immediately, but this agreement still can not be resisted the domino effect attack.
At present, IEEE802.11r group is designing a kind of fast B SS handover scheme (FBBST) that is applied to switch authentication, and the FBSST agreement is the tripartite certificate scheme of a class Kerberos, yet still there are some problems in the FBSST agreement:
The one, 802.11r document requirement access point need be set up the trusting relationship of recognizing each other in twos in the 802.11r territory.Supposing has n in the 802.11r territory ApIndividual access point, then the total security association between each access point will reach n Ap 2Therefore work as n ApDuring growth, the deployment of security association will become impossible between access point.
The 2nd, Denial of Service attack.In the FBSST agreement, only received that 3 just can be verified the initial message that mobile radio station sends after from the message of initial access point when target access, and judge whether to refuse mobile radio station, so the assailant can create a large amount of illegal handoff request information and sending to target access.Because target access can not be verified this message, thus can with initial access point communication, initial access point then needs to verify and deciphers a large amount of message of coming from target access.
The 3rd, domino effect is attacked.In case the access point in 802.11r territory is broken, the access point that the assailant just can disguise oneself as and be broken is set up success identity with other access point that is not broken as yet.This shows that the FBSST agreement does not solve domino effect and attacks problem, even has also introduced more efficient and safety problem.
The authentication public key scheme had been applied to wireless network already, distributed but the scheme that is based on PKI all greatly depends on public key certificate, and it is particularly high that this operates in the wireless environment of the certificate scheme that use designs based on trusted right delegation cost.When portable terminal when a trusted right delegation territory roams to another trusted right delegation territory, the trusted right delegation initialization procedure must repeat to set up, and therefore can not save any switching time, can not meet the demand of switching authentication.
Summary of the invention
The present invention proposes a kind of wireless local area network switching authentication method based on elliptic curve for the trust management overhead issues that solves in the WLAN (wireless local area network) switching.
A kind of wireless local area network switching authentication method based on elliptic curve comprises the steps:
The first step: initialization
(1) certificate server initialization
Certificate server is created the first prime number S set TAPRI and the second prime number set B SSPRI, uses the SECG technology at finite field F then pLast establishment elliptic curve T=(p, a, b, G, n, h), and wherein: p, a, b, n, h is for constituting the parameter of elliptic curve T, and G is a basic point on the elliptic curve T;
(2) when the access point request was supported, access point is initialization as follows:
A. certificate server produces the current first prime number j at random and it is added among the second prime number set B SSPRI, calculates the current first basic point G j=jG=(j mod n) G;
B. the product M and the current second basic point G of all elements among the authentication server computes first prime number S set TAPRI M=MG=(M mod n) G;
C. the product N and current the 3rd basic point G of all elements among the authentication server computes second prime number set B SSPRI N=NG=(N mod n) G;
D. certificate server all mobile radio stations in the territory are broadcasted current the 3rd basic point G that was signed by certificate server N
E. certificate server sends the current first message BSSKEYING={G under the protection of security association M, j, N, G j, T} is to access point, and access point calculates the current first private key k after receiving this message Bss=(N/j) modn,<k Bss, G NFormed the current first basic point G jThe public private key pair of last access point;
(3) when the mobile radio station request was served, mobile radio station is initialization as follows:
A. certificate server produces the current second prime number r at random and it is added among the first prime number S set TAPRI, calculates current the 4th basic point G r=rG=(r mod n) G;
B. the product M and the current second basic point G of all elements among the authentication server computes first prime number S set TAPRI M=MG=(M mod n) G;
C. the product N and current the 3rd basic point G of all elements among the authentication server computes second prime number set B SSPRI N=NG=(N mod n) G;
