CN101977198B - Inter-domain authentication and key negotiation method - Google Patents

Abstract

The invention relates to an inter-domain authentication and key negotiation method, which aims to solve the problems that the reliability of representative nodes of domains cannot be guaranteed and the efficiency of the key negotiation is low during the negotiation of a shared key in the prior art. A physical network for communication among nodes is converted into a logic network for inter-domaincommunication, and a shared key negotiation mechanism which takes the representative nodes in the domains as a center and in which ordinary nodes participate. The method comprises the following four steps of: a registering process, a communication process, a calculation process and the distribution of an intra-domain shared key, wherein in the register process, all nodes for the communication in the two domains register with a credible third party to acquire system public parameters and a node private key; in the communication process, the representative nodes of the domains calculate a temporary public key set of the domains by using the public parameters and send the temporary public key set to the opposite domain; in the calculation process, the representative nodes of the domains receive the temporary public key set sent by the opposite domain, and perform information interaction with all intra-domain ordinary nodes to calculate an inter-domain shared key; and in the distribution process of the intra-domain shared key, after acquiring the inter-domain shared key through calculation, the representative nodes distribute the inter-domain shared key to all intra-domain nodes, so that all nodes, which need to perform the communication, of the two domains acquire the shared key K.

Description

Authentication and cryptographic key negotiation method between the territory

Technical field

The invention belongs to the network security technology field, relate in the network service the not mutual authentication between the same area and the safe practice of negotiating about cipher key shared.Based on the encryption mechanism based on attribute, proposed to authenticate and set up the method for sharing key between two territories.

Background technology

In network service, the user between the same area often need not communicate.For guaranteeing between the user can secure exchange information, need between communicating pair, carry out authentication and set up shared session key, except the cipher key interaction agreement based on PKIX PKI (Public Key Infrastructure), two side's IKEs based on identity also are the methods that often adopts, and can realize this demand for security.

Document " Two-Party Attribute-based Key Agreement Protocol in the Standard Model.International Symposium on Information Processing; August21-23; 2009; 325-328 " has proposed a kind of two side's IKEs based on attribute, the main thought of this method is: read two sides' attribute information from trusted third party after, picked at random satisfies the polynomial computation of certain condition and the initial parameter of system is set, and utilizes this multinomial and user property collection can calculate user's sets of private keys.In cipher key agreement process, A selects a random number and utilizes the property set of the open parameter of set system and B to calculate, but obtain a public information and send to B, B uses the sets of private keys of oneself and shines upon computation key by bilinearity after receiving this public information, in like manner A side utilizes public information that B side sends and the sets of private keys computation key of oneself, thereby both sides can successfully obtain a shared key.This method is directly used in authentication and key agreement existing problems between the territory, two territories of negotiating about cipher key shared just authenticate negotiation between the representation node in two territories, do not consider the integrity problem of representation node, so just give assailant's opportunity, can not effectively guarantee the fail safe of system; If will realize the Authentication and Key Agreement of all nodes in two territories, just need carry out in two territories the node number secondary key that multiplies each other consults, obviously reduced entire system efficient, especially when in the territory great deal of nodes being arranged, this can greatly increase the amount of calculation of key agreement.

Summary of the invention

Purpose of the present invention: in order to overcome reliability and the inefficient technical problem of key agreement that prior art can not ensure the representation node in territory when the negotiating about cipher key shared, the present invention proposes between a kind of territory authentication and cryptographic key negotiation method, allow in the arranging key process ordinary node also participates in negotiations process in the territory.The representation node in territory will carry out information interaction with the territory interior nodes in negotiations process, thereby makes territory interior nodes fellowship consult effectively to have ensured between the territory key agreement between authentication and reliable territory; After sharing the key agreement success, carry out secure distribution by representation node ordinary node in the territory, thereby all nodes have all obtained shared session key in the territory.This has not only guaranteed the fail safe of network service, and has improved the network service whole efficiency.

Authentication and cryptographic key negotiation method between the territory that the present invention proposes are converted to the logical network of communicating by letter between territory and the territory with the physical network of communicating by letter between the node, set up in the territory centered by the representation node, the key agreement mechanism of ordinary node fellowship.So-called " territory " is exactly the set that all nodes in the representation node compass of competency form, and comprises representation node and ordinary node in the territory.Described representation node, the node of electing out by the territory interior nodes has only a representation node in each territory exactly, be mainly used between the territory and the territory in the forwarding of network data, realization network service.

For basic principle of the present invention is described, the present invention chooses any two the territory D in the network ₁And D ₂Narrate its process.Authentication and cryptographic key negotiation method comprise shared key distribution procedure in registration process, communication process, computational process and the territory between the territory that the present invention proposes:

1) registration process

Territory D ₁In all nodes register to the TTP of trusted third party, concrete steps are as follows:

The first step: territory D ₁In all nodes node A that elects a deputy at random ₀, A then ₀Collect territory D ₁In the information of all nodes, the set of structure key application information

Gather with identity information

And transmission message

Give TTP;

Second step: TTP receives territory D ₁The message of sending

After, one group of random number t of picked at random ₀, t ₁..., t _i..., t _n∈ Z ^* _qWith satisfy f ₁(0)=(d-1) inferior (d is an integer, is the security parameter that sets in advance) polynomial f of y ₁And calculate open parameter (x), $T_0=g^{t_0},T_1=g^{t_1},...,T_i=g^{t_i},...,T_n=g^{t_n},$ Y=e (g, g) ^yThe private key of (y is the private key of TTP) and each node ${\mathrm{sk}}_{A_0}=g^{f_1\left(0\right)/t_0},{\mathrm{sk}}_{A_1}=g^{f_1\left(1\right)/t_1},...,{\mathrm{sk}}_{A_i}=g^{f_1\left(i\right)/t_i},...,{\mathrm{sk}}_{A_n}=g^{f_1\left(n\right)/t_n},$ Send message by safe lane then

Give territory D ₁Middle corresponding node A _i(i=0,1 ..., n);

Territory D ₂In all nodes register to the TTP of trusted third party, concrete steps are as follows:

The first step: territory D ₂In all nodes Node B that elects a deputy at random ₀, B then ₀Collect territory D ₂In the information of all nodes, the set of structure key application information Gather with identity information

And transmission message

Give TTP;

Second step: TTP receives territory D ₂The information of sending

After, one group of random number l of picked at random ₀, l ₁..., l _j..., l _m∈ Z ^* _qWith satisfy f ₂(0)=(d-1) inferior (d is an integer, is the security parameter that sets in advance) polynomial f of y ₂And calculate open parameter (x), $L_0=g^{l_0},L_1=g^{l_1},...,L_j=g^{l_j},...,L_m=g^{l_m},$ Y=e (g, g) ^yThe private key of (y is the private key of TTP) and each node ${\mathrm{sk}}_{B_0}=g^{f_2\left(0\right)/l_0},{\mathrm{sk}}_{B_1}=g^{f_2\left(1\right)/l_1},...,{\mathrm{sk}}_{B_j}=g^{f_2\left(j\right)/l_j},...,{\mathrm{sk}}_{B_m}=g^{f_2\left(m\right)/l_m},$ Send message by safe lane then

Give territory D ₂Middle corresponding Node B _j(j=0,1 ..., m);

2) communication process

2.1) representation node A among the D1 of territory ₀Random number x of picked at random _a∈ Z ^* _q, computational fields D ₁Interim public key sets $A_{D_1}=\left\{A_{A_i}\right|i=\mathrm{0,1},...,n\}=\{{T_i}^{x_a}|i=\mathrm{0,1},...,n\}=\left\{g^{t_i{x}_a}\right|i=\mathrm{0,1},...,n\},$ Then with territory D ₁Interim public key sets Send to territory D ₂In representation node B ₀

2.2) territory D ₂In representation node B ₀Random number x of picked at random _b∈ Z ^* _q, computational fields D ₂Interim public key sets $A_{D_2}=\left\{A_{B_j}\right|j=\mathrm{0,1},...,m\}=\{{L_j}^{x_b}|j=\mathrm{0,1},...,m\}=\left\{g^{l_j{x}_b}\right|j=\mathrm{0,1},...,m\},$ Then with territory D ₂Interim public key sets

Send to territory D ₁Representation node A ₀

3) computational process

Territory D ₁Other node is carried out following process in interior representation node and the territory:

The first step: territory D ₁In representation node A ₀Receive territory D ₂In representation node B ₀The interim public key sets of sending

After, the interim public key sets of other node broadcasts in the territory

Second step: territory D ₁Interior i (i=1,2 ..., n) individual node A _iReceive representation node A ₀The territory D that sends ₂Interim public key sets

After, utilize oneself private key Calculate the shared Sub key

And from node A _iWith node A ₀Shared key

Derived cipher key

With the completeness check key

The 3rd step: node A _iUse encryption key

Encrypt the shared Sub key

Obtain ciphertext $C_{{\mathrm{KE}}_{A_i,A_0}}=E_{{\mathrm{KE}}_{A_i,A_0}}\left(e{(A_{B_j},{\mathrm{sk}}_{A_i})}^{{\mathrm{\Δ}}_{i,D_1}\left(0\right)}\right),$ And use the integrality check key

Calculate message

Completeness check code Then with message

Send to representation node A ₀

The 4th step: representation node A ₀Receive node A _iThe message of sending After, from node A ₀With node A _iShared key

Derive decruption key

With the completeness check key

The 5th step: representation node A ₀Use the integrality check key

To the message that receives Recomputate the message integrity check sign indicating number

And the message integrity check sign indicating number that relatively receives

With calculate

Whether equate.If unequal, then abandon this message; If equate, then use decruption key

To cipher-text information

Be decrypted and obtain node A _iThe shared Sub key that calculates $e{(A_{B_j},{\mathrm{sk}}_{A_i})}^{{\mathrm{\Δ}}_{i,D_1}\left(0\right)}=D_{{\mathrm{KE}}_{A_0,A_i}}\left(C_{{\mathrm{KE}}_{A_i,A_0}}\right);$

The 6th step: representation node A ₀Receive that the message that each node is sent in the territory successfully obtains (d-1) individual shared Sub key, and calculate the shared Sub key

Then by this d shared Sub cipher key calculation territory D ₁With territory D ₂Shared key $K_{D_1,D_2}={\left(\underset{i\∈D_1}{\mathrm{\Π}}e{(A_{B_j},{\mathrm{sk}}_{A_i})}^{{\mathrm{\Δ}}_{i,D_1}\left(0\right)}\right)}^{x_a}={\left(e(g,g)\right)}^{f_1\left(0\right)x_a{x}_b}=Y^{x_a{x}_b}.$

Territory D ₂Other node is carried out following process in interior representation node and the territory:

The first step: territory D ₂In representation node B ₀Receive territory D ₁In representation node A ₀The interim public key sets of sending After, the interim public key sets of other node broadcasts in the territory

Second step: territory D ₂Interior j (j=1,2 ..., m) individual Node B _jReceive representation node B ₀The territory D that sends ₁Public key sets

After, utilize oneself private key

Calculate the shared Sub key

And from Node B _jWith Node B ₀Shared key

Derived cipher key

With the completeness check key

The 3rd step: Node B _jUse encryption key

Encrypt the shared Sub key Obtain ciphertext $C_{{\mathrm{KE}}_{B_j,B_0}}=E_{{\mathrm{KE}}_{B_j,B_0}}\left(e{(A_{A_i},{\mathrm{sk}}_{B_j})}^{{\mathrm{\Δ}}_{j,D_2}\left(0\right)}\right),$ And use the integrality check key

Calculate message

Completeness check code

Then with message

Send to representation node B ₀

The 4th step: representation node B ₀Receive Node B _jThe message of sending

After, from Node B ₀With Node B _jShared key Derive decruption key

With the completeness check key

The 5th step: representation node B ₀Use the integrality check key

To the message that receives

Recomputate the message integrity check sign indicating number

And the message integrity check sign indicating number that relatively receives

With calculate

Whether equate.If unequal, then abandon this message; If equate, then use decruption key

To cipher-text information

Be decrypted and obtain Node B _jThe shared Sub key that calculates $e{(A_{A_i},{\mathrm{sk}}_{B_j})}^{{\mathrm{\Δ}}_{j,D_2}\left(0\right)}=D_{{\mathrm{KE}}_{B_0,B_j}}\left(C_{{\mathrm{KE}}_{B_j,B_0}}\right);$

The 6th step: representation node B ₀Receive that the message that the territory interior nodes is sent successfully obtains (d-1) individual shared Sub key, and calculate the shared Sub key

Then by this d shared Sub cipher key calculation territory D ₁With territory D ₂Shared key $K_{D_2,D_1}={\left(\underset{j\∈D_2}{\mathrm{\Π}}e{(A_{A_i},{\mathrm{sk}}_{B_j})}^{{\mathrm{\Δ}}_{j,D_2}\left(0\right)}\right)}^{x_b}={\left(e(g,g)\right)}^{f_2\left(0\right)x_a{x}_b}=Y^{x_a{x}_b}.$

4) share the key distribution procedure in the territory

Territory D ₁Representation node A ₀Calculate and obtain territory D ₁With territory D ₂Shared key

After, carry out following steps:

The first step: territory D ₁Representation node A ₀Utilize and node A _i(i=1,2 ..., the n) encryption key that goes out of the shared key derivation between Encrypt and share key Obtain cipher-text message ${C^{*}}_{{\mathrm{KE}}_{A_0,A_i}}=E_{{\mathrm{KE}}_{A_0,A_i}}\left(K_{D_1,D_2}\right),$ And use the integrality check key

Calculate message

Completeness check code Then with message Send to i node A in the territory _i

Second step: territory interior nodes A _iReceive message

After recomputate the message integrity check sign indicating number

And the message integrity check sign indicating number that relatively receives

With calculate Whether equate.If unequal, then abandon this message; If equate, then use node A _iWith representation node A ₀Between the decruption key that goes out of shared key derivation

Deciphering

Obtain territory D ₁With territory D ₂Shared key $K=K_{D_1,D_2}=D_{{\mathrm{KE}}_{A_i,A_0}}\left(C_{{\mathrm{KE}}_{A_0,A_i}}\right);$

Territory D ₂Representation node B ₀Calculate and obtain territory D ₂With territory D ₁Shared key

After, carry out following steps:

The first step: representation node B ₀Utilize and Node B _j(j=1,2 ..., the n) encryption key that goes out of the shared key derivation between

Encrypt and share key

Obtain cipher-text message ${C^{*}}_{{\mathrm{KE}}_{B_0,B_j}}=E_{{\mathrm{KE}}_{B_0,B_j}}\left(K_{D_2,D_1}\right),$ And use the integrality check key

Calculate message

Completeness check code

Then with message

Send to j Node B in the territory _j

Second step: territory interior nodes B _jReceive message After recomputate the message integrity check sign indicating number

And the message integrity check code that relatively receives

With calculate

Whether equate.If unequal, then abandon this message; If equate, then use Node B _jWith representation node B ₀Between the decruption key that goes out of shared key derivation

Deciphering

Obtain territory D ₁With territory D ₂Shared key $K=K_{D_2,D_1}=D_{{\mathrm{KE}}_{B_j,B_0}}\left(C_{{\mathrm{KE}}_{B_0,B_j}}\right).$

The beneficial effect that the present invention compared with prior art has: by authentication and cryptographic key negotiation method between the territory, ensured effectively between the territory that the safety of authentication and key agreement realizes.The territory interior nodes participates in consulting having overcome that traditional two sides authentication and key agreement carry out and the shortcoming that can not ensure the reliability of representation node between two representation nodes.The feasible authentication of the information interaction of ordinary node and key agreement are safe and reliable in the representation node that this method proposes and the territory, between the territory after the representation node negotiating about cipher key shared success, transmitted by representation node ordinary node in the territory, thereby all nodes have all obtained shared session key in the territory, and this has improved fail safe and the communication efficiency of the whole system of network service effectively.

Description of drawings

Fig. 1. the flow chart of authentication and cryptographic key negotiation method between the territory

Explanation of nouns:

TTP: trusted third party;

Q: the big prime number that trusted third party chooses;

Y: the private key that trusted third party chooses;

G ₁: the q rank module that TTP chooses;

G ₂: the q rank multiplicative group that TTP chooses;

Multiplicative group based on prime number q;

G: the G that trusted third party chooses ₁Generator;

E: trusted third party chooses G ₁And G ₂On bilinear transformation, i.e. e:G ₁* G ₁→ G ₂

Territory D ₁In all nodes send to the cipher key request information set of TTP;

Territory D ₁In the identity information set of all nodes;

Territory D ₂In all nodes send to the cipher key request information set of TTP;

Territory D ₂In the identity information set of all nodes;

D: the threshold value of calculating the shared Sub key number of sharing the required territory interior nodes calculating of key;

f ₁(x): satisfy f ₁(0)=the d-1 order polynomial of y;

f ₂(x): satisfy f ₂(0)=the d-1 order polynomial of y;

Territory D ₁In the private key of i node;

Territory D ₂In the private key of j node;

x _a: representation node A ₀A selected random number;

x _b: representation node B ₀A selected random number;

Representation node A ₀The territory D that calculates ₁Interim public key sets;

Representation node B ₀The territory D that calculates ₂Interim public key sets;

Territory D ₁In the interim PKI of i node;

Territory D ₂In the interim PKI of j node;

K _{A, b}: the shared key in the territory between node a and the b;

KE _{A, b}: the encryption key that the shared key in the territory between node a and the b is derived;

KI _{A, b}: the completeness check key that the shared key in the territory between node a and the b is derived;

Node A in the computational process _iSend to representation node A ₀The completeness check code of message;

Representation node A in the computational process ₀Checking node A _iThe completeness check code that the message of sending is calculated;

Node B in the computational process _jSend to representation node B ₀The completeness check code of message;

Representation node B in the computational process ₀The checking Node B _jThe completeness check code that the message of sending is calculated;

Share representation node A in the key distribution in the territory ₀Send to node A _iThe completeness check code of message;

Share node A in the key distribution in the territory _iChecking representation node A ₀The completeness check code that the message of sending is calculated;

Share representation node B in the key distribution in the territory ₀Send to Node B _jThe completeness check code of message;

Share Node B in the key distribution in the territory _jChecking representation node B ₀The completeness check code that the message of sending is calculated;

E _x(s): encrypt with the plaintext s of key x;

D _y(c): with the ciphertext c deciphering of key y;

Lagrange interpolation coefficient;

Territory D ₁With territory D ₂The shared key of consulting;

Embodiment

Authentication and cryptographic key negotiation method between the territory that the present invention proposes, the physical network of communicating by letter between the node is converted to the logical network of communicating by letter between territory and the territory, in the territory of wanting to communicate after trusted third party registration, only do not need once communication between same area negotiating about cipher key shared territory, just can make in the territory the required shared key of secure communication between all nodes acquisition territories by the information interaction between representation node in the territory and the ordinary node then.

Accompanying drawing 1 has provided between territory of the present invention the flow chart of authentication and cryptographic key negotiation method, territory D ₁Xuan Ju representation node is A at random ₀, territory D ₂Xuan Ju representation node is B at random ₀, a complete procedure of the Authentication and Key Agreement that carries out between them will be described below.

1) trusted third party sets up system parameters:

Trusted third party chooses the cyclic group (G on two q rank ₁,+) and (G ₂), wherein q is big prime number; G is G ₁Generator; Make that e is G ₁And G ₂On bilinear transformation, i.e. e:G ₁* G ₁→ G ₂

2) want the territory D that communicates ₁With territory D ₂Carry out following registration process with the TTP of trusted third party:

Territory D ₁In all nodes as follows to the concrete steps that the TTP of trusted third party registers:

The first step: territory D ₁In all nodes (supposing to have n+1 node) node A at random elects a deputy ₀, representation node A ₀To territory D ₁In all nodes send the information of inquiring after, and collect territory D ₁In the information of all nodes, the set of structure key application information Gather with identity information

Send message then Give TTP;

Second step: TTP receives territory D ₁The message of sending And after this message verified, one group of random number t of picked at random ₀, t ₁..., t _i..., t _n∈ Z ^* _qWith satisfy f ₁(0)=(d-1) inferior (d is an integer, is the security parameter that sets in advance) polynomial f of y ₁And calculate open parameter (x), $T_0=g^{t_0},T_1=g^{t_1},...,T_i=g^{t_i},...,T_n=g^{t_n},$ Y=e (g, g) ^yThe private key of (y is the private key of TTP) and each node ${\mathrm{sk}}_{A_0}=g^{f_1\left(0\right)/t_0},{\mathrm{sk}}_{A_1}=g^{f_1\left(1\right)/t_1},...,{\mathrm{sk}}_{A_i}=g^{f_1\left(i\right)/t_i},...,{\mathrm{sk}}_{A_n}=g^{f_1\left(n\right)/t_n},$ Send message by safe lane then

Give territory D ₁Middle corresponding node A _i(i=0,1 ..., n);

Territory D ₂In all nodes as follows to the concrete steps that the TTP of trusted third party registers:

The first step: territory D ₂In all nodes (supposing to have m+1 node) Node B at random elects a deputy ₀, representation node B ₀To territory D ₂In all nodes send the information of inquiring after, and collect territory D ₂In the information of all nodes, the set of structure key application information

Gather with identity information

Send message then

Give TTP;

Second step: TTP receives territory D ₂The information of sending and this information verified after, one group of random number l of picked at random ₀, l ₁..., l _j..., l _m∈ Z ^* _qWith satisfy f ₂(0)=(d-1) inferior (d is an integer, is the security parameter that sets in advance) polynomial f of y ₂And calculate open parameter (x), $L_0=g^{l_0},L_1=...,L_j=g^{l_1},...,L_m=g^{l_m},$ Y=e (g, g) ^yThe private key of (y is the private key of TTP) and each node ${\mathrm{sk}}_{B_0}=g^{f_2\left(0\right)/l_0},...,{\mathrm{sk}}_{B_j}=g^{f_2\left(j\right)/l_j},...,{\mathrm{sk}}_{B_m}=g^{f_2\left(m\right)/l_m},$ Send message by safe lane then

Give Node B corresponding among the D2 of territory _j(j=0,1 ..., m);

3) territory D ₁With territory D ₂To carrying out following communication process after the TTP of trusted third party succeeds in registration:

3.1) territory D ₁In representation node A ₀Random number x of picked at random _a∈ Z ^* _q, computational fields D ₁Interim public key sets $A_{D_1}=\left\{A_{A_i}\right|i=\mathrm{0,1},...,n\}=\{{T_i}^{x_a}|i=\mathrm{0,1},...,n\}=\left\{g^{t_i{x}_a}\right|i=\mathrm{0,1},...,n\},$ Then with territory D ₁Interim public key sets

Send to territory D ₂In representation node B ₀

3.2) territory D ₂In representation node B ₀Random number x of picked at random _b∈ Z ^* _q, computational fields D ₂Interim public key sets $A_{D_2}=\left\{A_{B_j}\right|j=\mathrm{0,1},...,m\}=\{{L_j}^{x_b}|j=\mathrm{0,1},...,m\}=\left\{g^{l_j{x}_b}\right|j=\mathrm{0,1},...,m\},$ Then with territory D ₂Interim public key sets

Send to territory D ₁Representation node A ₀

4) territory D ₁With territory D ₂In representation node receive and carry out following computational process after the public key sets that the other side's representation node sends:

Territory D ₁Ordinary node is carried out following process in interior representation node and the territory:

The first step: territory D ₁In representation node A ₀Receive territory D ₂In representation node B ₀The interim public key sets of sending

After, the interim public key sets of other node broadcasts in the territory

Second step: territory D ₁Interior i (i=1,2 ..., n) individual node A _iReceive representation node A ₀The territory D that sends ₂Interim public key sets

After, utilize oneself private key

Calculate the shared Sub key

And from node A _iWith node A ₀Shared key

Derived cipher key With the completeness check key

The 3rd step: node A _iUse encryption key

Encrypt the shared Sub key

Obtain ciphertext $C_{{\mathrm{KE}}_{A_i,A_0}}=E_{{\mathrm{KE}}_{A_i,A_0}}\left(e{(A_{B_j},{\mathrm{sk}}_{A_i})}^{{\mathrm{\Δ}}_{i,D_1}\left(0\right)}\right),$ And use the integrality check key

Calculate message

Completeness check code

Then with message Send to representation node A ₀

The 4th step: representation node A ₀Receive node A _iThe message of sending

After, from node A ₀With node A _iShared key

Derive decruption key

With the completeness check key

The 5th step: representation node A ₀Use the integrality check key

To the message that receives

Recomputate the message integrity check sign indicating number

And the message integrity check sign indicating number that relatively receives

With calculate

Whether equate.If unequal, then abandon this message; If equate, then use decruption key

To cipher-text information

Be decrypted and obtain node A _iThe shared Sub key that calculates $e{(A_{B_j},{\mathrm{sk}}_{A_i})}^{{\mathrm{\Δ}}_{i,D_1}\left(0\right)}=D_{{\mathrm{KE}}_{A_0,A_i}}\left(C_{{\mathrm{KE}}_{A_i,A_0}}\right);$

The 6th step: representation node A ₀Receive that the message that each node is sent in the territory successfully obtains (d-1) individual shared Sub key, and calculate the shared Sub key

Then by this d shared Sub cipher key calculation territory D ₁With territory D ₂Shared key $K_{D_1,D_2}={\left(\underset{i\∈D_1}{\mathrm{\Π}}e{(A_{B_j},{\mathrm{sk}}_{A_i})}^{{\mathrm{\Δ}}_{i,D_1}\left(0\right)}\right)}^{x_a}={\left(e(g,g)\right)}^{f_1\left(0\right)x_a{x}_b}=Y^{x_a{x}_b}.$

Territory D ₂Ordinary node is carried out following process in interior representation node and the territory:

The first step: territory D ₂In representation node B ₀Receive territory D ₁In representation node A ₀The interim public key sets of sending

After, the interim public key sets of other node broadcasts in the territory

Second step: territory D ₂Interior j (j=1,2 ..., m) individual Node B _jReceive representation node B ₀The territory D that sends ₁Public key sets

After, utilize oneself private key

Calculate the shared Sub key

And from Node B _jWith Node B ₀Shared key

Derived cipher key

With the completeness check key

The 3rd step: Node B _jUse encryption key

Encrypt the shared Sub key

Obtain ciphertext $C_{{\mathrm{KE}}_{B_j,B_0}}=E_{{\mathrm{KE}}_{B_j,B_0}}\left(e{(A_{A_i},{\mathrm{sk}}_{B_j})}^{{\mathrm{\Δ}}_{j,D_2}\left(0\right)}\right),$ And use the integrality check key

Calculate message Completeness check code

Then with message Send to representation node B ₀

The 4th step: representation node B ₀Receive Node B _jThe message of sending

After, from Node B ₀With Node B _jShared key

Derive decruption key

With the completeness check key

The 5th step: representation node B ₀Use the integrality check key

To the message that receives

Recomputate the message integrity check sign indicating number

And the message integrity check sign indicating number that relatively receives

With calculate

Whether equate.If unequal, then abandon this message; If equate, then use decruption key

To cipher-text information

Be decrypted and obtain Node B _jThe shared Sub key that calculates $e{(A_{A_i},{\mathrm{sk}}_{B_j})}^{{\mathrm{\Δ}}_{j,D_2}\left(0\right)}=D_{{\mathrm{KE}}_{B_0,B_j}}\left(C_{{\mathrm{KE}}_{B_j,B_0}}\right);$

The 6th step: representation node B ₀Receive that the message that the territory interior nodes is sent successfully obtains (d-1) individual shared Sub key, and calculate the shared Sub key

Then by this d shared Sub cipher key calculation territory D ₁With territory D ₂Shared key $K_{D_2,D_1}={\left(\underset{j\∈D_2}{\mathrm{\Π}}e{(A_{A_i},{\mathrm{sk}}_{B_j})}^{{\mathrm{\Δ}}_{j,D_2}\left(0\right)}\right)}^{x_b}={\left(e(g,g)\right)}^{f_2\left(0\right)x_a{x}_b}=Y^{x_a{x}_b}.$

5) territory D ₁With territory D ₂To share the process of key as follows in all nodes distributions in the territory:

Territory D ₁Representation node A ₀Calculate and obtain territory D ₁With territory D ₂Shared key

Afterwards, carry out following steps:

The first step: territory D ₁Representation node A ₀Utilize and node A _i(i=1,2 ..., the n) encryption key that goes out of the shared key derivation between

Encrypt and share key

Obtain cipher-text message ${C^{*}}_{{\mathrm{KE}}_{A_0,A_i}}=E_{{\mathrm{KE}}_{A_0,A_i}}\left(K_{D_1,D_2}\right),$ And use the integrality check key

Calculate message

Completeness check code

Then with message

Send to i node A in the territory _i

Second step: territory interior nodes A _iReceive message

After recomputate the message integrity check sign indicating number

And the message integrity check sign indicating number that relatively receives

With calculate

Whether equate.If unequal, then abandon this message; If equate, then use node A _iWith representation node A ₀Between the decruption key that goes out of shared key derivation Deciphering

Obtain territory D ₁With territory D ₂Shared key $K=K_{D_1,D_2}=D_{{\mathrm{KE}}_{A_i,A_0}}\left(C_{{\mathrm{KE}}_{A_0,A_i}}\right).$

Territory D ₂Representation node B ₀Calculate and obtain territory D ₂With territory D ₁Shared key

Afterwards, carry out following steps:

The first step: representation node B ₀Utilize and Node B _j(j=1,2 ..., the n) encryption key that goes out of the shared key derivation between

Encrypt and share key

Obtain cipher-text message ${C^{*}}_{{\mathrm{KE}}_{B_0,B_j}}=E_{{\mathrm{KE}}_{B_0,B_j}}\left(K_{D_2,D_1}\right),$ And use the integrality check key

Calculate message

Completeness check code

Then with message

Send to j Node B in the territory _j

Second step: territory interior nodes B _jReceive message After recomputate the message integrity check sign indicating number

And the message integrity check code that relatively receives With calculate

Whether equate.If unequal, then abandon this message; If equate, then use Node B _jWith representation node B ₀Between the decruption key that goes out of shared key derivation

Deciphering

Obtain territory D ₁With territory D ₂Shared key $K=K_{D_2,D_1}=D_{{\mathrm{KE}}_{B_j,B_0}}\left(C_{{\mathrm{KE}}_{B_0,B_j}}\right).$

By authentication and cryptographic key negotiation method between the territory of carrying out the present invention's proposition, want the territory D that communicates by letter ₁With territory D ₂In all nodes all obtained shared key K.

Claims (5)

1. authenticate and cryptographic key negotiation method between the territory, be used for authentication and negotiating about cipher key shared between the territory of wanting to communicate, it is characterized in that: the physical network of communicating by letter between the node is converted to the logical network of communicating by letter between territory and the territory, foundation in the territory centered by the representation node, the shared key agreement mechanism of ordinary node fellowship, this method comprises four steps:

1.1) registration process: two territory D that communicate ₁And D ₂, all nodes are registered to trusted third party in the territory, the open parameter of acquisition system and node private key;

1.2) communication process: after registration is passed through, the interim public key sets in the open calculation of parameter territory of the representation node utilization in territory, and send to the other side territory;

1.3) computational process: the representation node in territory carries out information interaction with ordinary node in the territory after receiving the interim public key sets that the representation node in the other side territory sends, and calculates the inter-domain sharing key;

1.4) share the key distribution in the territory: after representation node calculated and obtains the inter-domain sharing key, all nodes were distributed in the territory, made that all nodes all obtain to share session key in the territory.

2. authentication and cryptographic key negotiation method between territory according to claim 1 is characterized in that: two territory D that communicate ₁And D ₂The registration process step as follows:

2.1 territory D ₁In all nodes register to the TTP of trusted third party, concrete steps are as follows:

The first step: territory D ₁In all nodes node A that elects a deputy at random ₀, A then ₀Collect territory D ₁In the information of all nodes, the set of structure key application information

Gather with identity information

And transmission message

Give the TTP of trusted third party;

Second step: the TTP of trusted third party receives territory D ₁The message of sending

After, one group of random number t of picked at random ₀, t ₁..., t _i..., t _n∈ Z ^* _qWith satisfy f ₁(0)=the d-1 order polynomial f of y ₁(x), " d is integer, is the security parameter that sets in advance " calculates open parameter $T_0=g^{t_0},T_1=g^{t_1},...,T_i=g^{t_i},...,T_n=g^{t_n},$ Y=e (g, g) ^yThe private key of " y is the private key of TTP " and each node ${\mathrm{sk}}_{A_0}=g^{f_1\left(0\right)/t_0},{\mathrm{sk}}_{A_1}=g^{f_1\left(1\right)/t_1},...,{\mathrm{sk}}_{A_i}=g^{f_1\left(i\right)/t_i},...,{\mathrm{sk}}_{A_n}=g^{f_1\left(n\right)/t_n},$ Send message by safe lane then

Give territory D ₁Middle corresponding node A _i, i=0,1 ..., n;

2.2 territory D ₂In all nodes register to the TTP of trusted third party, concrete steps are as follows:

The first step: territory D ₂In all nodes Node B that elects a deputy at random ₀, B then ₀Collect territory D ₂In the information of all nodes, the set of structure key application information

Gather with identity information

And transmission message

Give the TTP of trusted third party;

Second step: the TTP of trusted third party receives territory D ₂The information of sending After, one group of random number l of picked at random ₀, l ₁..., l _j..., l _m∈ Z ^* _qWith satisfy f ₂(0)=the d-1 order polynomial f of y ₂(x), " d is an integer, is the security parameter that sets in advance ", and calculate open parameter $L_0=g^{l_0},L_1=g^{l_1},...,L_j=g^{l_j},...,L_m=g^{l_m},$ Y=e (g, g) ^yThe private key of " y is the private key of TTP " and each node ${\mathrm{sk}}_{B_0}=g^{f_2\left(0\right)/l_0},{\mathrm{sk}}_{B_1}=g^{f_2\left(1\right)/l_1},...,{\mathrm{sk}}_{B_j}=g^{f_2\left(j\right)/l_j},...,$ ${\mathrm{sk}}_{B_m}=g^{f_2\left(m\right)/l_m},$ Send message by safe lane then Give territory D ₂Middle corresponding Node B _j, " j=0,1 ..., m ".

3. authentication and cryptographic key negotiation method between territory according to claim 1 is characterized in that: territory D ₁With territory D ₂Between the communication process step as follows:

3.1 territory D ₁In representation node A ₀Random number x of picked at random _a∈ Z ^* _q, computational fields D ₁Interim public key sets $A_{D_1}=\left\{A_{A_i}\right|i=\mathrm{0,1},...,n\}=\{{T_i}^{x_a}|i=\mathrm{0,1},...,n\}=\left\{g^{t_i{x}_a}\right|i=\mathrm{0,1},...,n\},$ Then with territory D ₁Interim public key sets

Send to territory D ₂In representation node B ₀

3.2 territory D ₂In representation node B ₀Random number x of picked at random _b∈ Z ^* _q, computational fields D ₂Interim public key sets $A_{D_2}=\left\{A_{B_j}\right|j=\mathrm{0,1},...,m\}=\{{L_j}^{x_b}|j=\mathrm{0,1},...,m\}=\left\{g^{l_j{x}_b}\right|j=\mathrm{0,1},...,m\},$ Then with territory D ₂Interim public key sets

Send to territory D ₁Representation node A ₀

4. authenticate and cryptographic key negotiation method between territory according to claim 1, it is characterized in that: ordinary node carries out information interaction in the representation node in territory and the territory, and the process steps of calculating the inter-domain sharing key is as follows:

4.1 territory D ₁Other node is carried out following steps in interior representation node and the territory:

The first step: territory D ₁In representation node A ₀Receive territory D ₂In representation node B ₀The interim public key sets of sending

After, the interim public key sets of other node broadcasts in the territory

Second step: territory D ₁Interior i node A _i, " i=1,2 ..., n ", receive representation node A ₀The territory D that sends ₂Interim public key sets

After, utilize oneself private key

Calculate the shared Sub key And from node A _iWith representation node A ₀Shared key

Derived cipher key

With the completeness check key

The 3rd step: node A _iUse encryption key

Encrypt the shared Sub key

Obtain ciphertext $C_{{\mathrm{KE}}_{A_i,A_0}}=E_{{\mathrm{KE}}_{A_i,A_0}}\left(e{(A_{B_j},{\mathrm{sk}}_{A_i})}^{{\mathrm{\Δ}}_{i,D_1}\left(0\right)}\right),$ And use the integrality check key

Calculate message

Completeness check code

Then with message

Send to representation node A ₀

The 4th step: representation node A ₀Receive node A _iThe message of sending

After, from representation node A ₀With node A _iShared key

Derive decruption key

With the completeness check key

The 5th step: representation node A ₀Use the integrality check key

To the message that receives

Recomputate the message integrity check sign indicating number

And the message integrity check sign indicating number that relatively receives

With calculate Whether equate, if unequal, then abandon this message; If equate, then use decruption key

To cipher-text information

Be decrypted and obtain node A _iThe shared Sub key that calculates $e{(A_{B_j},{\mathrm{sk}}_{A_i})}^{{\mathrm{\Δ}}_{i,D_1}\left(0\right)}=D_{{\mathrm{KE}}_{A_0,A_i}}\left(C_{{\mathrm{KE}}_{A_i,A_0}}\right);$

The 6th step: representation node A ₀Receive that the message that each node is sent in the territory successfully obtains d-1 shared Sub key, and calculate the shared Sub key

Then by this d shared Sub cipher key calculation territory D ₁With territory D ₂Shared key $K_{D_1,D_2}={\left(\underset{i\∈D_1}{\mathrm{\Π}}e{(A_{B_j},{\mathrm{sk}}_{A_i})}^{{\mathrm{\Δ}}_{i,D_1}\left(0\right)}\right)}^{x_a}={\left(e(g,g)\right)}^{f_1\left(0\right)x_a{x}_b}=Y^{x_a{x}_b};$

4.2 territory D ₂Other node is carried out following steps in interior representation node and the territory:

The first step: territory D ₂In representation node B ₀Receive territory D ₁In representation node A ₀The interim public key sets of sending After, the interim public key sets of other node broadcasts in the territory

Second step: territory D ₂Interior j Node B _j, " j=1,2 ..., m ", receive representation node B ₀The territory D that sends ₁Public key sets

After, utilize oneself private key

Calculate the shared Sub key

And from Node B _jWith representation node B ₀Shared key

Derived cipher key

With the completeness check key

The 3rd step: Node B _jUse encryption key

Encrypt the shared Sub key

Obtain ciphertext $C_{{\mathrm{KE}}_{B_j,B_0}}=E_{{\mathrm{KE}}_{B_j,B_0}}\left(e{(A_{A_i},{\mathrm{sk}}_{B_j})}^{{\mathrm{\Δ}}_{j,D_2}\left(0\right)}\right),$ And use the integrality check key Calculate message

Completeness check code

Then with message

Send to representation node B ₀

The 4th step: representation node B ₀Receive Node B _jThe message of sending

After, from representation node B ₀With Node B _jShared key Derive decruption key

With the completeness check key

The 5th step: representation node B ₀Use the integrality check key

To the message that receives

Recomputate the message integrity check sign indicating number And the message integrity check sign indicating number that relatively receives With calculate

Whether equate, if unequal, then abandon this message; If equate, then use decruption key

To cipher-text information

Be decrypted and obtain Node B _jThe shared Sub key that calculates $e{(A_{A_i},{\mathrm{sk}}_{B_j})}^{{\mathrm{\Δ}}_{j,D_2}\left(0\right)}=D_{{\mathrm{KE}}_{B_0,B_j}}\left(C_{{\mathrm{KE}}_{B_j,B_0}}\right);$

The 6th step: representation node B ₀Receive that the message that the territory interior nodes is sent successfully obtains d-1 shared Sub key, and calculate the shared Sub key

Then by this d shared Sub cipher key calculation territory D ₁With territory D ₂Shared key $K_{D_2,D_1}={\left(\underset{j\∈D_2}{\mathrm{\Π}}e{(A_{A_i},{\mathrm{sk}}_{B_j})}^{{\mathrm{\Δ}}_{j,D_2}\left(0\right)}\right)}^{x_b}={\left(e(g,g)\right)}^{f_2\left(0\right)x_a{x}_b}=Y^{x_a{x}_b}.$

5. authenticate and cryptographic key negotiation method between territory according to claim 1, it is characterized in that: after representation node calculated and obtains the inter-domain sharing key in the territory, the step of carrying out shared key distribution in the territory was as follows:

5.1 territory D ₁Representation node A ₀Calculate and obtain territory D ₁With territory D ₂Shared key

After, carry out following steps:

The first step: territory D ₁Representation node A ₀Utilize and node A _i" i=1,2 ..., n " between the encryption key that goes out of shared key derivation Encrypt and share key

Obtain cipher-text message ${C^{*}}_{{\mathrm{KE}}_{A_0,A_i}}=E_{{\mathrm{KE}}_{A_0,A_i}}\left(K_{D_1,D_2}\right),$ And use the integrality check key

Calculate message

Completeness check code

Then with message

Send to i node A in the territory _i

Second step: territory interior nodes A _iReceive message

After recomputate the message integrity check sign indicating number

And the message integrity check sign indicating number that relatively receives

With calculate

Whether equate, if unequal, then abandon this message; If equate, then use node A _iWith representation node A ₀Between the decruption key that goes out of shared key derivation

Deciphering

Obtain territory D ₁With territory D ₂Shared key $K=K_{D_1,D_2}=D_{{\mathrm{KE}}_{A_i,A_0}}\left(C_{{\mathrm{KE}}_{A_0,A_i}}\right);$

5.2 territory D ₂Representation node B ₀Calculate and obtain territory D ₂With territory D ₁Shared key

After, carry out following steps:

The first step: representation node B ₀Utilize and Node B _j" j=1,2 ..., n " between the encryption key that goes out of shared key derivation

Encrypt and share key

Obtain cipher-text message ${C^{*}}_{{\mathrm{KE}}_{B_0,B_j}}=E_{{\mathrm{KE}}_{B_0,B_j}}\left(K_{D_2,D_1}\right),$ And use the integrality check key

Calculate message

Completeness check code

Then with message

Send to j Node B in the territory _j

Second step: territory interior nodes B _jReceive message After recomputate the message integrity check sign indicating number And the message integrity check code that relatively receives

With calculate

Whether equate, if unequal, then abandon this message; If equate, then use Node B _jWith representation node B ₀Between the decruption key that goes out of shared key derivation

Deciphering

Obtain territory D ₁With territory D ₂Shared key $K=K_{D_2,D_1}=D_{{\mathrm{KE}}_{B_j,B_0}}\left(C_{{\mathrm{KE}}_{B_0,B_j}}\right).$