CN103813316A - Session key negotiation method and hierarchical wireless sensor network node authentication method - Google Patents
Session key negotiation method and hierarchical wireless sensor network node authentication method Download PDFInfo
- Publication number
- CN103813316A CN103813316A CN201210441430.8A CN201210441430A CN103813316A CN 103813316 A CN103813316 A CN 103813316A CN 201210441430 A CN201210441430 A CN 201210441430A CN 103813316 A CN103813316 A CN 103813316A
- Authority
- CN
- China
- Prior art keywords
- node
- identify label
- prime
- private key
- level
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a node session key negotiation method and a hierarchical wireless sensor network node authentication method with the above method. According to the node session key negotiation method of the invention, the session key negotiation is realized based on private keys of two nodes, the fact that the private keys of the nodes are only known by the nodes can be ensured, and an unsafe factor caused by an inherent key escrow defect in a key negotiation protocol based on identity public key cryptography is avoided.
Description
Technical field
The application relates to session cipher negotiating method and hierarchical wireless sensor network node authentication method.
Background technology
In prior art, generally give tacit consent to the entity authentication technology of wireless sensor network node security authentication mechanism directly transplanting Ad-hoc network, and mainly concentrate on the aspect such as key management and safe Routing Protocol about the security study of wireless sensor network.
But the safety certification in the various field of wireless including traditional Ad-hoc and key agreement mechanism all cannot be applicable to wireless sensor network, can not meet its application demand.
Summary of the invention
In order to solve the problems of the prior art, the application has proposed a kind of node session cryptographic key negotiation method and hierarchical wireless sensor network node authentication method.
According to the application aspect, a kind of node session cryptographic key negotiation method is provided, wherein, described node is the hierarchical structure with n layer, each node is under the jurisdiction of specific level Level
t, wherein 0≤t≤n, Level
0in node be root node, all nodes except root node all have father node, each node has identify label ID
t(1≤t≤n) and identify label string
wherein identify label string
generate according to the identify label of the identify label of this node and all father nodes
And
Root node is selected secret number at random
and the open parameter P of calculating
0=x
0p, wherein, given security parameter 1
k, G
1and G
2be that rank are the cyclic group of q, q is large prime number, G
1module, G
2multiplicative group, at G
1, G
2in solve discrete logarithm problem be difficult to resolve, P is G
1in arbitrary generator,
For bilinear map,
Generate Level
tin level, identify label is ID
tnode section private key, wherein, Level
tin level, identify label is ID
tnode be ID by identify label
t-1father node generating portion private key: calculate
then generating identify label is ID
tthe part private key D of node
t, wherein identify label is ID
t-1the part private key of father node be D
t-1, x
t-1that identify label is ID
t-1father node select random secret value, node ID
tpart private key be:
Generation identify label is ID
tthe private key S of node
t, wherein S
t=x
td
t, wherein node ID '
ksecret value
Generation identify label is ID
tthe PKI P of node
t=<X
t, Y
t>, wherein X
t=x
tp, Y
t=x
0x
tp,
Level
kidentify label in level is ID '
knode and Level
kidentify label in level is ID
tthe node method of carrying out session key agreement comprise:
(2) ID '
kcalculate respectively:
i=1,2,…,t;
(4) ID '
kcalculate and to ID
tsend:
T′
k=<U
0,U
2,U
3,…,U
t,P′
k>=<aP,aQ
2,aQ
3,…,aQ
t,P′
k>∈T
tt;
(5) ID
treceive T '
kafter, after identical check and calculating, to ID '
ksend T
t, wherein, b is ID
tthe interim secret value of random selection,
i=1,2,…,k,
T
t=<U′
0,U′
2,U′
3,…,U′
k,P
t>=<bP,bQ′
2,bQ′
3,…,bQ′
k,P
t>∈T
k;
(6) after the calculating of above formula, ID '
kwith ID
tall can calculate both sides' session key: ID '
kcalculate:
ID
tcalculate:
And both sides finally obtain session key: K=H (K '
k|| aU '
0)=H (K
t|| bU
0),
Wherein, identify label is ID '
kthe identify label string of node be
part private key is
private key is S '
k=x '
kd '
k, PKI is P '
k=<X '
k, Y '
k>, wherein X '
k=x '
kp, Y '
k=x
0x '
kp, identify label is ID
tthe identify label string of node be
Part private key is
Private key is S
t=x
td
t, PKI is P
t=<X
t, Y
t>, wherein X
t=x
tp, Y
t=x
0x
tp.
