CN101489226B - Wireless local area network switching authentication method based on elliptical curve - Google Patents

Wireless local area network switching authentication method based on elliptical curve Download PDF

Info

Publication number
CN101489226B
CN101489226B CN2009100244857A CN200910024485A CN101489226B CN 101489226 B CN101489226 B CN 101489226B CN 2009100244857 A CN2009100244857 A CN 2009100244857A CN 200910024485 A CN200910024485 A CN 200910024485A CN 101489226 B CN101489226 B CN 101489226B
Authority
CN
China
Prior art keywords
message
basic point
current
mobile radio
radio station
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN2009100244857A
Other languages
Chinese (zh)
Other versions
CN101489226A (en
Inventor
万长胜
胡爱群
方昊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Southeast University
Original Assignee
Southeast University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Southeast University filed Critical Southeast University
Priority to CN2009100244857A priority Critical patent/CN101489226B/en
Publication of CN101489226A publication Critical patent/CN101489226A/en
Application granted granted Critical
Publication of CN101489226B publication Critical patent/CN101489226B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention discloses a wireless local area network switching authentication method based on elliptic curve, and belongs to the filed of network switching authentication. The method comprises the following steps: initializing an authentication server, which includes establishing two prime number sets and one elliptic curve; initializing the access point and mobile station, which comprises calculating authentication server, establishing the common and private key pair by the base point of common and private key pair of broadcast access point and mobile station to the base point, the access point and mobile station according to the secret information transmitted by authentication server; and switching authentication, which comprises executing mutual authentication with target access point and common key of mobile station and establishing sharing key with an ECDH algorithm. The method of the invention can effectively defend all known wireless local area network attack comprising denial of service and domino effect attack, and furthermore effectively reducing the computing expenditure and transmission expenditure.

Description

A kind of wireless local area network switching authentication method based on elliptic curve
Technical field
The present invention relates to the switching authentication method in a kind of network communication, relate in particular to a kind of wireless local area network switching authentication method, belong to network and switch field of authentication based on elliptic curve.
Background technology
Switching between the WAP (wireless access point) is very important for the WLAN (wireless local area network) mobile radio station, and it then is a kind of challenge that the low time delay of design safety is switched authentication protocol.
When mobile radio station when the current access point switches to target access, need authenticate in target access and associated subsequently.IEEE802.11 basic agreement in 1997 has defined two kinds of certificate schemes, that is: shared key authentication and open system authentication, however these two kinds of schemes can not be resisted multiple attack.IEEE802.11f working group and IETFSeamoby working group have formulated the context transfer protocol that is used to switch authentication immediately, but this agreement still can not be resisted the domino effect attack.
At present, IEEE802.11r group is designing a kind of fast B SS handover scheme (FBBST) that is applied to switch authentication, and the FBSST agreement is the tripartite certificate scheme of a class Kerberos, yet still there are some problems in the FBSST agreement:
The one, 802.11r document requirement access point need be set up the trusting relationship of recognizing each other in twos in the 802.11r territory.Supposing has n in the 802.11r territory ApIndividual access point, then the total security association between each access point will reach n Ap 2Therefore work as n ApDuring growth, the deployment of security association will become impossible between access point.
The 2nd, Denial of Service attack.In the FBSST agreement, only received that 3 just can be verified the initial message that mobile radio station sends after from the message of initial access point when target access, and judge whether to refuse mobile radio station, so the assailant can create a large amount of illegal handoff request information and sending to target access.Because target access can not be verified this message, thus can with initial access point communication, initial access point then needs to verify and deciphers a large amount of message of coming from target access.
The 3rd, domino effect is attacked.In case the access point in 802.11r territory is broken, the access point that the assailant just can disguise oneself as and be broken is set up success identity with other access point that is not broken as yet.This shows that the FBSST agreement does not solve domino effect and attacks problem, even has also introduced more efficient and safety problem.
The authentication public key scheme had been applied to wireless network already, distributed but the scheme that is based on PKI all greatly depends on public key certificate, and it is particularly high that this operates in the wireless environment of the certificate scheme that use designs based on trusted right delegation cost.When portable terminal when a trusted right delegation territory roams to another trusted right delegation territory, the trusted right delegation initialization procedure must repeat to set up, and therefore can not save any switching time, can not meet the demand of switching authentication.
Summary of the invention
The present invention proposes a kind of wireless local area network switching authentication method based on elliptic curve for the trust management overhead issues that solves in the WLAN (wireless local area network) switching.
A kind of wireless local area network switching authentication method based on elliptic curve comprises the steps:
The first step: initialization
(1) certificate server initialization
Certificate server is created the first prime number S set TAPRI and the second prime number set B SSPRI, uses the SECG technology at finite field F then pLast establishment elliptic curve T=(p, a, b, G, n, h), and wherein: p, a, b, n, h is for constituting the parameter of elliptic curve T, and G is a basic point on the elliptic curve T;
(2) when the access point request was supported, access point is initialization as follows:
A. certificate server produces the current first prime number j at random and it is added among the second prime number set B SSPRI, calculates the current first basic point G j=jG=(jmodn) G;
B. the product M and the current second basic point G of all elements among the authentication server computes first prime number S set TAPRI M=MG=(Mmodn) G;
C. the product N and current the 3rd basic point G of all elements among the authentication server computes second prime number set B SSPRI N=NG=(Nmodn) G;
D. certificate server all mobile radio stations in the territory are broadcasted current the 3rd basic point G that was signed by certificate server N
E. certificate server sends the current first message BSSKEYING={G under the protection of security association M, j, N, G j, T} is to access point, and access point calculates the current first private key k after receiving this message Bss=(N/j) modn,<k Bss, G NFormed the current first basic point G jThe public private key pair of last access point;
(3) when the mobile radio station request was served, mobile radio station is initialization as follows:
A. certificate server produces the current second prime number r at random and it is added among the first prime number S set TAPRI, calculates current the 4th basic point G r=rG=(rmodn) G;
B. the product M and the current second basic point G of all elements among the authentication server computes first prime number S set TAPRI M=MG=(Mmodn) G;
C. the product N and current the 3rd basic point G of all elements among the authentication server computes second prime number set B SSPRI N=NG=(Nmodn) G;
D. certificate server all access points in the territory are broadcasted the current second basic point G that was signed by certificate server M
E. certificate server sends the current second message STAKEYING={G under the protection of security association N, r, M, G r, T} is to mobile radio station, and mobile radio station calculates the current second private key k after receiving this message Sta=(M/r) modn,<k Sta, G MFormed current the 4th basic point G rThe public private key pair of last mobile radio station;
Second step: switch authentication
Switch verification process and comprise two message:
Message 1: mobile radio station sends the 3rd message to target access
Figure G2009100244857D00021
Message 2: target access receives the 3rd message Q 1The second corresponding basic point G of back MThe 4th basic point G with correspondence rVerify the 3rd message Q 1, target access sends the 4th message to mobile radio station then
Figure G2009100244857D00022
Mobile radio station receives the 4th message Q 2The 3rd corresponding basic point G of back NThe first basic point G with correspondence jVerify the 4th message Q 2, then target access and mobile radio station use ECDH key generting machanism to generate shared key k respectively Ptk
The reciever that switches in the verification process is checked the 3rd message Q 1Middle the 4th corresponding basic point G rWith the 4th message Q 2The middle first corresponding basic point G jThe second basic point G that is not equal to basic point G, correspondence MOr the 3rd corresponding basic point G N
Wherein: y 1Be the ECDH public private key pair<x of mobile radio station 1, y 1PKI, y 2Be the ECDH public private key pair<x of access point 2, y 2PKI, ECDH is an elliptic curve Diffie-Hellman algorithm;
Essence of the present invention is to have designed a kind of PKI allocative decision of novelty, promptly all mobile radio stations are shared same PKI but are respectively held different private key and different public private key pair basic point among same area, certificate server all access point broadcasting in the territory should be shared PKI, the authentication mobile radio station so access point can use public-key, simplify the PKI assigning process, reduced the trust management expense.Because certificate server does not involve in handoff procedure, so can avoid Denial of Service attack; Because switch the trusting relationship that authenticates and do not rely between access point, so can avoid domino effect to attack.Fail safe expense of the present invention is much smaller than FBSST scheme and other certificate schemes based on PKI, and switching authentication only needs two message of two inter-entity, thereby has also taken into account efficient and security performance.
Description of drawings
Fig. 1 is the trust model schematic diagram between certificate server, access point and the mobile radio station among the present invention, the number in the figure title:
The AS-certificate server, AP-access point, STA-mobile radio station, the already present security association of PSA-.
Embodiment
Trust model schematic diagram between certificate server in the WLAN (wireless local area network), access point and the mobile radio station as shown in Figure 1, certificate server is responsible for safeguarding initial trusting relationship, and promptly we suppose to have safe lane respectively between certificate server and each access point, certificate server and each mobile radio station.When using the inventive method, certificate server will at first carry out initialization to self and each access point, each mobile radio station, then when mobile radio station need switch authentication, as long as authentication mutually between mobile radio station and the target access.
A kind of wireless local area network switching authentication method based on elliptic curve comprises the steps:
The first step: initialization
(1) certificate server initialization
Certificate server is created the first prime number S set TAPRI and the second prime number set B SSPRI, uses the SECG technology at finite field F then pLast establishment elliptic curve T=(p, a, b, G, n, h), and wherein: p, a, b, n, h is for constituting the parameter of elliptic curve T, and G is a basic point on the elliptic curve T;
(2) when the access point request was supported, access point is initialization as follows:
A. certificate server produces the current first prime number j at random and it is added among the second prime number set B SSPRI, calculates the current first basic point G j=jG=(jmodn) G, nG=O wherein, O is coordinate zero point;
B. the product M and the current second basic point G of all elements among the authentication server computes first prime number S set TAPRI M=MG=(Mmodn) G;
C. the product N and current the 3rd basic point G of all elements among the authentication server computes second prime number set B SSPRI N=NG=(Nmodn) G;
D. certificate server all mobile radio stations in the territory are broadcasted current the 3rd basic point G that was signed by certificate server N,,, can add timestamp in the message for preventing Replay Attack so that the authentication of integrity protection and message source to be provided;
E. certificate server sends the current first message BSSKEYING={G under the protection of security association M, j, N, G j, T} is to access point, and access point calculates the current first private key k after receiving this message Bss=(N/j) modn,<k Bss, G NFormed the current first basic point G jThe public private key pair of last access point;
(3) when the mobile radio station request was served, mobile radio station is initialization as follows:
A. certificate server produces the current second prime number r at random and it is added among the first prime number S set TAPRI, calculates current the 4th basic point G r=rG=(rmodn) G;
B. the product M and the current second basic point G of all elements among the authentication server computes first prime number S set TAPRI M=MG=(Mmodn) G;
C. the product N and current the 3rd basic point G of all elements among the authentication server computes second prime number set B SSPRI N=NG=(Nmodn) G;
D. certificate server all access points in the territory are broadcasted the current second basic point G that was signed by certificate server M,,, can add timestamp in the message for preventing Replay Attack so that the authentication of integrity protection and message source to be provided;
E. certificate server sends the current second message STAKEYING={G under the protection of security association N, r, M, G r, T} is to mobile radio station, and mobile radio station calculates the current second private key k after receiving this message Sta=(M/r) modn,<k Sta, G MFormed current the 4th basic point G rThe public private key pair of last mobile radio station;
Second step: switch authentication
Switch verification process and comprise two message:
Message 1: mobile radio station sends the 3rd message to target access
Figure G2009100244857D00031
The 3rd message Q 1Use ellipse curve signature mechanism is subjected to the current second private key k of mobile radio station StaProtection;
Message 2: target access receives the 3rd message Q 1Back with the second corresponding basic point G of hold MBe contained in the 3rd message Q 1The 4th basic point G of correspondence rVerify the 3rd message Q 1, target access sends the 4th message to mobile radio station then
Figure G2009100244857D00032
The 4th message Q 2Use ellipse curve signature mechanism, mobile radio station receive the 4th message Q 2Back with the 3rd corresponding basic point G of hold NBe contained in the 4th message Q 2The first basic point G of correspondence jVerify the 4th message Q 2, then target access and mobile radio station use ECDH key generting machanism to generate shared key k respectively Ptk
The reciever that switches in the verification process is checked the 3rd message Q 1Middle the 4th corresponding basic point G rWith the 4th message Q 2The middle first corresponding basic point G jThe second basic point G that is not equal to basic point G, correspondence MOr the 3rd corresponding basic point G N
Wherein: y 1Be the ECDH public private key pair<x of mobile radio station 1, y 1PKI, y 2Be the ECDH public private key pair<x of access point 2, y 2PKI, ECDH is an elliptic curve Diffie-Hellman algorithm;
The storage of two big numbers of M and N and transmission are all represented with following formula in the inventive method: establish the big number of P for storing and transmit, then:
Figure G2009100244857D00041
P is log by length just 2m StaBit
Figure G2009100244857D00042
With length be b StaBit
Figure G2009100244857D00043
This two number is stored and is transmitted;
Wherein: being located among the first prime number S set TAPRI has m StaIndividual element, the length of these elements is b StaBit, the P in the formula are a parameter.
Because comprise several access points and several mobile radio stations in the WLAN (wireless local area network), so in whole initialization procedure, element among the first prime number S set TAPRI and the second prime number set B SSPRI can constantly increase, the first prime number j that certificate server produces at random is also different with the second prime number r, so the first basic point G j, the 4th basic point G r, the second basic point G MWith the 3rd basic point G NAlso carrying out and can change with whole initialization procedure.

