Background technology
A principal character of next generation wireless communication network system is exactly the wireless access technology that merges various isomeries, for the user provides all the time, ubiquitous seamless network insertion service.Typical access technology has 3G, WLAN, WMN, WiMax and WSN etc.Each network internal all has the access authentication technique of oneself, like the SIM mechanism of GSM network, the AKA mechanism of 3G network.3GPP has proposed the 3GPP-WLAN interconnection architecture, adopts EAP-AKA access authentication agreement.But, also there is not a kind of general access authentication scheme for all isomerization access networks.
For wireless network, its safety issue is much serious more than cable network.Simultaneously, the existence of various heterogeneous networks makes the communications security between network and the user seem more outstanding.Before user access network, access network need carry out authentication to the user.Diverse network all has the own specific application target and the scope of application, and access authentication technique varies, and single access technology no longer is applicable to the network environment of isomery.
There is the following defective in existing 2G/3G network access authentication agreement:
1, DSE arithmetic poor expandability, and the resisting denying function can not be provided.
2, the authentication protocol (Identity-based schemes) based on identity leaks user identity easily and the user is followed the trail of, and receives the attack of pseudo-base station easily.
3, based on the authentication of trusted third party (TTP-based schemes) when the user roams into the strange land network, far removed between customer access network and the home network, the transmission of Ciphering Key will increase offered load.
4, for based on certificate authentication protocol (Certificate-based schemes) or Public Key Infrastructure(PKI); When accesses network and user do not know each other PKI; Both sides must transmit public key certificate through the radio channel of resource-constrained and verify, have seriously increased offered load, computation burden and propagation delay time.
5, be difficult to the realization user of equity and the two-way authentication of network.GSM authentication based on SIM can not realize two-way authentication, and 3G AKA authenticated and network are in not reciprocity status.
The access authentication agreement of 3GPP-WLAN heterogeneous interconnects standard is EAP-AKA.This EAP-AKA is based on the AKA agreement of 3GPP, and adopts the EAP agreement of ietf standardization that it is implemented in user's 3GPP-WLAN access authentication.Still there is certain safety limitation in this agreement:
1, user identity is not maintained complete secrecy.When the user did not have available pseudorandom identity, EAP-AKA can not provide user identity confidentiality completely, prevented the tracking of assailant's malice.
2, there is redirection attack.The assailant can initiate false AP and attack particularly not high as far as security requirement WLAN.This attack can cause the bill dispute between the Virtual network operator, redirected user's data in the lower WLAN of other safe classes.
Authentication mechanism based on identity self-confirmation obviously can be fit to heterogeneous network safety access field.But at present 3G network inner propose based on certificate scheme PKBP/SPAKA from verification public key; Adopt a believable CA (Certificate Authority) to link to each other with the access network of zones of different; User's public and private key is all issued by CA, does not make full use of the advantage of self-confirmation PKI.On the other hand, in verification process, owing to will transmit lot of data, also increased on-line calculation simultaneously, thus PKBP/SPAKA not only efficient is low with respect to traditional symmetric cryptography scheme, and memory space is excessive.
Summary of the invention
The objective of the invention is to overcome the deficiency of above-mentioned prior art; Propose a kind of for solving the problem that existing program exists in the background technology; A kind of heterogeneous wireless network secure access authentication method based on identity self-confirmation is provided,, reduces on-line calculation to improve the access authentication efficient of heterogeneous wireless network; Reduce the expense of memory space, realize the two-way authentication between user and the network.
For realizing above-mentioned purpose, the present invention includes following steps:
1) system initialization setup sets up system parameters;
2) portable terminal MT sends access authentication vector Auth1 and gives objective network VN, and if VN complete, then calculates parameters for authentication V ≡ (P through this vectorial integrality of message integrity code MIC check
e+ TID) mod n and preserve V, wherein, P is the PKI of MT, and TID is the temporary identity of MT, and e is the PKI of user attaching network HN, and n is the product of two big prime numbers; Otherwise abandon this grouping, terminate agreement;
3) objective network VN sends access authentication vector Auth2 and gives portable terminal MT, and whether the random number N 1 among the MT checking access authentication vector Auth2 is the numerical value of oneself choosing, if not then abandoning Auth2; Terminate agreement, if the numerical value of oneself choosing, again through this vectorial integrality of message integrity code MIC check; If, do not abandon this grouping, terminate agreement through check; If complete, then calculate parameters for authentication V
V≡ (P
V e+ ID
V) mod n and preserve V
V, wherein, P
VBe the PKI of VN, ID
VIt is the network identity of VN; Otherwise abandon this grouping, terminate agreement;
4) portable terminal MT sends access authentication vector Auth3 and gives objective network VN; Whether the random number N 2 among the VN checking access authentication vector Auth3 is the random number of oneself choosing; If not then abandoning this vector and terminate agreement, if the random number of oneself choosing is checked this vectorial integrality through message integrity code MIC; If complete, then verify equality
Whether set up,, then accept the access request of MT, and calculate both sides' session key if checking is passed through
S wherein
VBe the private key of VN, g is multiplicative group (Z/nZ)
*The maximum order element, y is a field among the access authentication vector Auth3, and y=x+S * C
V, parameters for authentication t is a field among the access authentication vector Auth1, and x is the integer that MT selects at random, and S is the private key of MT, C
VIt is the random number that VN produces; Otherwise, termination protocol, user's access authentication failure;
5) objective network VN sends access authentication vector Auth4 and gives portable terminal MT, and whether the
random number N 1 among the MT checking access authentication vector Auth4 is the random number of oneself choosing, if not then abandoning this vector and termination protocol; If the random number of oneself choosing, through this vectorial integrality of message integrity code MIC check, if not through check; Then abandon this grouping; If terminate agreement complete, is then verified equality
Whether set up,, then accept the network identity of VN, and calculate both sides' session key K=(P if checking is passed through
V e+ ID
V)
S, both sides' session key K is consistent, accomplishes two-way authentication, and wherein S is the private key of MT, y
VBe a field among the access authentication vector Auth4, and y
V=x
V+ S
V* C, parameters for authentication t
VBe a field among the access authentication vector Auth2, x
VBe the integer that VN selects at random, S
VBe the private key of VN, C is the random number that MT produces; Otherwise, termination protocol, two-way authentication failure.
The present invention is owing to be incorporated into the heterogeneous wireless network access authentication with the mechanism of identity self-confirmation, thereby has the following advantages:
1, efficient is high, practices thrift communication overhead.Have only four times in the whole access authentication procedure alternately, do not need the participation of trusted third party, also need not transmit digital certificate, thereby practice thrift communication overhead, improve the efficient of access authentication.
2, on-line calculation is little.Do not need compute signature, need not carry out encryption and decryption yet, reduced on-line calculation Ciphering Key.
3, storage overhead is few.The present invention is based on identity self-confirmation, need based on digital certificate machine-processed, need not safeguard PKIX PKI and storage of public keys certificate, thereby reduce storage overhead as tradition.
4, two-way authentication, the user need not trust complete network.The present invention adopts the authentication techniques based on identity self-confirmation; Realized the two-way authentication between user and the network; User's private key oneself is selected, and PKI is calculated, is self-confirmation by user's identity, need trust complete network unlike the traditional authentication schemes that kind.
Embodiment
The enforcement of method of the present invention relates to three entities, and the one, portable terminal MT, the 2nd, user attaching network HN, the 3rd, the objective network VN that MT need insert, as shown in Figure 1.Wherein MT can be the user who has multimode terminal, and HN and VN can be access network elements such as base station BS or focus AP, and have the function of certificate server, and AS1 and AS2 are certificate servers; After system parameters set up to be accomplished, HN just no longer participated between MT and the VN in the agreement implementation process, in follow-up repetition authentication, also no longer needs HN.
Referring to Fig. 2, the concrete implementation method of scheme is following:
Step 1, system initialization setup sets up system parameters.
Wherein system parameters comprises:
N: the product of two big prime numbers;
E: the PKI of user attaching network HN and satisfy gcd (e, φ (n))=1, φ (n) is the Euler's function of n;
D: the private key of user attaching network HN and satisfy e * d ≡ 1 (mod φ (n));
G: multiplicative group (Z/nZ)
*The maximum order element;
H: strong one-way hash function and h:{0,1}
*→ (Z
n)
*
P: the PKI of portable terminal MT and satisfy P=(g
-S-TID)
dMod n;
S: the private key of portable terminal MT;
P
V: the PKI of objective network VN and satisfied
S
V: the private key of objective network VN;
V: the parameters for authentication that portable terminal MT produces and satisfy V=g
-S(mod n);
V
V: the parameters for authentication that objective network VN produces and satisfied
TID: the temporary identity information of portable terminal MT;
ID
V: the network identity of objective network VN.
Wherein, but the open parameters of user attaching network HN be (n, e, g, h).
System parameters to set up process following:
Portable terminal MT selects a big integer S as private key at random, and user attaching network HN issues PKI P to portable terminal MT, and portable terminal MT is through the correctness of the PKI e checking P of user attaching network HN.Objective network VN obtains public private key pair (P from user attaching network HN in the same way
V, S
V).Before access authentication, portable terminal MT and objective network VN have obtained the other side's PKI, and obtained user attaching network HN open parameters (n, e, g, h).Portable terminal MT can use temporary identity information TID to replace permanent identity information in the middle of actual, and the prevention user is followed the trail of.In follow-up repetition authentication, no longer need step 1.
Step 2, portable terminal MT generates access authentication vector Auth1, and sends to objective network VN;
This access authentication vector Auth1 comprises following content successively:
TID field: the temporary identity information of portable terminal MT;
P field: the PKI of portable terminal MT;
N1 field: the random number that portable terminal MT produces;
T field: the integer that portable terminal MT produces: t ≡ g
x(mod n), x are the integers that portable terminal MT selects at random;
MIC field: the one-way hash value that portable terminal MT uses strong one-way hash function h that all message before this field are calculated;
Objective network VN receives after the access authentication vector Auth1, at first through the integrality of message integrity code MIC check message, if pass through check, then calculates parameters for authentication V ≡ (P
e+ TID) mod n, and preservation V; Otherwise abandon Auth1, terminate agreement.
Step 3, objective network VN generates access authentication vector Auth2, and sends to portable terminal MT.
This access authentication vector Auth2 comprises following content successively:
ID
VField: the network identity of objective network VN;
P
VField: the PKI of objective network VN;
N1 field: the random number that portable terminal MT produces;
N2 field: the random number that objective network VN generates;
t
VField: the integer that objective network VN produces and
x
VIt is the integer that VN selects at random;
C
VField: the integer that objective network VN selects at random;
The MIC field: message integrity code is the one-way hash value that objective network VN uses strong one-way hash function h that all message before this field are calculated;
Receive the access authentication vector Auth2 of objective network VN transmission as portable terminal MT after, judge at first whether the random number N 1 among the access authentication vector Auth2 is the numerical value of oneself choosing, if not then abandoning Auth2, terminate agreement; If the numerical value of oneself choosing then through the integrality of message integrity code MIC check message, if pass through check, then calculates parameters for authentication V
V≡ (P
V e+ ID
V) mod n, and preserve V
VOtherwise abandon this grouping, terminate agreement.
Step 4, portable terminal MT generates access authentication vector Auth3, and sends to objective network VN.
This access authentication vector Auth3 comprises following content successively:
Y field: integer and y=x+S * C that portable terminal MT calculates
V, x is the integer that MT selects at random;
N2 field: the random number that objective network VN generates;
C field: the integer that portable terminal MT selects at random;
The MIC field: message integrity code is the one-way hash value that portable terminal MT uses strong one-way hash function h that all message before this field are calculated;
Receive the access authentication vector Auth3 of portable terminal MT transmission as objective network VN after, judging at first whether the random number N 2 among the access authentication vector Auth3 is the random integers of oneself choosing, is not then to abandon this vector and termination protocol; Otherwise integrality through message integrity code MIC check message; If not through check; Abandon this grouping; Agreement is ended; Otherwise whether checking equality
is set up, if checking is passed through; Then accept the access request of portable terminal MT; And calculate both sides' session key
otherwise termination protocol, and user's access authentication failure, wherein t is the field among the access authentication vector Auth1 that objective network VN prestores in the step 2.
Step 5, objective network VN generates access authentication vector Auth4, and sends to portable terminal MT.
This access authentication vector Auth4 comprises following content successively:
y
VInteger and y that field: VN calculates
V=x
V+ S
V* C, x
VIt is the integer that VN selects at random;
N1 field: the random number that portable terminal MT produces;
MIC field: message integrity code, the one-way hash value that objective network VN uses strong one-way hash function h that all message before this field are calculated;
Receive the access authentication vector Auth4 of objective network VN transmission as portable terminal MT after, judging at first whether the
random number N 1 among the access authentication vector Auth4 is the random integers of oneself choosing, is not then to abandon this vector and termination protocol; Otherwise, through the integrality of message integrity code MIC check message, if, abandon this grouping, terminate agreement not through check; Otherwise, the checking equality
Whether set up,, then accept the network identity of objective network VN, and calculate both sides' session key K=(P if checking is passed through
V e+ ID
V)
SOtherwise termination protocol, two-way authentication failure, wherein t
VIt is the field among the access authentication vector Auth2 that portable terminal MT prestores in the step 3.
If the agreement correct execution, through above safe access authentication procedure, portable terminal MT and objective network VN will accomplish two-way authentication, and set up shared session key K.
The term explanation
AKA: Authentication and Key Agreement agreement
EAP-AKA: the AKA agreement of band Extensible Authentication Protocol
WLAN: WLAN
Wi-MAX: wireless MAN
WMN: wireless mesh network
WSN: wireless sensor network
PKBP/SPAKA: the public key broadcasts agreement/based on authentication and IKE from verification public key.