According to another aspect of the application, a kind of hierarchical wireless sensor network node authentication method is proposed, wherein, the node in hierarchical wireless sensor network adopts the node session cryptographic key negotiation method according to first aspect present invention described above to carry out session key agreement.
The application has used level key management model.Realize session key agreement based on node both sides private key, can guarantee that the private key of node only has node itself just to know, the unsafe factor of having avoided key escrow defect intrinsic in the key agreement protocol based on identity public key keyology to introduce.
Embodiment
Below the application's embodiment is elaborated.
In this application, node is the hierarchical structure with n layer, and each node is under the jurisdiction of specific level Level
t, wherein 0≤t≤n, Level
0in node be root node, all nodes except root node all have father node, each node has identify label ID
t(1≤t≤n) and identify label string
wherein identify label string
generate according to the identify label of the identify label of this node and all father nodes
And
Root node is selected secret number at random
and the open parameter P of calculating
0=x
0p, wherein, given security parameter 1
k, G
1and G
2be that rank are the cyclic group of q, q is large prime number, G
1module, G
2multiplicative group, at G
1, G
2in solve discrete logarithm problem be difficult to resolve, P is G
1in arbitrary generator,
For bilinear map,
Generate Level
tin level, identify label is ID
tnode section private key, wherein, Level
tin level, identify label is ID
tnode be ID by identify label
t-1father node generating portion private key: calculate
then generating identify label is ID
tthe part private key D of node
t, wherein identify label is ID
t-1the part private key of father node be D
t-1, x
t-1that identify label is ID
t-1father node select random secret value, node ID
tpart private key be:
Generation identify label is ID
tthe private key S of node
t, wherein S
t=x
td
t, wherein node ID '
ksecret value
Generation identify label is ID
tthe PKI P of node
t=<X
t, Y
t>, wherein X
t=x
tp, Y
t=x
0x
tp
Identify label in level is ID '
knode wish and Level
kidentify label in level is ID
tnode carry out session key agreement, wherein, identify label is ID '
kthe identify label string of node be
Part private key is
Private key is S '
k=x '
kd '
k, PKI is P '
k=<X '
k, Y '
k>, wherein X '
k=x '
kp, Y '
k=x
0x '
kp, identify label is ID
tthe identify label string of node be
part private key is
private key is S
t=x
td
t, PKI is P
t=<X
t, Y
t>, wherein X
t=x
tp, Y
t=x
0x
tp
Identify label is ID '
knode and identify label be ID
tnode to carry out the process of session key agreement as follows:
(2) ID '
kcalculate respectively:
i=1,2,…,t;
(4) ID '
kcalculate and to ID
tsend:
T′
k=<U
0,U
2,U
3,…,U
t,P′
k>=<aP,aQ
2,aQ
3,…,aQ
t,P′
k>∈T
tt;
(5) ID
treceive T '
kafter, after identical check and calculating, to ID '
ksend T
t, wherein, b is ID
tthe interim secret value of random selection,
i=1,2 ..., k,
T
t=<U′
0,U′
2,U′
3,…,U′
k,P
t>=<bP,bQ′
2,bQ′
3,…,bQ′
k,P
t>∈T
k;
(6) after the calculating of above formula, ID '
kwith ID
tall can calculate both sides' session key: ID '
kcalculate:
ID
tcalculate:
And both sides finally obtain session key: K=H (K '
k|| aU '
0)=H (K
t|| bU
0).
According to an embodiment, identify label is ID
tthe part private key of node send to father node by escape way, identify label is ID '
kthe part private key of node send to father node by escape way.
The correctness of above cryptographic key negotiation method is the establishment based on following equation:
Meanwhile, aU '
0=bU
0=abP, thus can obtain: H (K '
k|| aU '
0)=H (K
t|| bU
0).
From above process, the fail safe of this agreement be based on bilinearity to upper discrete logarithm problem, not only realized Authentication and Key Agreement, and realized perfect forward secrecy, applicable node adds and leaves than wireless sensor network more frequently.
Hierarchical sensor network is because need processing operation in net, so the function that its most important feature is nodes has level, in general have leader cluster node layer at least, the Main Function of these leader cluster nodes is to be responsible for processing in net, carries out even intrusion detection of data fusion.