D. certificate server all access points in the territory are broadcasted the current second basic point G that was signed by certificate server M
E. certificate server sends the current second message STAKEYING={G under the protection of security association N, r, M, G r, T} is to mobile radio station, and mobile radio station calculates the current second private key k after receiving this message Sta=(M/r) mod n,<k Sta, G MFormed current the 4th basic point G rThe public private key pair of last mobile radio station;
Second step: switch authentication
Switch verification process and comprise two message:
Message 1: mobile radio station sends the 3rd message to target access Q 1 = { G r , y 1 } k sta ;
Message 2: target access receives the 3rd message Q 1The second corresponding basic point G of back MThe 4th basic point G with correspondence rVerify the 3rd message Q 1, target access sends the 4th message to mobile radio station then Q 2 = { G j , y 2 } k bss , Mobile radio station receives the 4th message Q 2The 3rd corresponding basic point G of back NThe first basic point G with correspondence jVerify the 4th message Q 2, then target access and mobile radio station use ECDH key generting machanism to generate shared key k respectively Ptk
The reciever that switches in the verification process is checked the 3rd message Q 1Middle the 4th corresponding basic point G rWith the 4th message Q 2The middle first corresponding basic point G jThe second basic point G that is not equal to basic point G, correspondence MOr the 3rd corresponding basic point G N
Wherein: y 1Be the ECDH public private key pair<x of mobile radio station 1, y 1PKI, y 2Be the ECDH public private key pair<x of access point 2, y 2PKI, ECDH is an elliptic curve Diffie-Hellman algorithm;
Essence of the present invention is to have designed a kind of PKI allocative decision of novelty, promptly all mobile radio stations are shared same PKI but are respectively held different private key and different public private key pair basic point among same area, certificate server all access point broadcasting in the territory should be shared PKI, the authentication mobile radio station so access point can use public-key, simplify the PKI assigning process, reduced the trust management expense.Because certificate server does not involve in handoff procedure, so can avoid Denial of Service attack; Because switch the trusting relationship that authenticates and do not rely between access point, so can avoid domino effect to attack.Fail safe expense of the present invention is much smaller than FBSST scheme and other certificate schemes based on PKI, and switching authentication only needs two message of two inter-entity, thereby has also taken into account efficient and security performance.
Description of drawings
Fig. 1 is the trust model schematic diagram between certificate server, access point and the mobile radio station among the present invention, number in the figure title: AS-certificate server, AP-access point, STA-mobile radio station, PSA-already present security association.
Embodiment
Trust model schematic diagram between certificate server in the WLAN (wireless local area network), access point and the mobile radio station as shown in Figure 1, certificate server is responsible for safeguarding initial trusting relationship, and promptly we suppose to have safe lane respectively between certificate server and each access point, certificate server and each mobile radio station.When using the inventive method, certificate server will at first carry out initialization to self and each access point, each mobile radio station, then when mobile radio station need switch authentication, as long as authentication mutually between mobile radio station and the target access.
A kind of wireless local area network switching authentication method based on elliptic curve comprises the steps:
The first step: initialization
(1) certificate server initialization
Certificate server is created the first prime number S set TAPRI and the second prime number set B SSPRI, uses the SECG technology at finite field F then pLast establishment elliptic curve T=(p, a, b, G, n, h), and wherein: p, a, b, n, h is for constituting the parameter of elliptic curve T, and G is a basic point on the elliptic curve T;
(2) when the access point request was supported, access point is initialization as follows:
A. certificate server produces the current first prime number j at random and it is added among the second prime number set B SSPRI, calculates the current first basic point G j=jG=(j mod n) G, nG=O wherein, O is coordinate zero point;
B. the product M and the current second basic point G of all elements among the authentication server computes first prime number S set TAPRI M=MG=(M mod n) G;
