CN103813316A - Session key negotiation method and hierarchical wireless sensor network node authentication method - Google Patents

Abstract

The invention provides a node session key negotiation method and a hierarchical wireless sensor network node authentication method with the above method. According to the node session key negotiation method of the invention, the session key negotiation is realized based on private keys of two nodes, the fact that the private keys of the nodes are only known by the nodes can be ensured, and an unsafe factor caused by an inherent key escrow defect in a key negotiation protocol based on identity public key cryptography is avoided.

Description

Session cipher negotiating method and hierarchical wireless sensor network node authentication method

Technical field

The application relates to session cipher negotiating method and hierarchical wireless sensor network node authentication method.

Background technology

In prior art, generally give tacit consent to the entity authentication technology of wireless sensor network node security authentication mechanism directly transplanting Ad-hoc network, and mainly concentrate on the aspect such as key management and safe Routing Protocol about the security study of wireless sensor network.

But the safety certification in the various field of wireless including traditional Ad-hoc and key agreement mechanism all cannot be applicable to wireless sensor network, can not meet its application demand.

Summary of the invention

In order to solve the problems of the prior art, the application has proposed a kind of node session cryptographic key negotiation method and hierarchical wireless sensor network node authentication method.

According to the application aspect, a kind of node session cryptographic key negotiation method is provided, wherein, described node is the hierarchical structure with n layer, each node is under the jurisdiction of specific level Level _t, wherein 0≤t≤n, Level ₀in node be root node, all nodes except root node all have father node, each node has identify label ID _t(1≤t≤n) and identify label string

wherein identify label string

generate according to the identify label of the identify label of this node and all father nodes ${\mathrm{ID}}_t^T=<{\mathrm{ID}}_1,{\mathrm{ID}}_2,...,{\mathrm{ID}}_t>,$ And ${\mathrm{ID}}_0^T={\mathrm{ID}}_0,$ ${\mathrm{ID}}_1^T={\mathrm{ID}}_1,$

Root node is selected secret number at random and the open parameter P of calculating ₀=x ₀p, wherein, given security parameter 1 ^k, G ₁and G ₂be that rank are the cyclic group of q, q is large prime number, G ₁module, G ₂multiplicative group, at G ₁, G ₂in solve discrete logarithm problem be difficult to resolve, P is G ₁in arbitrary generator, $\stackrel{\&OverBar;}{e}:G_1\&times;G_1\&RightArrow;G_2$ For bilinear map, $H_1:{\left\{\mathrm{0,1}\right\}}^n\&RightArrow;G_1^{*},$ $H_3:{\left\{\mathrm{0,1}\right\}}^n\&times;G_2\&RightArrow;Z_q^{*};$

Generate Level _tin level, identify label is ID _tnode section private key, wherein, Level _tin level, identify label is ID _tnode be ID by identify label _t-1father node generating portion private key: calculate

then generating identify label is ID _tthe part private key D of node _t, wherein identify label is ID _t-1the part private key of father node be D _t-1, x _t-1that identify label is ID _t-1father node select random secret value, node ID _tpart private key be:

$D_t=D_{t-1}+x_{t-1}{Q}_t=\underset{i=1}{\overset{t}{\mathrm{\&Sigma;}}}{x}_{i-1}{Q}_i;$

Generation identify label is ID _tthe private key S of node _t, wherein S _t=x _td _t, wherein node ID ' _ksecret value

Generation identify label is ID _tthe PKI P of node _t=<X _t, Y _t>, wherein X _t=x _tp, Y _t=x ₀x _tp,

Level _kidentify label in level is ID ' _knode and Level _kidentify label in level is ID _tthe node method of carrying out session key agreement comprise:

(1) ID ' _kcheck

whether set up, if be false, agreement stops;

(2) ID ' _kcalculate respectively: $Q_i=H_1\left({\mathrm{ID}}_1\right|\left|{\mathrm{ID}}_2\right||...|\left|{\mathrm{ID}}_i\right)\&Element;G_1^{*},$ i=1,2,…,t；

(3) ID ' _kthe interim secret value of random selection

(4) ID ' _kcalculate and to ID _tsend:

T′ _k=<U ₀,U ₂,U ₃,…,U _t,P′ _k>=<aP,aQ ₂,aQ ₃,…,aQ _t,P′ _k>∈T _tt；

(5) ID _treceive T ' _kafter, after identical check and calculating, to ID ' _ksend T _t, wherein, b is ID _tthe interim secret value of random selection, $Q_i^{\&prime;}=H_1\left({\mathrm{ID}}_1^{\&prime;}\right|\left|{\mathrm{ID}}_2^{\&prime;}\right||...|\left|{\mathrm{ID}}_i^{\&prime;}\right)\&Element;G_1^{*},$ i=1,2,…,k，

T _t=<U′ ₀,U′ ₂,U′ ₃,…,U′ _k,P _t>=<bP,bQ′ ₂,bQ′ ₃,…,bQ′ _k,P _t>∈T _k；

(6) after the calculating of above formula, ID ' _kwith ID _tall can calculate both sides' session key: ID ' _kcalculate: $K_k^{\&prime;}=\stackrel{\&OverBar;}{e}{(Q_1,Y_t)}^a\&CenterDot;\stackrel{\&OverBar;}{e}(S_k^{\&prime;},U_0^{\&prime;})\&CenterDot;\underset{i=2}{\overset{k}{\mathrm{\&Pi;}}}\stackrel{\&OverBar;}{e}(x_k^{\&prime;}{X}_{i-1}^{\&prime;},-U_i^{\&prime;})$

ID _tcalculate: $K_t=\stackrel{\&OverBar;}{e}{(Q_1^{\&prime;},Y_k^{\&prime;})}^b\&CenterDot;\stackrel{\&OverBar;}{e}(S_t,U_0)\&CenterDot;\underset{i=2}{\overset{t}{\mathrm{\&Pi;}}}\stackrel{\&OverBar;}{e}(x_t{X}_{i-1},-U_i)$

And both sides finally obtain session key: K=H (K ' _k|| aU ' ₀)=H (K _t|| bU ₀),

Wherein, identify label is ID ' _kthe identify label string of node be

part private key is

private key is S ' _k=x ' _kd ' _k, PKI is P ' _k=<X ' _k, Y ' _k>, wherein X ' _k=x ' _kp, Y ' _k=x ₀x ' _kp, identify label is ID _tthe identify label string of node be ${\mathrm{ID}}_t^T=<{\mathrm{ID}}_1,{\mathrm{ID}}_2,...,{\mathrm{ID}}_t>,$ Part private key is $D_t=D_{t-1}+x_{t-1}{Q}_t=\underset{i=1}{\overset{t}{\mathrm{\&Sigma;}}}{x}_{i-1}{Q}_i,$ Private key is S _t=x _td _t, PKI is P _t=<X _t, Y _t>, wherein X _t=x _tp, Y _t=x ₀x _tp.

According to another aspect of the application, a kind of hierarchical wireless sensor network node authentication method is proposed, wherein, the node in hierarchical wireless sensor network adopts the node session cryptographic key negotiation method according to first aspect present invention described above to carry out session key agreement.

The application has used level key management model.Realize session key agreement based on node both sides private key, can guarantee that the private key of node only has node itself just to know, the unsafe factor of having avoided key escrow defect intrinsic in the key agreement protocol based on identity public key keyology to introduce.

Embodiment

Below the application's embodiment is elaborated.

In this application, node is the hierarchical structure with n layer, and each node is under the jurisdiction of specific level Level _t, wherein 0≤t≤n, Level ₀in node be root node, all nodes except root node all have father node, each node has identify label ID _t(1≤t≤n) and identify label string

wherein identify label string

generate according to the identify label of the identify label of this node and all father nodes ${\mathrm{ID}}_t^T=<{\mathrm{ID}}_1,{\mathrm{ID}}_2,...,{\mathrm{ID}}_t>,$ And ${\mathrm{ID}}_0^T={\mathrm{ID}}_0,$ ${\mathrm{ID}}_1^T={\mathrm{ID}}_1.$

