CN103428692B - Can accountability and the Radio Access Network authentication method of secret protection and Verification System thereof - Google Patents
Can accountability and the Radio Access Network authentication method of secret protection and Verification System thereof Download PDFInfo
- Publication number
- CN103428692B CN103428692B CN201310343147.6A CN201310343147A CN103428692B CN 103428692 B CN103428692 B CN 103428692B CN 201310343147 A CN201310343147 A CN 201310343147A CN 103428692 B CN103428692 B CN 103428692B
- Authority
- CN
- China
- Prior art keywords
- user
- group
- access point
- network operator
- virtual network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention discloses a kind of can accountability and the Radio Access Network authentication method of secret protection, comprise the following steps: step 1, customer group manager register at Virtual network operator;Step 2, user and customer group manager contact to be authenticated, and make user become user in group;If step 3 finds that user is broken, Virtual network operator is cancelled and is broken user;Step 4, user are successfully accessed wireless network;Step 5, having two or more signatures at access point when needing certification, access point carries out batch signature checking to these signatures;Step 6, authority of law determine the user being responsible for ad-hoc communication session.The invention also discloses a kind of realize can the Verification System of Radio Access Network authentication method of accountability and secret protection, including user and authority of law in Virtual network operator, access point, customer group manager, group.Have and make the degree of belief of each entity item limited, effectively prevent the problem of managing on behalf of another and single point failure problem.
Description
Technical field
The present invention relates to a kind of wireless communication technology, can accountability and the wireless of secret protection connect particularly to a kind of
Enter method for network authorization and Verification System thereof.
Background technology
The universal quality significantly improving life of Radio Access Network and the efficiency of work, allow user almost
Can access network whenever and wherever possible.And along with increasing to the demand of Radio Access Network, wireless access network
Network starts to have played the part of irreplaceable role in life.But it is a concern that Radio Access Network apoplexy
Danger is the most ubiquitous, and these risks include lacking experience or the sensitive information leakage, wireless of user without Vigilance
The easy implementation of signal intercept and quickly tend to ripe monitoring device etc..So, if desired any wide-area deployment
This Radio Access Network, safety, privacy, can accountability and high efficiency be need to consider main
Problem.But, in the prior art, actual available can recognize the Radio Access Network of accountability and secret protection
Card system is the most few.It addition, existing great majority guarantee that the Verification System of privacy is required for one can
The third party trusted.But, in the presence of third party trusty, system can face the problem of managing on behalf of another and single-point
Problem of Failure.Opponent can destroy the configuration of whole system by destroying third party trusty.Therefore, exist
On the premise of being not related to third party trusty, simultaneously ensure Radio Access Network Verification System can accountability,
Safety, privacy just seem the most necessary with high efficiency.In addition, accountability and privacy are two and see
Like the target of contradiction, during therefore prior art cannot be applied directly to Radio Access Network Verification System, from
And the privacy that can not lose system while accountability is provided to system.And the present invention separates former based on responsibility
Then, this problem is solved well.In the present invention, Virtual network operator has group private key (group private
Key, lower with), but do not know member keys (member secret keys, lower with) and subscriber identity information
Mapping pair, and customer group manager (group manager, lower same) knows member keys and user identity letter
Mapping pair (the mapping between the member secret keys and the essential of breath
Attributes of the users, lower same), but there is no group private key, which ensure that the privacy of system.
And under the needs of authority of law, Virtual network operator and customer group manager can provide information jointly, to find out
Responsible user, which ensure that can accountability.The present invention be not related to one trusty third-party
Under premise, ensure that simultaneously the safety of system, privacy, can accountability and high efficiency, this is existing skill
Art cannot realize.
Existing wireless access Verification System relates to tripartite: a wireless roaming user U, an access points
AP and Virtual network operator NO.A number of AP is deployed in the different location of coverage, whole to cover
Region, and provide network service to the network user.User can access anywhere by their mobile device
This network.Existing Radio Access Network authentication method and Verification System thereof mainly have two shortcomings.First,
Existing method and system thereof generally require a third party trusty, such as member management person, trust authority
(Trust Authority, lower same), home server, off line Secure Manager and aaa server.This
Individual third party trusty manages all of keying material.If but if these keying materials leak out, using
The privacy at family can face the danger being disclosed.Unfortunately, when there being third party trusty, security system
The problem of managing on behalf of another and single point failure problem can be faced.Opponent can destroy whole by destroying third party trusty
The configuration of system.Second, existing Radio Access Network cannot can ensure privacy while accountability providing.
If wanting to allow authority of law can find the user that ad-hoc communication session is responsible for, then user profile can more or less by
Reveal;If but want to ensure the privacy of user, then authority of law is difficult to carry out user according to limited information
Follow the trail of.Prior being to provide can not lose privacy while accountability, and this is two and seems contradiction
Target.There are currently no the relevant (privacy of available privacy that can directly dispose and can reach above target
Aware) cryptographic primitives.
Summary of the invention
The primary and foremost purpose of the present invention is to overcome the shortcoming of prior art with not enough, it is provided that one can accountability and hidden
The Radio Access Network authentication method of private protection, the method efficiently avoid the problem of managing on behalf of another and single point failure
Problem.
Another object of the present invention is to the shortcoming overcoming prior art with not enough, it is provided that a kind of realization can accountability
And the Verification System of the Radio Access Network authentication method of secret protection, this system is not related to the trusty 3rd
Side, safety is high, and privacy is high.
The primary and foremost purpose of the present invention is achieved through the following technical solutions: a kind of can accountability and secret protection wireless
Access network authentication method, comprises the following steps:
Step 1, customer group manager register at Virtual network operator, and Virtual network operator generates group's private key and portion
Hive off PKI (partial group public key, lower same), and partial group PKI is issued customer group pipe
Reason person;Customer group manager returns after generating group PKI (group public key, lower same) and transports to network
Battalion business;Virtual network operator the group's public key broadcasts received at customer group manager to each access point;
Step 2, user and customer group manager contact to be authenticated, and hereafter customer group manager will be to
It sends a member keys for access network and group's PKI;Now user is successfully joined customer group, becomes
For user in group;
If step 3 finds that user is broken, then customer group manager will be broken user these and be considered as removing
The user of pin, and the list cancelling user is sent to Virtual network operator;Virtual network operator is number on this list
It is broadcast to each access point after word signature, is broken user to cancel;Now, user is revoked;
Step 4, user are to access network, it is necessary first to ensure to lay oneself open to the communication range of an access point
In;After carrying out being mutually authenticated with this access point and exchanging with key, one between access point and user, can be set up
Share symmetric key, for communication session backward;Now, user is successfully accessed wireless network;
Step 5, having two or more signatures at access point when needing certification, these are signed by access point
Carry out batch signature checking.Our batch signature verification technique is signed institute in a large number considerably reducing checking
While the time consumed, also reduce what this potential bottleneck problem of signature verification at access point was caused
Disconnecting rate.
If step 6 authority of law is wanted to follow the trail of the user being responsible for ad-hoc communication session, only need to be from Virtual network operator
Place obtains group's private key, and obtains member keys and the mapping pair of subscriber identity information at customer group manager;
Group's private key and above-mentioned mapping pair is utilized to can determine that user.
Described step 4 comprises the following steps:
A, access point periodically broadcast the beacon message of this access point digital signature, thus announce that it services
Exist;
B, after user receives beacon message, can be according to beacon message, the effectiveness of proving time stamp, access
The certificate expiry time of point and the reliability of its PKI.If these checkings have any one not pass through, user
This access point will not be linked;If these checkings are all passed through, user generates solicited message, and utilizes oneself
Member keys it is carried out group ranking, and clean culture replies to access point;
C, after access point receives the above-mentioned information that user sends, will first check the freshness (message of information
Freshness, lower same).Subsequently, check whether this user exists in its list cancelling user.If existing,
Then refuse link;If not existing, then be calculated shared symmetric key and send response message to
Family;
D, user, after receiving the information that above-mentioned access point is sent, can verify the effectiveness of this information.If letter
It is invalid to cease, then refuse link;If effectively, then, this link is successfully established.
Described step 6 comprises the following steps:
(1) authority of law requires to follow the trail of the user being responsible for ad-hoc communication session;
(2) Virtual network operator is based on network linking and session identification, finds corresponding meeting from network log file
Words authentication information;
(3) first three element of the digital signature in above-mentioned session authentication information is linearly added by Virtual network operator
Close, and the member keys of this user is obtained with group's private key.Hereafter, net operation business is this user obtained
Member keys report to authority of law;
(4) the member that authority of law sends, to customer group manager, this user obtained at Virtual network operator is close
Key;
(5) customer group manager is according to the member keys of this user obtained at authority of law, stores at oneself
Member keys and subscriber identity information mapping pair in search, and the subscriber identity information found is replied to
Authority of law.
The method for network authorization of the present invention has the following six stage: system is set up, adds new user, cancelled
User, be mutually authenticated and key exchange, batch signature checking, user tracking.At system establishment stage, net
Network operator and each customer group manager each generating unit are hived off PKI.Group's PKI is assigned to each and connects
Access point.System enters when there being new user to enter group adds new user's stage, and when one or more users are removed
Enter during pin and cancel user's stage.It is being mutually authenticated and cipher key exchange phase, as a user wants to be linked to one
Individual access point, he/her needs and carries out between access point being mutually authenticated to exchange with key, then sets up one and share
Symmetric key.At batch signature Qualify Phase, access point can verify the request that many receives simultaneously, and not
It is to process each request individually.In the user tracking stage, Virtual network operator and customer group manager help
Authority of law follows the trail of a user being responsible for particular network link.
Another object of the present invention is achieved through the following technical solutions: a kind of realization can accountability and secret protection
The Verification System of Radio Access Network authentication method, it is characterised in that including: Virtual network operator, access point,
User and authority of law in customer group manager, group;Described Virtual network operator is to customer group manager's sending part
Hive off PKI and at customer group manager receive group's PKI, Virtual network operator also to access point broadcast group's PKI;
Access point and user in group carry out being mutually authenticated and key exchange, and in group, user also obtains at customer group manager
Take the member keys in access network and group's PKI;Authority of law obtains group private key at Virtual network operator,
And at customer group manager, obtain member keys and the mapping pair of subscriber identity information.
Key management model in the Verification System of the present invention relates to four typical network entities altogether: network is transported
User in battalion business, access point, customer group manager and group.In the present invention, user not directly to network
Operator registers, but is represented its users inside the group all by customer group manager and subscribe to Virtual network operator
Service.Virtual network operator generates group's private key and group's PKI of part, but maintains secrecy group's private key.When receiving
During one gerentocratic registration request of group, the network operation chamber of commerce is distributed to this customer group pipe partial group PKI
Reason person.Then, group manager generates group PKI and is returned to Virtual network operator.Finally, network operation
Business is sent to each access point group's PKI.To access network, each user needs please to its crowd of managers
Ask its member keys and group's PKI.
This key managing project has several prominent feature, for the purpose firstly, for control access,
The user of what each was legal have effective member keys can generate an effective access certificate, newly connects
Enter the group ranking of request.This access certificate can be verified by each access point with group's PKI.Therefore, connect
Enter safety to be guaranteed.Second, the present invention is group's private key and member keys and the mapping pair of subscriber identity information
It is saved in respectively in two autonomous entity items: group's user administrator and Virtual network operator.Wherein network operation
Business has group private key, but does not knows mapping pair.And group manager knows mapping pair, but do not know group private key.