The key using for hierarchical sensor network should have level, and the data communication of the node of different levels should be used different keys, to guarantee the low-power consumption of node in guaranteeing secure communication.Simultaneously network architecture; the general data that more approach application layer also require stronger to fail safe; conventionally different application all needs to have each oneself secret operation; and data link layer only need to complete common authentication and integrity protection, this also requires key to have certain level.Therefore the design of hierarchical sensor network cipher key management agreement time also should be considered the management to multiple different keys, comprise key foundation (or claiming distribution), upgrade, cancel, store and newly-increased or need to be for the certain operations of key while cancelling node.Therefore, can adopt node session cryptographic key negotiation method described above to carry out the session key agreement of the node in hierarchical wireless sensor network.
Above the application's exemplary embodiment is described.The example that it should be appreciated by those skilled in the art that above-mentioned embodiment to be only used to the object of explanation and to lift, rather than be used for limiting.Any modification of doing under all instructions in the application and claim protection range, be equal to replacement etc., all should be included in the claimed scope of the application.
Claims (3)
1. node session cryptographic key negotiation method, wherein, described node is the hierarchical structure with n layer, each node is under the jurisdiction of specific level Level
t, wherein 0≤t≤n, Level
0in node be root node, all nodes except root node all have father node, each node has identify label ID
t(1≤t≤n) and identify label string
wherein identify label string
generate according to the identify label of the identify label of this node and all father nodes
and
Root node is selected secret number at random
and the open parameter P of calculating
0=x
0p, wherein, given security parameter 1
k, G
1and G
2be that rank are the cyclic group of q, q is large prime number, G
1module, G
2multiplicative group, at G
1, G
2in solve discrete logarithm problem be difficult to resolve, P is G
1in arbitrary generator,
For bilinear map,
Generate Level
tin level, identify label is ID
tnode section private key, wherein, Level
tin level, identify label is ID
tnode be ID by identify label
t-1father node generating portion private key: calculate
then generating identify label is ID
tthe part private key D of node
t, wherein identify label is ID
t-1the part private key of father node be D
t-1, x
t-1that identify label is ID
t-1father node select random secret value, node ID
tpart private key be:
Level
kidentify label in level is ID '
knode and Level
kidentify label in level is ID
tthe node method of carrying out session key agreement comprise:
(2) ID '
kcalculate respectively:
i=1,2,…,t;
(4) ID '
kcalculate and to ID
tsend:
T '
k=<U
0, U
2, U
3..., U
t, P '
k>=<aP, aQ
2, aQ
3..., aQ
t, P '
k> ∈ T
tt; (5) ID
treceive T '
kafter, after identical check and calculating, to ID '
ksend T
t, wherein, b is ID
tthe interim secret value of random selection,
i=1,2 ..., k,
T
t=<U′
0,U′
2,U′
3,…,U′
k,P
t>=<bP,bQ′
2,bQ′
3,…,bQ′
k,P
t>∈T
k;
(6) after the calculating of above formula, ID '
kwith ID
tall can calculate both sides' session key:
ID '
kcalculate:
ID
tcalculate:
And both sides finally obtain session key: K=H (K '
k|| aU '
0)=H (K
t|| bU
0),
Wherein, identify label is ID '
kthe identify label string of node be
part private key is
private key is S '
k=x '
kd '
k, PKI is P '
k=<X '
k, Y '
k>, wherein X '
k=x '
kp, Y '
k=x
0x '
kp, identify label is ID
tthe identify label string of node be
Part private key is
Private key is S
t=x
td
t, PKI is P
t=<X
t, Y
t>, wherein X
t=x
tp, Y
t=x
0x
tp.
2. the method for claim 1, wherein identify label is ID
tthe part private key of node send to father node by escape way, identify label is ID '
kthe part private key of node send to father node by escape way.
3. hierarchical wireless sensor network node authentication method, wherein, the node in hierarchical wireless sensor network adopts session cipher negotiating method as claimed in claim 1 or 2 to carry out session key agreement.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210441430.8A CN103813316B (en) | 2012-11-07 | 2012-11-07 | Session key negotiation method and hierarchical wireless sensor network node authentication method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210441430.8A CN103813316B (en) | 2012-11-07 | 2012-11-07 | Session key negotiation method and hierarchical wireless sensor network node authentication method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103813316A true CN103813316A (en) | 2014-05-21 |
CN103813316B CN103813316B (en) | 2017-03-22 |
Family
ID=50709416
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201210441430.8A Active CN103813316B (en) | 2012-11-07 | 2012-11-07 | Session key negotiation method and hierarchical wireless sensor network node authentication method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103813316B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104917618A (en) * | 2015-06-02 | 2015-09-16 | 北京航空航天大学 | Authentication key negotiation method based on hierarchy identity basis and system |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101557587A (en) * | 2009-04-08 | 2009-10-14 | 哈尔滨工程大学 | Management method of hierarchical tree key in wireless sensor network (WSN) |
CN101699891A (en) * | 2009-10-21 | 2010-04-28 | 西安西电捷通无线网络通信有限公司 | Method for key management and node authentication of sensor network |
CN101711027A (en) * | 2009-12-22 | 2010-05-19 | 上海大学 | Method for managing dispersed keys based on identities in wireless sensor network |
EP2197146A1 (en) * | 2008-12-15 | 2010-06-16 | Sap Ag | Systems and methods for detecting exposure of private keys |
CN102006595A (en) * | 2010-12-07 | 2011-04-06 | 东南大学 | Key management method of wireless sensor network |
-
2012
- 2012-11-07 CN CN201210441430.8A patent/CN103813316B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2197146A1 (en) * | 2008-12-15 | 2010-06-16 | Sap Ag | Systems and methods for detecting exposure of private keys |
CN101557587A (en) * | 2009-04-08 | 2009-10-14 | 哈尔滨工程大学 | Management method of hierarchical tree key in wireless sensor network (WSN) |
CN101699891A (en) * | 2009-10-21 | 2010-04-28 | 西安西电捷通无线网络通信有限公司 | Method for key management and node authentication of sensor network |
CN101711027A (en) * | 2009-12-22 | 2010-05-19 | 上海大学 | Method for managing dispersed keys based on identities in wireless sensor network |
CN102006595A (en) * | 2010-12-07 | 2011-04-06 | 东南大学 | Key management method of wireless sensor network |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104917618A (en) * | 2015-06-02 | 2015-09-16 | 北京航空航天大学 | Authentication key negotiation method based on hierarchy identity basis and system |
CN104917618B (en) * | 2015-06-02 | 2018-08-14 | 北京航空航天大学 | Authentication key agreement method and system based on level identity base |
Also Published As
Publication number | Publication date |
---|---|
CN103813316B (en) | 2017-03-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104038341B (en) | A kind of cross-system of identity-based acts on behalf of re-encryption method | |
CN103986574B (en) | A kind of Tiered broadcast encryption method of identity-based | |
US10985910B2 (en) | Method for exchanging keys authenticated by blockchain | |
CN103401839B (en) | A kind of many authorization center encryption method based on attribute protection | |
CN104363218B (en) | One kind acts on behalf of re-encryption method and system based on certificate conditions | |
CN104754581B (en) | A kind of safety certifying method of the LTE wireless networks based on public-key cryptosystem | |
CN107395349A (en) | A kind of block chain network cryptographic key distribution method based on self-certified public key system | |
CN108667616A (en) | Across cloud security Verification System based on mark and method | |
CN105187205B (en) | The authentication key agreement method and negotiating system based on level identity base without certificate | |
CN106059766A (en) | Method and system for protecting condition privacy of internet of vehicles based on certificateless batch verification | |
CN109584978A (en) | Based on signature Polymeric medical health monitoring network model information processing method and system | |
CN105790941B (en) | A kind of combination key generation divided with domain and authentication method based on mark | |
CN102957536B (en) | Based on the certificate verification system CFL of mark | |
CN103248488A (en) | Identity-based key generation method and identity-based authentication method | |
CN106131059A (en) | A kind of network condition method for secret protection and system based on the car without certificate aggregate signature | |
CN107979840A (en) | A kind of the car networking V2I Verification Systems and method of Key-insulated safety | |
CN105721158A (en) | Cloud safety privacy and integrity protection method and cloud safety privacy and integrity protection system | |
CN104168114A (en) | Distributed type (k, n) threshold certificate-based encrypting method and system | |
CN101977198B (en) | Inter-domain authentication and key negotiation method | |
CN104868993A (en) | Two-side authentication key negotiation method and system based on certificate | |
CN103702326A (en) | Certificateless key agreement method on basis of mobile Ad Hoc network | |
CN104052608A (en) | Certificate-free remote anonymous authentication method based on third party in cloud application | |
CN102957538A (en) | Information processing apparatus and information processing method | |
Ometov et al. | Securing network-assisted direct communication: The case of unreliable cellular connectivity | |
CN108289026A (en) | Identity identifying method and relevant device in a kind of satellite network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |