CN103796199B - Authenticable asymmetrical group secret key negotiation method in mobile unbalanced network - Google Patents

Abstract

The invention relates to an authenticable asymmetrical group secret key negotiation scheme in a mobile unbalanced network. The scheme comprises the steps that signature and authentication of group members are carried out, group members negotiate an asymmetrical shared secret key, and consistency verification of the shared secret key is carried out. According to the signature and authentication, a short signature mechanism of mobile equipment in a network is achieved by adopting a bilinear mapping technology, and members of mobile groups provide identify authentication by using the signature before the group secret key is negotiated to defense active attack of adversaries. According to step that the group members negotiate the asymmetrical shared secret key, all mobile equipment in the mobile unbalanced network negotiates a pair of asymmetrical group communication encryption/decryption secret keys, and members outside the group can send secret messages to members inside the group by encrypting the secret messages through a public key without the necessary of joining the group. According to the consistency verification of the shared secret key, after the group members negotiate the group secret key, the accuracy and the consistency of the calculated group secret key can be guaranteed. According to the authenticable asymmetrical group secret key negotiation scheme in the mobile unbalanced network, when secret communication is carried out among mobile group equipment in the mobile network environment, safe communication among the group equipment can be guaranteed, energy consumption of calculation and communication is quite low, and good flexibility, safety and practicability are achieved.

Description

Can the secret key machinery of consultation of the asymmetric group of certification in mobile unbalanced network

Technical field

The secret key negotiation scheme of safe group under the present invention relates to a kind of mobile network environment, particularly under a kind of mobile unbalanced network environment can the secret key negotiation scheme of the asymmetric group of certification, belong to network communication security fields.

Background technology

The cryptographic system design of a lot of complexity all depends on existing hidden passageway between communication in many ways. group key agreement (group key agreement, GKA) main purpose of Protocol Design is for two or more group member provides the hidden passageway of a safety, be widely used in cooperated computing and Distributed Calculation field, as Secure calculates, file-sharing and distribution, video conference and group chat system. briefly, GKA agreement is for group member consults to calculate a common key by mutual exchange message in open network environment, this key adds the secret key of encryption and decryption as group member transmission of information. because this decruption key only has group internal member to know, so only have group member can decrypt the encryption secret key ciphertext of encrypting.

Authenti-cated key agreement protocol requirement group member provides reliable proof of identification when key agreement, the member only having identity legal can participate in group key agreement, guarantee that any member outside group can not participate in group key agreement, even active attack person is no exception.The GKA of certification can resist positive attack, be an important indicator of GKA research.

In the applied environment of reality, group key agreement is as public key encryp, any one member may be a potential information publisher, not only be confined to group internal personnel and utilize this safe lane exchange message, outside group, member also may utilize this channel to send classified information to this group.Traditional study limitation could send secret information each other in group internal member.Asymmetric group key agreement (asymmetric group key agreement, ASGKA) scheme allows group member to consult a common common encryption key, not only can make mutual exchange secret information between group member with this PKI, group outsider can also be made to issue secret information to group member.

In mobile radio network, the topological structure that network is unstable, group member adds or exits group comparatively frequently, and the secret key of static group is consulted not to be suitable for mobile wireless network environment.Dynamic GKA agreement has better flexibility and practicality.

The secret key of group in view of research is at present consulted, its amount of calculation and the traffic are not suitable for more greatly in the mobile unbalanced network environment of energy constraint, in existing technology also not about in mobile unbalanced network environment can the secret key negotiation scheme of the asymmetric group of certification.

Summary of the invention

The object of the invention is the feature for mobile unbalanced network, there is provided a kind of be applicable under this environment can the secret key negotiation scheme of the asymmetric group of certification, in mobile unbalanced network, set up a kind of safe hidden passageway between various mobile device, ensure the secure communication between group.Consult for adapting to the secret key of group under mobile unbalanced network environment, the present invention adopt two-wire mapping techniques realize can certification, dynamic, asymmetric group key agreement.The program makes group member have to pass through signature authentication before negotiation cluster conversation key, and while each participation member obtains the cluster conversation key of negotiation, can calculate group's PKI that cluster conversation double secret key is answered, to realize asymmetric encryption secure communication.Consider the dynamic of group member, scheme adopts single group member to change cryptographic key factor and realizes dynamically updating of group key, so that exiting of group member and adding of newcomer.