It is assumed herein that group manager will not gang up with Virtual network operator.This hypothesis is rational, because user
Group manager and Virtual network operator are substantially from different groups, and even have the conflict of interest between them.This
Result in customer group manager and can not determine that the identity information of specific user can not utilize with network operation commercial city
The access authentication of user invades the privacy of user.Therefore, the privacy of user is strengthened.
Finally, under the gerentocratic common help of Virtual network operator and customer group, have and only authority of law can
To track the corresponding network user according to arbitrary communication linkage.Therefore, there is service dispute or swindle
Time, authority of law can determine accurately needs responsible user, and pursues its responsibility.So, Yong Huwen
Duty also is able to realize.Meanwhile, whole cipher key management procedures can complete when system is set up, and therefore this is not
The expense of any calculating and communication can be brought behind.
By amendment key schedule develop new short group ranking (Short group signature, under
With) scheme.Thereafter, novel group ranking is integrated in the certification of the present invention and the design of IKMP.
In addition, in order to realize high efficiency, based on novel group ranking, it is proposed that novel batch signature authentication
Method.In order to cancel a user being broken, have employed Verifier-Local Revocation(this locality and test
Card is revoked) method.This method designs based on novel group signature scheme.In addition, in order to support
Renewal and the large-scale user of system cancel, and some additional mechanism have also been incorporated in the present invention.
The present invention can accountability and the efficient wireless access network system of secret protection, including: system set up
In the stage, customer group manager registers at Virtual network operator, and Virtual network operator generates group's private key and partial group
PKI, and partial group PKI is issued customer group manager;Customer group manager return after generating group PKI to
Virtual network operator, subsequently Virtual network operator by group's public key broadcasts to each access point.Adding new user rank
Section, user and customer group manager contact to be authenticated, and hereafter acquisition is used for access network by user
A member keys and group's PKI.If finding, user is broken, and customer group manager will be broken these
User is considered as the user that need to cancel, and the list cancelling user is sent to Virtual network operator, Virtual network operator
This list is broadcast to after digital signature each access point, is broken user to cancel.User is to connect
Enter network, it is necessary first to guarantee lays oneself open in the communication range of an access point;Carrying out with this access point
It is mutually authenticated after exchanging with key, a shared symmetric key can be set up between access point and user, for past
After communication session.If authority of law is wanted to follow the trail of the user being responsible for ad-hoc communication session, only need to transport from network
Obtain group's private key at battalion business, and at customer group manager, obtain member keys and the mapping of subscriber identity information
Right;Group's private key and above-mentioned mapping pair is utilized to can determine that user.
The present invention is first to support that Radio Access Network can accountability, safety, privacy and high efficiency simultaneously
System.In the past system do not accomplish a bit, the privacy that can ensure system while accountability is being provided.
But in the present invention, Virtual network operator has a group private key, but do not know member keys and subscriber identity information
Mapping pair;And customer group manager knows the mapping pair of member keys and subscriber identity information, but do not have group private
Key;Which ensure that privacy.And under the requirement of authority of law, Virtual network operator and customer group manager can
Jointly providing information, to find out responsible user, this provides can accountability.The present invention supports system
Update and large-scale user cancels, which ensure that the high efficiency of system.In addition, another of the present invention
Feature is not dependent on any third party trusty.In the present invention, the degree of belief of each entity item
Being limited, this makes system avoid the problem of managing on behalf of another and single point failure problem.
The operation principle of the present invention: the present invention propose a kind of can accountability and the Radio Access Network of secret protection
Verification System.Within the system, having six stages, respectively system is set up, adds new user, is cancelled
User, be mutually authenticated with key exchange and, batch signature checking, user tracking.First, at the beginning of system needs
Beginningization, this is the stage that system is set up.In this stage, system completes the task of group public key distribution.System
After system is successfully established, each access point divides a group's PKI.Hereafter, to add new user, then
Enter and add new user's stage;To cancel user, then enter and cancel user's stage.Want to be linked to user
During access point, need to carry out being mutually authenticated and key exchange with this access point, at this moment enter and be mutually authenticated and key
Switching phase.And when authority of law needs to follow the trail of a specific user, system enters the user tracking stage.
The present invention on the premise of being not related to a third party trusty, ensure that simultaneously system safety,
Privacy, can accountability and high efficiency.Firstly, for for the purpose that control accesses, each is legal
The user having effective member keys can generate an effective access certificate, and the group of such as new access request signs
Name.This access certificate can be verified by each access point with group's PKI.Therefore, access safety to be protected
Card.Second, the present invention protects the mapping pair between member keys and subscriber identity information and group's private key respectively
Exist in two autonomous entity items: customer group manager and Virtual network operator.Wherein Virtual network operator has
Group's private key, but do not know the mapping pair between member keys and subscriber identity information.And customer group manager knows
Road mapping pair, does not but know group private key.It is assumed herein that group manager will not gang up with Virtual network operator.
This hypothesis is rational, because customer group manager and Virtual network operator are substantially from different groups, and
The conflict of interest is even had between them.Which results in customer group manager and can not determine spy with network operation commercial city
The identity information determining user can not utilize the access authentication of user to invade the privacy of user.Therefore, system
Privacy be guaranteed.3rd, under the gerentocratic common help of Virtual network operator and customer group, have
And only authority of law can track the corresponding network user according to arbitrary communication linkage.Therefore, sending out
When raw service dispute or swindle, authority of law can determine accurately needs responsible user, and pursues its duty
Appoint.So, user's accountability also is able to realize.Meanwhile, whole cipher key management procedures can be set up in system
Time complete, therefore this During Process of Long-term Operation of system behind will not bring the expense of any calculating and communication.