Root node is selected secret number at random

and the open parameter P of calculating ₀=x ₀p, wherein, given security parameter 1 ^k, G ₁and G ₂be that rank are the cyclic group of q, q is large prime number, G ₁module, G ₂multiplicative group, at G ₁, G ₂in solve discrete logarithm problem be difficult to resolve, P is G ₁in arbitrary generator, $\stackrel{\&OverBar;}{e}:G_1\&times;G_1\&RightArrow;G_2$ For bilinear map, $H_1:{\left\{\mathrm{0,1}\right\}}^n\&RightArrow;G_1^{*},$ $H_3:{\left\{\mathrm{0,1}\right\}}^n\&times;G_2\&RightArrow;Z_q^{*}.$

Generate Level _tin level, identify label is ID _tnode section private key, wherein, Level _tin level, identify label is ID _tnode be ID by identify label _t-1father node generating portion private key: calculate then generating identify label is ID _tthe part private key D of node _t, wherein identify label is ID _t-1the part private key of father node be D _t-1, x _t-1that identify label is ID _t-1father node select random secret value, node ID _tpart private key be:

$D_t=D_{t-1}+x_{t-1}{Q}_t=\underset{i=1}{\overset{t}{\mathrm{\&Sigma;}}}{x}_{i-1}{Q}_i.$

Generation identify label is ID _tthe private key S of node _t, wherein S _t=x _td _t, wherein node ID ' _ksecret value

Generation identify label is ID _tthe PKI P of node _t=<X _t, Y _t>, wherein X _t=x _tp, Y _t=x ₀x _tp

Identify label in level is ID ' _knode wish and Level _kidentify label in level is ID _tnode carry out session key agreement, wherein, identify label is ID ' _kthe identify label string of node be ${\mathrm{ID}}_k^{\&prime;T}=<I{D}_1^{\&prime;},I{D}_2^{\&prime;},...,I{D}_k^{\&prime;}>,$ Part private key is $D_k^{\&prime;}=D_{k-1}^{\&prime;}+x_{k-1}^{\&prime;}{Q}_t^{\&prime;}=\underset{i=1}{\overset{k}{\mathrm{\&Sigma;}}}{x}_{i-1}^{\&prime;}{Q}_i^{\&prime;},$ Private key is S ' _k=x ' _kd ' _k, PKI is P ' _k=<X ' _k, Y ' _k>, wherein X ' _k=x ' _kp, Y ' _k=x ₀x ' _kp, identify label is ID _tthe identify label string of node be

part private key is

private key is S _t=x _td _t, PKI is P _t=<X _t, Y _t>, wherein X _t=x _tp, Y _t=x ₀x _tp

Identify label is ID ' _knode and identify label be ID _tnode to carry out the process of session key agreement as follows:

(1) ID ' _kcheck

whether set up, if be false, agreement stops;

(2) ID ' _kcalculate respectively: $Q_i=H_1\left({\mathrm{ID}}_1\right|\left|{\mathrm{ID}}_2\right||...|\left|{\mathrm{ID}}_i\right)\&Element;G_1^{*},$ i=1,2,…,t；

(3) ID ' _kthe interim secret value of random selection

(4) ID ' _kcalculate and to ID _tsend:

T′ _k=<U ₀,U ₂,U ₃,…,U _t,P′ _k>=<aP,aQ ₂,aQ ₃,…,aQ _t,P′ _k>∈T _tt；

(5) ID _treceive T ' _kafter, after identical check and calculating, to ID ' _ksend T _t, wherein, b is ID _tthe interim secret value of random selection, i=1,2 ..., k,

T _t=<U′ ₀,U′ ₂,U′ ₃,…,U′ _k,P _t>=<bP,bQ′ ₂,bQ′ ₃,…,bQ′ _k,P _t>∈T _k；

(6) after the calculating of above formula, ID ' _kwith ID _tall can calculate both sides' session key: ID ' _kcalculate: $K_k^{\&prime;}=\stackrel{\&OverBar;}{e}{(Q_1,Y_t)}^a\&CenterDot;\stackrel{\&OverBar;}{e}(S_k^{\&prime;},U_0^{\&prime;})\&CenterDot;\underset{i=2}{\overset{k}{\mathrm{\&Pi;}}}\stackrel{\&OverBar;}{e}(x_k^{\&prime;}{X}_{i-1}^{\&prime;},-U_i^{\&prime;})$

ID _tcalculate: $K_t=\stackrel{\&OverBar;}{e}{(Q_1^{\&prime;},Y_k^{\&prime;})}^b\&CenterDot;\stackrel{\&OverBar;}{e}(S_t,U_0)\&CenterDot;\underset{i=2}{\overset{t}{\mathrm{\&Pi;}}}\stackrel{\&OverBar;}{e}(x_t{X}_{i-1},-U_i)$

And both sides finally obtain session key: K=H (K ' _k|| aU ' ₀)=H (K _t|| bU ₀).

According to an embodiment, identify label is ID _tthe part private key of node send to father node by escape way, identify label is ID ' _kthe part private key of node send to father node by escape way.

The correctness of above cryptographic key negotiation method is the establishment based on following equation:

$K_k^{\&prime;}=\stackrel{\&OverBar;}{e}{(Q_1,Y_t)}^a\&CenterDot;\stackrel{\&OverBar;}{e}(S_k^{\&prime;},U_0^{\&prime;})\&CenterDot;\underset{i=2}{\overset{k}{\mathrm{\&Pi;}}}\stackrel{\&OverBar;}{e}(x_k^{\&prime;}{X}_{i-1}^{\&prime;},-U_i^{\&prime;})$

$=\stackrel{\&OverBar;}{e}{(Q_1,Y_t)}^a\&CenterDot;\stackrel{\&OverBar;}{e}(x_k^{\&prime;}\underset{i=1}{\overset{k}{\mathrm{\&Sigma;}}}{x}_{i-1}^{\&prime;}{Q}_i^{\&prime;},\mathrm{bP})\&CenterDot;\underset{i=2}{\overset{k}{\mathrm{\&Pi;}}}\stackrel{\&OverBar;}{e}(x_k^{\&prime;}{x}_{i-1}^{\&prime;}P,-b{Q}_i^{\&prime;})$

$=\stackrel{\&OverBar;}{e}{(Q_1,Y_t)}^a\&CenterDot;\stackrel{\&OverBar;}{e}(x_k^{\&prime;}\underset{i=1}{\overset{k}{\mathrm{\&Sigma;}}}{x}_{i-1}^{\&prime;}{Q}_i^{\&prime;},\mathrm{bP})\&CenterDot;\stackrel{\&OverBar;}{e}(-x_k^{\&prime;}\underset{i=2}{\overset{k}{\mathrm{\&Sigma;}}}{x}_{i-1}^{\&prime;}{Q}_i^{\&prime;},\mathrm{bP})$

$=\stackrel{\&OverBar;}{e}{(Q_1,Y_t)}^a\&CenterDot;\stackrel{\&OverBar;}{e}(x_k^{\&prime;}{x}_0{Q}_1^{\&prime;},\mathrm{bP})$

$=\stackrel{\&OverBar;}{e}{(Q_1,Y_t)}^a\&CenterDot;\stackrel{\&OverBar;}{e}{(Q_1^{\&prime;},Y_k^{\&prime;})}^b$

$K_t=\stackrel{\&OverBar;}{e}{(Q_1^{\&prime;},Y_k^{\&prime;})}^b\&CenterDot;\stackrel{\&OverBar;}{e}(S_t,U_0)\&CenterDot;\underset{i=2}{\overset{t}{\mathrm{\&Pi;}}}\stackrel{\&OverBar;}{e}(x_t{X}_{i-1},-U_i)$

$=\stackrel{\&OverBar;}{e}{(Q_1^{\&prime;},Y_k^{\&prime;})}^b\&CenterDot;\stackrel{\&OverBar;}{e}(x_t\underset{i=1}{\overset{t}{\mathrm{\&Sigma;}}}{x}_{i-1}{Q}_i,\mathrm{aP})\&CenterDot;\underset{i=2}{\overset{t}{\mathrm{\&Pi;}}}\stackrel{\&OverBar;}{e}(x_t{x}_{i-1}P,-a{Q}_i)$

$=\stackrel{\&OverBar;}{e}{(Q_1^{\&prime;},Y_k^{\&prime;})}^b\&CenterDot;\stackrel{\&OverBar;}{e}(x_t\underset{i=1}{\overset{t}{\mathrm{\&Sigma;}}}{x}_{i-1}{Q}_i,\mathrm{aP})\&CenterDot;\stackrel{\&OverBar;}{e}(-x_t\underset{i=2}{\overset{t}{\mathrm{\&Sigma;}}}{x}_{i-1}{Q}_i,\mathrm{aP})$

$=\stackrel{\&OverBar;}{e}{(Q_1^{\&prime;},Y_k^{\&prime;})}^b\&CenterDot;\stackrel{\&OverBar;}{e}(x_t{x}_0{Q}_1,\mathrm{aP})$

$=\stackrel{\&OverBar;}{e}{(Q_1^{\&prime;},Y_k^{\&prime;})}^b\&CenterDot;\stackrel{\&OverBar;}{e}{(Q_1,x_t{x}_{0}P)}^a$

$=\stackrel{\&OverBar;}{e}{(Q_1^{\&prime;},Y_k^{\&prime;})}^b\&CenterDot;\stackrel{\&OverBar;}{e}{(Q_1,Y_t)}^a=K_k^{\&prime;}$

Meanwhile, aU ' ₀=bU ₀=abP, thus can obtain: H (K ' _k|| aU ' ₀)=H (K _t|| bU ₀).

From above process, the fail safe of this agreement be based on bilinearity to upper discrete logarithm problem, not only realized Authentication and Key Agreement, and realized perfect forward secrecy, applicable node adds and leaves than wireless sensor network more frequently.

Hierarchical sensor network is because need processing operation in net, so the function that its most important feature is nodes has level, in general have leader cluster node layer at least, the Main Function of these leader cluster nodes is to be responsible for processing in net, carries out even intrusion detection of data fusion.

The key using for hierarchical sensor network should have level, and the data communication of the node of different levels should be used different keys, to guarantee the low-power consumption of node in guaranteeing secure communication.Simultaneously network architecture; the general data that more approach application layer also require stronger to fail safe; conventionally different application all needs to have each oneself secret operation; and data link layer only need to complete common authentication and integrity protection, this also requires key to have certain level.Therefore the design of hierarchical sensor network cipher key management agreement time also should be considered the management to multiple different keys, comprise key foundation (or claiming distribution), upgrade, cancel, store and newly-increased or need to be for the certain operations of key while cancelling node.Therefore, can adopt node session cryptographic key negotiation method described above to carry out the session key agreement of the node in hierarchical wireless sensor network.

Above the application's exemplary embodiment is described.The example that it should be appreciated by those skilled in the art that above-mentioned embodiment to be only used to the object of explanation and to lift, rather than be used for limiting.Any modification of doing under all instructions in the application and claim protection range, be equal to replacement etc., all should be included in the claimed scope of the application.

Claims (3)

1. node session cryptographic key negotiation method, wherein, described node is the hierarchical structure with n layer, each node is under the jurisdiction of specific level Level _t, wherein 0≤t≤n, Level ₀in node be root node, all nodes except root node all have father node, each node has identify label ID _t(1≤t≤n) and identify label string

wherein identify label string

generate according to the identify label of the identify label of this node and all father nodes

and ${\mathrm{ID}}_0^T={\mathrm{ID}}_0,$ ${\mathrm{ID}}_1^T={\mathrm{ID}}_1,$

Root node is selected secret number at random

and the open parameter P of calculating ₀=x ₀p, wherein, given security parameter 1 ^k, G ₁and G ₂be that rank are the cyclic group of q, q is large prime number, G ₁module, G ₂multiplicative group, at G ₁, G ₂in solve discrete logarithm problem be difficult to resolve, P is G ₁in arbitrary generator, $\stackrel{\&OverBar;}{e}:G_1\&times;G_1\&RightArrow;G_2$ For bilinear map, $H_1:{\left\{\mathrm{0,1}\right\}}^n\&RightArrow;G_1^{*},$ $H_3:{\left\{\mathrm{0,1}\right\}}^n\&times;G_2\&RightArrow;Z_q^{*};$

Generate Level _tin level, identify label is ID _tnode section private key, wherein, Level _tin level, identify label is ID _tnode be ID by identify label _t-1father node generating portion private key: calculate

then generating identify label is ID _tthe part private key D of node _t, wherein identify label is ID _t-1the part private key of father node be D _t-1, x _t-1that identify label is ID _t-1father node select random secret value, node ID _tpart private key be:

$D_t=D_{t-1}+x_{t-1}{Q}_t=\underset{i=1}{\overset{t}{\mathrm{\&Sigma;}}}{x}_{i-1}{Q}_i;$ Generation identify label is ID _tthe private key S of node _t, wherein S _t=x _td _t, wherein node ID ' _ksecret value

generation identify label is ID _tthe PKI P of node _t=<X _t, Y _t>, wherein X _t=x _tp, Y _t=x ₀x _tp,

Level _kidentify label in level is ID ' _knode and Level _kidentify label in level is ID _tthe node method of carrying out session key agreement comprise:

(1) ID ' _kcheck

whether set up, if be false, agreement stops;

(2) ID ' _kcalculate respectively: $Q_i=H_1\left({\mathrm{ID}}_1\right|\left|{\mathrm{ID}}_2\right||...|\left|{\mathrm{ID}}_i\right)\&Element;G_1^{*},$ i=1,2,…,t；

(3) ID ' _kthe interim secret value of random selection

(4) ID ' _kcalculate and to ID _tsend:

T ' _k=<U ₀, U ₂, U ₃..., U _t, P ' _k>=<aP, aQ ₂, aQ ₃..., aQ _t, P ' _k> ∈ T _tt; (5) ID _treceive T ' _kafter, after identical check and calculating, to ID ' _ksend T _t, wherein, b is ID _tthe interim secret value of random selection, i=1,2 ..., k,

T _t=<U′ ₀,U′ ₂,U′ ₃,…,U′ _k,P _t>=<bP,bQ′ ₂,bQ′ ₃,…,bQ′ _k,P _t>∈T _k；

(6) after the calculating of above formula, ID ' _kwith ID _tall can calculate both sides' session key:

ID ' _kcalculate: $K_k^{\&prime;}=\stackrel{\&OverBar;}{e}{(Q_1,Y_t)}^a\&CenterDot;\stackrel{\&OverBar;}{e}(S_k^{\&prime;},U_0^{\&prime;})\&CenterDot;\underset{i=2}{\overset{k}{\mathrm{\&Pi;}}}\stackrel{\&OverBar;}{e}(x_k^{\&prime;}{X}_{i-1}^{\&prime;},-U_i^{\&prime;})$

ID _tcalculate: $K_t=\stackrel{\&OverBar;}{e}{(Q_1^{\&prime;},Y_k^{\&prime;})}^b\&CenterDot;\stackrel{\&OverBar;}{e}(S_t,U_0)\&CenterDot;\underset{i=2}{\overset{t}{\mathrm{\&Pi;}}}\stackrel{\&OverBar;}{e}(x_t{X}_{i-1},-U_i)$

And both sides finally obtain session key: K=H (K ' _k|| aU ' ₀)=H (K _t|| bU ₀),

Wherein, identify label is ID ' _kthe identify label string of node be

part private key is

private key is S ' _k=x ' _kd ' _k, PKI is P ' _k=<X ' _k, Y ' _k>, wherein X ' _k=x ' _kp, Y ' _k=x ₀x ' _kp, identify label is ID _tthe identify label string of node be ${\mathrm{ID}}_t^T=<{\mathrm{ID}}_1,{\mathrm{ID}}_2,...,{\mathrm{ID}}_t>,$ Part private key is $D_t=D_{t-1}+x_{t-1}{Q}_t=\underset{i=1}{\overset{t}{\mathrm{\&Sigma;}}}{x}_{i-1}{Q}_i,$ Private key is S _t=x _td _t, PKI is P _t=<X _t, Y _t>, wherein X _t=x _tp, Y _t=x ₀x _tp.

2. the method for claim 1, wherein identify label is ID _tthe part private key of node send to father node by escape way, identify label is ID ' _kthe part private key of node send to father node by escape way.

3. hierarchical wireless sensor network node authentication method, wherein, the node in hierarchical wireless sensor network adopts session cipher negotiating method as claimed in claim 1 or 2 to carry out session key agreement.