CN101977380A - Wireless Mesh network identification method - Google Patents

Wireless Mesh network identification method Download PDF

Info

Publication number
CN101977380A
CN101977380A CN2010105427452A CN201010542745A CN101977380A CN 101977380 A CN101977380 A CN 101977380A CN 2010105427452 A CN2010105427452 A CN 2010105427452A CN 201010542745 A CN201010542745 A CN 201010542745A CN 101977380 A CN101977380 A CN 101977380A
Authority
CN
China
Prior art keywords
territory
user
key
message
access point
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN2010105427452A
Other languages
Chinese (zh)
Inventor
刘文菊
魏栖栖
王赜
李璐
时珍全
柯永振
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tianjin Polytechnic University
Original Assignee
Tianjin Polytechnic University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tianjin Polytechnic University filed Critical Tianjin Polytechnic University
Priority to CN2010105427452A priority Critical patent/CN101977380A/en
Publication of CN101977380A publication Critical patent/CN101977380A/en
Pending legal-status Critical Current

Links

Images

Abstract

The invention discloses a wireless Mesh network identification method. The identification method is based on a certificateless public key cryptography system and mainly comprises the following steps of: (1) initializing by a credible third party and then publishing a known system parameter; (2) carrying out intra-domain registration by a domain access point at a domain manager, and periodically broadcasting a known parameter identification message 1; (3) passing the legality of a domain parameter certificate in the known parameter identification message 1 published by the credible third party by a user, then identifying the legality of an intra-domain public key of the domain access point by utilizing a domain parameter, and finally checking a timestamp signature of the domain access point according to the intra-domain public key of the domain access point to finish identifying the domain access point; after the identifying work is ended, sending a message 2 to the domain access point; (4) after the domain access point receives the message 2, checking the legality of a user long-term public key in the message 2, and then checking the timestamp signature of the user by utilizing the user long-term public key to finish identifying the user; and then sending a message 3 to the domain manager.