Finally, different short group signature schemes is developed by amendment key schedule.Thereafter, novel group is signed
Name is integrated in the certification of the present invention and the design of IKMP.In addition, based on novel group ranking,
Propose novel batch signature verification method.In order to cancel a user being broken, have employed
Verifier-Local Revocation(local verification is revoked) method.This method is to sign based on novel group
Name conceptual design.In addition, in order to the renewal and large-scale user supporting system is cancelled, some are attached
The mechanism added also has been incorporated in the present invention.Therefore, the high efficiency of system is guaranteed.
The present invention has such advantages as relative to prior art and effect:
1, the present invention does not relies on any third party trusty, and the degree of belief of each entity item is limited
, this avoids the problem of managing on behalf of another and single point failure problem.
2, the present invention is especially suitable for Radio Access Network, it is based on responsibility separation principle and attainable batch
The integration of the new group ranking algorithm of signature verification.
3, the present invention sets up with key by realizing clear and definite being mutually authenticated between user and access point, it is ensured that
The safety of system.
4, the present invention is by the anonymous authentication realized between user and access point in one direction, it is ensured that user's
Anonymity and Unlinkability.
5, the present invention is providing and can not lose privacy while accountability.Because it is private that Virtual network operator has group
Key, but do not know mapping pair, and customer group manager knows mapping pair, but there is no group private key, this ensures
Privacy.And under the needs of authority of law, Virtual network operator and customer group manager can provide letter jointly
Breath, to find out responsible user, which ensure that can accountability.
6, the present invention by use Verifier-Local Revocation(local verification revoke) method with
Some additional mechanisms, support that the renewal of system and large-scale user cancel, it is ensured that the high efficiency of system.
7, the present invention allows dynamically adding and the Dynamic Revocation being broken user of new user.The present invention is first
Support that Radio Access Network can accountability, safety, privacy and the system of high efficiency simultaneously.
Accompanying drawing explanation
Fig. 1 is the flow chart of the present invention
Fig. 2 is trust and the key management model schematic diagram of the present invention.
Detailed description of the invention
Below in conjunction with embodiment and accompanying drawing, the present invention is described in further detail, but the embodiment party of the present invention
Formula is not limited to this.
Embodiment
Existing wireless access Verification System relates to tripartite: a wireless roaming user U, an access points
AP and Virtual network operator NO.A number of AP is deployed in the different location of coverage, whole to cover
Region, and provide network service to the network user.User can access anywhere by their mobile device
This network.
Fig. 2 is the Radio Access Network Verification System of the present invention, the key management in the Verification System of the present invention
Model relates to four typical network entities altogether: in Virtual network operator, access point, customer group manager and group
User.In the present invention, user also registers not directly to Virtual network operator, but is managed by customer group
Person represents its users inside the group all to Virtual network operator subscription service.Virtual network operator generates group's private key and part
Group's PKI, but group's private key is maintained secrecy.When receiving a gerentocratic registration request of group, network is transported
The chamber of commerce of battalion is distributed to this customer group manager partial group PKI.Then, group manager generates group PKI also
It is returned to Virtual network operator.Finally, Virtual network operator is sent to each access point group's PKI.To
Access network, each user needs to ask its member keys and group's PKI to its crowd of managers.
This key managing project has several prominent feature.For purpose firstly, for control access,
The user of what each was legal have effective member keys can generate an effective access certificate, newly connects
Enter the group ranking of request.This access certificate can be verified by each access point with group's PKI.Therefore, connect
Enter safety to be guaranteed.Second, the present invention is group's private key and member keys and the mapping pair of subscriber identity information
It is saved in respectively in two autonomous entity items: group manager and Virtual network operator.Wherein Virtual network operator is gathered around
There is group private key, but do not know mapping pair.And group manager knows mapping pair, but do not know group private key.At this
In, it is assumed that group reason person will not gang up with Virtual network operator.This hypothesis is rational, because customer group management
Person and Virtual network operator are substantially from different groups, and even have the conflict of interest between them.Which results in
Customer group manager and network operation commercial city can not determine that the identity information of specific user can not utilize user's
Access authentication invades the privacy of user.Therefore, the privacy of user is strengthened.
Finally, under the gerentocratic common help of Virtual network operator and customer group, have and only authority of law can
To track the corresponding network user according to arbitrary communication linkage.Therefore, there is service dispute or swindle
Time, authority of law can determine accurately needs responsible user, and pursues its responsibility.So, Yong Huwen
Duty also is able to realize.Meanwhile, whole cipher key management procedures can complete when system is set up, and therefore this is not
The expense of any calculating and communication can be brought behind.
The present invention develops new short group ranking (short group by amendment key schedule
Signature) scheme.Thereafter, novel group ranking is integrated into the certification of the present invention and IKMP
In design.In addition, in order to realize high efficiency, based on novel group ranking, it is proposed that novel batch label
Name verification method.In order to cancel a user being broken, have employed Verifier-Local Revocation
(local verification is revoked) method.This method designs based on novel group signature scheme.In addition,
Renewal and large-scale user in order to support system are cancelled, and some additional mechanism have also been incorporated into this
In bright.
The present invention was made up of the following six stage: system is set up, adds new user, cancelled user, is mutually authenticated
With key exchange, batch signature checking and user tracking.At system establishment stage, Virtual network operator and each
Customer group manager each generating unit is hived off PKI.Group's PKI is assigned to each access point.System is having newly
Enter when user enters group and add new user's stage, and enter when one or more users are revoked and cancel user rank
Section.Being mutually authenticated and cipher key exchange phase, as a user wants to be linked to an access point, he/her needs
And it is mutually authenticated between access point, then sets up a shared symmetric key.At batch signature Qualify Phase,
Access point can be verified request that many receives simultaneously rather than process each request individually.Chase after user
Track stage, Virtual network operator and customer group manager help authority of law tracking one to be responsible for particular network link
User.
As shown in Figure 1, it is achieved six stage tools of the authentication method of the Radio Access Network Verification System of the present invention
Body is as follows:
A. system establishment stage
What Virtual network operator was responsible for is group's private key and the generation operation of partial group PKI of all customer groups.Net
The detailed process that network operator processes is as follows:
1. select one to be randomly generated unit g2∈G2, and calculate g1=ψ(g2)。
2. randomly selects1,s2∈ZpAnd u, v ∈ G is set1,s1u=s2V=η, can obtain
u=s1 (-1)η,v=s2 (-1)η.Wherein s1 (-1)It is s1Inverse, s2 (-1)It is s2Inverse.
3. by group private key gsk=(s1,s2) secrecy.
4. randomly chooseAnd h is set1,h2∈G2,h1=s1·h0,h2=s2·h0。
5. Virtual network operator once receives group identity is grpiGroup manager GMjRegistration information, network
Operator need to be to group manager GMjIt is authenticated.This certification based on well-established group manager with
Trusting relationship between Virtual network operator.This trusting relationship is probably the foundation when I contacts.
Then Virtual network operator randomly chooses j ∈ ZpGroup as this customer group indexes and stores pairing
(j,grpj).Next Virtual network operator sends information (j, g to group manager1,g2, η, u, v), wherein
(g1,g2, η, u, v) it is partial group PKI.In the present invention, Virtual network operator uses a safe transmission association
View (such as wired Transport Layer Security) and group manager GMjCommunicate.Imagination strong
Diffie-Hellman (SDH) is at (G1,G2It is to maintain on), and linear Diffie-Hellman
At G1On be to maintain.
In order to improve the efficiency of proposed system, Virtual network operator is distributed to systematic parameter h of each group0And portion
Hive off PKI (g1,g2, η) and it is the same.In order to realize non-repudiation, in above-mentioned 5th step, network is transported
Seek business under standard digital signature scheme to information (j, g1,g2, η, u, v) signature.Relevant digital signature scheme
There is RSA and ECDSA.After it should be noted that crowd manager registers at Virtual network operator, network
Operator can send its PKI to group manager.Therefore, there is no need to Public Key Infrastructure (PKI).Assume this
Bright employ ECDSA-160.The digital signature public private key-pair of this Virtual network operator is defined as
(OPK,OSK)。
Each crowd of manager GMjReceiving (j, g1,g2, η, u, v) after, will generate group PKI in accordance with the following steps:
1. randomly choose a digital gamma ∈ Zp, and w is setj=γg2。
2. return information (j, gpkj) give Virtual network operator, its group of PKIs are gpkj=(g1,g2,η,u,v,wj).It is similar to,
In order to realize non-repudiation, group manager according to ECDSA-160 to information (j, gpkj) carry out numeral label
Name.
Virtual network operator is upon receipt of (j, gpkjAfter), j and w will be stored in his/her local recordjIt
Between pairing.Finally, Virtual network operator is by { g1,g2,η,u,v,h0,h1,h2And map (j, wj) it is sent to each connecing
Access point.In addition, Virtual network operator (is designated as AP to each access pointk) give a public/private key pair
Right, it is expressed as (PPKk,PSKk).Each access point also obtains subsidiary being signed by Virtual network operator numeral
The public key certificate of name, for the verity of verification key.The certificate of one simple form is by following sections
Composition: Certk={APk,PPKk,ExpT,SIGOSK{h(APk||PPKk||ExpT)}}.Wherein h (.) represents Hash letter
Number operation, if SHA-1, ExpT are certificate expiry time, SIGOSK{h(APk||PPKk| | ExpT) } it is network
Operator with its private key OSK at h (APk||PPKk| | ExpT) go up digital signature and generate.
B. new user's stage is added
Before accessing to a network, a network user must I be authenticated to group manager contact.To often
One identity is grpjCustomer group, an identity is UIDiUser i be endowed as follows one with
The member keys of machine and group's PKI:
1. crowd manager GMjRandomly choose xi∈Zp, and calculate with γGMjAt his/her record
Middle storage is to (Ai,UIDi)。
2. crowd manager GMjTransmitted to user i by a secure transfer protocol (such as wired Transport Layer Security)
Information (j, gpkj,msk[i]).Now the member keys of user i is msk [i]=(Ai,xi)。
It should be noted that in the environment of above two steps:
● group manager GMjOnly retain member keys and the mapping (A of subscriber identity informationi,UIDi), and do not retain group
Private key gsk.
● Virtual network operator only knows that crowd private key gsk does not knows to map (Ai,UIDi)。
The most only Virtual network operator knows mapping (j, grpj).Certainly, each user and each crowd of managers can only
Calculate his/her group's index and the mapping of group's identity.
C. user's stage is cancelled
Customer group manager GMjOnce find some users 1 ..., r} is broken, these will be broken use
Family is considered as the user that need to cancel, and cancelling the list URL of userJ={A1,...ArIt is sent to network operation
Business.Then, Virtual network operator is at URLJUpper digital signature is also broadcasted to each access point.
D. it is mutually authenticated and cipher key exchange phase
One network user i, to access network, needs at an access point APkDirect communications range in,
And follow the steps below be mutually authenticated and key exchange:
1. access point APkSelect a random number rP∈ZpAnd generate rP·g1.Next APkAccording to ECDSA-160
To rP·g1And timestamp ts1It is digitally signed.Then, APkBroadcast following message as periodically
The beacon message that declaration its service in ground exists:
rP·g1,ts1,SIGPSK{rP·g1||ts1},Certk (M1)
2. user i once receives (M1), will perform to operate as follows:
A. review time stamp ts1Effectiveness to prevent Replay Attack.Cert is checked with OPKkCarry out verification public key
Reliability and APkCertificate expiry time.Then PPK is passed throughkChecking SIGPSK{rP·g1||ts1}。
And if only if, and they are all effective, just can perform next step.
B. a random number r is selectedU∈ZpThe identity another name alias interim with one, then calculates rU·g1。
C. in information M, generate group ranking σ.Now M={alias, j, rP·g1,rU·g1,ts2}.To grouping PKI
gpkj=(g1,g2,η,u,v,wj), member keys msk [i]=(Ai,xi), and information M, group ranking σ can
Calculate according to following steps:
Randomly choose α, β ∈ Zp。
Calculate AiEncryption and (T1,T2,T3), wherein:
T1=αu,T2=βv,T3=Ai+(α+β)η (1)
δ=α x is seti,μ=βxi。
Randomly select blind value rα,rβ,rx,rδ,rμ∈Zp.Arrange
It is calculated c by above value and M:
c=H(M,T1,T2,T3,R1,R2,R3,R4,R5)
Wherein h (.) be one output range of results be ZpHash function.
Arrange: sα=rα+cα,sβ=rβ+cβ,sx=rx+cxi,sδ=rδ+cδ,sμ=rμ+cμ。
Finally, the above value obtained formation group ranking is merged:
σ=(T1,T2,T3,c,sα,sβ,sx,sδ,sμ)
D. with APkGenerate the key shared: SKk=rU·(rP·g1)。
E. clean culture replies to APk
alias,j,rP·g1,rU·g1,ts2,σ (M2)
It should be noted that the most optional AP of user ikPKI PPKkTo information { alias, j, rP·g1,rU·g1,ts2}
Encryption, then generates group ranking σ on encrypted information.Subsequently, user i is to APkClean culture has added secret letter
Breath and group ranking σ rather than information (M2).It is obvious that in this case, only Virtual network operator
And APkCan be by using APkPrivate key PSKkObtain:
{alias,j,rP·g1,rU·g1,ts2}
3. after receiving information (M2), APkFollow the steps below certification user i:
A. r is checkedP·g1And ts2Effectiveness to guarantee the freshness of (M2).
B. group PKI gpk is selected according to index jj, then carry out group ranking verification operation.First recalculate
Challenger c, then reconstructs according to following steps
Arrange
Arrange
And if only if, and c is equal toTime accept this information.
C. select to cancel user list URL according to index jj, perform the most as follows to cancel inspection:
Labelling A is cancelled for eachi∈URLj, APkCheck AiWhether by the (T of σ1,T2,T3) coding.
Check whether equation is set up:
Because
Without coding from (T1,T2,T3) URL cancel labelling, then the signer of σ is not revoked.
If all above inspections are all successful, APkAccess request will be considered as effectively and without authorized user
Change, and make user and established a shared symmetric key SKkConclusion.Although APkDo not know
Road this be which user actually.It should be noted that UIDiIt is never during agreement is run
Compromised or propagation.
4.APkUtilize (rU·g1,rP) information, calculate and share symmetric key SKk=rP·(rU·g1) and send following information
(M3) user i is given:
Wherein EK(X) information X has been encrypted with symmetric key K.
5., after have received (M3), user i deciphering also verifies SK with symmetric keyk.If being (M3) effective,
User i will be considered that APkEstablish a shared key with him/her.Otherwise, user i can refuse link.
Above agreement not only make between an access point and a legitimate network user be explicitly mutually authenticated can
OK, monolateral user anonymity user checking is also made to be possibly realized.Once agreement is successfully completed, access point
And a shared symmetric key between user, can be set up.This key can be used for communication meeting backward
Words.This session is by (alias, APk,rU·g1) uniquely identified.
The computing cost of one access point digital signature of checking is mainly by 13 scalar multiplication (scalar
Multiplications, lower with) and 5 pairings (pairing, lower together) operate and cause.Obviously, wherein
The computing cost of matching operation is far above the expense of scalar multiplication operation.
E. batch signature Qualify Phase
Calculate R3It it is the part expending most resource in proof procedure.Because each R3All it is hashed in checking equation
If the most not contemplating and being relatively difficult to see this and can be batch processing.Arrange
σ=(T1,T2,T3,R3,c,sα,sβ,sx,sδ,sμ).It is to say, R3A part as σ is transmitted.Build in system
In the vertical stage, NO selects a random number ε ∈ Zp, and ε (as a part for group's PKI) is transferred to each
Individual group manager and each AP.Arrange
Here < M1,σ1>,<M2,σ2>,...,<Mn,σn> represent n the different user coming from same customer group respectively
U1,U2,...,UnThe access request information being labeled as.APkCheck whether below equation is set up:If this equation is set up, then APkCheck below equation
Whether set up:Therefore, check for current, APkOnly need to check whether below equation is set up:
More than criticizing checking equation is to set up, and reason is:
All signature sigma1,σ2,...,σnWhen two above that and if only if checks all correct just effectively.Test in above-mentioned criticizing
In card equation, verify that n the calculation consumption signed is essentially from 2 pairings and 13n scalar multiplication operation.
Thus this dramatically reduces checking and sign the time consumed in a large number, decrease simultaneously and tested by AP signature
Demonstrate,prove the disconnecting rate that this potential bottleneck problem is caused.Should be noted that proposed method inherits
All security features of short group ranking (SGS) technology, additionally, the method also supports batch checking.