Technical scheme of the present invention is: can the secret key machinery of consultation of the asymmetric group of certification in mobile unbalanced network, adopt bilinear map to realize horde group membership in mobile unbalanced network to consult to set up the secret key of asymmetric cluster conversation shared for a pair, its step is as follows:

(1) signature of group member and certification;

(2) group member consults asymmetrical shared secret key;

(3) consistency checking of secret key is shared;

Signature and the certification of the middle group member of described step (1) are:

1. group member U _i(1≤i≤n-1) long-term private sk _iand PKI pk _igeneration;

2. group member U _ishort signature algorithm;

3. comparatively macro-energy node U _nby group member U _ithe short label provided are to verify each member U _iidentity;

In described step (2), the asymmetrical shared secret key of group member negotiation is:

1. group member U _isecret key parameter required in the secret key negotiations process of (1≤i≤n-1) Stochastic choice group, and this secret key parameter is signed, these secret key parameters and signature are sent to comparatively macro-energy node U _n;

2. comparatively macro-energy node U _ncertification group member U _iidentity, these secret key parameters and signature are sent to group member U by and the secret key parameter that Stochastic choice is relevant, and the signature of this secret key parameter _i(1≤i≤n-1);

3. comparatively macro-energy node U _ncalculate each member U _isecret key parameter, and these secret key parameters are combined into a pair secret key of asymmetrical shared group together with the secret key parameter of oneself random selecting;

4. each member U _ireceive U _nsend signature and secret key parameter after, to U _ncarry out authentication, and by U _nthe secret key parameter sent goes out a pair secret key of asymmetrical shared group together with the secret key calculation of parameter of oneself;

The consistency checking sharing secret key in described step (3) is:

1. whether the secret key of group of group each Member Authentication negotiation is consistent, and whether the secret key of group of calculating is identical.

Can the secret key machinery of consultation of the asymmetric group of certification in described mobile unbalanced network, adopt bilinear map technology to realize short signature and authentication; The secret key of group is consulted to realize asymmetry, negotiates a pair asymmetrical group encryption/decipher secret key; By group key agreement step, realize the confidential corespondence between group member:

Encryption: any message sends member selection d=tg is calculated with the group's PKI consulted ₁, then the ciphertext c=< δ of broadcast enciphering message, η >;

Deciphering: each member receives ciphertext c=< δ, after η >, obtains clear-text message with negotiation group private key dk decrypting ciphertext $m=\mathrm{\&eta;}\&CirclePlus;H_2\left(e(\mathrm{\&delta;},\mathrm{dk})\right).$

1. method of the present invention proposes based on Bilinear Groups theory, is summarized as follows theoretical foundation of the present invention:

A) Bilinear Groups

First provide the definition of bilinear map, suppose G ₁, G ₂module, G ₃multiplicative group, and G ₁, G ₂and G ₃on discrete logarithm be difficult, group G ₁and G ₂a pair Bilinear Groups, if G ₁=<g ₁>, G ₂=<g ₂> and G ₃the cyclic group of prime number q that to be rank be, g ₁to G ₂isomorphism namely map e is computable mapping, e:G ₁× G ₂→ G ₃,

Character 1 bilinearity, to all g ₁∈ G ₁, g ₂∈ G ₂, and there is e (ag ₁, bg ₂)=e (g ₁, g ₂) ^ab;

Character 2 non-degeneracy, i.e. e (g ₁, g ₂) ≠ 1;

, there is effective algorithm, for g in character 3 computability ₁∈ G ₁, g ₂∈ G ₂e (g can be calculated ₁, g ₂).

For above definition, we can define following double linear problems of difficulty for solving:

1) discrete logarithm problem. establish g ₁, g ₁' ∈ G ₁, find an integer a and make g ₁'=ag ₁;

2) Bilinear Inverse Diffe-Hellman (BIDH) problem. suppose a tlv triple (g ₁, ag ₁, bg ₁) ∈ G ₁, for arbitrarily $a,b\&Element;Z_q^{*},$ Calculate

3) Decisional Bilinear Diffe-Hellman (D-BDH) problem. suppose a four-tuple (g ₁, ag ₁, bg ₁, cg ₁) ∈ G ₁, for arbitrarily judge whether c=ab mod q.