Claims (2)

1. the wireless local area network switching authentication method based on elliptic curve is characterized in that comprising the steps: the first step: initialization
(1) certificate server initialization
Certificate server is created the first prime number S set TAPRI and the second prime number set B SSPRI, uses the SECG technology at finite field F then pLast establishment elliptic curve T=(p, a, b, G, n, h), and wherein: p, a, b, n, h is for constituting the parameter of elliptic curve T, and G is a basic point on the elliptic curve T;
(2) when the access point request was supported, access point is initialization as follows:
A. certificate server produces the current first prime number j at random and it is added among the second prime number set B SSPRI, calculates the current first basic point G j=jG=(j mod n) G, nG=O wherein, O is coordinate zero point, down with;
B. the product M and the current second basic point G of all elements among the authentication server computes first prime number S set TAPRI M=MG=(M mod n) G;
C. the product N and current the 3rd basic point G of all elements among the authentication server computes second prime number set B SSPRI N=NG=(N mod n) G;
D. certificate server all mobile radio stations in the territory are broadcasted current the 3rd basic point GN that was signed by certificate server;
E. certificate server sends the current first message BSSKEYING={G under the protection of security association M, j, N, G j, T} is to access point, and access point calculates the current first private key k after receiving this message Bss=(N/j) mod n,<k Bss, G NFormed the current first basic point G jThe public private key pair of last access point;
(3) when the mobile radio station request was served, mobile radio station is initialization as follows:
A. certificate server produces the current second prime number r at random and it is added among the first prime number S set TAPRI, calculates current the 4th basic point G r=rG=(r mod n) G;
B. the product M and the current second basic point G of all elements among the authentication server computes first prime number S set TAPRI M=MG=(M mod n) G;
C. the product N and current the 3rd basic point G of all elements among the authentication server computes second prime number set B SSPRI N=NG=(N mod n) G;
D. certificate server all access points in the territory are broadcasted the current second basic point G that was signed by certificate server M
E. certificate server sends the current second message STAKEYING={G under the protection of security association N, r, M, G r, T} is to mobile radio station, and mobile radio station calculates the current second private key k after receiving this message Sta=(M/r) mod n,<k Sta, G MFormed current the 4th basic point G rThe public private key pair of last mobile radio station;
Second step: switch authentication
Switch verification process and comprise two message:
Message 1: mobile radio station sends the 3rd message to target access Q 1 = { G r , y 1 } k sta ;
Message 2: target access receives the 3rd message Q 1The second corresponding basic point G of back MThe 4th basic point G with correspondence rVerify the 3rd message Q 1, target access sends the 4th message to mobile radio station then
Figure F2009100244857C00012
Mobile radio station receives the 4th message Q 2The 3rd corresponding basic point G of back NThe first basic point G with correspondence jVerify the 4th message Q 2, then target access and mobile radio station use ECDH key generting machanism to generate shared key k respectively Ptk
The reciever that switches in the verification process is checked the 3rd message Q 1Middle the 4th corresponding basic point G rWith the 4th message Q 2The middle first corresponding basic point G jThe second basic point G that is not equal to basic point G, correspondence MOr the 3rd corresponding basic point G N
Wherein: y 1Be the ECDH public private key pair<x of mobile radio station 1, y 1PKI, y 2Be the ECDH public private key pair<x of access point 2, y 2PKI, ECDH is an elliptic curve Diffie-Hellman algorithm.
2. a kind of wireless local area network switching authentication method based on elliptic curve according to claim 1 is characterized in that: the storage and the transmission of two big numbers of described M and N are all represented with following formula: establish the big number of P for storing and transmit, then:
Figure F2009100244857C00021
P is log by length just 2m StaBit
Figure F2009100244857C00022
With length be b StaBit
Figure F2009100244857C00023
This two number is stored and is transmitted;
Wherein: being located among the first prime number S set TAPRI has m StaIndividual element, the length of these elements is b StaBit, the P in the formula are a parameter.
CN2009100244857A 2009-02-24 2009-02-24 Wireless local area network switching authentication method based on elliptical curve Expired - Fee Related CN101489226B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2009100244857A CN101489226B (en) 2009-02-24 2009-02-24 Wireless local area network switching authentication method based on elliptical curve

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2009100244857A CN101489226B (en) 2009-02-24 2009-02-24 Wireless local area network switching authentication method based on elliptical curve

Publications (2)

Publication Number Publication Date
CN101489226A CN101489226A (en) 2009-07-22
CN101489226B true CN101489226B (en) 2010-06-09

Family

ID=40891852

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2009100244857A Expired - Fee Related CN101489226B (en) 2009-02-24 2009-02-24 Wireless local area network switching authentication method based on elliptical curve

Country Status (1)

Country Link
CN (1) CN101489226B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10129026B2 (en) 2016-05-03 2018-11-13 Certicom Corp. Method and system for cheon resistant static diffie-hellman security
CN107979594B (en) * 2017-11-21 2020-08-04 重庆邮电大学 Method for preventing W L AN disconnection attack based on prime number decomposition verification

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1648115A1 (en) * 2004-10-13 2006-04-19 Alcatel Method for improving handovers in a WLAN
CN101111056A (en) * 2006-07-17 2008-01-23 西安电子科技大学 Fast switching method for wireless local area network

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1648115A1 (en) * 2004-10-13 2006-04-19 Alcatel Method for improving handovers in a WLAN
CN101111056A (en) * 2006-07-17 2008-01-23 西安电子科技大学 Fast switching method for wireless local area network

Non-Patent Citations (6)

* Cited by examiner, † Cited by third party
Title
万长胜等.媒体无关切换方案的安全性.计 算 机 工 程34 18.2008,34(18),17-18.
万长胜等.媒体无关切换方案的安全性.计 算 机 工 程34 18.2008,34(18),17-18. *
宋宇波等.基于自我加密的无线局域网快速切换认证.东南大学学报(自然科学版)37 6.2007,37(6),945-949.
宋宇波等.基于自我加密的无线局域网快速切换认证.东南大学学报(自然科学版)37 6.2007,37(6),945-949. *
龙承志等.一种基于椭圆曲线加密体制的无线局域网安全策略.科技资讯 11.2008,(11),80-81.
龙承志等.一种基于椭圆曲线加密体制的无线局域网安全策略.科技资讯 11.2008,(11),80-81. *

Also Published As

Publication number Publication date
CN101489226A (en) 2009-07-22

Similar Documents

Publication Publication Date Title
US8627092B2 (en) Asymmetric cryptography for wireless systems
Cao et al. A simple and robust handover authentication between HeNB and eNB in LTE networks
CN101405987B (en) Asymmetric cryptography for wireless systems
EP2034658B1 (en) Method and system for distributing key in wireless network
CN108521662A (en) A kind of safety satellite crosses the method and system of top switching
JP2000124898A (en) Method for providing communication channel and moving machine
CN101442403B (en) Self-adapting method for exchanging composite cipher key and managing session cipher key
Arya et al. Securing AODV routing protocol in MANET using NMAC with HBKS technique
Cao et al. UGHA: Uniform group-based handover authentication for MTC within E-UTRAN in LTE-A networks
US10582378B2 (en) Message protection method, user equipment, and core network device
CN101114957A (en) Fast switch method and system in wireless local area network
CN112235792B (en) Multi-type terminal access and switching authentication method, system, equipment and application
Khan et al. Secure authentication and key management protocols for mobile multihop WiMAX networks
CN105471845A (en) Communication method and communication system for preventing man-in-the-middle attack
CN101600200B (en) Method for switching among heterogeneous networks, mobile node and authentication access point
Lu et al. A lightweight authentication protocol for mobile ad hoc networks
CN101489226B (en) Wireless local area network switching authentication method based on elliptical curve
CN101867923A (en) Heterogeneous wireless network secure access authentication method based on identity self-confirmation
CN101883358A (en) Method for guaranteeing security of single-transceiver time-slot type distribution CR MAC (Cognitive Radio Multiple Access Control) protocol
Tsai et al. Routing security and authentication mechanism for mobile ad hoc networks
Cao et al. Unified handover authentication between heterogeneous access systems in LTE networks
CN1964259A (en) A method to manage secret key in the course of switch-over
Jiang et al. An efficient lightweight anonymous authentication scheme for V2G using physical unclonable function
Mulugeta et al. Secured two phase geographic forwarding protocol in wireless multimedia sensor networks
Huang et al. Provable secure AKA scheme with reliable key delegation in UMTS

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C17 Cessation of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20100609

Termination date: 20130224