If batch checking returns a negative value, it will use " dividing and rule " method of a recurrence.Namely
Say, simply set is divided into two equal portions, then these two equal portions is verified the most again.When this process
At the end of, AP exports the index of each invalid signature.It is contemplated herein, that: the probability that invalid bag occurs is the least
's.
F. the user tracking stage
When authority of law wants to follow the trail of the user being responsible for ad-hoc communication session, following step will be carried out:
1. Virtual network operator is based on link and session identification, finds corresponding session authentication to believe from network log file
Breath (M2).
2. Virtual network operator is first three element (T of group ranking σ1,T2,T3) it is considered as a linear encryption, and use group's private key
(s1,s2) obtain the A of useri, as shown in equation (3).Then Virtual network operator is reported to authority of law
(Ai,j)。
Ai=T3-(s1·T1+s2·T2) (3)
Because:
T3-(s1·T1+s2·T2)=Ai+(α+β)η-(s1·T1+s2·T2)
=Ai+α·η+β·η-s1·α·u-s2·β·v=Ai
Authority of law is to customer group manager GMjSend Ai。GMjRecord (A can be checkedi,UIDi) find correspondence
Identity UIDi, then UIDiReply to authority of law.In this step, only authority of law can be by network
Operator and the gerentocratic help of customer group, confirm the user need to being responsible for ad-hoc communication session in examination.
Relevant technical term is as follows:
g2Represent G2Stochastic generation unit;
G1Represent circled addition group 1;
G2Represent circled addition group 2;
GTRepresent and G1And G2Have the circulation multiplicative group of same Prime Orders;
ψ represents from G2To G1Isomorphism map;
Gsk represents group private key;
grpiRepresent the identity of group manager i;
GMjRepresent group manager j;
ZpRepresent less than or be equal to the integer field of p;
(OPK, OSK) represents the public private key-pair that Virtual network operator digital signature uses;
(PPKk,PSKk) represent that Virtual network operator gives the public private key-pair of each access point;
UIDiRepresent the identity of user i;
Msk [i] represents the member keys of member i;
Represent computable bilinear map G1×G2→GT。
Above-described embodiment is the present invention preferably embodiment, but embodiments of the present invention are not by above-mentioned reality
Execute the restriction of example, the change made under other any spirit without departing from the present invention and principle, modification,
Substitute, combine, simplify, all should be the substitute mode of equivalence, within being included in protection scope of the present invention.
Claims (3)
1. one kind can accountability and the Radio Access Network authentication method of secret protection, it is characterised in that include with
Lower step:
Step 1, customer group manager register at Virtual network operator, and Virtual network operator generates group's private key and portion
Hive off PKI, and partial group PKI is issued customer group manager;Customer group manager is according to partial group PKI
Issuing Virtual network operator after generating group's PKI and group's PKI, Virtual network operator is receiving at customer group manager
The group's public key broadcasts arrived is to access point;
Step 2, user and customer group manager contact to be authenticated, and customer group manager will be sent to use
In member keys and group's PKI of access network, now user is successfully joined customer group, becomes user in group;
If step 3 finds that user is broken, then customer group manager will be broken user these and be considered as removing
The user of pin, and the list list cancelling user is sent to Virtual network operator, Virtual network operator is by described name
Singly it is broadcast to access point, described in cancelling, is broken user;
Step 4, access point communication range in user and described access point carry out being mutually authenticated and key exchange
After, set up the symmetric key shared, described symmetric key is used for communication session, and now user is successfully accessed nothing
Gauze network;
Step 5, having two or more signatures at access point when needing certification, these are signed by access point
Carry out batch signature checking;
If step 6 authority of law needs to follow the trail of the user being responsible for ad-hoc communication session, only need to be from network operation
Obtain group's private key at business, and at customer group manager, obtain the member to the user that ad-hoc communication session is responsible for
Key and the mapping pair of subscriber identity information, utilize group's private key of described acquisition to determine specific with mapping pair
The user that communication session is responsible for;
Described step 4 comprises the following steps:
1. access point periodically broadcasts the beacon message with this access point digital signature, connects described in representing
Access point is in service state;
2. after user receives described beacon message, according to the described beacon message proving time stamp effectiveness, connect
The certificate expiry time of access point and the verity of the PKI of access point;If the effectiveness of timestamp, access point
Certificate expiry time or any one of verity of PKI not verified, then user refuses link and receives letter
Access point corresponding to mark information;If the certificate expiry time of the effectiveness of timestamp, access point and access
The verity of the PKI of point is all by checking, then user generates solicited message, and utilizes the member of oneself close
Key carries out group ranking to it, and clean culture replies to access point;
3., after access point receives the solicited message that step that user sends is 2. described, the freshness of information is first checked,
Reexamine whether this user is present in the list list cancelling user;If existing, then refuse link;Otherwise,
It is calculated the symmetric key shared with user and sends response message to user;
4. user receive step 3. described in the information sent of access point after, verify whether this information has
Effect, if information is invalid, then refuses link;Otherwise, establish the link.
The most according to claim 1 can accountability and the Radio Access Network authentication method of secret protection, its
Being characterised by, described step 6 comprises the following steps:
A, authority of law require that Virtual network operator follows the trail of, with customer group manager, the use being responsible for ad-hoc communication session
Family;
B, Virtual network operator, based on network linking and session identification, find corresponding meeting from network log file
Words authentication information;
First three element of digital signature in session authentication information described in step B is entered by C, Virtual network operator
Line linearity is encrypted, and obtains the member keys of this user with group's private key;Hereafter, net operation business is obtaining
The member keys of this user report to authority of law;
D, authority of law send the member keys obtained at Virtual network operator to customer group manager;
E, customer group manager are according to the member keys obtained at authority of law, close the member of oneself storage
The mapping pair of key and subscriber identity information is searched, and the subscriber identity information found is replied to authority of law.