2. asymmetric definition:

A group key agreement agreement Π is asymmetrical, if this key agreement successfully terminates, and has or wherein be any two respectively and participate in key agreement member u _k, u _j, the public/private key pair of the group that (k ≠ j) calculates.

3. the secret key negotiation scheme of group

A) the public/private secret key pair that the scheme proposed needs three-wheel information exchange to share to consult group, supposes and pk _i(pk _i=sk _ig ₁) be group member U _ithe long-term private of (1≤i≤n) and long-term PKI.The secret key of group is consulted as follows:

1) first, each low-yield node member U _i(1≤i≤n-1) chooses any two random numbers and calculate R _i=r _ig ₁, T _i=(m _i+ sk _i/ r _i) g ₁, M _i=m _ipk _n, then U _iby message (U _i, R _i, T _i, M _i) the node U that sends to energy higher _n(1≤i≤n-1).

2) high-energy node U _nreceive each low-yield node U _imessage (the U sent _i, R _i, T _i, M _i) after (1≤i≤n-1), U _nchecking equation whether set up, if each equation is set up, U _nmessage (U can be determined _i, R _i, T _i, M _i) (1≤i≤n-1) be member U _isent.Then U _nstochastic choice two number and calculate R _n=r _ng ₁, T _n=(m _n+ sk _nr _n) g ₁, $\mathrm{PK}=\underset{i=1}{\overset{n-1}{\mathrm{\&Sigma;}}}{\mathrm{pk}}_i,\mathrm{RT}=\underset{i=1}{\overset{n-1}{\mathrm{\&Pi;}}}e(R_i,T_i),$ P=m _nPK， $Q={\mathrm{RT}}^{m_n^2},$ u _nby these message (U _n, X ₁, X ₂..., X _n-1, R _n, T _n, Q, P) and be broadcast to the low node of energy, U _ngroup can be calculated and share PKI ek=(Q, P), f _n=m _ng ₁private key is shared with group

3) each member U _j(1≤j≤n-1) receives U _nbroadcast after, checking equation whether set up, if equal, then U _jmessage (U can be determined _n, X ₁, X ₂..., X _n-1, R _n, T _n, RT, PK) and be U _nsent.Then each member U _j(1≤j≤n-1) calculates group and shares PKI ek=(Q, P), private key is shared with group $\mathrm{dk}=e(f_j,\underset{j=1}{\overset{n-1}{\mathrm{\&Sigma;}}}{X}_j)=e(m_n{g}_1,\underset{j=1}{\overset{n-1}{\mathrm{\&Sigma;}}}{X}_j).$

4) all group members calculate after group shares PKI and group's private key, checking equation e (P, f _j) whether dk=Q sets up, if equation is set up, ek and dk that all members calculate is correct, and PKI is shared by the group that all members calculate and group's private key has consistency.

4 group member exit protocols

A) when certain member of group or few members exit group, in order to ensure the secure communication between group, upgrading the secret key of original group and being necessary, supposing the low-yield mobile node of part exit group, group member exit protocol is as follows:

1) the node U exited is about to _i(j+1≤i≤n-1) notifies U _nthey want to exit group;

2) U _nupgrade group member set $\stackrel{\&OverBar;}{U}=\{U_1,...U_{i-1},U_{i+1},...,U_n\},$

3) U _nchoose arbitrarily two random numbers be calculated as follows parameter: R' _n=r ' _ng ₁, T ' _n=(m' _n+ sk _nr ' _n) g ₁, ${\mathrm{PK}}^{\&prime;}=\underset{1\&le;j\&le;n-1,j\&NotEqual;i}{\mathrm{\&Sigma;}}{\mathrm{pk}}_j,{\mathrm{PT}}^{\&prime;}=\underset{1\&le;j\&le;n-1,j\&NotEqual;i}{\mathrm{\&Pi;}}e(R_j,T_j),$ P'=m' _nPK'， $Q^{\&prime;}={\left({\mathrm{RT}}^{\&prime;}\right)}^{m_n^{\&prime;2}},$ then U _nbroadcast parameter (U _n, X ' ₁, X' ₂..., X ' _i-1, X ' _i+1..., X' _n-1, R' _n, T ' _n, Q', P') and to other member of group.U _ngroup can be calculated and share PKI ek'=(Q', P') and f ' _n=m' _ng ₁private key is shared with group ${\mathrm{dk}}^{\&prime;}=e(f_n^{\&prime;},\underset{1\&le;j\&le;n-1,j\&NotEqual;i}{\mathrm{\&Sigma;}}{X}_j^{\&prime;});$

4) other member of group receives U _nbroadcast after, each member U _j(1≤j ≠ i≤n-1) verifies equation whether set up.If this equation is set up, then each member U _jmessage (U can be guaranteed _n, X ' ₁, X' ₂..., X ' _i-1, X ' _i+1..., X' _n-1, R' _n, T ' _n, Q', P') and be U _nsent.Then U _j(1≤j ≠ i≤n-1) can calculate pKI ek'=(Q', P') shares in group and private key is shared by group ${\mathrm{dk}}^{\&prime;}=e(f_j^{\&prime;},\underset{1\&le;j\&le;n-1,j\&NotEqual;i}{\mathrm{\&Sigma;}}{X}_j^{\&prime;})=e(m_n^{\&prime;}{g}_1,\underset{1\&le;j\&le;n-1,j\&NotEqual;i}{\mathrm{\&Sigma;}}{X}_j^{\&prime;});$

5) all group members calculate after group shares PKI and group's private key, checking equation e (P', f ' _j) whether dk'=Q' set up.If equation is set up, ek' and dk' that all members calculate is correct, and PKI is shared by the group that all members calculate and group's private key has consistency.

5 group members add agreement

When having newcomer or part newcomer will add existing group, existing group should give the new member secret key information of group that provide fair, and should guarantee any member of newly arriving can not calculate group before shared private key.Suppose the new low-yield mobile node of part for adding existing group, suppose the U of newly added node _klong-term private and the long-term PKI of (n+1≤k≤l) are respectively and pk _k(pk _k=sk _kg ₁), it is as follows that group member adds agreement:

1) U _nupgrade new group member set

2) newcomer its identity information is sent to node U _n, choose arbitrarily two random number m _k, and calculate R _k=r _kg ₁, T _k=(m _k+ sk _k/ r _k) g ₁, M _k=m _kpk _n, then each newcomer U _ksend message (U _k, R _k, T _k, M _k) to U _n;

3) U _nreceive the message (U of each newly added node _k, R _k, T _k, M _k) after (n+1≤k≤l), U _nchecking equation whether set up, if this equation is set up, U _nmessage (U can be guaranteed _k, R _k, T _k, M _k) (n+1≤k≤l) be U _ksent.Then U _nchoose arbitrarily two random numbers and calculate R " _n=r " _ng ₁, T " _n=(m " _n+ sk _n/ r " _n) g ₁, p "=m " _n(PK+PK "), $Q^{\&prime;\&prime;}={(\mathrm{RT}+{\mathrm{RT}}^{\&prime;\&prime;})}^{m_n^{\&prime;\&prime;2}},X_i^{\&prime;\&prime;}=m_n^{\&prime;\&prime;}{\mathrm{sk}}_n^{-1}{M}_i(1\&le;i\&le;l,i\&NotEqual;n),$ U _nbroadcast (U _n, X " ₁, X " ₂..., X " _n-1, X " _n+1..., X " ₁, R " _n, T " _n, Q ", P ") is to all members of group internal.U _ncalculate f " _n=m " _ng ₁, PKI ek "=(Q " shares in group, and private key is shared by P ") and group

4) each member U of group internal _i(1≤i≤l, i ≠ n) receives U _nbroadcast after, checking equation whether set up, if this equation is set up, member U in group _i(1≤i≤l, i ≠ n) can guarantee message (U _n, X " ₁, X " ₂..., X " _n-1, X " _n+1..., X " _l, R " _n, T " _n, Q ", P ") is U _nsent.Each U _i(1≤i≤l, i ≠ n) can calculate f " _i, PKI ek "=(Q " shares in group, and private key is shared by P ") and group

5) all group members calculate after group shares PKI and group's private key, checking equation e (P ", f " _i) whether dk "=Q " set up.If equation is set up, the ek " and dk " that all members calculate is correct, and PKI is shared by the group that all members calculate and group's private key has consistency.

6 community secret communications

For any clear-text message m ∈ M ^*(M ^*: expressly space), have arbitrarily group and share the group member U that private key dk shares in PKI ek and group _j(1≤j≤n) can be done as follows:

Encrypting messages sender chooses random number arbitrarily and calculate then cipher-text message c=< δ, η > is broadcast to group member;

Other member of decrypt group receives cipher-text message c=< δ, and after η >, any member's available groups is shared private key dk and decrypted clear-text message $m=\mathrm{\&eta;}\&CirclePlus;H_2\left(e(\mathrm{\&delta;},\mathrm{dk})\right).$

The invention has the beneficial effects as follows: the solution of the present invention comprises confirmability, the secret key of asymmetry and the group more New Deal that the secret key of group is consulted.Confirmability, adopts bilinear map technology to realize the short signature mechanism of mobile device in network, and horde group membership carries out providing authentication with this signature, in case the active attack of hand of resisting the enemy before the secret key of group is consulted again; Asymmetry, in mobile unbalanced network, each mobile device negotiates a pair secret key of asymmetrical group communication encrypt/decrypt, makes the member's available public key secret encryption information outside group send to crowd internal members, and need not add among group; The secret key of cluster conversation upgrades, and when some group member exits or adds this group, the secret key of group needs to upgrade, to ensure the freshness of the secret key of group.The present invention between mobile group device during confidential corespondence, can ensure the secure communication between group device in mobile network environment, calculate and communication energy consumption lower, and there is good flexibility, fail safe and practicality.

Accompanying drawing explanation

Fig. 1 is mobile unbalanced network structure chart;

Fig. 2 is the secret key negotiations process of the mobile asymmetric group of unbalanced network environment.

Embodiment

In present embodiment, non-equilibrium mobile network is made up of a high-energy node and multiple low-yield node, as shown in Figure 1.The resource-constrained of low-yield node, its amount of calculation of the least possible minimizing and the traffic.High-energy node has more resource, its amount of calculation and traffic sharing low-yield node as much as possible.The secret key of group is consulted to be divided into two stages: one is the authentication before consulting, and two is that the secret key of group is consulted.

As shown in Figure 2, present embodiment realizes mobile unbalanced network according to following steps and can consult by the secret key of the asymmetric group of certification.

1. the signature of group member and certification

A) initialization of system is carried out

Suppose that there are 8 member U in group _i(1≤i≤8), wherein U ₈be a high-energy node, and pk _i(pk _i=sk _ig ₁) be group member U _ithe long-term private of (1≤i≤8) and long-term PKI.

B) each low-yield node member U _i(1≤i≤7) choose any two random numbers and calculate R _i=r _ig ₁, T _i=(m _i+ sk _i/ r _i) g ₁, M _i=m _ipk ₈, then U _iby message (U _i, R _i, T _i, M _i) the node U that sends to energy higher ₈(1≤i≤n-1).(note: realize low-yield node signature process).

C) U ₈receive each low-yield node U _imessage (the U sent _i, R _i, T _i, M _i) after (1≤i≤7), U ₈checking equation whether set up, if each equation is set up, U ₈message (U can be determined _i, R _i, T _i, M _i) (1≤i≤7) be member U _isent.(note: realize high-energy node and verification process is carried out to the low-yield node participating in group's secret key negotiation).

2. group member consults asymmetrical shared secret key

A) can carry out with step 1 simultaneously, first, each low-yield node member U _i(1≤i≤7) choose any two random numbers and calculate R _i=r _ig ₁, T _i=(m _i+ sk _i/ r _i) g ₁, M _i=m _ipk ₈, then U _iby message (U _i, R _i, T _i, M _i) the node U that sends to energy higher ₈(1≤i≤n-1).

B) high-energy node U ₈receive each low-yield node U _imessage (the U sent _i, R _i, T _i, M _i) after (1≤i≤7), U ₈checking equation whether set up, if each equation is set up, U ₈message (U can be determined _i, R _i, T _i, M _i) (1≤i≤7) be member U _isent.Then U ₈stochastic choice two number and calculate R ₈=r ₈g ₁, T ₈=(m ₈+ sk ₈/ r ₈) g ₁, $\mathrm{PK}=\underset{i=1}{\overset{7}{\mathrm{\&Sigma;}}}{\mathrm{pk}}_i,\mathrm{RT}=\underset{i=1}{\overset{7}{\mathrm{\&Pi;}}}e(R_i,T_i),$ P=m ₈PK， $Q={\mathrm{RT}}^{m_n^2},$ u ₈by these message (U ₈, X ₁, X ₂..., X ₇, R ₈, T ₈, Q, P) and be broadcast to the low node of energy.U ₈group can be calculated and share PKI ek=(Q, P), f ₈=m ₈g ₁private key is shared with group

C) each member U _j(1≤j≤7) receive U ₈broadcast after, checking equation whether set up, if equal, then U _jmessage (U can be determined ₈, X ₁, X ₂..., X ₇, R ₈, T ₈, RT, PK) and be U ₈sent.Then each member U _j(1≤j≤7) calculate group and share PKI ek=(Q, P), private key is shared with group $\mathrm{dk}=e(f_j,\underset{j=1}{\overset{n-1}{\mathrm{\&Sigma;}}}{X}_j)=e(m_8{g}_1,\underset{j=1}{\overset{n-1}{\mathrm{\&Sigma;}}}{X}_j).$

3. share the consistency checking of secret key

A) all group members calculate after group shares PKI and group's private key, checking equation e (P, f _j) whether dk=Q set up.If equation is set up, ek and dk that all members calculate is correct, and PKI is shared by the group that all members calculate and group's private key has consistency.

Communication process is as follows:

ek=(Q,P) ek=(Q,P)

$\begin{array}{cc}\mathrm{dk}=e(f_j,\underset{j=1}{\overset{n-1}{\mathrm{\&Sigma;}}}{X}_j)=e(m_8{g}_1,\underset{j=1}{\overset{n-1}{\mathrm{\&Sigma;}}}{X}_j)& \mathrm{dk}=e(f_8,\underset{i=1}{\overset{7}{\mathrm{\&Sigma;}}}{X}_i)\end{array}$

Consulted by the secret key of this cluster conversation, what group internal member can be safe carries out confidential corespondence.

In order to content of the present invention and implementation method are described, give a specific embodiment.The object introducing details is not in an embodiment the scope of restriction claims, but helps to understand the method for the invention.One skilled in the art should appreciate that: in the spirit and scope not departing from the present invention and claims thereof, to the various amendments of most preferred embodiment step, change or to replace be all possible.Therefore, the present invention should not be limited to the content disclosed in most preferred embodiment and accompanying drawing.

Claims (1)

1. moving in unbalanced network can the secret key machinery of consultation of the asymmetric group of certification, it is characterized in that: adopt bilinear map to realize horde group membership in mobile unbalanced network and consult to set up the secret key of asymmetric cluster conversation shared for a pair, its step is as follows:

(1) signature of group member and certification;

(2) group member consults asymmetrical shared secret key;

(3) consistency checking of secret key is shared;

Signature and the certification of the middle group member of described step (1) are:

1. group member U _i(1≤i≤n-1) long-term private sk _iand PKI pk _igeneration;

2. group member U _ishort signature algorithm;

3. comparatively macro-energy node U _nby group member U _ithe short label provided are to verify each member U _iidentity;

In described step (2), the asymmetrical shared secret key of group member negotiation is:

1. group member U _isecret key parameter required in the secret key negotiations process of (1≤i≤n-1) Stochastic choice group, and this secret key parameter is signed, these secret key parameters and signature are sent to comparatively macro-energy node U _n;

2. comparatively macro-energy node U _ncertification group member U _iidentity, these secret key parameters and signature are sent to group member U by and the secret key parameter that Stochastic choice is relevant, and the signature of this secret key parameter _i(1≤i≤n-1);

3. comparatively macro-energy node U _ncalculate each member U _isecret key parameter, and these secret key parameters are combined into a pair secret key of asymmetrical shared group together with the secret key parameter of oneself random selecting;

4. each member U _ireceive U _nsend signature and secret key parameter after, to U _ncarry out authentication, and by U _nthe secret key parameter sent goes out a pair secret key of asymmetrical shared group together with the secret key calculation of parameter of oneself;

The consistency checking sharing secret key in described step (3) is:

1. whether the secret key of group of group each Member Authentication negotiation is consistent, and whether the secret key of group of calculating is identical.