C. the product N and current the 3rd basic point G of all elements among the authentication server computes second prime number set B SSPRI N=NG=(N mod n) G;
D. certificate server all mobile radio stations in the territory are broadcasted current the 3rd basic point G that was signed by certificate server N,,, can add timestamp in the message for preventing Replay Attack so that the authentication of integrity protection and message source to be provided;
E. certificate server sends the current first message BSSKEYING={G under the protection of security association M, j, N, G j, T} is to access point, and access point calculates the current first private key k after receiving this message Bss=(N/j) modn,<k Bss, G NFormed the current first basic point G jThe public private key pair of last access point;
(3) when the mobile radio station request was served, mobile radio station is initialization as follows:
A. certificate server produces the current second prime number r at random and it is added among the first prime number S set TAPRI, calculates current the 4th basic point G r=rG=(r mod n) G;
B. the product M and the current second basic point G of all elements among the authentication server computes first prime number S set TAPRI M=MG=(M mod n) G;
C. the product N and current the 3rd basic point G of all elements among the authentication server computes second prime number set B SSPRI N=NG=(N mod n) G;
D. certificate server all access points in the territory are broadcasted the current second basic point G that was signed by certificate server M,,, can add timestamp in the message for preventing Replay Attack so that the authentication of integrity protection and message source to be provided;
E. certificate server sends the current second message STAKEYING={G under the protection of security association N, r, M, G r, T} is to mobile radio station, and mobile radio station calculates the current second private key k after receiving this message Sta=(M/r) modn,<k Sta, G MFormed current the 4th basic point G rThe public private key pair of last mobile radio station;
Second step: switch authentication
Switch verification process and comprise two message:
Message 1: mobile radio station sends the 3rd message to target access Q 1 = { G r , y 1 } k sta , The 3rd message Q 1Use ellipse curve signature mechanism is subjected to the current second private key k of mobile radio station StaProtection;
Message 2: target access receives the 3rd message Q 1Back with the second corresponding basic point G of hold MBe contained in the 3rd message Q 1The 4th basic point G of correspondence rVerify the 3rd message Q 1, target access sends the 4th message to mobile radio station then Q 2 = { G j , y 2 } k bss , The 4th message Q 2Use ellipse curve signature mechanism, mobile radio station receive the 4th message Q 2Back with the 3rd corresponding basic point G of hold NBe contained in the 4th message Q 2The first basic point G of correspondence jVerify the 4th message Q 2, then target access and mobile radio station use ECDH key generting machanism to generate shared key k respectively Ptk
The reciever that switches in the verification process is checked the 3rd message Q 1Middle the 4th corresponding basic point G rWith the 4th message Q 2The middle first corresponding basic point G jThe second basic point G that is not equal to basic point G, correspondence MOr the 3rd corresponding basic point G N
Wherein: y 1Be the ECDH public private key pair<x of mobile radio station 1, y 1PKI, y 2Be the ECDH public private key pair<x of access point 2, y 2PKI, ECDH is an elliptic curve Diffie-Hellman algorithm;
The storage of two big numbers of M and N and transmission are all represented with following formula in the inventive method: establish the big number of P for storing and transmit, then:
Figure A200910024485D00071
P is log by length just 2m StaBit
Figure A200910024485D00072
With length be b StaBit
Figure A200910024485D00073
This two number is stored and is transmitted;
Wherein: being located among the first prime number S set TAPRI has m StaIndividual element, the length of these elements is b StaBit, the P in the formula are a parameter.
Because comprise several access points and several mobile radio stations in the WLAN (wireless local area network), so in whole initialization procedure, element among the first prime number S set TAPRI and the second prime number set B SSPRI can constantly increase, the first prime number j that certificate server produces at random is also different with the second prime number r, so the first basic point G j, the 4th basic point G r, the second basic point G MWith the 3rd basic point G NAlso carrying out and can change with whole initialization procedure.

Claims (2)

1, a kind of wireless local area network switching authentication method based on elliptic curve is characterized in that comprising the steps:
The first step: initialization
(1) certificate server initialization
Certificate server is created the first prime number S set TAPRI and the second prime number set B SSPRI, uses the SECG technology at finite field F then pLast establishment elliptic curve T=(p, a, b, G, n, h), and wherein: p, a, b, n, h is for constituting the parameter of elliptic curve T, and G is a basic point on the elliptic curve T;
(2) when the access point request was supported, access point is initialization as follows:
A. certificate server produces the current first prime number j at random and it is added among the second prime number set B SSPRI, calculates the current first basic point G j=jG=(j mod n) G;
B. the product M and the current second basic point G of all elements among the authentication server computes first prime number S set TAPRI M=MG=(M mod n) G;
C. the product N and current the 3rd basic point G of all elements among the authentication server computes second prime number set B SSPRI N=NG=(N mod n) G;
D. certificate server all mobile radio stations in the territory are broadcasted current the 3rd basic point G that was signed by certificate server N
E. certificate server sends the current first message BSSKEYING={G under the protection of security association M, j, N, G j, T} is to access point, and access point calculates the current first private key k after receiving this message Bss=(N/j) modn,<k Bss, G NFormed the current first basic point G jThe public private key pair of last access point;
(3) when the mobile radio station request was served, mobile radio station is initialization as follows:
A. certificate server produces the current second prime number r at random and it is added among the first prime number S set TAPRI, calculates current the 4th basic point G r=rG=(r mod n) G;
B. the product M and the current second basic point G of all elements among the authentication server computes first prime number S set TAPRI M=MG=(M mod n) G;
C. the product N and current the 3rd basic point G of all elements among the authentication server computes second prime number set B SSPRI N=NG=(N mod n) G;
D. certificate server all access points in the territory are broadcasted the current second basic point G that was signed by certificate server M
E. certificate server sends the current second message STAKEYING={G under the protection of security association N, r, M, G r, T} is to mobile radio station, and mobile radio station calculates the current second private key k after receiving this message Sta=(M/r) mod n,<k Sta, G MFormed current the 4th basic point G rThe public private key pair of last mobile radio station;
Second step: switch authentication
Switch verification process and comprise two message:
Message 1: mobile radio station sends the 3rd message to target access Q 1 = { G r , y 1 } k sta
Message 2: target access receives the 3rd message Q 1The second corresponding basic point G of back MThe 4th basic point G with correspondence rVerify the 3rd message Q 1, target access sends the 4th message to mobile radio station then Q 2 = { G r , y 2 } k bss , mobile radio station receives the 4th message Q 2The 3rd corresponding basic point G of back NThe first basic point G with correspondence jVerify the 4th message Q 2, then target access and mobile radio station use ECDH key generting machanism to generate shared key k respectively Ptk
The reciever that switches in the verification process is checked the 3rd message Q 1Middle the 4th corresponding basic point G rWith the 4th message Q 2The middle first corresponding basic point G jThe second basic point G that is not equal to basic point G, correspondence MOr the 3rd corresponding basic point G N
Wherein: y 1Be the ECDH public private key pair<x of mobile radio station 1, y 1PKI, y 2Be the ECDH public private key pair<x of access point 2, y 2PKI, ECDH is an elliptic curve Diffie-Hellman algorithm;
2, a kind of wireless local area network switching authentication method based on elliptic curve according to claim 1 is characterized in that: the storage of big number and transmission are represented with following formula: establish the big number of P for storing and transmit, then:
P is log by length just 2m StaBit
Figure A200910024485C00032
With length be the bsta bit This two number is stored and is transmitted;
Wherein: being located among the first prime number S set TAPRI has m StaIndividual element, the length of these elements is b StaBit, the P in the formula are a parameter.
CN2009100244857A 2009-02-24 2009-02-24 Wireless local area network switching authentication method based on elliptical curve Expired - Fee Related CN101489226B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2009100244857A CN101489226B (en) 2009-02-24 2009-02-24 Wireless local area network switching authentication method based on elliptical curve

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2009100244857A CN101489226B (en) 2009-02-24 2009-02-24 Wireless local area network switching authentication method based on elliptical curve

Publications (2)

Publication Number Publication Date
CN101489226A true CN101489226A (en) 2009-07-22
CN101489226B CN101489226B (en) 2010-06-09

Family

ID=40891852

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2009100244857A Expired - Fee Related CN101489226B (en) 2009-02-24 2009-02-24 Wireless local area network switching authentication method based on elliptical curve

Country Status (1)

Country Link
CN (1) CN101489226B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107979594A (en) * 2017-11-21 2018-05-01 重庆邮电大学 It is a kind of based on prime factorization verification stricks precaution WLAN break association attack method
CN109074759A (en) * 2016-05-03 2018-12-21 塞帝通公司 The method and system of static DIFFIE-HELLMAN safety for Cheon resistance

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1648115B1 (en) * 2004-10-13 2006-11-29 Alcatel Method for improving handovers in a WLAN
CN101111056B (en) * 2006-07-17 2010-05-12 西安电子科技大学 Fast switching method for wireless local area network

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109074759A (en) * 2016-05-03 2018-12-21 塞帝通公司 The method and system of static DIFFIE-HELLMAN safety for Cheon resistance
CN109074759B (en) * 2016-05-03 2022-04-26 黑莓有限公司 Method and system for static DIFFIE-HELLMAN security for Cheon resistance
US11424924B2 (en) 2016-05-03 2022-08-23 Blackberry Limited Method and system for Cheon resistant static Diffie-Hellman security
US11616648B2 (en) 2016-05-03 2023-03-28 Blackberry Limited Method and system for Cheon resistant static Diffie-Hellman security
US11902440B2 (en) 2016-05-03 2024-02-13 Malikie Innovations Limited Method and system for Cheon resistant static Diffie-Hellman security
CN107979594A (en) * 2017-11-21 2018-05-01 重庆邮电大学 It is a kind of based on prime factorization verification stricks precaution WLAN break association attack method

Also Published As

Publication number Publication date
CN101489226B (en) 2010-06-09

Similar Documents

Publication Publication Date Title
US8627092B2 (en) Asymmetric cryptography for wireless systems
Cao et al. A simple and robust handover authentication between HeNB and eNB in LTE networks
CN101405987B (en) Asymmetric cryptography for wireless systems
CN107920350B (en) Privacy protection switching authentication method based on SDN and 5G heterogeneous network
EP2034658B1 (en) Method and system for distributing key in wireless network
CN108521662A (en) A kind of safety satellite crosses the method and system of top switching
CN107181597B (en) PMIPv6 authentication system and method based on identity agent group signature
JP2000124898A (en) Method for providing communication channel and moving machine
CN101442403B (en) Self-adapting method for exchanging composite cipher key and managing session cipher key
Li et al. Efficient authentication for fast handover in wireless mesh networks
Cao et al. UGHA: Uniform group-based handover authentication for MTC within E-UTRAN in LTE-A networks
Arya et al. Securing AODV routing protocol in MANET using NMAC with HBKS technique
US10582378B2 (en) Message protection method, user equipment, and core network device
CN112235792B (en) Multi-type terminal access and switching authentication method, system, equipment and application
Khan et al. Secure authentication and key management protocols for mobile multihop WiMAX networks
CN104955039A (en) Network authentication certification method and equipment
CN101304365A (en) Authentication method and authentication system
CN101600200B (en) Method for switching among heterogeneous networks, mobile node and authentication access point
CN101489226B (en) Wireless local area network switching authentication method based on elliptical curve
Rengaraju et al. QoS-aware distributed security architecture for 4G multihop wireless networks
Khan et al. Secure authentication and key management protocols for mobile multihop WiMAX networks
CN101883358A (en) Method for guaranteeing security of single-transceiver time-slot type distribution CR MAC (Cognitive Radio Multiple Access Control) protocol
Tsai et al. Routing security and authentication mechanism for mobile ad hoc networks
Alamri et al. UFAP: Ultra-fast handoff authentication protocol for wireless mesh networks
Cao et al. Unified handover authentication between heterogeneous access systems in LTE networks

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C17 Cessation of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20100609

Termination date: 20130224