Description

A kind of wireless Mesh netword authentication method
Technical field
The present invention relates to a kind of wireless network secure technology, be specially a kind of authentication method of wireless Mesh netword.This authentication method is based on no certificate public key cryptography (Certificateless Public Key Cryptography is called for short CL-PKC).
Background technology
Because the opening of the whole network architecture, safety issue have become restriction wireless Mesh netword (Wireless Mesh Networks, WMN) Fa Zhan bottleneck.The security mechanism that is applied at present among the WMN is the IEEE working group 802.11i mechanism that defined is continued to use in the Draft 802.11s D1.01 standard of announcing in April, 2007, promptly shake hands and carry out access authentication and key agreement by traditional 802.1X and four steps, and in this traditional verification process, finally be used to generate master key (the Primary Master Key of session key, PMK) be by certificate server (Authentication Server, AS) generate and be directly passed to mesh router (mesh-router) by escape way, this obviously is that user (clients) is reluctant to see, because AS knows PMK and can generate the session key between clients and the mesh-router, wherein all the elements all can be obtained by AS, even AS is honest, in case but AS is broken through by opponent (adversary) and control fully, its PMK also will expose so, all session content will be no longer safe also, and this shows that the method does not possess forward secrecy.Other safety defect comprises that also wireless user's identity is difficult for the authentication operation complexity of protection, PKI, key manageability etc. not in the wildcard authentication.
Prior art related to the present invention has: WLAN (wireless local area network) (Wireless Local Area Network, WLAN) safety standard 802.11i.Support two kinds of authentication modes 802.11i be responsible for the 802.1X standard of access authentication aspect in the safety standard, promptly based on the authentication mode of public key certificate with based on the authentication mode of wildcard.But this dual mode all more or less exist some problems, preceding a kind of mode exists the associative operation that public key certificate is safeguarded, there is the key escrow problem in then a kind of mode.On the basis of 802.11i, 802.11s has defined effective Mesh security association, and (Efficient Mesh Security Association EMSA) realizes inserting safely of WMN.The EMSA security framework has been continued to use the safe practice in the 802.11i standard when finishing certification work, be faced with that traffic redundancy, user identity are difficult for protection, do not possess forward secrecy, public key certificate safeguard complicated, have a challenge such as key escrow problem.
The Cao Chun outstanding person of Xian Electronics Science and Technology University has proposed access, switching and roaming authentication agreement (the 3 Parties Authentication and Key Exchange Protocol of WMN; 3PAKE) (Cao Chunjie. the authentication of provable security and IKE design and analysis. Xian Electronics Science and Technology University's thesis for the doctorate; 2008); wherein user identity protection and problem such as forward secrecy have been solved; but agreement has been continued to use authentication public key and the wildcard pattern of 802.11i, still can't avoid key escrow problem and public key certificate maintenance issues.
Summary of the invention
At the deficiencies in the prior art, the technical problem that quasi-solution of the present invention is determined is that a kind of wireless Mesh netword authentication method is provided.This authentication method is based on no certificate common key cryptosystem, utilize CL-PKC principle design agreement, and finish the formal proof of protocol safety with the approved safe method, have and avoid the key escrow problem, guarantee wireless user's anonymity, avoid public key certificate to safeguard and have characteristics of approved safe attribute.
The technical scheme that the present invention solve the technical problem is: design a kind of wireless Mesh netword authentication method, this authentication method is based on no certificate common key cryptosystem, and key step comprises: { F, G 1, G 2, q, P Pub, H 1, H 2.
(1) TTP of trusted third party (Trusted Third Party) initialization, public address system known parameters then; User (client) and domain manager (operator) are finished registration process under the line at the trusted third party place, and client obtains its long-term private
Figure BSA00000344277800021
With long-term PKI
Figure BSA00000344277800022
Operator obtains its long-term private Long-term PKI
Figure BSA00000344277800024
With the field parameter certificate
Figure BSA00000344277800025
(, be used to accept the field parameter of mesh-router registration and return corresponding field parameter certificate) by TTP so when TTP registers, submit to because operator need provide registration to the mesh-router in the territory of living in;
(2) access point mesh-router in territory registers in the operator place carries out the territory, obtains private key in its territory
Figure BSA00000344277800026
With PKI in the territory
Figure BSA00000344277800027
And periodic broadcast known parameters authentication message 1;
(3) client is at first by field parameter certificate in the known parameters authentication message 1 of TTP issue
Figure BSA00000344277800028
Legitimacy, utilize the field parameter authentication in the field parameter certificate then
Figure BSA00000344277800029
Legitimacy, last basis
Figure BSA000003442778000210
Verify the signature of mesh-router, thereby finish authentication, after the certification work end to message 1, send message 2 to mesh-router to mesh-router to timestamp;
(4) after mesh-router receives message 2, in the known parameters checking message 2 by TTP
Figure BSA000003442778000211
Legitimacy, and utilize
Figure BSA000003442778000212
Verify the signature of client, thereby finish authentication, send message 3 to operator then client to timestamp;
(5) it is contained that operator will utilize message 3
Figure BSA000003442778000213
With
Figure BSA000003442778000214
Generate and share key F (C i, O i) the secret M of encryption section, promptly generate message 4, and send to client, receive message 4 after, client uses
Figure BSA000003442778000215
With
Figure BSA00000344277800031
Generate and share key F (O i, C i) untie the secret M of enciphered message acquisition part, utilize the secret M of this part, client generates private key in its territory in this authenticated domain
Figure BSA00000344277800032
With PKI in the territory
Figure BSA00000344277800033
(6) client utilizes private key in the territory that has generated With PKI in the territory of mesh-router
Figure BSA00000344277800035
Generate the shared key F ' (C between client and the mesh-router i, MR i) and will by message 5 Inform mesh-router.After receiving message 5, this shared key F ' (C i, MR i) the mesh-router place by the territory of mesh-router in private key
Figure BSA00000344277800037
With PKI in the territory of client
Figure BSA00000344277800038
Generate.
Compared with prior art, the present invention utilizes Authentication and Key Agreement (the Authentication and Key Agreement between PKI, private key, signature mode and the participant of each participant in the principle design agreement of CL-PKC, AKA) process, thereby make the user side that is linked into for the first time among the WMN only finish the AKA process alternately, and the required interaction times of AKA process of being carried out in the switching of user side subsequently with when setting up user side self-organizing (ad hoc) network is less by a spot of three parts.The network model that the present invention is based on the basic theories of CL-PKC and WMN has designed the registration process of each entity and the authentication key agreement method of WMN among the WMN, has the communication redundancy of reduction, avoids the key escrow problem, guarantees wireless user's anonymity, avoids public key certificate to safeguard and has characteristics such as approved safe attribute.
Description of drawings
Fig. 1 is the registration model schematic diagram of a kind of embodiment of wireless Mesh netword authentication method of the present invention;
Fig. 2 is the process schematic diagram of AKA agreement between the territory of a kind of embodiment of wireless Mesh netword authentication method of the present invention;
Fig. 3 is the process schematic diagram of AKA agreement in the territory of a kind of embodiment of wireless Mesh netword authentication method of the present invention;
Fig. 4 is the process schematic diagram of AKA agreement between the user of a kind of embodiment of wireless Mesh netword authentication method of the present invention.
Embodiment
Further narrate the present invention below in conjunction with embodiment and accompanying drawing thereof:
At first introduce the rudimentary knowledge of bilinearity mapping among the CL-PKC that the present invention uses:
If G 1And G 2Be the cyclic group on two q rank, wherein q is a big prime number (more than 160 bits).G 1And G 2Be respectively module and multiplicative group.G 1, G 2On bilinearity mapping e:G 1* G 1→ G 2Be meant the mapping of satisfying following character:
● bilinearity: e (aP, bQ)=e (P, Q) Ab, wherein P, Q ∈ G 1, a, b ∈ N;
● non-degeneracy: if P, Q ∈ G 1Not G 1Identical element, then e (P, Q) ≠ 1;
● computability: have an effective algorithm, for P, Q ∈ G arbitrarily 1, can effectively calculate e (P, Q).
Available bilinearity is mapped with Weil mapping and the Tate mapping on elliptic curve and the Abel algebraic variety at present.Following mathematical problem has constituted the foundation for security of the present invention's design.
● G 1On Computational Diffie-Hellman (CDH) problem: establish G 1Be to be the cyclic group on rank with q, q is a big prime number, and P is G 1Generator.Picked at random<aP, bP〉(a, b ∈ Z q *And unknown), make and calculate abP ∈ G 1Difficulty.
● Bilinear Diffie-Hellman (BDH) problem: establish G 1And G 2Be two cyclic groups that rank are q, q is a big prime number.E:G 1* G 1→ G 2Be a bilinearity mapping, P is G 1Generator.Picked at random<aP, bP, cP〉(a, b, c ∈ Z q *And unknown), and feasible calculating e (P, P) Abc∈ G 2Difficulty.
Wireless Mesh netword authentication method (the Certificateless Wirless Mesh Networks Authentication Scheme of the present invention's design, be called for short CWMNA or authentication method, referring to Fig. 1-4), this authentication method is made up of " system initialization " and " authenticated key agreement " based on no certificate public key cryptography (CL-PKC).Wherein " system initialization " comprises that system parameters makes up and each entity initialization in the WMN network trust model; " authenticated key agreement " then defined authentication and session key agreement in the basic territory, authentication of switching between the territory and session key agreement, and two-way authentication between the user and session key agreement.Specifically describe implementation step below:
1. system initialization
(1) trust model and notion
In the present invention, because the design of CWMNA depends on mixed type WMN network model, when the trust model of design CWMNA, also used the notion in territory.At first, in trust model, there is a trusted third party (TTP) that serves as by off-line CA (Certificate Authority), it will provide registration for all users (client) and domain manager (operator), after finishing registration, client and operator obtain its long-term private and long-term PKI.As mentioned above, trust model is turned to different trust domain, each trust domain is by the authentication and the session key agreement work of different domain manager (operator) leading subscriber.Operator is after TTP has finished registration, obtain long-term PKI and long-term private, because also need the mesh-router in territory of living in that registration is provided, be used to accept the field parameter of mesh-router registration and return corresponding field parameter certificate by TTP so when TTP registers, submit to.Itself does not authenticate operator user identity, but utilizes the mesh-router register in its management domain to replace it to finish certification work to client.Mesh-router becomes a WMN access point in this operator management domain obtaining in its territory private key in the PKI and territory after the registration of having finished at operator.Client then is after the two-way authentication of finishing with mesh-router, finishes in the territory at operator place registration process and obtains in its territory private key in the PKI and territory.Wherein in long-term private and long its PKI and the territory in PKI and the territory the concrete effect of private key will set forth in next part.Trust model is shown in figure one.
The operator note is O i, the client note is C iUser C iAfter the registration of TTP place, the long-term PKI that is generated, long-term private remember that respectively doing note does O iRemember respectively in the long-term PKI of TTP place registration gained, long-term private and to do In addition O iThe testimonial material of the field parameter that can also obtain, note is done
Figure BSA00000344277800053
At O iRegistration in the territory of being managed adds O iThe mesh-router note in territory is done
Figure BSA00000344277800054
After registration process finishes,
Figure BSA00000344277800055
To generate in its territory private key in PKI, the territory, note is done respectively
Figure BSA00000344277800056
And C iWill generate in its territory private key in PKI, the territory after by two-way authentication, note is done respectively
Figure BSA00000344277800057
In addition, will use symmetric key K that information M is encrypted note and be E K(M), will use private key SK that the signature note of information M is SIG K(M), utilize key K that the hash signature note of information M is h K(M).
(2) TTP initialization
TTP is responsible for accepting the registration of client and operator, and returns the field parameter certificate of its long-term PKI, long-term private and operator respectively.Announce that simultaneously some known parameters make each participant can verify a certain long-term PKI or a certain field parameter certificate whenever and wherever possible, and a certain long-term private is to the legitimacy of the signature of certain information.These known parameters are defined as follows: at first select big prime number q and be the module G on rank with q 1Be the multiplicative group G on rank with q 2, and G 1Generator P, and F:G 1* G 1→ G 2Be G 1And G 2On bilinearity mapping.Also to select a TTP master key s ∈ Z q, and calculate P Pub=sP ∈ G 1If H 1: 0,1} *→ G 1, H 2: Z q* G 1* 0,1} *→ Z qBe hash function.At last, TTP announces that its known parameters is as follows: { F, G 1, G 2, q, P Pub, H 1, H 2}
(3) client registration
User i provides its identity information ID iAnd send to TTP, after TTP is known this parameter, this parameter is done Hash operation get
Figure BSA00000344277800058
And with the master key s of system with
Figure BSA00000344277800059
Multiply each other
Figure BSA000003442778000510
And should
Figure BSA000003442778000511
Return to user i as the part secret.After user i receives the part secret of returning from TTP, will select own part secret x at random Ci∈ Z qAnd multiply each other with it its long-term private
Figure BSA000003442778000512
Generate its long-term PKI then The method of verifying its legitimacy is as follows:
Figure BSA000003442778000514
Its corresponding long-term private to the signature of information M is: The certifying signature method is as follows:
(4) operator registration
The registration process of operator and client registration are similar, send oneself
Figure BSA00000344277800061
Give TTP, the returning part secret
Figure BSA00000344277800062
After knowing this secret, operator selects the secret x of the part of oneself Oi, then both are multiplied each other the private key SK of operator Oi=x OiSQ Oi, the PKI PK of generation simultaneously oneself Oi=(x OiSP, x OiQ Oi).Because mesh-router also need be provided providing operator registration in the territory in, thus at operator in the process of TTP registration, also need provide the field parameter of oneself to TTP, TTP will be by returning corresponding field parameter certificate, next this field parameter witnessed.The field parameter system of selection is as follows: select big prime number q ', and be the addition cyclic group G on rank with q ' 1' and multiplication loop group G 2', select P ' as G simultaneously 1' generator.And bilinearity mapping F ' satisfies F ': G 1' * G 1' → G 2'.In addition, establish new hash function H 1' and H 2' be respectively H 1': 0,1} *→ G 1', H 2': Z q' * G 1' * { 0,1} *→ Z q', calculate at last
Figure BSA00000344277800063
Wherein
Figure BSA00000344277800064
Figure BSA00000344277800065
Generating field parameter subsequently is
Figure BSA00000344277800067
The field parameter certificate that TTP returns is as follows: domain-params-cert Oi={ domain-params, sH 1(domain-params) } method of checking field parameter certificate is: F (P, sH 1(domain-params))=F (H 1(domain-params), P Pub).
(5) mesh-router registration
Similar to the registration process of operator and client, be the parameter difference that mesh-router uses when registration, detailed process is as follows: mesh-router sends the identity of oneself
Figure BSA00000344277800068
Give the operator in territory, place, after receiving the identity information of mesh-router, operator can carry out Hash operation to its identity information and get
Figure BSA00000344277800069
Will after finishing
Figure BSA000003442778000610
Part secret as mesh-router returns to mesh-router.Mesh-router generates the part secret of oneself subsequently
Figure BSA000003442778000611
Multiplying each other with the part secret of the mesh-router that returns to obtain private key in its territory, promptly
Figure BSA000003442778000612
And PKI in the territory corresponding with it
Figure BSA000003442778000613
Verification method is:
Figure BSA000003442778000614
Private key to the signature of information M is in its territory The method of verifying this signature is as follows: F ( z MR i x O i ′ Q MR i H 2 ′ ( M ) , Q O i ′ ) = F ( H 2 ′ ( M ) z MR i Q MR i , x O i ′ Q O i ′ ) .
2. authenticated key agreement
(1) AKA between the territory
Be the convenient protocol procedures of describing, request inserted the client note of WMN and be C 1, be responsible for C 1Provide the mesh-router note of access service to be MR 1, C 1The operator note in the WMN territory of being inserted is O 1The AKA process is as shown in Figure 2 between the territory so.
MR 1In its range of signal intercycle broadcast message (A.1), this information comprise in have: O 1The field parameter certificate
Figure BSA00000344277800071
MR 1The territory in PKI
Figure BSA00000344277800072
Timestamp timestamp 1, and use MR 1Private key in the territory
Figure BSA00000344277800073
Signature to timestamp
Figure BSA00000344277800074
Receive after this information C 1With the known parameters of at first utilizing TTP to announce, to O 1The field parameter certificate
Figure BSA00000344277800075
Verify.Prove conclusively credible after, field parameter wherein is right with utilizing
Figure BSA00000344277800076
Verify, after checking is passed through, utilize this PKI and timestamp timestamp 1Right
Figure BSA00000344277800077
Verify, after signature verification is also passed through, then prove O 1And MR 1All credible.
At C 1Finish after information (A.1) check, will be to MR 1Transmission information (A.2).The long-term PKI that wherein comprises the user
Figure BSA00000344277800078
Timestamp timestamp 2, utilize in the field parameter
Figure BSA00000344277800079
The user identity value of calculating
Figure BSA000003442778000710
And use private key
Figure BSA000003442778000711
Signature to timestamp and identity value Wherein, directly do not send C 1Identity information Be because according to algorithm needs in not generating the process of session key
Figure BSA000003442778000714
Cryptographic Hash promptly
Figure BSA000003442778000715
So not only save the workload of operator, can also well hide user's identity, effectively protected user's privacy.
MR 1Receive that information (A.2) will utilize known parameters that TTP announces to C afterwards 1PKI
Figure BSA000003442778000716
Verify that after checking was passed through, binding time stabbed timestamp 2With the identity information value
Figure BSA000003442778000717
Signature to the user
Figure BSA000003442778000718
Verify.By after, then finish C to the user 1Verification process.So far, mutual authentication process is finished.Subsequently, MR 1Will be by before the WMN network design, the escape way of setting up when territory operator registers will
Figure BSA000003442778000719
With
Figure BSA000003442778000720
Send to O 1, i.e. information (A.3).
To O 1, any information that its phase believer in a certain religion escape way sends receives that so information (A.3) means MR 1Passed through C 1Authentication, O 1Only need to finish to C 1The territory in registration process, generate in its territory private key in the PKI and territory.To C 1, having only in the territory that generates oneself private key in the PKI and territory, just can finish and MR 1The session key agreement process and following territory in the switching verification process.Detailed process: O 1Receive information (A.3) afterwards, will pass through C 1PKI With the private key of oneself
Figure BSA000003442778000722
Generate O 1With C 1Between shared key F (C 1, O 1), its generative process: Subsequently, by this secret key encryption C 1The part secret that needs
Figure BSA000003442778000724
The information of getting
Figure BSA000003442778000725
This information will be from O 1Send back MR 1Again by MR 1Send C to 1
After receiving (A.4) information, C 1By the O that in information (A.1), obtains 1PKI
Figure BSA000003442778000726
With the private key of oneself
Figure BSA000003442778000727
Generate shared key F (O between the two 1, C 1), its generative process is as follows:
Figure BSA000003442778000728
Because calculating the process of sharing key is the bilinearity mapping operations, F (O 1, C 1) and F (C 1, O 1) equate, prove as
Figure BSA000003442778000729
Utilize and to share ciphering key 1Untie (A.4) and obtain the part secret, generate the secret factor of selecting oneself at random then Be created on private key in the territory in this territory subsequently
Figure BSA00000344277800082
PKI in the territory
Figure BSA00000344277800083
Can utilize subsequently this territory public and private key to finish and cipher key agreement process, promptly shown in the information (A.5).The shared key that wherein negotiates Generation was stabbed timestamp with binding time after should sharing key 3Make hash signature
Figure BSA00000344277800085
After receiving message (A.5), MR 1With private key in the territory of utilization oneself
Figure BSA00000344277800086
And C 1The territory in PKI
Figure BSA00000344277800087
Generate and share key F ' (MR 1, C 1), generative process is as follows
Figure BSA00000344277800088
With generation O 1And C 1Between shared key similar be bilinearity mapping because generate the method for this shared key, F ' (C then 1, MR 1) and F ' (MR 1, C 1) equate that it is as follows to derive:
F ′ ( C 1 , MR 1 ) = F ′ ( SK C 1 O 1 , PK MR 1 O 1 ) = F ′ ( z C 1 x O 1 ′ Q C 1 ′ , z MR 1 Q MR 1 )
= F ′ ( Q C 1 ′ , Q MR 1 ) z C 1 x O 1 ′ z MR 1 = F ′ ( z MR 1 x O 1 ′ Q MR 1 , z C 1 Q C 1 ′ ) = F ′ ( SK MR 1 O 1 , PK C 1 O 1 ) = F ′ ( MR 1 , C 1 ) .
Utilize then and should share key and timestamp timestamp 3, verify whether this signature is effective.If effectively, then prove C 1Success generates shares key, and this shared key is promptly as C 1And MR 1Between session key use.So far, the AKA process prescription finishes between the territory.
(2) AKA in the territory
Achievement above having had is done the basis, and the AKA process just can have been finished very rapidly in the territory, supposes user C 1From MR 1Range of signal in move to MR 2Range of signal in, the user will be interrupted and MR 1Communication then and MR 2Carry out the AKA process.Concrete steps are as shown in Figure 3:
MR 2At its range of signal intercycle broadcast message (B.1), wherein content and MR 1The information (A.1) of broadcasting is similar.User C 1After receiving this information, carry out being similar to for one time to the performed verification operation of information (A.1).Promptly prove conclusively MR after finishing checking 2Legal effectively after, utilize oneself territory private key
Figure BSA000003442778000811
And MR 2The territory in PKI
Figure BSA000003442778000812
Carry out the work of one time similar (A.5), wherein be used for the key of hash signature Send information (B.2) subsequently and give MR 2MR 2After receiving information, checking earlier
Figure BSA000003442778000814
Legitimacy, by after can with private key in the territory
Figure BSA000003442778000815
Generate key
Figure BSA000003442778000816
Figure BSA000003442778000817
Proof procedure is as follows: = F ′ ( z MR 2 x O 1 ′ Q MR 2 , z C 1 Q C 1 ′ ) = F ′ ( SK MR 2 O 1 , PK C 1 O 1 ) = F ′ ( MR 2 , C 1 )
After utilizing the intact hash signature of this key authentication, can prove conclusively session key F ' (C to timestamp 1, MR 2) successfully generate.So far, switching and cipher key agreement process are finished in the territory.
(3) AKA between the user
Mention at network model, the important difference of WMN network and traditional WLAN is exactly that numerous client in the WMN territory can an ad hoc of self-organizing network, carries out direct communication by unified low frequency signal then.In design,, all obtained in oneself the territory private key in the PKI and territory because each user is when access authentication procedure is finished.In the process of forming ad hoc network, public, private key in the territory that utilizes each user to generate is authenticated and session key agreement work finishing so.Its course of work is as shown in Figure 4:
At first, to user C 1, can obtain PKI in the territory of other users in this territory from the mesh-router of its access there, and be responsible for that the mesh-router of access service is also obligated to provide these data to the user; C 1Inquire C 2The territory in PKI
Figure BSA00000344277800091
Private key in the territory of utilization simultaneously oneself
Figure BSA00000344277800092
Can generate shared key between the two
Figure BSA00000344277800093
The generation method is identical with the front introduction method.And then utilize and to carry out hash signature to timestamp by shared key; Send to C at last with the synthetic message (C.1) of this three part, and with this message 2, C 2Receiving will be according to C after the information (C.1) 1The territory in private key in the territory of PKI and oneself Generate and share key
Figure BSA00000344277800095
This key and F ' (C 1, C 2) equate proof procedure:
Figure BSA00000344277800096
= F ′ ( Q C 1 ′ , Q C 2 ′ ) z C 1 x O 1 ′ z C 2 = F ′ ( z C 2 x O 1 ′ Q C 2 ′ , z C 1 Q C 1 ′ ) = F ′ ( SK C 2 O 1 , PK C 1 O 1 ) = F ′ ( C 2 , C 1 )
Utilize and to share key and timestamp timestamp a, C 2Can verify the signature in the message (C.1)
Figure BSA00000344277800098
After the signature verification success, C 2To set up and C 1Communicate to connect, and session key is exactly F ' (C 2, C 1).
So far, the Authentication and Key Agreement process between the user is finished.
In design agreement CWMNA, client and operator are in the process of carrying out the registration of TTP place, TTP returns to just their needed part secrets of client and operator, and thereby client and operator are receiving that the later secret factor separately of just having selected respectively of part secret has separately generated long-term private separately and long-term PKI in this locality, so that is to say TTP and do not know client and the secret factor of operator has no way of obtaining the long-term private of client and operator, therefore avoided the key escrow problem at all.On the other hand, just because of in CL-PKC, client and operator are PKIs obtained the secret territory that just generates separately of part from TTP in, and TTP announces a known parameters simultaneously, any participant of wanting to verify client or the long-term PKI legitimacy of operator only need utilize the known parameters of this TTP to carry out the bilinearity mapping operations and get final product.User's anonymity carries out embodying in the access authentication procedure and guaranteeing the user, the user is when having passed through authentication and carry out registering in the territory, because registration process only needs the cryptographic Hash of user identity ID and is not user ID itself in the territory, so what client transmitted by authentication the time in the agreement only is the cryptographic Hash of ID own, therefore concerning mesh-router and operator, just know the client identity legal and and do not know the concrete identity ID of client, so user's anonymity has obtained appropriate assurance.
The contrast of protocol capabilities of the present invention:
The performance index of an agreement mainly comprise two parts: communication overhead and computing cost.Wherein, communication overhead is mainly reflected on the message number, and computing cost is mainly reflected on the bigger public key operation of operand.Table 1 has provided CWMNA in the territory in the authenticated key agreement process (other 2 kinds of authenticated key agreements have expense still less) and the performance comparison between three kinds of authentication modes of existing 802.1X:
Table 1: protocol capabilities contrast table
Figure BSA00000344277800101
As can be seen from Table 1, because CWMNA uses the bilinearity mapping techniques in design, therefore the amount of calculation of the module exponent computing carried out of amount of calculation of carrying out when checking operators and mesh-router identity concerning the user and conventional authentication mode and public key signature and certifying signature is suitable, but that the signature process of being done in CWMNA is based on elliptic curve and only be to do once simple scalar to take advantage of calculating, so the amount of calculation of clients is less relatively among the CWMNA.In CWMNA, with concentrate in the EMSA authentication mode Mesh key distribution person (Mesh Key Distributors, MKD) and the certification work of AS be distributed among numerous mesh-router and finish.In sum, the computing cost of CWMNA almost with the 802.1X framework in employed several authentication modes maintain an equal level; The message wheel number of CWMNA has only 3 to take turns, and has minimum communication overhead.
The formal proof of authentication protocol of the present invention:
The present invention proves by the fail safe of UC security model to CWMNA.
Because the theoretical foundation of design CWMNA is no certificate public key cryptography (CL-PKC), and in the process of design agreement, the secret means of a large amount of utilization parts are finished the negotiation of session key.So, select document (D.Boneh and M.Franklin.Identity-based Encryption from the Weil pairing.SIAM Journal of Computing, 2003,32 (3): 586-615.Extended abstract in Advances in Cryptology--Crypto 2001.LNCS 2139, Heidelberg:Springer-Verlag, 2001.213-229.) (Dan Bonei and Ma Te Franklin. based on the right encryption of Weil based on identity. the computational mathematics journal, 2003,32 (3): 586-615. cryptography progress expansion digest---2001 cryptography meetings. computer science teaching materials 2139, Heidelberg: Springer Verlag publishing house, 2001.213-229.) in " judging bilinear Diffie-Hellman (DBDH) problem " in cited many bilinearity mapping difficulty problems as the theoretical foundation of proof, and make rational indistinguishability according to this problem and suppose that promptly DBDH supposes.
Before proposing hypothesis, do earlier as giving a definition:
Definition 1:{0,1} kExpression length is the binary sequence set of k.
Definition 2:N ← RS represents picked at random element N from S set.
Definition 3: can ignore: claim that a real function ε (k) is insignificant,, have k if for any c>0 c>0 makes to all k>k cε (k)<k is arranged -c
Definition 4: polynomial time indistinguishability: claim X={X n| n ∈ N} and Y={Y n| two sample spaces of n ∈ N} are polynomial time undistinguishables, if any probability polynomial time algorithm D, | Pr[D (X n, N)=1]-Pr[D (Y n, N)=1] | be negligible.The polynomial time indistinguishability is also referred to as the calculating indistinguishability.Definition 5: judge bilinearity DH problem (DBDHP)
Given (P, aP, bP.cP, γ), and a wherein, b, c ← RZ q *, γ ← RG 2, if γ=e (P, P) Abc, output "Yes", otherwise output "No".In view of the above, can draw corresponding D BDH supposes as follows: any one PPT algorithm A is at group G 1, G 2The interior advantage that solves DBDHP is defined as:
Figure BSA00000344277800111
Figure BSA00000344277800112
In view of the above, can get:
The DBDH hypothesis: for any PPT algorithm A,
Figure BSA00000344277800113
Can ignore.
According to defining 5 DBDH hypothesis and defining 4, the following form of DBDH hypothesis is arranged:
Select big prime number q, and be the addition cyclic group G on rank with q 1And be the multiplication loop group G on rank with q together 2, define bilinearity mapping e:G simultaneously 1* G 1→ G 2, P is group G 1On generator, a, b, c are from Z q *In evenly choose, γ is from group G 2Middle picked at random.Then for any polynomial time algorithm D, Q 0=(q, P, aP, bP, cP, e (P, P) Abc): a, b, c ← Z q *And Q 1=(q, P, aP, bP, cP, γ): a, b, c ← Z q *, γ ← G 2Probability distribution be to calculate undistinguishable.
At first design agreement CWMNA of the present invention is carried out abstractly, process is as follows:
Define symbol:
Figure BSA00000344277800121
Authentication?Server(AS),?
Figure BSA00000344277800122
Authentication(A)?ID R:Supplicant(S)。
It is the legitimacy testimonial material that generates that AS registers from TTP there.
The authentication material of a certain A in AS institute control domain uses private key in its territory
Figure BSA00000344277800125
Cryptographic Hash to message is signed, and guarantees message integrity and finishes authentication.
Figure BSA00000344277800126
The authentication material of user side S uses its long-term private SK RCryptographic Hash to message is signed, and guarantees message integrity and finishes authentication.
Figure BSA00000344277800127
Shared key between user side S and the AS both had been used for the encryption section secret
Figure BSA00000344277800128
Also be used for authenticating the AS identity.
Shared key between user side S and the connector A is used for finishing key earlier and generates conclusive evidence, and the back is as the session key session information in future.
CWMNA agreement of the present invention is conceptualized as:
I → R : Cert I 1 , Auth I 2
R→I:Auth R
I → R : TS 3 , E K 1 ( P SK R ′ )
R → I : TS 4 , h K 2 ( TS 3 | | TS 4 ) ,
Theorem 1: agreement π safety has realized ideal function F under the true model KE, therefore to any environment machine Z, equation REAL π, A, Z≈ IDEAL FKE, S, ZAll set up, claim that then design agreement π is a UC safety.
The thinking of agreement π fail safe proof: the ideal function F that at first provides cipher key change KEAnd difference design agreement π ' and agreement ρ S, agreement ρ wherein SSafety has realized signature ideal function F SigIdentification protocol π ' is at mixed model F subsequently Sig-hybird is by calling F SigSafety has realized F KE, at last with agreement π ' and agreement ρ SMake up, by UC security combination theorem, prove combination protocol and design agreement π equivalence, agreement π has realized F under real model KE
Lemma 1: make Sig=(gen, sig, ver) be as document (Canetti R, Krawczyk H.Universally composable notions of key exchange and secure channels[G] .LNCS 2332:Proc of the Advances in Cryptology EUROCRYPT 02.Berlin Springer, 2002:337-351.) (carry in the card, Kerafyrm very restrains. the general notion capable of being combined of cipher key change and escape way [G]. and computer science teaching materials 2332: cryptography progress---European cryptography meeting 02. Berlin Springer, 2002:337-351) Ding Yi signature, so under true environment, agreement ρ SAssailant for static state can realize F safely Sig, and if only if, and S can resist the forgery of selection message existence, and structure can be realized F safely SigAgreement ρ S, as follows:
Agreement ρ among the Ideal-life s
Agreement participant P i, P j, operation is based on signature algorithm Sig=(gen, sig, agreement ρ ver) s, carry out mutual.
● P iReceive input (signer, id) back execution algorithm gen keeps signature key s, v sends to P with authentication secret j
● work as P jNeed sign to certain message m, then with (sign, id m) send to P i, P iMake σ=sig (s, m), and will (m σ) sends to P for signature, id j
● work as P jNeed verify certain message m signature, then with (m σ) sends to P for verify, id i, P iThen output (verified, id, m, ver (v, m, σ)) to P j
Lemma 2: if DBDH hypothesis is set up, and message authentication algorithm is safe, and agreement π ' is at model F SigThe following function F of realizing ideal safely of-hybird KE
Proof: at first design F SigThe agreement π ' that carries out among-the Hybird, as follows.
Make that q is big prime number, G 1Be that q is the addition cyclic group on rank, P is G 1On generator, agreement participant P iAnd P j, at mixed model F SigThe operation agreement π ' among-Hybird.
As agreement promoter P iObtain input (P i, P j, sid), then send initialization information (signer, 0, sid) give F Sig, in like manner, as protocol responses person P jObtain input (P j, P i, sid), then send initialization information (signer, 1, sid) give F Sig
Agreement promoter P iOrganizational information
Figure BSA00000344277800131
And computing information M 1Cryptographic Hash h (M 1), send (sign, 0, sid, h (M 1)) to F Sig, obtain it and return signature δ i, send to P at last jInformation (P i, sid, " start " M 1, δ i).
Agreement recipient P jAfter receiving start information, utilize known parameters to know
Figure BSA00000344277800132
Correctness.Computing information M subsequently 1Cryptographic Hash h (M 1), send (verify, 0, sid, P i, h (M 1), δ i) to F Sig, after checking is passed through, with organizational information
Figure BSA00000344277800133
Calculate h (M 2).Transmission information (sign, 1, sid, h (M 2)) to F Sig, get its signature return value δ j, send to P at last iInformation (P j, sid, M 2, δ j).Checking is passed through when meanwhile, receiving start information
Figure BSA00000344277800134
Parameter can be provided
Figure BSA00000344277800135
Utilize P again jLong-term private SK R, generate and share key K 1Standby.
P iReceive P jReturn information after, computing information M 2Cryptographic Hash h (M 2), send (verify, 1, sid, P j, h (M 2), δ j) to F Sig, after checking is passed through, utilize P jLong-term PKI PK RAnd I 1Long-term private
Figure BSA00000344277800136
Generate and share key K 1Simultaneously by information M 2In comprise
Figure BSA00000344277800137
Can generate and to be returned to P jThe part secret
Figure BSA00000344277800138
Use key K subsequently 1The encryption section secret
Figure BSA00000344277800139
With time stamp T S 3, formation information
Figure BSA000003442778001310
With information M 3Send to P j
P jReceive information M 3After will utilize the key K that has generated 1The information of untiing obtains the part secret
Figure BSA00000344277800141
And generate P in view of the above jThe territory in private key
Figure BSA00000344277800142
And PKI in the corresponding territory
Figure BSA00000344277800143
Utilize private key in the territory
Figure BSA00000344277800144
And I 2The territory in PKI
Figure BSA00000344277800145
Can generate shared key K 2Rise time is stabbed TS subsequently 4, and utilize and share key K 2, to (TS 3‖ TS 4) do Hash operation and get
Figure BSA00000344277800146
Formation information M 4, and send to P iInformation (P j, sid, M 4).And local output information (sid, P i, P j, K 1, K 2).
P iAfter receiving last information, will utilize
Figure BSA00000344277800147
With
Figure BSA00000344277800148
Form and share key K 2, binding time stabs TS 3With time stamp T S 4, authorization information M 4Whether credible, if then local output information (sid, P are passed through in checking i, P j, K 1, K 2).
Be defined in mixed model F subsequently SigAssailant H under the-Hybird is configured in the assailant S (promptly being simulator S) under the ecotopia simultaneously.Make for any environment machine Z, its can not differentiate be with simulator S and H and agreement π ' at mixed model F Sig-Hybird is mutual down, still with S and F KEUnder Ideal-life, carry out mutual.That is: concerning any environment machine Z, equation
Figure BSA00000344277800149
All set up.
For simulator S:
(1). any input from Z all passes to H, and the output of any H all can be used as the output of S and can be read by Z.
(2). when S from F KEInformation (sid, P receive in the place i, P j, role), learn P iAnd P jInitiated the authenticate key exchange process.S will simulate F SigF under the-hybird model SigWith the π ' that under this model, carries on an agreement, and the input of given same-type.And S allows H and P i, P jExecuting rule and Z according to agreement π ' are mutual.Meanwhile, S can activate F SigGenerate corresponding signature value δ.
(3). certain the participant P in π ' iProduced local output, and this moment another participant P jDo not captured, S is with F so KEOutput send to P iIf P jCaptured, then F KEAllow part S determine key, S will utilize front P iThe P of emulation is determined in output i, P jThis locality output key.
(4). when carrying out, H captures P iOperation, S captures P equally iIf F KEGiven participant P iSent key, then S will obtain this key.If P iAnd P jAll do not produce local output, then S passes to H with its internal state, comprises their secret choosing value.If P iAnd P jWherein a side has produced local output, then wipes their temporary private, and S will directly pass to H to this locality output key.
The validity of simulator S.Suppose to exist an environment machine Z ', can with can not ignore probability distinguish under the mixed model mutual and ideal model down alternately, promptly
Figure BSA000003442778001410
Figure BSA000003442778001411
Be 1/2 to add ε, ε can not ignore.Construct a circuit sectionalizer D (as follows) so, utilize this environment machine Z ' to crack the DBDH hypothesis, and then stipulations are to contradiction.
For circuit sectionalizer D:
(1). select with 1/2 probability, select Q ← { Q 0, Q 1, be designated as { q, P, α as the input of D *, β *, γ *.
(2). select immediately τ ← 1,2 ... the previous term of the session number that l}, l can initiate as the assailant.Emulation F then SigMutual among the-hybird between π ' and H and the environment machine Z.
(3). when H activated a participant set up a new dialogue t (t ≠ τ) or when accepting a piece of news, D represent this participant according to agreement π ' at F SigCarry out normal mutual among the-hybird.If t=is τ, then D represents P iTo P jSend message (P i, sid, α *, δ i), work as P jAfter receiving this message, will call F SigGenerate the signature of its corresponding informance, send to P subsequently iInformation (P j, sid, β *, δ i), the last D side of letting on P i, P jAll produce local output (sid, P i, P j, γ *).
(4) if. H has captured a participant, and then D returns to H to the internal state of this participant, if be one of participant of session τ by the participant of being captured, then D exports that a random bit b ' ← { 0,1} also stops.
(5) if. F SigAfter agreement π ' operation among the-hybird was finished, Z exported b, then D output b '=b and termination.
Execution according to D can draw: if the D input is from Q 0In select γ so *Be the true key of mutual both sides' output under mixed model, the mixed model F that coexists such as its visual angle concerning D SigThe agreement π ' among-hybird is mutual with assailant H's.If the input of D is from Q 1In select γ so *Be a random value, because F KEThe mode that generates key is exactly at G 2Value of picked at random among the group.And the visual angle of D is equal to F under ideal model Ideal-life at this moment KEMutual with S.According to the principle of circuit sectionalizer D, D successfully distinguishes Q 0And Q 1Probability be equal to the probability that environment machine Z ' successfully distinguishes mixed model and ideal model, promptly circuit sectionalizer D can 1/2 adds a probability ε who can not ignore, and successfully distinguishes Q 0And Q 1And this is to contradict with the DBDH hypothesis.Must demonstrate,prove.
Lemma 3: make that π ' is model F Sig-hybird is the operation agreement down, agreement ρ SFor safety realizes F Sig, so there is an assailant H in any assailant A, make equation REAL concerning any environment machine Z π-ρ S, A, Z≈ F Sig-hybird π ', H, ZAll set up, i.e. combination protocol π-ρ SSafe simulation F SigThe agreement π ' under-hybird.
Lemma 4: under the true environment, combination protocol π-ρ SWith agreement π equivalence.
Proof: with mixed model F SigAgreement π ' is to F under the-hybird SigVisit all change into agreement ρ SVisit, can draw agreement π '-ρ SWith agreement π equivalence.
According to lemma 1 to 4, can release theorem 1.Proof finishes.
Agreement have the forward secrecy of improving (Perfect Forward Secrecy, PFS).So-called PFS promptly is: when all communication participants' long-term private all was cracked, former session key was still unaffected.In agreement, the effect that the long-term private of user's long-term private and territory operator plays all is to finish authentication function, as for the generation of the session key in future then is that the user reselects the new secret factor and generates, so even if the long-term private of user's long-term private and operator is all cracked, because the existence of the new secret factor, Adversary still can't be known session key, and former session content is safety still.
Agreement have well-known key safety (Known Key Security, KKS).Even KKS is meant the assailant and has known session key in the past that agreement still can guarantee the safety of current sessions key.In agreement of the present invention, if former session key is cracked, Adversary can obtain former content with this session key so, even but it is F (C that Adversary has this session key 1, MR 1) and MR 1PKI
Figure BSA00000344277800161
According to the one-way of bilinearity mapping, want from as the generation of mapping F (C as a result 1, MR 1) and one of them parameter
Figure BSA00000344277800162
Calculating another parameter is user's territory private key Be impossible.Since user's territory private key has obtained protection, so in following territory in the handoff procedure and the session key that generates of other MR also can not know.
Agreement have non-key reveal camouflage (no Key Compromise Impersonation, Non-KCI).Non-KCI is meant after the long-term private of A is revealed, the assailant A that in agreement, can only disguise oneself as, and can not be to the A all other men that disguise oneself as.In agreement, all be that the mode with safety is carried out under the line to the TTP registration process, and TTP give that each registrant returns all is the part secret, promptly Even Adversary has obtained registrant's long-term private, want to utilize this long-term private to forge other people identity, need from In solve TTP secret factor s come, and this faces big several branch problem of solving problem, and is infeasible in the calculating.So the fail safe target of Non-KCI successfully realizes.
Agreement have non-unknown key share (no Unkown Key Share, Non-UKS).Non-UKS refers to assailant Adversary can make user A think the shared secret with assailant Adversary, in fact is user A and user B shared secret.The agreement of mentioning has in front been finished explicit key authentication, and explicit key authentication just means that can prevent that key is unknown shares.
In brief, the present invention utilizes the basic principle of no certificate common key cryptosystem, and network model during according to the wireless Mesh netword practical application and safety problem have designed registration model and the authentication key agreement method that adapts with it.The invention describes the complete method of wireless Mesh netword access authentication, have the advantages that to reduce communication redundancy, avoid the key escrow problem, guarantee wireless user's anonymity and avoid public key certificate to safeguard.Wireless Mesh netword cut-in method of the present invention adopts that general capable of being combined (Universally Composable, UC) security model has carried out the proof of fail safe, has the characteristics of approved safe design of protocol and relevant security attribute.The present invention does not address part and is applicable to prior art.

Claims (1)

1. wireless Mesh netword authentication method, this authentication method is based on no certificate common key cryptosystem, and key step comprises:
(1) trusted third party's initialization, public address system known parameters then; User and domain manager are finished registration process under the line at the trusted third party place, and the user obtains user's long-term private and the long-term PKI of user, and domain manager obtains its domain manager long-term private, the long-term PKI of domain manager and field parameter certificate;
(2) the territory access point is registered in the domain manager place carries out the territory, PKI in private key and the access point territory, territory in the acquisition access point territory, territory, and periodic broadcast known parameters authentication message 1;
(3) user's legitimacy by field parameter certificate in the known parameters authentication message 1 of trusted third party issue at first, utilize the legitimacy of PKI in the field parameter authenticated domain access point territory in the field parameter certificate then, last signature to timestamp according to public key verifications territory access point in the access point territory, territory, finish authentication to the territory access point, after the certification work end to message 1, send message 2 to the territory access point;
(4) after the territory access point is received message 2, legitimacy by the long-term PKI of user in the known parameters checking message 2 of trusted third party, and utilize the long-term public key verifications user's of user signature to timestamp, and finish authentication to the user, send message 3 to domain manager then;
(5) domain manager will utilize message long-term PKI of 3 contained users and domain manager long-term private to generate shared secret key encryption part secret, promptly generate message 4, and send to the user, after receiving message 4, the user uses the long-term PKI of domain manager long-term private and user to generate identical shared key and unties enciphered message acquisition part secret, utilize this part secret, the user generates in its user domain in this authenticated domain PKI in the private key and user domain;
(6) user utilizes PKI in the territory of private key and territory access point in the user domain generated, the shared key between generation user and the territory access point, and PKI in user's the territory is informed the territory access point by message 5; After receiving message 5, this shared key territory access point place by access point territory, territory in private key and the user domain PKI generate.
CN2010105427452A 2010-11-15 2010-11-15 Wireless Mesh network identification method Pending CN101977380A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2010105427452A CN101977380A (en) 2010-11-15 2010-11-15 Wireless Mesh network identification method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2010105427452A CN101977380A (en) 2010-11-15 2010-11-15 Wireless Mesh network identification method

Publications (1)

Publication Number Publication Date
CN101977380A true CN101977380A (en) 2011-02-16

Family

ID=43577220

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2010105427452A Pending CN101977380A (en) 2010-11-15 2010-11-15 Wireless Mesh network identification method

Country Status (1)

Country Link
CN (1) CN101977380A (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103546567A (en) * 2013-10-28 2014-01-29 中国航天科工集团第二研究院七〇六所 Method for certificateless cross-domain authentication in credible could computing environment
CN104053153A (en) * 2014-06-16 2014-09-17 广州杰赛科技股份有限公司 Wireless Mesh network access authentication method and system
CN104125199A (en) * 2013-04-25 2014-10-29 中国科学院软件研究所 Attribute-based anonymous authentication method and system thereof
CN104486362A (en) * 2014-12-31 2015-04-01 广东顺德中山大学卡内基梅隆大学国际联合研究院 Obtaining method and system for WiFi access point description information
CN105721403A (en) * 2014-12-04 2016-06-29 阿里巴巴集团控股有限公司 Method, equipment and system for providing wireless network resource
CN105744522A (en) * 2016-04-29 2016-07-06 东北大学 WMN anonymous access authentication system and method based on proxy ring signature
CN108259185A (en) * 2018-01-26 2018-07-06 湖北工业大学 A kind of group key agreement system and method for group communication moderate resistance leakage
CN109451501A (en) * 2018-12-17 2019-03-08 重庆邮电大学 IPv6 industrial wireless network data secure transmission method based on broadcast signcryption
CN112465501A (en) * 2020-11-11 2021-03-09 中国人民大学 Copyright evidence storage and infringement behavior automatic evidence collection method and system based on block chain
CN114374523A (en) * 2022-03-23 2022-04-19 南京易科腾信息技术有限公司 Signature verification method and device and storage medium

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101494862A (en) * 2008-12-05 2009-07-29 北京工业大学 Access authentication method of wireless mesh network

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101494862A (en) * 2008-12-05 2009-07-29 北京工业大学 Access authentication method of wireless mesh network

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
曹春杰: "可证明安全的认证及密钥交换协议设计与分析", 《中国博士学位论文全文数据库 信息科技辑》, no. 12, 15 December 2008 (2008-12-15) *

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104125199A (en) * 2013-04-25 2014-10-29 中国科学院软件研究所 Attribute-based anonymous authentication method and system thereof
CN104125199B (en) * 2013-04-25 2019-04-02 中国科学院软件研究所 A kind of anonymous authentication method and system based on attribute
CN103546567B (en) * 2013-10-28 2016-12-07 中国航天科工集团第二研究院七〇六所 Without certificate cross-domain authentication method in a kind of credible cloud computing environment
CN103546567A (en) * 2013-10-28 2014-01-29 中国航天科工集团第二研究院七〇六所 Method for certificateless cross-domain authentication in credible could computing environment
CN104053153A (en) * 2014-06-16 2014-09-17 广州杰赛科技股份有限公司 Wireless Mesh network access authentication method and system
CN104053153B (en) * 2014-06-16 2017-12-01 广州杰赛科技股份有限公司 The method and system of wireless Mesh netword access authentication
CN105721403A (en) * 2014-12-04 2016-06-29 阿里巴巴集团控股有限公司 Method, equipment and system for providing wireless network resource
CN105721403B (en) * 2014-12-04 2019-01-11 阿里巴巴集团控股有限公司 For providing the method, equipment and system of wireless network resource
CN104486362A (en) * 2014-12-31 2015-04-01 广东顺德中山大学卡内基梅隆大学国际联合研究院 Obtaining method and system for WiFi access point description information
CN105744522A (en) * 2016-04-29 2016-07-06 东北大学 WMN anonymous access authentication system and method based on proxy ring signature
CN105744522B (en) * 2016-04-29 2018-10-23 东北大学 A kind of WMN anonymous access authentication systems and method based on proxy ring signature
CN108259185A (en) * 2018-01-26 2018-07-06 湖北工业大学 A kind of group key agreement system and method for group communication moderate resistance leakage
CN108259185B (en) * 2018-01-26 2021-06-15 湖北工业大学 Anti-leakage group key negotiation system and method in group communication
CN109451501A (en) * 2018-12-17 2019-03-08 重庆邮电大学 IPv6 industrial wireless network data secure transmission method based on broadcast signcryption
CN112465501A (en) * 2020-11-11 2021-03-09 中国人民大学 Copyright evidence storage and infringement behavior automatic evidence collection method and system based on block chain
CN114374523A (en) * 2022-03-23 2022-04-19 南京易科腾信息技术有限公司 Signature verification method and device and storage medium

Similar Documents

Publication Publication Date Title
Wazid et al. AKM-IoV: Authenticated key management protocol in fog computing-based Internet of vehicles deployment
Mahmood et al. An elliptic curve cryptography based lightweight authentication scheme for smart grid communication
Odelu et al. Provably secure authenticated key agreement scheme for smart grid
Malani et al. Certificate-based anonymous device access control scheme for IoT environment
Wang An identity-based data aggregation protocol for the smart grid
Khan et al. An elliptic curve cryptography based mutual authentication scheme for smart grid communications using biometric approach
CN107947913B (en) Anonymous authentication method and system based on identity
CN101977380A (en) Wireless Mesh network identification method
Wang et al. Security analysis of a single sign-on mechanism for distributed computer networks
CN101902476B (en) Method for authenticating identity of mobile peer-to-peer user
CN103702326B (en) A kind of Certificateless key agreement method based on mobile Ad Hoc network
CN105959269A (en) ID-based authenticated dynamic group key agreement method
CN104270249A (en) Signcryption method from certificateless environment to identity environment
GB2490483A (en) Digital signature method generating strong cryptographic parameter form weak security parameter.
CN104052608A (en) Certificate-free remote anonymous authentication method based on third party in cloud application
CN104301108A (en) Signcryption method based from identity environment to certificateless environment
CN101162999A (en) Method of authenticating identification based common key cryptosystem and encryption address in network
Qi et al. Two-pass privacy preserving authenticated key agreement scheme for smart grid
Badshah et al. LAKE-BSG: Lightweight authenticated key exchange scheme for blockchain-enabled smart grids
Nikooghadam et al. A provably secure ECC-based roaming authentication scheme for global mobility networks
Liang et al. Physically secure and conditional-privacy authenticated key agreement for VANETs
Itoo et al. A robust ECC-based authentication framework for energy internet (EI)-based vehicle to grid communication system
Khan et al. A secure and energy efficient key agreement framework for vehicle-grid system
Braeken et al. ECQV-IBI: Identity-based identification with implicit certification
Abusukhon et al. An authenticated, secure, and mutable multiple‐session‐keys protocol based on elliptic curve cryptography and text‐to‐image encryption algorithm

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20110216