3. one kind realize described in claim 1 can the Radio Access Network authentication method of accountability and secret protection
Verification System, it is characterised in that including: use in Virtual network operator, access point, customer group manager, group
Family and authority of law;Described Virtual network operator hives off PKI from customer group pipe to customer group manager's sending part
Reason person locates to receive group's PKI, and Virtual network operator also broadcasts group's PKI to access point;Access point enters with user in group
Row is mutually authenticated and exchanges with key, and in group, user also obtains the one-tenth for access network at customer group manager
Member's key and group's PKI;Authority of law obtains group private key at Virtual network operator, and at customer group manager
Obtain member keys and the mapping pair of subscriber identity information.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310343147.6A CN103428692B (en) | 2013-08-07 | 2013-08-07 | Can accountability and the Radio Access Network authentication method of secret protection and Verification System thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310343147.6A CN103428692B (en) | 2013-08-07 | 2013-08-07 | Can accountability and the Radio Access Network authentication method of secret protection and Verification System thereof |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103428692A CN103428692A (en) | 2013-12-04 |
CN103428692B true CN103428692B (en) | 2016-08-10 |
Family
ID=49652715
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310343147.6A Active CN103428692B (en) | 2013-08-07 | 2013-08-07 | Can accountability and the Radio Access Network authentication method of secret protection and Verification System thereof |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103428692B (en) |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR102281019B1 (en) * | 2014-09-18 | 2021-07-26 | 삼성전자주식회사 | Electronic device and method for processing data in electronic device |
CN105406970B (en) * | 2015-10-21 | 2019-03-12 | 浪潮电子信息产业股份有限公司 | Method and device, the method and device of verifying signature of signature |
CN109963282B (en) * | 2019-03-28 | 2022-07-26 | 华南理工大学 | Privacy protection access control method in IP-supported wireless sensor network |
CN113329019B (en) * | 2021-05-28 | 2022-08-16 | 南京邮电大学 | Privacy-protecting infectious disease close contact person identity tracking method |
CN114362933A (en) * | 2021-12-16 | 2022-04-15 | 国网河北省电力有限公司信息通信分公司 | Credible authentication method for data source under power Internet of things environment |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1833222A1 (en) * | 2006-03-10 | 2007-09-12 | Abb Research Ltd. | Access control protocol for embedded devices |
CN101335625A (en) * | 2007-06-25 | 2008-12-31 | 株式会社日立制作所 | Batch verification device, program and batch verification method |
-
2013
- 2013-08-07 CN CN201310343147.6A patent/CN103428692B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1833222A1 (en) * | 2006-03-10 | 2007-09-12 | Abb Research Ltd. | Access control protocol for embedded devices |
CN101335625A (en) * | 2007-06-25 | 2008-12-31 | 株式会社日立制作所 | Batch verification device, program and batch verification method |
Non-Patent Citations (2)
Title |
---|
A unique batch authentication protocol for vehicle-to-grid communications;H. Guo等;《IEEE Transactions on Smart Grid》;20111231;第2卷(第4期);707-714 * |
无线网络安全的关键技术研究;何道敬;《浙江大学2012年博士毕业论文》;20121231;55-68 * |
Also Published As
Publication number | Publication date |
---|---|
CN103428692A (en) | 2013-12-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Jia et al. | A provably secure and efficient identity-based anonymous authentication scheme for mobile edge computing | |
Li et al. | Efficient and privacy-preserving carpooling using blockchain-assisted vehicular fog computing | |
Pu et al. | An efficient blockchain-based privacy preserving scheme for vehicular social networks | |
CN110084068B (en) | Block chain system and data processing method for block chain system | |
Fan et al. | Efficient and privacy preserving access control scheme for fog-enabled IoT | |
Ogundoyin | An autonomous lightweight conditional privacy-preserving authentication scheme with provable security for vehicular ad-hoc networks | |
Mahmood et al. | An enhanced anonymous identity‐based key agreement protocol for smart grid advanced metering infrastructure | |
US7315941B2 (en) | Multi-certificate revocation using encrypted proof data for proving certificate's validity or invalidity | |
Feng et al. | An efficient privacy-preserving authentication model based on blockchain for VANETs | |
Feng et al. | P2BA: A privacy-preserving protocol with batch authentication against semi-trusted RSUs in vehicular ad hoc networks | |
CN111211892B (en) | Anti-quantum computing internet-of-vehicle system based on secret sharing and identity cryptography and authentication method thereof | |
US20130312072A1 (en) | Method for establishing secure communication between nodes in a network, network node, key manager, installation device and computer program product | |
CN103618995A (en) | Position privacy protection method based on dynamic pseudonyms | |
Riley et al. | A survey of authentication schemes for vehicular ad hoc networks | |
CN103428692B (en) | Can accountability and the Radio Access Network authentication method of secret protection and Verification System thereof | |
CN105493438A (en) | A method and apparatus for anonymous authentication on trust in social networking | |
CN107493165A (en) | A kind of car networking certification and cryptographic key negotiation method with strong anonymity | |
Wang et al. | A practical authentication framework for VANETs | |
Sur et al. | An efficient and secure navigation protocol based on vehicular cloud | |
Hu et al. | Efficient HMAC-based secure communication for VANETs | |
He et al. | An accountable, privacy-preserving, and efficient authentication framework for wireless access networks | |
Yang et al. | EBAA: An efficient broadcast authentication scheme for ADS-B communication based on IBS-MR | |
Gong et al. | A data privacy protection scheme for Internet of things based on blockchain | |
Daza et al. | Cryptographic techniques for mobile ad-hoc networks | |
Zhang et al. | Multi‐authority attribute‐based encryption scheme with constant‐size ciphertexts and user revocation |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |