CN104243504B - Safety communication implementation of next generation wireless network - Google Patents
Safety communication implementation of next generation wireless network Download PDFInfo
- Publication number
- CN104243504B CN104243504B CN201410557974.XA CN201410557974A CN104243504B CN 104243504 B CN104243504 B CN 104243504B CN 201410557974 A CN201410557974 A CN 201410557974A CN 104243504 B CN104243504 B CN 104243504B
- Authority
- CN
- China
- Prior art keywords
- private key
- session
- hash function
- mobile node
- node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention provides a communication implementation of a next generation wireless network. The method is characterized in that the wireless network is connected to the internet as an end network by an access router, wherein each mobile node with IPv6 address in the wireless network has the routing forwarding function; the mobile nodes move from one wireless network to another wireless network; the wireless network of home address is obtained by each mobile node as the home network of the mobile node, wherein the access router connected by the home network is treated as the home access router of the mobile node; the wireless network is called the external network of the mobile node when the mobile node is moved from the home network to another wireless network, and the access router connected by the external network is called the external access router of the mobile node. According to the safety communication implementation of the next generation wireless network, the privacy of a user can be protected while the safety communication is implemented when moving the nodes in either home network or external network.
Description
Technical field
The present invention relates to a kind of Realization Method of Communication, more particularly to a kind of next generation wireless network secure communication realization
Method.
Background technology
The forwarding by intermediate node and route are communicated between node in next generation wireless network realizing, therefore, section
Secure communication between point is just particularly important.
In next generation wireless network, by checking that IP address can be seen that the mechanicses of user, for example user when
In office, when stay at home, whom Jing often communicated with etc..Therefore, protect the privacy of user also particularly important.Current is next
For in wireless communication, IP address does not carry out any protective measure, it is therefore desirable to which a kind of safe communication mode is protecting use
The secure communication at family and privacy.
The content of the invention
Goal of the invention:The technical problem to be solved is for the deficiencies in the prior art, there is provided a kind of of future generation
Wireless network safety communication implementation method.
Technical scheme:The invention discloses a kind of next generation wireless network secure communication implementation method, the wireless network
The Internet is connected to by couple in router as end Network, the mobile node of each configured IPv6 address in wireless network
All there is route forwarding function;Mobile node moves to another wireless network from a wireless network, and mobile node obtains house
Home network of the wireless network of township address as the mobile node, the couple in router connected by home network is as the movement
The local couple in router of node;Mobile node from home network move to another wireless network when, the wireless network claims
Make the external network of the mobile node, the couple in router connected by external network is referred to as the outside of the mobile node and accesses route
Device;
The IPv6 addresses of mobile node and couple in router are made up of two parts, and Part I is global route prefix, only
One one wireless network of mark, in a wireless network, the global route prefix of all mobile nodes is all identical, and its value is equal to institute
In the global route prefix of the couple in router of wireless network;Part II is node ID, in unique mark wireless network
Individual mobile node, its length are i bits, and i is positive integer;Link address of the node ID as mobile node;
Each mobile node has two node IDs of persistent node ID and session node ID:Persistent node ID is in mobile node
Life cycle in keep constant, the unique mark node;The session of session node ID unique marks, the session of each session
Node ID is all different;Persistent node ID and session node ID have uniqueness in a network;
Couple in router only has persistent node ID, and span is [1, T1], and T1 is positive integer and 1<T1<2i- 2, access
The persistent node ID of router is to pre-set;The node ID allocation space of mobile node is [T1+1,2i- 2], it is divided into permanent
Node ID space [T1+1, T2] and session node space [T2+1,2i- 2], T2 is positive integer and T1+1<T2<2i-2;Mobile node
The span of persistent node ID be persistent node ID spaces, the span of the session node ID of mobile node is session section
Point ID spaces;After mobile node starts adds wireless network, it obtains movable joint from the couple in router of place wireless network
The persistent node ID and session node ID of point, while persistent node ID is combined acquisition with the global route prefix of couple in router
Home address;
Couple in router and mobile node jump one in the range of broadcast type beacon frame, beacon frame load is place wireless network
The global routing prefix and public key certificate of the couple in router of network;Couple in router preserves an address mapping table to record
The address mapping information of the mobile node of persistent node ID is obtained in this wireless network, each address of cache list item includes two
Domain:Persistent node ID domains and mapping address domain;If mobile node is in home network, then mapping address domain is the node
Session node ID, otherwise mapping address domain are the address of the couple in router of the node place external network;
After one mobile node X starts, using hardware identifier ID (for example, MAC Address or the ID that dispatches from the factory) or one with
Transient node ID of the machine number as oneself, while listening for neighbor access router or mobile node beacon frame obtaining place
The global route prefix and public key PubK-AR1 of the couple in router AR1 of wireless network, mobile node X pass through following Procedure Acquisitions
Persistent node ID and session node ID:
Step 101:Start;
Step 102:Mobile node X builds address request, and address request source address is interim for mobile node X's
Node ID, persistent node ID of the destination address for couple in router AR1, address request load for oneself public key PubK-X and
Random positive integer m, total lengths of the m less than address request load, from the beginning of the first character section of address request load
Choose m byte, using this m byte as one-way Hash function input value, by the private of the output valve node of hash function
Key PraK-X is encrypted acquisition digital signature, after digital signature is attached to address request load, Address requests is disappeared
The public key PubK-AR1 of breath load and digital signature couple in router AR1 is encrypted, by encrypted address request
Load and digital signature are sent to couple in router AR1;
Step 103:After couple in router AR1 receives encrypted address request load and digital signature, oneself is used
Private key PraK-AR1 decryption obtain Message Payload and digital signature, with the public key PubK-X of mobile node X to digital signature solution
The close output valve for obtaining hash function, couple in router AR1 start to choose m from the first character section that address request is loaded
This m byte is calculated the output valve of hash function, couple in router AR1 by byte as the input value of one-way Hash function
Whether the hash function value that comparison is calculated oneself is equal to the hash function value that decryption digital signature is obtained, if equal to, carry out
Step 104, otherwise carries out step 107;
Step 104:Couple in router AR1 is unappropriated for mobile node X distribution one from persistent node ID spaces
Persistent node ID, from session node ID spaces distributes a unappropriated session node ID for mobile node X, creates oneself
With the private key K between mobile node XX-AR1, address response message is built, address response message load is to distribute to mobile node X
Persistent node ID, session node ID and private key KX-AR1, transient node of the address response message destination address for mobile node X
ID, starts to choose m byte from the first character section of address response message load, using this m byte as one-way Hash function
Input value, the private key PraK-AR1 of the output valve couple in router AR1 of hash function is encrypted into acquisition digital signature,
After digital signature is attached to address response message load, address response message is loaded and digital signature is with mobile node X's
Public key PubK-X is encrypted, and encrypted address response message load and digital signature are sent to mobile node X, while
Increase the list item of mobile node X in address mapping table, persistent node ID values are to distribute to the persistent node ID of mobile node X, are reflected
It is the session node ID for distributing to mobile node X to penetrate address field;
Step 105:After mobile node X receives encrypted address response message load and digital signature, with the private of oneself
Key PraK-X decryption is loaded and digital signature so as to obtain address response message, with the public key PubK-AR1 of couple in router AR1
The output valve for obtaining hash function is decrypted to digital signature, mobile node X is opened from the first character section that address response message is loaded
Begin to choose m byte, this m byte is calculated into the output valve of hash function as the input value of one-way Hash function, is compared
Whether the hash function value for oneself calculating is equal to the hash function value that decryption digital signature is obtained, if equal to, carry out step
106, otherwise carry out step 107;
Step 106:Mobile node X record couple in router AR1 distribute to the persistent node ID of oneself, session node ID and
With the private key K between couple in router AR1X-AR1, persistent node ID is combined with the global route prefix of couple in router AR1
Obtain local IPv6 addresses;
Step 107:Terminate.
By said method, node can safety acquisition persistent node ID and session node ID and securely communicate.
In the method for the invention, if mobile node X and mobile node Y are in same home network, the local net
The couple in router of network is K for the private key of AR1, mobile node X and couple in router AR1X-AR1, mobile node Y with access route
The private key of device AR1 is KY-AR1, mobile node X is according to the initiation of following processes and the session of mobile node Y:
Step 201:Start;
Step 202:Mobile node X sends session private key request message to couple in router AR1, and source address is mobile node
The session node ID of X, persistent node ID of the destination address for couple in router AR1, the load of session private key request message are movement
The persistent node ID and session serial number n, n of node Y is randomly generated, mobile node X private key KX-AR1To message payload encryption, and
Use private key KX-AR1The defeated of hash function is calculated with |input paramete of the session private key request message load as one-way Hash function
Go out value, after the output valve to be attached to the session private key request message load of encryption, be sent to couple in router AR1;
Step 203:Couple in router AR1 receives the session private key request message load of encryption and hash function output valve
Afterwards, use private key KX-AR1Decryption obtains the request load of message session private key, uses private key KX-AR1Disappear with the session private key request for decrypting
Breath load calculates the output valve of hash function as the |input paramete of one-way Hash function, if the cryptographic Hash for calculating with receive
The hash function output valve for arriving is identical, then carry out step 204, otherwise carries out step 215;
Step 204:Couple in router AR1 inquires about address mapping table according to the persistent node ID of mobile node Y and obtains movement
The session node ID of node Y, while distributing a unappropriated new session node for mobile node X from session node ID spaces
ID, creates the session private key K of mobile node X and mobile node YX-Y, session private key response message is built, private key response message is born
Carry to distribute to the new session node ID of mobile node X, session serial number n, the session node ID of mobile node Y and session are private
Key KX-Y, use private key KY-AR1The load of private key response message is encrypted and by private key KY-AR1Conduct is loaded with private key response message
The |input paramete of one-way Hash function calculates hash function output valve, uses private key KX-AR1The load of private key response message is carried out adding
It is close and by private key KX-AR1Hash function output is calculated with |input paramete of the private key response message load as one-way Hash function
The private key response message load of this two parts encryption and hash function output valve are sent to mobile node X, couple in router by value
AR1 updates the address of cache list item of mobile node X, is the session node for being newly assigned to mobile node X by mapping address area update
ID;
Step 205:The hash function that mobile node X receives the load of private key response message and response of this two parts encryption is defeated
After going out value, private key K is usedX-AR1Decryption obtains the load of private key response message, uses private key KX-AR1It is negative with the private key response message for decrypting
Carry the |input paramete as one-way Hash function and calculate the output valve of hash function, if the cryptographic Hash for calculating with receive
Hash function output valve is identical, then carry out step 206, otherwise carries out step 215;
Step 206:The session node ID of oneself is updated to couple in router AR1 distribution in Message Payload by mobile node X
New session node ID, while mobile node X to mobile node Y send conversation request message, conversation request message load be
Private key K is used in step 204Y-AR1The load of private key response message is encrypted and by private key KY-AR1It is negative with private key response message
Load calculates hash function output valve as the |input paramete of one-way Hash function, and source address is the new session sections of mobile node X
Point ID, session node ID of the destination address for mobile node Y;
Step 207:After mobile node Y receives conversation request message, private key K is usedY-AR1Decryption obtains session private key KX-Y, use
Private key KY-AR1Decryption obtains conversation request message load, uses private key KY-AR1With the conversation request message load for decrypting as single
The output valve of hash function is calculated to the |input paramete of hash function, if the cryptographic Hash for calculating and the hash function for receiving
Output valve is identical, then carry out step 208, otherwise carries out step 215;
Step 208:Mobile node Y-direction mobile node X sends conversational response message, and conversational response Message Payload is session sequence
Row number n, source address is the session node ID of oneself, and destination address is the new session node ID of nodes X, mobile node Y sessions
Private key KX-YConversational response Message Payload is encrypted and by session private key KX-YWith conversational response Message Payload as unidirectional Kazakhstan
The |input paramete of uncommon function calculates hash function output valve, by the conversational response Message Payload and hash function output valve of encryption
It is sent to mobile node X;
Step 209:After mobile node X receives the conversational response Message Payload and hash function output valve of encryption, session is used
Private key KX-YDecryption obtains conversational response Message Payload, and with session private key KX-YWith the conversational response Message Payload conduct for decrypting
The |input paramete of one-way Hash function calculates the output valve of hash function, if the cryptographic Hash for calculating and the Hash letter for receiving
Number output valve is identical, then carry out step 210, otherwise carry out step 215;
Step 210:Mobile node X sends data request information, session of the source address for mobile node X to mobile node Y
Node ID, session node ID of the destination address for mobile node Y, with session private key KX-YSession serial number n and request of data are disappeared
Breath payload encryption by session private key KX-YKazakhstan is calculated with |input paramete of the data request information load as one-way Hash function
The session serial number n of encryption and data request information load and hash function output valve are sent to shifting by uncommon function-output
Dynamic node Y;
Step 211:Mobile node Y receives the session serial number n of encryption and data request information load and hash function
After output valve, with session private key KX-YDecryption obtains session serial number n and data request information load, and with session private key KX-YWith
The data request information load for decrypting calculates the output valve of hash function as the |input paramete of one-way Hash function, if
The cryptographic Hash of calculating is identical with the hash function output valve for receiving, then carry out step 212, otherwise carries out step 215;
Step 212:Mobile node Y-direction mobile node X sends data response message, session of the source address for mobile node Y
Node ID, session node ID of the destination address for mobile node X, with session private key KX-YSession serial number n and data response are disappeared
Breath payload encryption by session private key KX-YKazakhstan is calculated with |input paramete of the data response message load as one-way Hash function
The session serial number n of encryption and the load of data response message and hash function output valve are sent to section by uncommon function-output
Point X;
Step 213:Mobile node X receives the session serial number n of encryption and the load of data response message and hash function
After output valve, with session private key KX-YDecryption obtains session serial number n and the load of data response message, and with session private key KX-YWith
The data response message load for decrypting calculates the output valve of hash function as the |input paramete of one-way Hash function, if
The cryptographic Hash of calculating is identical with the hash function output valve for receiving, then carry out step 214, otherwise carries out step 215;
Step 214:Data in mobile node X processing data response messages;
Step 215:Terminate;
After conversation end, the session serial number n for identifying session is changed into invalid.
By said method, secure communication is realized between mobile node and privacy of user is protected.
In the method for the invention, the home network of mobile node X is wireless network A1, the access road in wireless network A1
It is AR1 by device, the home network of mobile node Y is wireless network A2, the couple in router of wireless network A2 is AR2, movable joint
Point X is located at wireless network A1, and mobile node Y is located at wireless network A2, and the private key of couple in router AR1 and AR2 is KAR1-AR2, move
Dynamic nodes X is K with the private key of couple in router AR1X-AR1, the private key of mobile node Y and couple in router AR2 is KY-AR2;
If mobile node X is in wireless network A1, mobile node X is true by the IPv6 address prefixs of mobile node Y
The home network for determining mobile node Y is wireless network A2, and mobile node X is by the initiation session of following processes:
Step 301:Start;
Step 302:Mobile node X sends session private key request message to couple in router AR1, and source address is mobile node
The session node ID of X, persistent node ID of the destination address for couple in router AR1, the load of session private key request message are movement
The home address and session serial number n, n of node Y is randomly generated, and uses private key KX-AR1To session private key request message payload encryption,
And use private key KX-AR1Hash function is calculated with |input paramete of the session private key request message load as one-way Hash function
Output valve, is sent to couple in router AR1 after the output valve is attached to the Message Payload of encryption;
Step 303:Couple in router AR1 receives the session private key request message load of encryption and hash function output valve
Afterwards, use private key KX-AR1Decryption obtains the load of session private key request message, uses private key KX-AR1Disappear with the session private key request for decrypting
Breath load calculates the output valve of hash function as the |input paramete of one-way Hash function, if the cryptographic Hash for calculating with receive
The hash function output valve for arriving is identical, then carry out step 304, otherwise carries out step 315;
Step 304:Couple in router AR1 builds session private key request message, and the load of session private key request message is movement
The home address and session serial number n of nodes X and mobile node Y, IPv6 address of the source address for couple in router AR1, mesh
Address for couple in router AR2 IPv6 addresses, use private key KAR1-AR2The load of session private key request message is encrypted simultaneously
By private key KAR1-AR2To calculate hash function defeated for the |input paramete for loading as one-way Hash function with session private key request message
Go out value, the session private key request message load of encryption and hash function output valve are sent to into couple in router AR2;
Step 305:Couple in router AR2 receives the session private key request message load of encryption and hash function output valve
Afterwards, use private key KAR1-AR2Decryption obtains the load of session private key request message, uses private key KAR1-AR2With the session private key request for decrypting
Message Payload calculates the output valve of hash function as the |input paramete of one-way Hash function, if the cryptographic Hash for calculating with connect
The hash function output valve for receiving is identical, then carry out step 306, otherwise carries out step 315;
Step 306:Couple in router AR2 creates the session private key K of mobile node X and mobile node YX-Y, build session private
Key response message, IPv6 address of the session private key response message load for mobile node X, session serial number n and session private key
KX-Y, session private key response message destination address is the session node ID of mobile node Y, uses private key KY-AR2Session private key is responded
Message Payload is encrypted and by private key KY-AR2The |input paramete as one-way Hash function is loaded with session private key response message
Hash function output valve is calculated, the session private key response message load of encryption and hash function output valve are sent to into movable joint
Point Y;
Step 307:After mobile node Y receives the session private key response message load of encryption and hash function output valve, use
Private key KY-AR2Decryption obtains the load of session private key response message, uses private key KY-AR2It is negative with the session private key response message for decrypting
Carry the |input paramete as one-way Hash function and calculate the output valve of hash function, if the cryptographic Hash for calculating with receive
Hash function output valve is identical, then carry out step 308, otherwise carries out step 315;
Step 308:Mobile node Y builds communication response message, the local ground of communication response Message Payload mobile node X
Location, session serial number n and session private key KX-Y, destination address is the persistent node ID of couple in router AR2, uses private key KY-AR2It is right
Communication response Message Payload is encrypted and by private key KY-AR2With communication response Message Payload as one-way Hash function input
Parameter calculates hash function output valve, and the communication response Message Payload and hash function output valve of encryption are sent to access road
By device AR2;
Step 309:After couple in router AR2 receives the communication response Message Payload and hash function output valve of encryption, use
Private key KY-AR2Decryption uses private key K to obtain communication response Message PayloadY-AR2With the communication response Message Payload conduct for decrypting
The |input paramete of one-way Hash function calculates the output valve of hash function, if the cryptographic Hash for calculating and the Hash letter for receiving
Number output valve is identical, then carry out step 310, otherwise carry out step 315;
Step 310:Couple in router AR2 builds session private key response message, and the load of session private key response message is movement
The IPv6 addresses of nodes X and mobile node Y, session serial number n and session private key KX-Y, destination address couple in router AR1's
IPv6 addresses, source address are the IPv6 addresses of couple in router AR2 oneself, use private key KAR1-AR2It is negative to session private key response message
Load is encrypted and by private key KAR1-AR2The |input paramete calculating as one-way Hash function is loaded with session private key response message
Go out hash function output valve, the session private key response message load of encryption and hash function output valve are sent to into couple in router
AR1;
Step 311:Couple in router AR1 receives the session private key response message load of encryption and hash function output valve
Afterwards, use private key KAR1-AR2Decryption obtains Message Payload, uses private key KAR1-AR2With the session private key response message load conduct for decrypting
The |input paramete of one-way Hash function calculates the output valve of hash function, if the cryptographic Hash for calculating and the Hash letter for receiving
Number output valve is identical, then carry out step 312, otherwise carry out step 315;
Step 312:Couple in router AR1 is that mobile node X distributes a new session node in session node ID spaces
ID, builds session private key response message, IPv6 address of the session private key response message load for mobile node Y, session serial number
N, new session node ID and session private key KX-Y, destination address is the session node ID of mobile node X, uses private key KX-AR1To meeting
Words private key response message load is encrypted and by private key KX-AR1Load as one-way Hash function with session private key response message
|input paramete calculate hash function output valve, by encryption session private key response message load and hash function output valve send out
Mobile node X is given, while update the address of cache list item of mobile node X, i.e., with the new session section for distributing to mobile node X
Point ID updates the mapping address domain of corresponding list item;,
Step 313:After mobile node X receives the session private key response message load of encryption and hash function output valve, use
Private key KX-AR1Decryption obtains Message Payload, uses private key KX-AR1With the session private key response message load for decrypting as unidirectional Kazakhstan
The |input paramete of uncommon function calculates the output valve of hash function, if the cryptographic Hash for calculating and the hash function output for receiving
Value is identical, then carry out step 314, otherwise carry out step 315;
Step 314:The session node ID of oneself is updated to new session node ID by mobile node X, preserves session sequence
Number n and session private key KX-Y;
Step 315:Terminate;
Mobile node X and mobile node Y obtains session serial number n and session private key KX-YAfterwards, realized by following processes
With the secure communication of mobile node Y:
Step 401:Start;
Step 402:Mobile node X sends data request information, session of the source address for mobile node X to mobile node Y
Node ID, persistent node ID of the destination address for couple in router AR1, data request information load include two parts:First
Home address of the part for session serial number n, mobile node X and mobile node Y;Part II is data, uses private key KX-AR1It is right
Part I is encrypted and by private key KX-AR1As the |input paramete of one-way Hash function, to calculate hash function defeated with Part I
Go out value, with session private key KX-YPart II is encrypted and by session private key KX-YLoad as one-way hash function with data request information
The |input paramete of function calculates hash function output valve, and the data and hash function output valve that encrypt the two are sent to
Couple in router AR1;
Step 403:After couple in router AR1 receives the data request information load of encryption and hash function output valve,
Use private key KX-AR1Decryption Part I, and use private key KX-AR1With the Part I conduct of the data request information load for decrypting
The |input paramete of one-way Hash function calculates the output valve of hash function, if the cryptographic Hash for calculating and the Hash letter for receiving
Number output valve is identical, then carry out step 404, otherwise carry out step 417;
Step 404:Private key Ks of the couple in router AR1 with couple in router AR1 and couple in router AR2AR1-AR2To data
The Part I encryption of request message load by private key KAR1-AR2The Part I loaded with data request information is used as unidirectional
The |input paramete of hash function calculates hash function output valve, by data request information load Part I encryption data with
And the Part II encryption data and hash function of the data request information load of hash function output valve and step 402 generation
Output valve is sent to couple in router AR2;
Step 405:Couple in router AR2 receives data request information, that is, the data request information encrypted is loaded and breathed out
After uncommon function-output, private key K is usedAR1-AR2The Part I of ciphertext data request message load, and use private key KAR1-AR2And decryption
The Part I Message Payload of the data request information load for going out calculates Hash letter as the |input paramete of one-way Hash function
Several output valves, if the cryptographic Hash for calculating is identical with the hash function output valve for receiving, carries out step 406, otherwise enters
Row step 417;
Step 406:Couple in router AR2 checks address mapping table according to the home address of mobile node Y, while obtain moving
The session node ID of dynamic node Y, uses private key KY-AR2Part I encryption to data request information load by private key KY-AR2With
The Part I of data request information load calculates hash function output valve as the |input paramete of one-way Hash function, by number
The persistent node ID of couple in router AR2 is updated to according to the source address of request message, destination address is updated to the meeting of mobile node Y
Words node ID, the Part I encryption data that data request information is loaded and hash function output valve and step 402 are produced
Data request information load Part II encryption data and hash function output valve as data request information load
It is sent to mobile node Y;
Step 407:After mobile node Y receives data request information, private key K is usedY-AR2The load of ciphertext data request message
Part I, and use private key KY-AR2The Part I loaded with the data request information for decrypting is used as the defeated of one-way Hash function
Enter the output valve that parameter calculates hash function, if the cryptographic Hash for calculating is identical with the hash function output valve for receiving,
Step 408 is carried out, step 417 is otherwise carried out;
Step 408:Mobile node Y session private key KX-YThe Part II of ciphertext data request message load, and use session
Private key KX-YKazakhstan is calculated as the |input paramete of one-way Hash function with the Part II of the data request information load for decrypting
The output valve of uncommon function, if the cryptographic Hash for calculating is identical with the hash function output valve for receiving, carries out step 409, no
Step 417 is carried out then;
Step 409:Mobile node Y-direction mobile node X sends data response message, session of the source address for mobile node Y
Node ID, persistent node ID of the destination address for couple in router AR2, the load of data response message include two parts:First
Home address of the part for session serial number n, mobile node X and mobile node Y;Part II is data;Use private key KY-AR2It is right
The Part I encryption of data response message load by private key KY-AR2The Part I loaded with data response message is used as list
Hash function output valve is calculated to the |input paramete of hash function, with session private key KX-YTo the load of data response message the
Two Partial encryptions by session private key KX-YKazakhstan is calculated with |input paramete of the data response message load as one-way Hash function
Uncommon function-output, the data that the two are encrypted and hash function output valve are sent to as the load of data response message
Couple in router AR2;
Step 410:After couple in router AR2 receives data response request message, private key K is usedY-AR2Ciphertext data response disappears
The Part I of breath load, and use private key KY-AR2The Part I loaded with the data response message for decrypting is used as one-way hash function
The |input paramete of function calculates the output valve of hash function, if the cryptographic Hash for calculating and the hash function output valve for receiving
It is identical, then step 411 is carried out, step 417 is otherwise carried out;
Step 411:Private key Ks of the couple in router AR2 with couple in router AR2 and couple in router AR1AR1-AR2To data
The Part I encryption of response message load by private key KAR1-AR2The Part I loaded with data response message is used as unidirectional
The |input paramete of hash function calculates hash function output valve, by data response message load Part I encryption data and
The Part II encryption data and hash function of the data response message load that hash function output valve and step 409 are produced is defeated
Go out value and be sent to couple in router AR1;
Step 412:After couple in router AR1 receives data response message, private key K is usedAR1-AR2Ciphertext data response message
The Part I of load, and use private key KAR1-AR2The Part I loaded with the data response message for decrypting is used as one-way hash function
The |input paramete of function calculates the output valve of hash function, if the cryptographic Hash for calculating and the hash function output valve for receiving
It is identical, then step 413 is carried out, step 417 is otherwise carried out;
Step 413:Couple in router AR1 checks address mapping table according to the home address of mobile node X, while obtain moving
The session node ID of dynamic nodes X, uses private key KX-AR1Part I encryption to the load of data response message by private key KX-AR1With
The Part I of data response message load calculates hash function output valve as the |input paramete of one-way Hash function, by number
The persistent node ID of couple in router AR1 is updated to according to the source address of response message, destination address is updated to the meeting of mobile node X
Words node ID, what the Part I encryption data that data response message is loaded and hash function output valve and step 409 were produced
The Part II encryption data and hash function output valve of data response message load is sent out as the load of data response message
Give mobile node X;
Step 414:After mobile node X receives data response message, private key K is usedX-AR1Decryption Part I, and use private key
KX-AR1Hash is calculated as the |input paramete of one-way Hash function with the Part I of the data response message load for decrypting
The output valve of function, if the cryptographic Hash for calculating is identical with the hash function output valve for receiving, carries out step 415, otherwise
Carry out step 417;
Step 415:Mobile node X session private key KX-YThe Part II of ciphertext data response message load, and use session
Private key KX-YCalculate as the |input paramete of one-way Hash function with the Part II data of the data response message load for decrypting
Go out the output valve of hash function, if the cryptographic Hash for calculating is identical with the hash function output valve for receiving, carry out step
416, otherwise carry out step 417;
Step 416:Data in mobile node X processing data response messages;
Step 417:Terminate.
By said method, secure communication is realized between mobile node and privacy of user is protected.
In the method for the invention, the home network of mobile node X is wireless network A1, the access road in wireless network A1
It is AR1 by device, the home network of mobile node Y is wireless network A2, the couple in router of wireless network A2 is AR2, movable joint
Point X moves to wireless network A2 from wireless network A1, and mobile node Y is located at wireless network A2, couple in router AR1's and AR2
Private key is KAR1-AR2, the private key of mobile node X and couple in router AR1 is KX-AR1, mobile node Y and couple in router AR2's
Private key is KY-AR2;
Mobile node X is moved to after wireless network A2 from wireless network A1, is initiated with mobile node Y's by following processes
Session:
Step 501:Start;
Step 502:Mobile node X randomly generates session serial number n, is built using function set in advance and accesses route
The private key K of device AR2X-AR2, the |input paramete of the function set in advance includes the address of mobile node X, couple in router AR2's
Address, session serial number n and private key KX-AR1, mobile node X sends bind-request message to couple in router AR1, and source address is
Session node IDs of the mobile node X in wireless network A1, IPv6 address of the destination address for couple in router AR1, binding please
Message Payload is asked to be the home address for including mobile node X, the address of couple in router AR2 and session serial number n;Mobile node
X private key KX-AR1To message payload encryption, and use private key KX-AR1Load as the defeated of one-way Hash function with bind-request message
Enter the output valve that parameter calculates hash function, use private key KX-AR2To bind-request message payload encryption, and use private key KX-AR2With
Bind-request message loads the |input paramete as one-way Hash function and calculates the output valve of hash function, by this two parts
Encrypted content and hash function output valve are sent to couple in router AR1 as the load of bind-request message;
Step 503:After couple in router AR1 receives bind-request message, private key K is usedX-AR1Decryption obtains bind request and disappears
Breath load, uses private key KX-AR1Kazakhstan is calculated as the |input paramete of one-way Hash function with the bind-request message load for decrypting
The output valve of uncommon function, if the cryptographic Hash for calculating is identical with the hash function output valve for receiving, carries out step 504, no
Step 510 is carried out then;
Step 504:Couple in router AR1 calculates private key K with function set in advanceX-AR2, binding response message is built,
Binding response Message Payload is to include two parts:The content of Part I is private key KX-AR2With session serial number n, private key is used
KAR1-AR2Binding response Message Payload Part I is encrypted and by private key KAR1-AR2With binding response Message Payload first
It is allocated as calculating hash function output valve for the |input paramete of one-way Hash function;Part II is that using for step 502 generation is private
Key KX-AR2The content of encryption and use private key KX-AR2The output of hash function is calculated as the |input paramete of one-way Hash function
Value, the source address of message are the IPv6 addresses of couple in router AR1, and IPv6 address of the destination address for couple in router AR2 will
The binding response Message Payload and hash function output valve of this two parts encryption is sent to access as binding response Message Payload
Router AR2, couple in router AR1 update mobile node X address of cache list item, will mobile node X list items mapping ground
Address of the location area update for couple in router AR2;
Step 505:After couple in router AR2 receives binding response message, private key K is usedAR1-AR2Decryption binding response message
Load Part I encrypted content, uses private key KAR1-AR2With the binding response Message Payload for decrypting as one-way Hash function
|input paramete calculates the output valve of hash function, if the cryptographic Hash for calculating is identical with the hash function output valve for receiving,
Step 506 is then carried out, step 510 is otherwise carried out;
Step 506:Couple in router AR2 private key KX-AR2Decryption binding response Message Payload Part II encrypted content,
Use private key KX-AR2Hash function is calculated as the |input paramete of one-way Hash function with the binding response Message Payload for decrypting
Output valve, if calculate cryptographic Hash it is identical with the hash function output valve for receiving, carry out step 507, otherwise carry out
Step 510;
Step 507:Couple in router AR2 is that mobile node X distributes a new session node ID, and creates mobile node
The address of cache list item of X, home address of the permanent address domain for mobile node X, mapping address domain are the session node ID of distribution,
Binding acknowledgement message is built, binding acknowledgement Message Payload is the session node ID and session serial number for distributing to mobile node X
N, destination address are session node IDs of the mobile node X in wireless network A1, use private key KX-AR2To binding acknowledgement Message Payload
It is encrypted and by private key KX-AR2Hash letter is calculated with |input paramete of the binding acknowledgement Message Payload as one-way Hash function
Number output valve, the binding acknowledgement Message Payload and hash function output valve of encryption are sent to as the load of binding acknowledgement message
Mobile node X;
Step 508:After mobile node X receives binding acknowledgement message, private key K is usedX-AR2Decryption obtains binding acknowledgement message and bears
Carry, use private key KX-AR2Hash letter is calculated with |input paramete of the binding acknowledgement Message Payload for decrypting as one-way Hash function
Several output valves, if the cryptographic Hash for calculating is identical with the hash function output valve for receiving, carries out step 509, otherwise enters
Row step 510;
Step 509:Mobile node X obtains the session node ID in wireless network A2;
Step 510:Terminate;
Mobile node X is obtained after the session node ID in wireless network A2, is realized by following processes and mobile node
The session of Y:
Step 601:Start;
Step 602:Mobile node X randomly generates session sequence n, sends the request of session private key to couple in router AR2 and disappears
Breath, source address are session node IDs of the mobile node X in wireless network A2, and destination address is the permanent of couple in router AR2
Node ID, the load of session private key request message are the home address and session serial number n of mobile node Y, use private key KX-AR2Offset
Breath payload encryption, and use private key KX-AR1Calculate with |input paramete of the session private key request message load as one-way Hash function
The output valve of hash function, is sent to access route after the output valve to be attached to the session private key request message load of encryption
Device AR2;
Step 603:Couple in router AR2 receives the session private key request message load of encryption and hash function output valve
Afterwards, use private key KX-AR2Decryption obtains the load of session private key request message, uses private key KX-AR2Disappear with the session private key request for decrypting
Breath load calculates the output valve of hash function as the |input paramete of one-way Hash function, if the cryptographic Hash for calculating with receive
The hash function output valve for arriving is identical, then carry out step 604, otherwise carries out step 615;
Step 604:Couple in router AR2 inquires about address mapping table according to the home address of mobile node Y and obtains movable joint
The session node ID of point Y, while distributing a unappropriated new session node for mobile node X from session node ID spaces
ID, creates the session private key K of mobile node X and mobile node YX-Y, session private key response message is built, the response of session private key disappears
Breath load is new session node ID, session serial number n, the session node ID of mobile node Y and the meeting for distributing to mobile node X
Words private key KX-Y, use private key KY-AR2The load of session private key response message is encrypted and by private key KY-AR2Respond with session private key
Message Payload calculates hash function output valve as the |input paramete of one-way Hash function, uses KX-AR2The response of session private key is disappeared
Breath load is encrypted and by KX-AR2Hash function output is calculated with |input paramete of the Message Payload as one-way Hash function
Value, the session private key response message load of this two parts encryption and hash function output valve are born as session private key response message
Load is sent to mobile node X, and couple in router AR2 updates the address of cache list item of mobile node X, by mapping address area update is
It is newly assigned to the session node ID of mobile node X;
Step 605:Mobile node X receives the session private key response message load of this two parts encryption and the Hash letter for responding
After number output valve, private key K is usedX-AR2Decryption obtains the load of session private key response message, uses private key KX-AR2It is private with the session for decrypting
Key response message loads the |input paramete as one-way Hash function and calculates the output valve of hash function, if the Hash for calculating
Value is identical with the hash function output valve for receiving, then carry out step 606, otherwise carries out step 615;
Step 606:The session node ID of oneself is updated to access road in the load of session private key response message by mobile node X
The new session node ID distributed by device AR2, sends conversation request message to mobile node Y, and conversation request message load is step
Private key K is used in rapid 604Y-AR2The load of session private key response message is encrypted and by private key KY-AR2Disappear with the response of session private key
Breath loads the hash function output valve calculated as the |input paramete of one-way Hash function, and source address is that mobile node X is new
Session node ID, session node ID of the destination address for mobile node Y;
Step 607:After mobile node Y receives conversation request message, private key K is usedY-AR2Decryption obtains the response of session private key and disappears
Breath load, uses private key KY-AR2Calculate as the |input paramete of one-way Hash function with the session private key response message load for decrypting
Go out the output valve of hash function, if the cryptographic Hash for calculating is identical with the hash function output valve for receiving, carry out step
608, otherwise carry out step 615;
Step 608:Mobile node Y-direction mobile node X sends conversational response message, and the load of session private key response message is
Session serial number n, source address is the session node ID of oneself, and destination address is the new session node ID of mobile node X, movable joint
Point Y session private key KX-YMessage Payload is encrypted and by session private key KX-YWith the load of session private key response message as single
Hash function output valve is calculated to the |input paramete of hash function, by the session private key response message load of encryption and Hash letter
Number output valve is sent to mobile node X;
Step 609:After mobile node X receives the session private key response message load of encryption and hash function output valve, use
Session private key KX-YDecryption obtains the load of session private key response message, and with session private key KX-YWith the session private key response for decrypting
Message Payload calculates the output valve of hash function as the |input paramete of one-way Hash function, if the cryptographic Hash for calculating with connect
The hash function output valve for receiving is identical, then carry out step 610, otherwise carries out step 615;
Step 610:Mobile node X sends data request information, session of the source address for mobile node X to mobile node Y
Node ID, session node ID of the destination address for mobile node Y, with session private key KX-YSession serial number n and request of data are disappeared
Breath payload encryption by session private key KX-YKazakhstan is calculated with |input paramete of the data request information load as one-way Hash function
The session serial number n of encryption and data request information load and hash function output valve are sent to shifting by uncommon function-output
Dynamic node Y;
Step 611:Mobile node Y receives the session serial number n of encryption and data request information load and hash function
After output valve, with session private key KX-YDecryption obtains session serial number n and data request information load, and with session private key KX-YWith
The data request information load for decrypting calculates the output valve of hash function as the |input paramete of one-way Hash function, if
The cryptographic Hash of calculating is identical with the hash function output valve for receiving, then carry out step 612, otherwise carries out step 615;
Step 612:Node Y-direction mobile node X sends data response message, session node of the source address for mobile node Y
ID, session node ID of the destination address for mobile node X, with session private key KX-YIt is negative to session serial number n and data response message
Carry encryption and by session private key KX-YHash letter is calculated with |input paramete of the data response message load as one-way Hash function
The session serial number n of encryption and the load of data response message and hash function output valve are sent to movable joint by number output valve
Point X;
Step 613:Mobile node X receives the session serial number n of encryption and the load of data response message and hash function
After output valve, with session private key KX-YDecryption obtains session serial number n and the load of data response message, and with session private key KX-YWith
The data response message load for decrypting calculates the output valve of hash function as the |input paramete of one-way Hash function, if
The cryptographic Hash of calculating is identical with the hash function output valve for receiving, then carry out step 614, otherwise carries out step 615;
Step 614:Data in mobile node X processing data response messages;
Step 615:Terminate.
By said method, secure communication is realized between mobile node and privacy of user is protected.
Beneficial effect:The invention provides a kind of next generation wireless network secure communication implementation method, present invention achieves
The secure communication of user simultaneously protects the privacy information of user, can be widely applied to the fields such as medical treatment & health, with widely should
Use prospect.
Description of the drawings
With reference to the accompanying drawings and detailed description the present invention is done and is further illustrated, the present invention's is above-mentioned
And/or otherwise advantage will become apparent.
Fig. 1 is next generation wireless network of the present invention topology schematic diagram.
Fig. 2 is node address structural representation of the present invention.
Fig. 3 is that node of the present invention obtains persistent node ID and session node ID schematic flow sheets.
Specific embodiment:
The invention provides a kind of next generation wireless network secure communication implementation method, present invention achieves the safety of user
The privacy information of user is communicated and protected, the fields such as medical treatment & health is can be widely applied to, is with a wide range of applications.
Fig. 1 is next generation wireless network of the present invention topology schematic diagram.The wireless network is logical as end Network
Cross couple in router 1 and be connected to the Internet 2, the mobile node 3 of each configured IPv6 address has route in wireless network
Forwarding capability;Mobile node 3 moves to another wireless network from a wireless network, and mobile node 3 obtains home address
Home network of the wireless network as the mobile node 3, the couple in router 1 connected by home network is as the mobile node 3
Local couple in router;Mobile node 3 from home network move to another wireless network when, the wireless network referred to as should
The external network of mobile node 3, the couple in router 1 connected by external network are referred to as the outside of the mobile node 3 and access route
Device.
Fig. 2 is node address structural representation of the present invention.The IPv6 addresses of mobile node and couple in router are by two
Part constitutes, and Part I is global route prefix, one wireless network of unique mark, all movable joints in a wireless network
The global route prefix of point is all identical, and its value is equal to the global route prefix of the couple in router of place wireless network;Second
It is divided into node ID, in unique mark wireless network a mobile node, its length are i bits, and i is positive integer;Node ID is made
For the link address of mobile node;
Each mobile node has two node IDs of persistent node ID and session node ID:Persistent node ID is in mobile node
Life cycle in keep constant, the unique mark node;The session of session node ID unique marks, the session of each session
Node ID is all different;Persistent node ID and session node ID have uniqueness in a network;
Couple in router only has persistent node ID, and span is [1, T1], and T1 is positive integer and 1<T1<2i- 2, access
The persistent node ID of router is to pre-set;The node ID allocation space of mobile node is [T1+1,2i- 2], it is divided into permanent
Node ID space [T1+1, T2] and session node space [T2+1,2i- 2], T2 is positive integer and T1+1<T2<2i-2;Mobile node
The span of persistent node ID be persistent node ID spaces, the span of the session node ID of mobile node is session section
Point ID spaces;After mobile node starts adds wireless network, it obtains movable joint from the couple in router of place wireless network
The persistent node ID and session node ID of point, while persistent node ID is combined acquisition with the global route prefix of couple in router
Home address;
Couple in router and mobile node jump one in the range of broadcast type beacon frame, beacon frame load is place wireless network
The global routing prefix and public key certificate of the couple in router of network;Couple in router preserves an address mapping table to record at this
The address mapping information of the mobile node of persistent node ID is obtained in wireless network, each address of cache list item includes two domains:
Persistent node ID domains and mapping address domain;If mobile node is in home network, then mapping address domain is the meeting of the node
Words node ID, otherwise mapping address domain is the address of the couple in router of the node place external network.
Fig. 3 is that node of the present invention obtains persistent node ID and session node ID schematic flow sheets.One mobile node X
After startup, using hardware identifier ID (for example, MAC Address or the ID that dispatches from the factory) or a random number as the transient node of oneself
ID, while listening for neighbor access router or mobile node beacon frame obtaining the couple in router of place wireless network
The global route prefix and public key PubK-AR1 of AR1, mobile node X is by following Procedure Acquisition persistent node ID and session node
ID:
Step 101:Start;
Step 102:Mobile node X builds address request, and address request source address is interim for mobile node X's
Node ID, persistent node ID of the destination address for couple in router AR1, address request load for oneself public key PubK-X and
Random positive integer m, total lengths of the m less than address request load, from the beginning of the first character section of address request load
Choose m byte, using this m byte as one-way Hash function input value, by the private of the output valve node of hash function
Key PraK-X is encrypted acquisition digital signature, after digital signature is attached to address request load, Address requests is disappeared
The public key PubK-AR1 of breath load and digital signature couple in router AR1 is encrypted, by encrypted address request
Load and digital signature are sent to couple in router AR1;
Step 103:After couple in router AR1 receives encrypted address request load and digital signature, oneself is used
Private key PraK-AR1 decryption obtain Message Payload and digital signature, with the public key PubK-X of mobile node X to digital signature solution
The close output valve for obtaining hash function, couple in router AR1 start to choose m from the first character section that address request is loaded
This m byte is calculated the output valve of hash function, couple in router AR1 by byte as the input value of one-way Hash function
Whether the hash function value that comparison is calculated oneself is equal to the hash function value that decryption digital signature is obtained, if equal to, carry out
Step 104, otherwise carries out step 107;
Step 104:Couple in router AR1 is unappropriated for mobile node X distribution one from persistent node ID spaces
Persistent node ID, from session node ID spaces distributes a unappropriated session node ID for mobile node X, creates oneself
With the private key K between mobile node XX-AR1, address response message is built, address response message load is to distribute to mobile node X
Persistent node ID, session node ID and private key KX-AR1, transient node of the address response message destination address for mobile node X
ID, starts to choose m byte from the first character section of address response message load, using this m byte as one-way Hash function
Input value, the private key PraK-AR1 of the output valve couple in router AR1 of hash function is encrypted into acquisition digital signature,
After digital signature is attached to address response message load, address response message is loaded and digital signature is with mobile node X's
Public key PubK-X is encrypted, and encrypted address response message load and digital signature are sent to mobile node X, while
Increase the list item of mobile node X in address mapping table, persistent node ID values are to distribute to the persistent node ID of mobile node X, are reflected
It is the session node ID for distributing to mobile node X to penetrate address field;
Step 105:After mobile node X receives encrypted address response message load and digital signature, with the private of oneself
Key PraK-X decryption is loaded and digital signature so as to obtain address response message, with the public key PubK-AR1 of couple in router AR1
The output valve for obtaining hash function is decrypted to digital signature, mobile node X is opened from the first character section that address response message is loaded
Begin to choose m byte, this m byte is calculated into the output valve of hash function as the input value of one-way Hash function, is compared
Whether the hash function value for oneself calculating is equal to the hash function value that decryption digital signature is obtained, if equal to, carry out step
106, otherwise carry out step 107;
Step 106:Mobile node X record couple in router AR1 distribute to the persistent node ID of oneself, session node ID and
With the private key K between couple in router AR1X-AR1, the global route prefix of persistent node ID and couple in router AR1 is mutually tied
Close and obtain local IPv6 addresses;
Step 107:Terminate.
By said method, node can safety acquisition persistent node ID and session node ID and securely communicate.
By said method, node can safety acquisition persistent node ID and session node ID and securely communicate.
In the method for the invention, if mobile node X and mobile node Y are in same home network, the local net
The couple in router of network is K for the private key of AR1, mobile node X and couple in router AR1X-AR1, mobile node Y with access route
The private key of device AR1 is KY-AR1, mobile node X is according to the initiation of following processes and the session of mobile node Y:
Step 201:Start;
Step 202:Mobile node X sends session private key request message to couple in router AR1, and source address is mobile node
The session node ID of X, persistent node ID of the destination address for couple in router AR1, the load of session private key request message are movement
The persistent node ID and session serial number n, n of node Y is randomly generated, mobile node X private key KX-AR1To message payload encryption, and
Use private key KX-AR1The defeated of hash function is calculated with |input paramete of the session private key request message load as one-way Hash function
Go out value, after the output valve to be attached to the session private key request message load of encryption, be sent to couple in router AR1;
Step 203:Couple in router AR1 receives the session private key request message load of encryption and hash function output valve
Afterwards, use private key KX-AR1Decryption obtains the request load of message session private key, uses private key KX-AR1Disappear with the session private key request for decrypting
Breath load calculates the output valve of hash function as the |input paramete of one-way Hash function, if the cryptographic Hash for calculating with receive
The hash function output valve for arriving is identical, then carry out step 204, otherwise carries out step 215;
Step 204:Couple in router AR1 inquires about address mapping table according to the persistent node ID of mobile node Y and obtains movement
The session node ID of node Y, while distributing a unappropriated new session node for mobile node X from session node ID spaces
ID, creates the session private key K of mobile node X and mobile node YX-Y, session private key response message is built, private key response message is born
Carry to distribute to the new session node ID of mobile node X, session serial number n, the session node ID of mobile node Y and session are private
Key KX-Y, use private key KY-AR1The load of private key response message is encrypted and by private key KY-AR1Conduct is loaded with private key response message
The |input paramete of one-way Hash function calculates hash function output valve, uses private key KX-AR1The load of private key response message is carried out adding
It is close and by private key KX-AR1Hash function output is calculated with |input paramete of the private key response message load as one-way Hash function
The private key response message load of this two parts encryption and hash function output valve are sent to mobile node X, couple in router by value
AR1 updates the address of cache list item of mobile node X, is the session node for being newly assigned to mobile node X by mapping address area update
ID;
Step 205:The hash function that mobile node X receives the load of private key response message and response of this two parts encryption is defeated
After going out value, private key K is usedX-AR1Decryption obtains the load of private key response message, uses private key KX-AR1It is negative with the private key response message for decrypting
Carry the |input paramete as one-way Hash function and calculate the output valve of hash function, if the cryptographic Hash for calculating with receive
Hash function output valve is identical, then carry out step 206, otherwise carries out step 215;
Step 206:The session node ID of oneself is updated to couple in router AR1 distribution in Message Payload by mobile node X
New session node ID, while mobile node X to mobile node Y send conversation request message, conversation request message load be
Private key K is used in step 204Y-AR1The load of private key response message is encrypted and by private key KY-AR1It is negative with private key response message
Load calculates hash function output valve as the |input paramete of one-way Hash function, and source address is the new session sections of mobile node X
Point ID, session node ID of the destination address for mobile node Y;
Step 207:After mobile node Y receives conversation request message, private key K is usedY-AR1Decryption obtains session private key KX-Y, use
Private key KY-AR1Decryption obtains conversation request message load, uses private key KY-AR1With the conversation request message load for decrypting as single
The output valve of hash function is calculated to the |input paramete of hash function, if the cryptographic Hash for calculating and the hash function for receiving
Output valve is identical, then carry out step 208, otherwise carries out step 215;
Step 208:Mobile node Y-direction mobile node X sends conversational response message, and conversational response Message Payload is session sequence
Row number n, source address is the session node ID of oneself, and destination address is the new session node ID of nodes X, mobile node Y sessions
Private key KX-YConversational response Message Payload is encrypted and by session private key KX-YWith conversational response Message Payload as unidirectional Kazakhstan
The |input paramete of uncommon function calculates hash function output valve, by the conversational response Message Payload and hash function output valve of encryption
It is sent to mobile node X;
Step 209:After mobile node X receives the conversational response Message Payload and hash function output valve of encryption, session is used
Private key KX-YDecryption obtains conversational response Message Payload, and with session private key KX-YWith the conversational response Message Payload conduct for decrypting
The |input paramete of one-way Hash function calculates the output valve of hash function, if the cryptographic Hash for calculating and the Hash letter for receiving
Number output valve is identical, then carry out step 210, otherwise carry out step 215;
Step 210:Mobile node X sends data request information, session of the source address for mobile node X to mobile node Y
Node ID, session node ID of the destination address for mobile node Y, with session private key KX-YSession serial number n and request of data are disappeared
Breath payload encryption by session private key KX-YKazakhstan is calculated with |input paramete of the data request information load as one-way Hash function
The session serial number n of encryption and data request information load and hash function output valve are sent to shifting by uncommon function-output
Dynamic node Y;
Step 211:Mobile node Y receives the session serial number n of encryption and data request information load and hash function
After output valve, with session private key KX-YDecryption obtains session serial number n and data request information load, and with session private key KX-YWith
The data request information load for decrypting calculates the output valve of hash function as the |input paramete of one-way Hash function, if
The cryptographic Hash of calculating is identical with the hash function output valve for receiving, then carry out step 212, otherwise carries out step 215;
Step 212:Mobile node Y-direction mobile node X sends data response message, session of the source address for mobile node Y
Node ID, session node ID of the destination address for mobile node X, with session private key KX-YSession serial number n and data response are disappeared
Breath payload encryption by session private key KX-YKazakhstan is calculated with |input paramete of the data response message load as one-way Hash function
The session serial number n of encryption and the load of data response message and hash function output valve are sent to section by uncommon function-output
Point X;
Step 213:Mobile node X receives the session serial number n of encryption and the load of data response message and hash function
After output valve, with session private key KX-YDecryption obtains session serial number n and the load of data response message, and with session private key KX-YWith
The data response message load for decrypting calculates the output valve of hash function as the |input paramete of one-way Hash function, if
The cryptographic Hash of calculating is identical with the hash function output valve for receiving, then carry out step 214, otherwise carries out step 215;
Step 214:Data in mobile node X processing data response messages;
Step 215:Terminate;
After conversation end, the session serial number n for identifying session is changed into invalid.
By said method, secure communication is realized between mobile node and privacy of user is protected.
In the method for the invention, the home network of mobile node X is wireless network A1, the access road in wireless network A1
It is AR1 by device, the home network of mobile node Y is wireless network A2, the couple in router of wireless network A2 is AR2, movable joint
Point X is located at wireless network A1, and mobile node Y is located at wireless network A2, and the private key of couple in router AR1 and AR2 is KAR1-AR2, move
Dynamic nodes X is K with the private key of couple in router AR1X-AR1, the private key of mobile node Y and couple in router AR2 is KY-AR2;
If mobile node X is in wireless network A1, mobile node X is true by the IPv6 address prefixs of mobile node Y
The home network for determining mobile node Y is wireless network A2, and mobile node X is by the initiation session of following processes:
Step 301:Start;
Step 302:Mobile node X sends session private key request message to couple in router AR1, and source address is mobile node
The session node ID of X, persistent node ID of the destination address for couple in router AR1, the load of session private key request message are movement
The home address and session serial number n, n of node Y is randomly generated, and uses private key KX-AR1To session private key request message payload encryption,
And use private key KX-AR1Hash function is calculated with |input paramete of the session private key request message load as one-way Hash function
Output valve, is sent to couple in router AR1 after the output valve is attached to the Message Payload of encryption;
Step 303:Couple in router AR1 receives the session private key request message load of encryption and hash function output valve
Afterwards, use private key KX-AR1Decryption obtains the load of session private key request message, uses private key KX-AR1Disappear with the session private key request for decrypting
Breath load calculates the output valve of hash function as the |input paramete of one-way Hash function, if the cryptographic Hash for calculating with receive
The hash function output valve for arriving is identical, then carry out step 304, otherwise carries out step 315;
Step 304:Couple in router AR1 builds session private key request message, and the load of session private key request message is movement
The home address and session serial number n of nodes X and mobile node Y, IPv6 address of the source address for couple in router AR1, mesh
Address for couple in router AR2 IPv6 addresses, use private key KAR1-AR2The load of session private key request message is encrypted simultaneously
By private key KAR1-AR2To calculate hash function defeated for the |input paramete for loading as one-way Hash function with session private key request message
Go out value, the session private key request message load of encryption and hash function output valve are sent to into couple in router AR2;
Step 305:Couple in router AR2 receives the session private key request message load of encryption and hash function output valve
Afterwards, use private key KAR1-AR2Decryption obtains the load of session private key request message, uses private key KAR1-AR2With the session private key request for decrypting
Message Payload calculates the output valve of hash function as the |input paramete of one-way Hash function, if the cryptographic Hash for calculating with connect
The hash function output valve for receiving is identical, then carry out step 306, otherwise carries out step 315;
Step 306:Couple in router AR2 creates the session private key K of mobile node X and mobile node YX-Y, build session private
Key response message, IPv6 address of the session private key response message load for mobile node X, session serial number n and session private key
KX-Y, session private key response message destination address is the session node ID of mobile node Y, uses private key KY-AR2Session private key is responded
Message Payload is encrypted and by private key KY-AR2The |input paramete as one-way Hash function is loaded with session private key response message
Hash function output valve is calculated, the session private key response message load of encryption and hash function output valve are sent to into movable joint
Point Y;
Step 307:After mobile node Y receives the session private key response message load of encryption and hash function output valve, use
Private key KY-AR2Decryption obtains the load of session private key response message, uses private key KY-AR2It is negative with the session private key response message for decrypting
Carry the |input paramete as one-way Hash function and calculate the output valve of hash function, if the cryptographic Hash for calculating with receive
Hash function output valve is identical, then carry out step 308, otherwise carries out step 315;
Step 308:Mobile node Y builds communication response message, the local ground of communication response Message Payload mobile node X
Location, session serial number n and session private key KX-Y, destination address is the persistent node ID of couple in router AR2, uses private key KY-AR2It is right
Communication response Message Payload is encrypted and by private key KY-AR2With communication response Message Payload as one-way Hash function input
Parameter calculates hash function output valve, and the communication response Message Payload and hash function output valve of encryption are sent to access road
By device AR2;
Step 309:After couple in router AR2 receives the communication response Message Payload and hash function output valve of encryption, use
Private key KY-AR2Decryption uses private key K to obtain communication response Message PayloadY-AR2With the communication response Message Payload conduct for decrypting
The |input paramete of one-way Hash function calculates the output valve of hash function, if the cryptographic Hash for calculating and the Hash letter for receiving
Number output valve is identical, then carry out step 310, otherwise carry out step 315;
Step 310:Couple in router AR2 builds session private key response message, and the load of session private key response message is movement
The IPv6 addresses of nodes X and mobile node Y, session serial number n and session private key KX-Y, destination address couple in router AR1's
IPv6 addresses, source address are the IPv6 addresses of couple in router AR2 oneself, use private key KAR1-AR2It is negative to session private key response message
Load is encrypted and by private key KAR1-AR2The |input paramete calculating as one-way Hash function is loaded with session private key response message
Go out hash function output valve, the session private key response message load of encryption and hash function output valve are sent to into couple in router
AR1;
Step 311:Couple in router AR1 receives the session private key response message load of encryption and hash function output valve
Afterwards, use private key KAR1-AR2Decryption obtains Message Payload, uses private key KAR1-AR2With the session private key response message load conduct for decrypting
The |input paramete of one-way Hash function calculates the output valve of hash function, if the cryptographic Hash for calculating and the Hash letter for receiving
Number output valve is identical, then carry out step 312, otherwise carry out step 315;
Step 312:Couple in router AR1 is that mobile node X distributes a new session node in session node ID spaces
ID, builds session private key response message, IPv6 address of the session private key response message load for mobile node Y, session serial number
N, new session node ID and session private key KX-Y, destination address is the session node ID of mobile node X, uses private key KX-AR1To meeting
Words private key response message load is encrypted and by private key KX-AR1Load as one-way Hash function with session private key response message
|input paramete calculate hash function output valve, by encryption session private key response message load and hash function output valve send out
Mobile node X is given, while update the address of cache list item of mobile node X, i.e., with the new session section for distributing to mobile node X
Point ID updates the mapping address domain of corresponding list item;,
Step 313:After mobile node X receives the session private key response message load of encryption and hash function output valve, use
Private key KX-AR1Decryption obtains Message Payload, uses private key KX-AR1With the session private key response message load for decrypting as unidirectional Kazakhstan
The |input paramete of uncommon function calculates the output valve of hash function, if the cryptographic Hash for calculating and the hash function output for receiving
Value is identical, then carry out step 314, otherwise carry out step 315;
Step 314:The session node ID of oneself is updated to new session node ID by mobile node X, preserves session sequence
Number n and session private key KX-Y;
Step 315:Terminate;
Mobile node X and mobile node Y obtains session serial number n and session private key KX-YAfterwards, realized by following processes
With the secure communication of mobile node Y:
Step 401:Start;
Step 402:Mobile node X sends data request information, session of the source address for mobile node X to mobile node Y
Node ID, persistent node ID of the destination address for couple in router AR1, data request information load include two parts:First
Home address of the part for session serial number n, mobile node X and mobile node Y;Part II is data, uses private key KX-AR1It is right
Part I is encrypted and by private key KX-AR1As the |input paramete of one-way Hash function, to calculate hash function defeated with Part I
Go out value, with session private key KX-YPart II is encrypted and by session private key KX-YLoad as one-way hash function with data request information
The |input paramete of function calculates hash function output valve, and the data and hash function output valve that encrypt the two are sent to
Couple in router AR1;
Step 403:After couple in router AR1 receives the data request information load of encryption and hash function output valve,
Use private key KX-AR1Decryption Part I, and use private key KX-AR1With the Part I conduct of the data request information load for decrypting
The |input paramete of one-way Hash function calculates the output valve of hash function, if the cryptographic Hash for calculating and the Hash letter for receiving
Number output valve is identical, then carry out step 404, otherwise carry out step 417;
Step 404:Private key Ks of the couple in router AR1 with couple in router AR1 and couple in router AR2AR1-AR2To data
The Part I encryption of request message load by private key KAR1-AR2The Part I loaded with data request information is used as unidirectional
The |input paramete of hash function calculates hash function output valve, by data request information load Part I encryption data with
And the Part II encryption data and hash function of the data request information load of hash function output valve and step 402 generation
Output valve is sent to couple in router AR2;
Step 405:Couple in router AR2 receives data request information, that is, the data request information encrypted is loaded and breathed out
After uncommon function-output, private key K is usedAR1-AR2The Part I of ciphertext data request message load, and use private key KAR1-AR2And decryption
The Part I Message Payload of the data request information load for going out calculates Hash letter as the |input paramete of one-way Hash function
Several output valves, if the cryptographic Hash for calculating is identical with the hash function output valve for receiving, carries out step 406, otherwise enters
Row step 417;
Step 406:Couple in router AR2 checks address mapping table according to the home address of mobile node Y, while obtain moving
The session node ID of dynamic node Y, uses private key KY-AR2Part I encryption to data request information load by private key KY-AR2With
The Part I of data request information load calculates hash function output valve as the |input paramete of one-way Hash function, by number
The persistent node ID of couple in router AR2 is updated to according to the source address of request message, destination address is updated to the meeting of mobile node Y
Words node ID, the Part I encryption data that data request information is loaded and hash function output valve and step 402 are produced
Data request information load Part II encryption data and hash function output valve as data request information load
It is sent to mobile node Y;
Step 407:After mobile node Y receives data request information, private key K is usedY-AR2The load of ciphertext data request message
Part I, and use private key KY-AR2The Part I loaded with the data request information for decrypting is used as the defeated of one-way Hash function
Enter the output valve that parameter calculates hash function, if the cryptographic Hash for calculating is identical with the hash function output valve for receiving,
Step 408 is carried out, step 417 is otherwise carried out;
Step 408:Mobile node Y session private key KX-YThe Part II of ciphertext data request message load, and use session
Private key KX-YKazakhstan is calculated as the |input paramete of one-way Hash function with the Part II of the data request information load for decrypting
The output valve of uncommon function, if the cryptographic Hash for calculating is identical with the hash function output valve for receiving, carries out step 409, no
Step 417 is carried out then;
Step 409:Mobile node Y-direction mobile node X sends data response message, session of the source address for mobile node Y
Node ID, persistent node ID of the destination address for couple in router AR2, the load of data response message include two parts:First
Home address of the part for session serial number n, mobile node X and mobile node Y;Part II is data;Use private key KY-AR2It is right
The Part I encryption of data response message load by private key KY-AR2The Part I loaded with data response message is used as list
Hash function output valve is calculated to the |input paramete of hash function, with session private key KX-YTo the load of data response message the
Two Partial encryptions by session private key KX-YKazakhstan is calculated with |input paramete of the data response message load as one-way Hash function
Uncommon function-output, the data that the two are encrypted and hash function output valve are sent to as the load of data response message
Couple in router AR2;
Step 410:After couple in router AR2 receives data response request message, private key K is usedY-AR2Ciphertext data response disappears
The Part I of breath load, and use private key KY-AR2The Part I loaded with the data response message for decrypting is used as one-way hash function
The |input paramete of function calculates the output valve of hash function, if the cryptographic Hash for calculating and the hash function output valve for receiving
It is identical, then step 411 is carried out, step 417 is otherwise carried out;
Step 411:Private key Ks of the couple in router AR2 with couple in router AR2 and couple in router AR1AR1-AR2To data
The Part I encryption of response message load by private key KAR1-AR2The Part I loaded with data response message is used as unidirectional
The |input paramete of hash function calculates hash function output valve, by data response message load Part I encryption data and
The Part II encryption data and hash function of the data response message load that hash function output valve and step 409 are produced is defeated
Go out value and be sent to couple in router AR1;
Step 412:After couple in router AR1 receives data response message, private key K is usedAR1-AR2Ciphertext data response message
The Part I of load, and use private key KAR1-AR2The Part I loaded with the data response message for decrypting is used as one-way hash function
The |input paramete of function calculates the output valve of hash function, if the cryptographic Hash for calculating and the hash function output valve for receiving
It is identical, then step 413 is carried out, step 417 is otherwise carried out;
Step 413:Couple in router AR1 checks address mapping table according to the home address of mobile node X, while obtaining
The session node ID of mobile node X, uses private key KX-AR1Part I encryption to the load of data response message by private key KX-AR1
Hash function output valve is calculated as the |input paramete of one-way Hash function with the Part I of data response message load, will
The source address of data response message is updated to the persistent node ID of couple in router AR1, and destination address is updated to mobile node X's
Session node ID, the Part I encryption data that data response message is loaded and hash function output valve and step 409 are produced
Data response message load Part II encryption data and hash function output valve as data response message load
It is sent to mobile node X;
Step 414:After mobile node X receives data response message, private key K is usedX-AR1Decryption Part I, and use private key
KX-AR1Hash is calculated as the |input paramete of one-way Hash function with the Part I of the data response message load for decrypting
The output valve of function, if the cryptographic Hash for calculating is identical with the hash function output valve for receiving, carries out step 415, otherwise
Carry out step 417;
Step 415:Mobile node X session private key KX-YThe Part II of ciphertext data response message load, and use session
Private key KX-YCalculate as the |input paramete of one-way Hash function with the Part II data of the data response message load for decrypting
Go out the output valve of hash function, if the cryptographic Hash for calculating is identical with the hash function output valve for receiving, carry out step
416, otherwise carry out step 417;
Step 416:Data in mobile node X processing data response messages;
Step 417:Terminate.
By said method, secure communication is realized between mobile node and privacy of user is protected.
In the method for the invention, the home network of mobile node X is wireless network A1, the access road in wireless network A1
It is AR1 by device, the home network of mobile node Y is wireless network A2, the couple in router of wireless network A2 is AR2, movable joint
Point X moves to wireless network A2 from wireless network A1, and mobile node Y is located at wireless network A2, couple in router AR1's and AR2
Private key is KAR1-AR2, the private key of mobile node X and couple in router AR1 is KX-AR1, mobile node Y and couple in router AR2's
Private key is KY-AR2;
Mobile node X is moved to after wireless network A2 from wireless network A1, is initiated with mobile node Y's by following processes
Session:
Step 501:Start;
Step 502:Mobile node X randomly generates session serial number n, is built using function set in advance and accesses route
The private key K of device AR2X-AR2, the |input paramete of the function set in advance includes the address of mobile node X, couple in router AR2's
Address, session serial number n and private key KX-AR1, mobile node X sends bind-request message to couple in router AR1, and source address is
Session node IDs of the mobile node X in wireless network A1, IPv6 address of the destination address for couple in router AR1, binding please
Message Payload is asked to be the home address for including mobile node X, the address of couple in router AR2 and session serial number n;Mobile node
X private key KX-AR1To message payload encryption, and use private key KX-AR1Load as the defeated of one-way Hash function with bind-request message
Enter the output valve that parameter calculates hash function, use private key KX-AR2To bind-request message payload encryption, and use private key KX-AR2With
Bind-request message loads the |input paramete as one-way Hash function and calculates the output valve of hash function, and this two parts is added
Close content and hash function output valve are sent to couple in router AR1 as the load of bind-request message;
Step 503:After couple in router AR1 receives bind-request message, private key K is usedX-AR1Decryption obtains bind request and disappears
Breath load, uses private key KX-AR1Kazakhstan is calculated as the |input paramete of one-way Hash function with the bind-request message load for decrypting
The output valve of uncommon function, if the cryptographic Hash for calculating is identical with the hash function output valve for receiving, carries out step 504, no
Step 510 is carried out then;
Step 504:Couple in router AR1 calculates private key K with function set in advanceX-AR2, binding response message is built,
Binding response Message Payload is to include two parts:The content of Part I is private key KX-AR2With session serial number n, private key is used
KAR1-AR2Binding response Message Payload Part I is encrypted and by private key KAR1-AR2With binding response Message Payload first
It is allocated as calculating hash function output valve for the |input paramete of one-way Hash function;Part II is that using for step 502 generation is private
Key KX-AR2The content of encryption and use private key KX-AR2The output of hash function is calculated as the |input paramete of one-way Hash function
Value, the source address of message are the IPv6 addresses of couple in router AR1, and IPv6 address of the destination address for couple in router AR2 will
The binding response Message Payload and hash function output valve of this two parts encryption is sent to access as binding response Message Payload
Router AR2, couple in router AR1 update mobile node X address of cache list item, will mobile node X list items mapping ground
Address of the location area update for couple in router AR2;
Step 505:After couple in router AR2 receives binding response message, private key K is usedAR1-AR2Decryption binding response message
Load Part I encrypted content, uses private key KAR1-AR2With the binding response Message Payload for decrypting as one-way Hash function
|input paramete calculates the output valve of hash function, if the cryptographic Hash for calculating is identical with the hash function output valve for receiving,
Step 506 is then carried out, step 510 is otherwise carried out;
Step 506:Couple in router AR2 private key KX-AR2Decryption binding response Message Payload Part II encrypted content,
Use private key KX-AR2Hash function is calculated as the |input paramete of one-way Hash function with the binding response Message Payload for decrypting
Output valve, if calculate cryptographic Hash it is identical with the hash function output valve for receiving, carry out step 507, otherwise carry out
Step 510;
Step 507:Couple in router AR2 is that mobile node X distributes a new session node ID, and creates mobile node
The address of cache list item of X, home address of the permanent address domain for mobile node X, mapping address domain are the session node ID of distribution,
Binding acknowledgement message is built, binding acknowledgement Message Payload is the session node ID and session serial number for distributing to mobile node X
N, destination address are session node IDs of the mobile node X in wireless network A1, use private key KX-AR2To binding acknowledgement Message Payload
It is encrypted and by private key KX-AR2Hash letter is calculated with |input paramete of the binding acknowledgement Message Payload as one-way Hash function
Number output valve, the binding acknowledgement Message Payload and hash function output valve of encryption are sent to as the load of binding acknowledgement message
Mobile node X;
Step 508:After mobile node X receives binding acknowledgement message, private key K is usedX-AR2Decryption obtains binding acknowledgement message and bears
Carry, use private key KX-AR2Hash letter is calculated with |input paramete of the binding acknowledgement Message Payload for decrypting as one-way Hash function
Several output valves, if the cryptographic Hash for calculating is identical with the hash function output valve for receiving, carries out step 509, otherwise enters
Row step 510;
Step 509:Mobile node X obtains the session node ID in wireless network A2;
Step 510:Terminate;
Mobile node X is obtained after the session node ID in wireless network A2, is realized and mobile node Y by following processes
Session:
Step 601:Start;
Step 602:Mobile node X randomly generates session sequence n, sends the request of session private key to couple in router AR2 and disappears
Breath, source address are session node IDs of the mobile node X in wireless network A2, and destination address is the permanent of couple in router AR2
Node ID, the load of session private key request message are the home address and session serial number n of mobile node Y, use private key KX-AR2Offset
Breath payload encryption, and use private key KX-AR1Calculate with |input paramete of the session private key request message load as one-way Hash function
The output valve of hash function, is sent to access route after the output valve to be attached to the session private key request message load of encryption
Device AR2;
Step 603:Couple in router AR2 receives the session private key request message load of encryption and hash function output valve
Afterwards, use private key KX-AR2Decryption obtains the load of session private key request message, uses private key KX-AR2Disappear with the session private key request for decrypting
Breath load calculates the output valve of hash function as the |input paramete of one-way Hash function, if the cryptographic Hash for calculating with receive
The hash function output valve for arriving is identical, then carry out step 604, otherwise carries out step 615;
Step 604:Couple in router AR2 inquires about address mapping table according to the home address of mobile node Y and obtains movable joint
The session node ID of point Y, while distributing a unappropriated new session node for mobile node X from session node ID spaces
ID, creates the session private key K of mobile node X and mobile node YX-Y, session private key response message is built, the response of session private key disappears
Breath load is new session node ID, session serial number n, the session node ID of mobile node Y and the meeting for distributing to mobile node X
Words private key KX-Y, use private key KY-AR2The load of session private key response message is encrypted and by private key KY-AR2Respond with session private key
Message Payload calculates hash function output valve as the |input paramete of one-way Hash function, uses KX-AR2The response of session private key is disappeared
Breath load is encrypted and by KX-AR2Hash function output is calculated with |input paramete of the Message Payload as one-way Hash function
Value, the session private key response message load of this two parts encryption and hash function output valve are born as session private key response message
Load is sent to mobile node X, and couple in router AR2 updates the address of cache list item of mobile node X, by mapping address area update is
It is newly assigned to the session node ID of mobile node X;
Step 605:Mobile node X receives the session private key response message load of this two parts encryption and the Hash letter for responding
After number output valve, private key K is usedX-AR2Decryption obtains the load of session private key response message, uses private key KX-AR2It is private with the session for decrypting
Key response message loads the |input paramete as one-way Hash function and calculates the output valve of hash function, if the Hash for calculating
Value is identical with the hash function output valve for receiving, then carry out step 606, otherwise carries out step 615;
Step 606:The session node ID of oneself is updated to access road in the load of session private key response message by mobile node X
The new session node ID distributed by device AR2, sends conversation request message to mobile node Y, and conversation request message load is step
Private key K is used in rapid 604Y-AR2The load of session private key response message is encrypted and by private key KY-AR2Disappear with the response of session private key
Breath loads the hash function output valve calculated as the |input paramete of one-way Hash function, and source address is that mobile node X is new
Session node ID, session node ID of the destination address for mobile node Y;
Step 607:After mobile node Y receives conversation request message, private key K is usedY-AR2Decryption obtains the response of session private key and disappears
Breath load, uses private key KY-AR2Calculate as the |input paramete of one-way Hash function with the session private key response message load for decrypting
Go out the output valve of hash function, if the cryptographic Hash for calculating is identical with the hash function output valve for receiving, carry out step
608, otherwise carry out step 615;
Step 608:Mobile node Y-direction mobile node X sends conversational response message, and the load of session private key response message is meeting
Words serial number n, source address is the session node ID of oneself, and destination address is the new session node ID of mobile node X, movable joint
Point Y session private key KX-YMessage Payload is encrypted and by session private key KX-YWith the load of session private key response message as single
Hash function output valve is calculated to the |input paramete of hash function, by the session private key response message load of encryption and Hash letter
Number output valve is sent to mobile node X;
Step 609:After mobile node X receives the session private key response message load of encryption and hash function output valve, use
Session private key KX-YDecryption obtains the load of session private key response message, and with session private key KX-YWith the session private key response for decrypting
Message Payload calculates the output valve of hash function as the |input paramete of one-way Hash function, if the cryptographic Hash for calculating with connect
The hash function output valve for receiving is identical, then carry out step 610, otherwise carries out step 615;
Step 610:Mobile node X sends data request information, session of the source address for mobile node X to mobile node Y
Node ID, session node ID of the destination address for mobile node Y, with session private key KX-YSession serial number n and request of data are disappeared
Breath payload encryption by session private key KX-YKazakhstan is calculated with |input paramete of the data request information load as one-way Hash function
The session serial number n of encryption and data request information load and hash function output valve are sent to shifting by uncommon function-output
Dynamic node Y;
Step 611:Mobile node Y receives the session serial number n of encryption and data request information load and hash function
After output valve, with session private key KX-YDecryption obtains session serial number n and data request information load, and with session private key KX-YWith
The data request information load for decrypting calculates the output valve of hash function as the |input paramete of one-way Hash function, if
The cryptographic Hash of calculating is identical with the hash function output valve for receiving, then carry out step 612, otherwise carries out step 615;
Step 612:Node Y-direction mobile node X sends data response message, session node of the source address for mobile node Y
ID, session node ID of the destination address for mobile node X, with session private key KX-YIt is negative to session serial number n and data response message
Carry encryption and by session private key KX-YHash letter is calculated with |input paramete of the data response message load as one-way Hash function
The session serial number n of encryption and the load of data response message and hash function output valve are sent to movable joint by number output valve
Point X;
Step 613:Mobile node X receives the session serial number n of encryption and the load of data response message and hash function
After output valve, with session private key KX-YDecryption obtains session serial number n and the load of data response message, and with session private key KX-YWith
The data response message load for decrypting calculates the output valve of hash function as the |input paramete of one-way Hash function, if
The cryptographic Hash of calculating is identical with the hash function output valve for receiving, then carry out step 614, otherwise carries out step 615;
Step 614:Data in mobile node X processing data response messages;
Step 615:Terminate.
By said method, secure communication is realized between mobile node and privacy of user is protected.
In sum, the next generation wireless network secure communication implementation method that the present invention is provided, technique can be applied
In numerous areas such as medical treatment & healths, therefore, this technology has very high promotional value.
The invention provides a kind of thinking of next generation wireless network secure communication implementation method, implements the technical side
The method and approach of case is a lot, and the above is only the preferred embodiment of the present invention, it is noted that for the art
For those of ordinary skill, under the premise without departing from the principles of the invention, some improvements and modifications can also be made, these improvement
Also protection scope of the present invention is should be regarded as with retouching.In the present embodiment, clearly each component part not can use prior art to add
To realize.
Embodiment 1
Based on the simulation parameter of table 1, the present embodiment simulates the secure communication implementation method in the present invention, and performance evaluation is such as
Under:When network area and number of nodes are constant, data payload is bigger, and communication delay and power consumption are bigger, mobile node with access road
Distance by device is more remote, and communication delay and power consumption are also bigger.The average retardation of secure communication is 50 milliseconds, and average power consumption is 2mJ.
1 simulation parameter of table
。
Claims (4)
1. a kind of next generation wireless network secure communication implementation method, it is characterised in that the wireless network is used as end Network
The Internet is connected to by couple in router, there is the mobile node of each configured IPv6 address route to turn in wireless network
Send out function;Mobile node moves to another wireless network from a wireless network, and mobile node obtains the wireless of home address
Home network of the network as the mobile node, the couple in router connected by home network are connect as the local of the mobile node
Enter router;Mobile node from home network move to another wireless network when, the wireless network is referred to as the mobile node
External network, the couple in router connected by external network is referred to as the outside couple in router of the mobile node;
The IPv6 addresses of mobile node and couple in router are made up of two parts, and Part I is global route prefix, Wei Yibiao
Know a wireless network, the global route prefix of all mobile nodes is all identical in a wireless network, its value is equal to place nothing
The global route prefix of the couple in router of gauze network;Part II is node ID, and in unique mark wireless network moves
Dynamic node, its length are i bits, and i is positive integer;Link address of the node ID as mobile node;
Each mobile node has two node IDs of persistent node ID and session node ID:Lifes of the persistent node ID in mobile node
Keep constant in the life cycle, the unique mark node;The session of session node ID unique marks, the session node of each session
ID is different;Persistent node ID and session node ID have uniqueness in a network;
Couple in router only has persistent node ID, and span is [1, T1], and T1 is positive integer and 1<T1<2i- 2, couple in router
Persistent node ID to pre-set;The node ID allocation space of mobile node is [T1+1,2i- 2], it is divided into persistent node ID
Space [T1+1, T2] and session node space [T2+1,2i- 2], T2 is positive integer and T1+1<T2<2i-2;Mobile node it is permanent
The span of node ID is persistent node ID spaces, and the span of the session node ID of mobile node is that session node ID is empty
Between;After mobile node starts adds wireless network, it obtains mobile node forever from the couple in router of place wireless network
Long node ID and session node ID, while persistent node ID is combined acquisition local ground with the global route prefix of couple in router
Location;
Couple in router and mobile node jump one in the range of broadcast type beacon frame, beacon frame load is place wireless network
The global routing prefix and public key certificate of couple in router;It is wireless at this to record that couple in router preserves an address mapping table
The address mapping information of the mobile node of persistent node ID is obtained in network, each address of cache list item includes two domains:Forever
Node ID domain and mapping address domain;If mobile node is in home network, then mapping address domain is the session section of the node
Point ID, otherwise mapping address domain are the address of the couple in router of the node place external network;
After one mobile node X starts, using hardware identifier ID or a random number as the transient node ID of oneself, while
Monitor the beacon frame of neighbor access router or mobile node to obtain the overall situation of the couple in router AR1 of place wireless network
Route prefix and public key PubK-AR1, mobile node X is by following Procedure Acquisition persistent node ID and session node ID:
Step 101:Start;
Step 102:Mobile node X builds address request, transient node of the address request source address for mobile node X
ID, persistent node ID of the destination address for couple in router AR1, address request load is for oneself public key PubK-X and at random
Positive integer m, total lengths of the m less than address request load start to choose m from the first character section of address request load
Individual byte, using this m byte as one-way Hash function input value, by the private key of the output valve node of hash function
PraK-X is encrypted acquisition digital signature, after digital signature is attached to address request load, to address request
The public key PubK-AR1 of load and digital signature couple in router AR1 is encrypted, and encrypted address request is born
Carry and digital signature is sent to couple in router AR1;
Step 103:After couple in router AR1 receives encrypted address request load and digital signature, with the private of oneself
Key PraK-AR1 decryption obtains Message Payload and digital signature, digital signature decryption is obtained with the public key PubK-X of mobile node X
The output valve of hash function is taken, couple in router AR1 starts to choose m word from the first character section that address request is loaded
Section, this m byte is calculated the output valve of hash function, couple in router AR1 ratios as the input value of one-way Hash function
Whether the hash function value calculated compared with oneself is equal to the hash function value that decryption digital signature is obtained, if equal to, walked
Rapid 104, otherwise carry out step 107;
Step 104:Couple in router AR1 is unappropriated permanent for mobile node X distribution one from persistent node ID spaces
Node ID, distributes a unappropriated session node ID for mobile node X from session node ID spaces, creates oneself and moves
Private key K between dynamic nodes XX-AR1, address response message is built, address response message load is to distribute to mobile node X forever
Long node ID, session node ID and private key KX-AR1, transient node ID of the address response message destination address for mobile node X, from
Address response message load first character section start choose m byte, using this m byte as one-way Hash function input
The private key PraK-AR1 of the output valve couple in router AR1 of hash function is encrypted acquisition digital signature, by numeral by value
After signature is attached to address response message load, address response message is loaded and the digital signature public key of mobile node X
PubK-X is encrypted, and encrypted address response message load and digital signature is sent to mobile node X, while in address
Increase the list item of mobile node X in mapping table, persistent node ID values are to distribute to the persistent node ID of mobile node X, mapping ground
Location domain is the session node ID for distributing to mobile node X;
Step 105:After mobile node X receives encrypted address response message load and digital signature, with the private key of oneself
PraK-X decryption is loaded and digital signature so as to obtain address response message, with public key PubK-AR1 pair of couple in router AR1
Digital signature decryption obtains the output valve of hash function, from the beginning of the first character section that mobile node X is loaded from address response message
M byte is chosen, this m byte is calculated into the output valve of hash function as the input value of one-way Hash function, compared certainly
Whether the hash function value that oneself calculates is equal to the hash function value that decryption digital signature is obtained, if equal to, carry out step
106, otherwise carry out step 107;
Step 106:Mobile node X record couple in router AR1 distribute to the persistent node ID of oneself, session node ID and with connect
Enter the private key K between router AR1X-AR1, persistent node ID is combined with the global route prefix of couple in router AR1 acquisition
Local IPv6 addresses;
Step 107:Terminate.
2. next generation wireless network secure communication implementation method according to claim 1, it is characterised in that if movable joint
, in same home network, the couple in router of the home network is AR1, mobile node X and access for point X and mobile node Y
The private key of router AR1 is KX-AR1, the private key of mobile node Y and couple in router AR1 is KY-AR1, mobile node X is according to following
Process initiates the session with mobile node Y:
Step 201:Start;
Step 202:Mobile node X sends session private key request message to couple in router AR1, and source address is mobile node X's
Session node ID, persistent node ID of the destination address for couple in router AR1, the load of session private key request message are mobile node
The persistent node ID and session serial number n, n of Y is randomly generated, mobile node X private key KX-AR1To message payload encryption, and with private
Key KX-AR1The |input paramete loaded as one-way Hash function with session private key request message calculates the output valve of hash function,
Couple in router AR1 is sent to after the output valve to be attached to the session private key request message load of encryption;
Step 203:After couple in router AR1 receives the session private key request message load of encryption and hash function output valve, use
Private key KX-AR1Decryption obtains the request load of message session private key, uses private key KX-AR1It is negative with the session private key request message for decrypting
Carry the |input paramete as one-way Hash function and calculate the output valve of hash function, if the cryptographic Hash for calculating with receive
Hash function output valve is identical, then carry out step 204, otherwise carries out step 215;
Step 204:Couple in router AR1 inquires about address mapping table according to the persistent node ID of mobile node Y and obtains mobile node Y
Session node ID, while from session node ID spaces for mobile node X distribute a unappropriated new session node ID, wound
Build the session private key K of mobile node X and mobile node YX-Y, session private key response message is built, the load of private key response message is to divide
The new session node ID of dispensing mobile node X, the session node ID and session private key K of session serial number n, mobile node YX-Y,
Use private key KY-AR1The load of private key response message is encrypted and by private key KY-AR1With the load of private key response message as unidirectional Kazakhstan
The |input paramete of uncommon function calculates hash function output valve, uses private key KX-AR1The load of private key response message is encrypted and is incited somebody to action
Private key KX-AR1Hash function output valve is calculated with |input paramete of the private key response message load as one-way Hash function, by this
The private key response message load of two parts encryption and hash function output valve are sent to mobile node X, and couple in router AR1 updates
The address of cache list item of mobile node X, is the session node ID for being newly assigned to mobile node X by mapping address area update;
Step 205:Mobile node X receives the private key response message load of this two parts encryption and the hash function output valve for responding
Afterwards, use private key KX-AR1Decryption obtains the load of private key response message, uses private key KX-AR1Make with the private key response message load for decrypting
|input paramete for one-way Hash function calculates the output valve of hash function, if the cryptographic Hash for calculating and the Hash for receiving
Function-output is identical, then carry out step 206, otherwise carries out step 215;
Step 206:The session node ID of oneself is updated to the new of the distribution of couple in router AR1 in Message Payload by mobile node X
Session node ID, while mobile node X sends conversation request message to mobile node Y, conversation request message load is for step
Private key K is used in 204Y-AR1The load of private key response message is encrypted and by private key KY-AR1Make with the load of private key response message
|input paramete for one-way Hash function calculates hash function output valve, and source address is the new session node ID of mobile node X,
Session node ID of the destination address for mobile node Y;
Step 207:After mobile node Y receives conversation request message, private key K is usedY-AR1Decryption obtains session private key KX-Y, use private key
KY-AR1Decryption obtains conversation request message load, uses private key KY-AR1With the conversation request message load for decrypting as unidirectional Kazakhstan
The |input paramete of uncommon function calculates the output valve of hash function, if the cryptographic Hash for calculating and the hash function output for receiving
Value is identical, then carry out step 208, otherwise carry out step 215;
Step 208:Mobile node Y-direction mobile node X sends conversational response message, and conversational response Message Payload is session serial number
N, source address is the session node ID of oneself, and destination address is the new session node ID of nodes X, mobile node Y session private keys
KX-YConversational response Message Payload is encrypted and by session private key KX-YWith conversational response Message Payload as one-way hash function letter
Several |input parametes calculates hash function output valve, and the conversational response Message Payload and hash function output valve of encryption are sent
Give mobile node X;
Step 209:After mobile node X receives the conversational response Message Payload and hash function output valve of encryption, session private key is used
KX-YDecryption obtains conversational response Message Payload, and with session private key KX-YWith the conversational response Message Payload for decrypting as unidirectional
The |input paramete of hash function calculates the output valve of hash function, if the cryptographic Hash for calculating is defeated with the hash function for receiving
Go out to be worth identical, then carry out step 210, otherwise carry out step 215;
Step 210:Mobile node X sends data request information, session node of the source address for mobile node X to mobile node Y
ID, session node ID of the destination address for mobile node Y, with session private key KX-YIt is negative to session serial number n and data request information
Carry encryption and by session private key KX-YHash letter is calculated with |input paramete of the data request information load as one-way Hash function
The session serial number n of encryption and data request information load and hash function output valve are sent to movable joint by number output valve
Point Y;
Step 211:Mobile node Y receives the session serial number n of encryption and data request information load and hash function output
After value, with session private key KX-YDecryption obtains session serial number n and data request information load, and with session private key KX-YAnd decryption
The data request information load for going out calculates the output valve of hash function as the |input paramete of one-way Hash function, if calculated
Cryptographic Hash it is identical with the hash function output valve for receiving, then carry out step 212, otherwise carry out step 215;
Step 212:Mobile node Y-direction mobile node X sends data response message, session node of the source address for mobile node Y
ID, session node ID of the destination address for mobile node X, with session private key KX-YIt is negative to session serial number n and data response message
Carry encryption and by session private key KX-YHash letter is calculated with |input paramete of the data response message load as one-way Hash function
The session serial number n of encryption and the load of data response message and hash function output valve are sent to nodes X by number output valve;
Step 213:Mobile node X receives the session serial number n of encryption and the load of data response message and hash function output
After value, with session private key KX-YDecryption obtains session serial number n and the load of data response message, and with session private key KX-YAnd decryption
The data response message load for going out calculates the output valve of hash function as the |input paramete of one-way Hash function, if calculated
Cryptographic Hash it is identical with the hash function output valve for receiving, then carry out step 214, otherwise carry out step 215;
Step 214:Data in mobile node X processing data response messages;
Step 215:Terminate;
After conversation end, the session serial number n for identifying session is changed into invalid.
3. next generation wireless network secure communication implementation method according to claim 2, it is characterised in that mobile node X
Home network be wireless network A1, the couple in router in wireless network A1 be AR1, the home network of mobile node Y is nothing
The couple in router of gauze network A2, wireless network A2 is AR2, and, positioned at wireless network A1, mobile node Y is positioned at nothing for mobile node X
Gauze network A2, the private key of couple in router AR1 and AR2 is KAR1-AR2, mobile node X with the private key of couple in router AR1 is
KX-AR1, the private key of mobile node Y and couple in router AR2 is KY-AR2;
If mobile node X is in wireless network A1, mobile node X determines shifting by the IPv6 address prefixs of mobile node Y
The home network of dynamic node Y is wireless network A2, and mobile node X is by the initiation session of following processes:
Step 301:Start;
Step 302:Mobile node X sends session private key request message to couple in router AR1, and source address is mobile node X's
Session node ID, persistent node ID of the destination address for couple in router AR1, the load of session private key request message are mobile node
The home address and session serial number n, n of Y is randomly generated, and uses private key KX-AR1To session private key request message payload encryption, it is used in combination
Private key KX-AR1The |input paramete loaded as one-way Hash function with session private key request message calculates the output of hash function
Value, is sent to couple in router AR1 after the output valve is attached to the Message Payload of encryption;
Step 303:After couple in router AR1 receives the session private key request message load of encryption and hash function output valve, use
Private key KX-AR1Decryption obtains the load of session private key request message, uses private key KX-AR1It is negative with the session private key request message for decrypting
Carry the |input paramete as one-way Hash function and calculate the output valve of hash function, if the cryptographic Hash for calculating with receive
Hash function output valve is identical, then carry out step 304, otherwise carries out step 315;
Step 304:Couple in router AR1 builds session private key request message, and the load of session private key request message is mobile node X
With the home address and session serial number n of mobile node Y, IPv6 address of the source address for couple in router AR1, destination address
For the IPv6 addresses of couple in router AR2, private key K is usedAR1-AR2The load of session private key request message is encrypted and by private key
KAR1-AR2Hash function output valve is calculated with |input paramete of the session private key request message load as one-way Hash function, will
The session private key request message load of encryption and hash function output valve are sent to couple in router AR2;
Step 305:After couple in router AR2 receives the session private key request message load of encryption and hash function output valve, use
Private key KAR1-AR2Decryption obtains the load of session private key request message, uses private key KAR1-AR2With the session private key request message for decrypting
Load the |input paramete as one-way Hash function and calculate the output valve of hash function, if the cryptographic Hash for calculating with receive
Hash function output valve it is identical, then carry out step 306, otherwise carry out step 315;
Step 306:Couple in router AR2 creates the session private key K of mobile node X and mobile node YX-Y, build session private key and ring
Answer message, IPv6 address of the session private key response message load for mobile node X, session serial number n and session private key KX-Y, meeting
Words private key response message destination address is the session node ID of mobile node Y, uses private key KY-AR2It is negative to session private key response message
Load is encrypted and by private key KY-AR2Calculate with |input paramete of the session private key response message load as one-way Hash function
The session private key response message load of encryption and hash function output valve are sent to mobile node Y by hash function output valve;
Step 307:After mobile node Y receives the session private key response message load of encryption and hash function output valve, private key is used
KY-AR2Decryption obtains the load of session private key response message, uses private key KY-AR2Make with the session private key response message load for decrypting
|input paramete for one-way Hash function calculates the output valve of hash function, if the cryptographic Hash for calculating and the Hash for receiving
Function-output is identical, then carry out step 308, otherwise carries out step 315;
Step 308:Mobile node Y builds communication response message, the home address of communication response Message Payload mobile node X, meeting
Words serial number n and session private key KX-Y, destination address is the persistent node ID of couple in router AR2, uses private key KY-AR2Communication is rung
Message Payload is answered to be encrypted and by private key KY-AR2With communication response Message Payload as one-way Hash function |input paramete meter
Hash function output valve is calculated, the communication response Message Payload and hash function output valve of encryption are sent to into couple in router
AR2;
Step 309:After couple in router AR2 receives the communication response Message Payload and hash function output valve of encryption, private key is used
KY-AR2Decryption uses private key K to obtain communication response Message PayloadY-AR2With the communication response Message Payload for decrypting as unidirectional
The |input paramete of hash function calculates the output valve of hash function, if the cryptographic Hash for calculating is defeated with the hash function for receiving
Go out to be worth identical, then carry out step 310, otherwise carry out step 315;
Step 310:Couple in router AR2 builds session private key response message, and the load of session private key response message is mobile node X
With the IPv6 addresses of mobile node Y, session serial number n and session private key KX-Y, the IPv6 ground of destination address couple in router AR1
Location, source address are the IPv6 addresses of couple in router AR2 oneself, use private key KAR1-AR2The load of session private key response message is carried out
Encryption by private key KAR1-AR2Hash is calculated with |input paramete of the session private key response message load as one-way Hash function
The session private key response message load of encryption and hash function output valve are sent to couple in router AR1 by function-output;
Step 311:After couple in router AR1 receives the session private key response message load of encryption and hash function output valve, use
Private key KAR1-AR2Decryption obtains Message Payload, uses private key KAR1-AR2With the session private key response message load for decrypting as unidirectional
The |input paramete of hash function calculates the output valve of hash function, if the cryptographic Hash for calculating is defeated with the hash function for receiving
Go out to be worth identical, then carry out step 312, otherwise carry out step 315;
Step 312:Couple in router AR1 is that mobile node X distributes a new session node ID, structure in session node ID spaces
Session private key response message is built, IPv6 address of the session private key response message load for mobile node Y, session serial number n are new
Session node ID and session private key KX-Y, destination address is the session node ID of mobile node X, uses private key KX-AR1To session private key
Response message load is encrypted and by private key KX-AR1The input as one-way Hash function is loaded with session private key response message
Parameter calculates hash function output valve, and the session private key response message load of encryption and hash function output valve are sent to shifting
Dynamic nodes X, while update the address of cache list item of mobile node X, i.e., with the new session node ID for distributing to mobile node X more
The mapping address domain of new corresponding list item;
Step 313:After mobile node X receives the session private key response message load of encryption and hash function output valve, private key is used
KX-AR1Decryption obtains Message Payload, uses private key KX-AR1Load as one-way hash function letter with the session private key response message for decrypting
Several |input parametes calculates the output valve of hash function, if the cryptographic Hash for calculating and the hash function output valve phase for receiving
Together, then step 314 is carried out, otherwise carries out step 315;
Step 314:The session node ID of oneself is updated to new session node ID by mobile node X, preserve session serial number n and
Session private key KX-Y;
Step 315:Terminate;
Mobile node X and mobile node Y obtains session serial number n and session private key KX-YAfterwards, realize and move by following processes
The secure communication of dynamic node Y:
Step 401:Start;
Step 402:Mobile node X sends data request information, session node of the source address for mobile node X to mobile node Y
ID, persistent node ID of the destination address for couple in router AR1, data request information load include two parts:Part I
For the home address of session serial number n, mobile node X and mobile node Y;Part II is data, uses private key KX-AR1To first
Partial encryption by private key KX-AR1Hash function output valve is calculated with |input paramete of the Part I as one-way Hash function,
With session private key KX-YPart II is encrypted and by session private key KX-YLoad as one-way Hash function with data request information
|input paramete calculate hash function output valve, the data and hash function output valve that encrypt the two are sent to access
Router AR1;
Step 403:After couple in router AR1 receives the data request information load of encryption and hash function output valve, with private
Key KX-AR1Decryption Part I, and use private key KX-AR1The Part I loaded with the data request information for decrypting is used as unidirectional
The |input paramete of hash function calculates the output valve of hash function, if the cryptographic Hash for calculating is defeated with the hash function for receiving
Go out to be worth identical, then carry out step 404, otherwise carry out step 417;
Step 404:Private key Ks of the couple in router AR1 with couple in router AR1 and couple in router AR2AR1-AR2To request of data
The Part I encryption of Message Payload by private key KAR1-AR2The Part I loaded with data request information is used as one-way hash function
The |input paramete of function calculates hash function output valve, by the Part I encryption data of data request information load and Kazakhstan
The Part II encryption data of the data request information load that uncommon function-output and step 402 are produced and hash function output
Value is sent to couple in router AR2;
Step 405:Couple in router AR2 receives data request information, that is, the data request information encrypted is loaded and Hash letter
After number output valve, private key K is usedAR1-AR2The Part I of ciphertext data request message load, and use private key KAR1-AR2With decrypt
The Part I Message Payload of data request information load calculates hash function as the |input paramete of one-way Hash function
Output valve, if the cryptographic Hash for calculating is identical with the hash function output valve for receiving, carries out step 406, is otherwise walked
Rapid 417;
Step 406:Couple in router AR2 checks address mapping table according to the home address of mobile node Y, while obtaining movable joint
The session node ID of point Y, uses private key KY-AR2Part I encryption to data request information load by private key KY-AR2And data
The Part I of request message load calculates hash function output valve as the |input paramete of one-way Hash function, please by data
The source address of message is asked to be updated to the persistent node ID of couple in router AR2, destination address is updated to the session section of mobile node Y
Point ID, the number that the Part I encryption data and hash function output valve and step 402 that data request information is loaded is produced
The Part II encryption data and hash function output valve loaded according to request message is sent as the load of data request information
Give mobile node Y;
Step 407:After mobile node Y receives data request information, private key K is usedY-AR2The first of ciphertext data request message load
Part, and use private key KY-AR2The Part I loaded with the data request information for decrypting is joined as the input of one-way Hash function
Number calculates the output valve of hash function, if the cryptographic Hash for calculating is identical with the hash function output valve for receiving, carries out
Step 408, otherwise carries out step 417;
Step 408:Mobile node Y session private key KX-YThe Part II of ciphertext data request message load, and use session private key
KX-YHash letter is calculated as the |input paramete of one-way Hash function with the Part II of the data request information load for decrypting
Several output valves, if the cryptographic Hash for calculating is identical with the hash function output valve for receiving, carries out step 409, otherwise enters
Row step 417;
Step 409:Mobile node Y-direction mobile node X sends data response message, session node of the source address for mobile node Y
ID, persistent node ID of the destination address for couple in router AR2, the load of data response message include two parts:Part I
For the home address of session serial number n, mobile node X and mobile node Y;Part II is data;Use private key KY-AR2To data
The Part I encryption of response message load by private key KY-AR2With the Part I of data response message load as unidirectional Kazakhstan
The |input paramete of uncommon function calculates hash function output valve, with session private key KX-YSecond to the load of data response message
Point encryption by session private key KX-YHash letter is calculated with |input paramete of the data response message load as one-way Hash function
Number output valve, the data that the two are encrypted and hash function output valve are sent to access as the load of data response message
Router AR2;
Step 410:After couple in router AR2 receives data response request message, private key K is usedY-AR2Ciphertext data response message is born
The Part I of load, and use private key KY-AR2The Part I loaded with the data response message for decrypting is used as one-way Hash function
|input paramete calculate the output valve of hash function, if the cryptographic Hash for calculating and the hash function output valve phase for receiving
Together, then step 411 is carried out, otherwise carries out step 417;
Step 411:Private key Ks of the couple in router AR2 with couple in router AR2 and couple in router AR1AR1-AR2Data are responded
The Part I encryption of Message Payload by private key KAR1-AR2The Part I loaded with data response message is used as one-way hash function
The |input paramete of function calculates hash function output valve, by the Part I encryption data and Hash of the load of data response message
The Part II encryption data and hash function output valve of the data response message load that function-output and step 409 are produced
It is sent to couple in router AR1;
Step 412:After couple in router AR1 receives data response message, private key K is usedAR1-AR2The load of ciphertext data response message
Part I, and use private key KAR1-AR2The Part I loaded with the data response message for decrypting is used as one-way Hash function
|input paramete calculates the output valve of hash function, if the cryptographic Hash for calculating is identical with the hash function output valve for receiving,
Step 413 is then carried out, step 417 is otherwise carried out;
Step 413:Couple in router AR1 checks address mapping table according to the home address of mobile node X, while obtaining movable joint
The session node ID of point X, uses private key KX-AR1Part I encryption to the load of data response message by private key KX-AR1And data
The Part I of response message load calculates hash function output valve as the |input paramete of one-way Hash function, and data are rung
The source address of message is answered to be updated to the persistent node ID of couple in router AR1, destination address is updated to the session section of mobile node X
Point ID, the data that the Part I encryption data and hash function output valve and step 409 that data response message is loaded is produced
The Part II encryption data and hash function output valve of response message load is sent to as the load of data response message
Mobile node X;
Step 414:After mobile node X receives data response message, private key K is usedX-AR1Decryption Part I, and use private key KX-AR1With
The Part I of the data response message load for decrypting calculates hash function as the |input paramete of one-way Hash function
Output valve, if the cryptographic Hash for calculating is identical with the hash function output valve for receiving, carries out step 415, is otherwise walked
Rapid 417;
Step 415:Mobile node X session private key KX-YThe Part II of ciphertext data response message load, and use session private key
KX-YKazakhstan is calculated as the |input paramete of one-way Hash function with the Part II data of the data response message load for decrypting
The output valve of uncommon function, if the cryptographic Hash for calculating is identical with the hash function output valve for receiving, carries out step 416, no
Step 417 is carried out then;
Step 416:Data in mobile node X processing data response messages;
Step 417:Terminate.
4. next generation wireless network secure communication implementation method according to claim 2, it is characterised in that mobile node X
Home network be wireless network A1, the couple in router in wireless network A1 be AR1, the home network of mobile node Y is nothing
The couple in router of gauze network A2, wireless network A2 is AR2, and mobile node X moves to wireless network A2 from wireless network A1, is moved
Dynamic node Y is located at wireless network A2, and the private key of couple in router AR1 and AR2 is KAR1-AR2, mobile node X and couple in router
The private key of AR1 is KX-AR1, the private key of mobile node Y and couple in router AR2 is KY-AR2;
Mobile node X is moved to after wireless network A2 from wireless network A1, initiates the meeting with mobile node Y by following processes
Words:
Step 501:Start;
Step 502:Mobile node X randomly generates session serial number n, is built using function set in advance and couple in router
The private key K of AR2X-AR2, the |input paramete of the function set in advance includes the address of mobile node X, the ground of couple in router AR2
Location, session serial number n and private key KX-AR1, mobile node X is to move to couple in router AR1 transmission bind-request messages, source address
Session node ID of the dynamic nodes X in wireless network A1, IPv6 address of the destination address for couple in router AR1, bind request
Message Payload is the home address for including mobile node X, the address of couple in router AR2 and session serial number n;Mobile node X
Use private key KX-AR1To message payload encryption, and use private key KX-AR1Load as the defeated of one-way Hash function with bind-request message
Enter the output valve that parameter calculates hash function, use private key KX-AR2To bind-request message payload encryption, and use private key KX-AR2With
Bind-request message loads the |input paramete as one-way Hash function and calculates the output valve of hash function, and this two parts is added
Close content and hash function output valve are sent to couple in router AR1 as the load of bind-request message;
Step 503:After couple in router AR1 receives bind-request message, private key K is usedX-AR1Decryption obtains bind-request message and bears
Carry, use private key KX-AR1Hash letter is calculated as the |input paramete of one-way Hash function with the bind-request message load for decrypting
Several output valves, if the cryptographic Hash for calculating is identical with the hash function output valve for receiving, carries out step 504, otherwise enters
Row step 510;
Step 504:Couple in router AR1 calculates private key K with function set in advanceX-AR2, build binding response message, binding
Response message load is to include two parts:The content of Part I is private key KX-AR2With session serial number n, private key K is usedAR1-AR2
Binding response Message Payload Part I is encrypted and by private key KAR1-AR2Make with binding response Message Payload Part I
|input paramete for one-way Hash function calculates hash function output valve;Part II uses private key for what step 502 was produced
KX-AR2The content of encryption and use private key KX-AR2The output valve of hash function is calculated as the |input paramete of one-way Hash function,
IPv6 address of the source address of message for couple in router AR1, IPv6 address of the destination address for couple in router AR2, by this
The binding response Message Payload and hash function output valve of two parts encryption is sent to access road as binding response Message Payload
By device AR2, couple in router AR1 updates the address of cache list item of mobile node X, will mobile node X list items mapping address
Address of the area update for couple in router AR2;
Step 505:After couple in router AR2 receives binding response message, private key K is usedAR1-AR2Decryption binding response Message Payload the
A part of encrypted content, uses private key KAR1-AR2Join with input of the binding response Message Payload for decrypting as one-way Hash function
Number calculates the output valve of hash function, if the cryptographic Hash for calculating is identical with the hash function output valve for receiving, carries out
Step 506, otherwise carries out step 510;
Step 506:Couple in router AR2 private key KX-AR2Decryption binding response Message Payload Part II encrypted content, with private
Key KX-AR2The defeated of hash function is calculated with |input paramete of the binding response Message Payload for decrypting as one-way Hash function
Go out value, if the cryptographic Hash for calculating is identical with the hash function output valve for receiving, carries out step 507, otherwise carry out step
510;
Step 507:Couple in router AR2 is that mobile node X distributes a new session node ID, and creates mobile node X's
Address of cache list item, permanent address domain for mobile node X home address, mapping address domain be distribution session node ID, structure
Binding acknowledgement message is built, binding acknowledgement Message Payload is the session node ID and session serial number n for distributing to mobile node X,
Destination address is session node IDs of the mobile node X in wireless network A1, uses private key KX-AR2Binding acknowledgement Message Payload is entered
Row encryption by private key KX-AR2Hash function is calculated with |input paramete of the binding acknowledgement Message Payload as one-way Hash function
The binding acknowledgement Message Payload and hash function output valve of encryption are sent to shifting as the load of binding acknowledgement message by output valve
Dynamic nodes X;
Step 508:After mobile node X receives binding acknowledgement message, private key K is usedX-AR2Decryption obtains binding acknowledgement Message Payload, uses
Private key KX-AR2Hash function is calculated as the |input paramete of one-way Hash function with the binding acknowledgement Message Payload for decrypting
Output valve, if the cryptographic Hash for calculating is identical with the hash function output valve for receiving, carries out step 509, is otherwise walked
Rapid 510;
Step 509:Mobile node X obtains the session node ID in wireless network A2;
Step 510:Terminate;
Mobile node X is obtained after the session node ID in wireless network A2, realizes the meeting with mobile node Y by following processes
Words:
Step 601:Start;
Step 602:Mobile node X randomly generates session sequence n, sends session private key request message, source to couple in router AR2
Address is session node IDs of the mobile node X in wireless network A2, and destination address is the persistent node of couple in router AR2
ID, the load of session private key request message are the home address and session serial number n of mobile node Y, use private key KX-AR2It is negative to message
Encryption is carried, and uses private key KX-AR1Hash is calculated with |input paramete of the session private key request message load as one-way Hash function
The output valve of function, is sent to couple in router after the output valve to be attached to the session private key request message load of encryption
AR2;
Step 603:After couple in router AR2 receives the session private key request message load of encryption and hash function output valve, use
Private key KX-AR2Decryption obtains the load of session private key request message, uses private key KX-AR2It is negative with the session private key request message for decrypting
Carry the |input paramete as one-way Hash function and calculate the output valve of hash function, if the cryptographic Hash for calculating with receive
Hash function output valve is identical, then carry out step 604, otherwise carries out step 615;
Step 604:Couple in router AR2 inquires about address mapping table according to the home address of mobile node Y and obtains mobile node Y's
Session node ID, while distributing a unappropriated new session node ID for mobile node X from session node ID spaces, creates
The session private key K of mobile node X and mobile node YX-Y, session private key response message is built, the load of session private key response message is
Distribute to new session node ID, the session serial number n of mobile node X, the session node ID and session private key of mobile node Y
KX-Y, use private key KY-AR2The load of session private key response message is encrypted and by private key KY-AR2It is negative with session private key response message
Load calculates hash function output valve as the |input paramete of one-way Hash function, uses KX-AR2Session private key response message is loaded
It is encrypted and by KX-AR2Hash function output valve is calculated with |input paramete of the Message Payload as one-way Hash function, by this
The session private key response message load of two parts encryption and hash function output valve are sent as the load of session private key response message
Update the address of cache list item of mobile node X to mobile node X, couple in router AR2, be new distribution by mapping address area update
To the session node ID of mobile node X;
Step 605:The hash function that mobile node X receives the load of session private key response message and response of this two parts encryption is defeated
After going out value, private key K is usedX-AR2Decryption obtains the load of session private key response message, uses private key KX-AR2Ring with the session private key for decrypting
Answer Message Payload to calculate the output valve of hash function as the |input paramete of one-way Hash function, if the cryptographic Hash for calculating with
The hash function output valve for receiving is identical, then carry out step 606, otherwise carries out step 615;
Step 606:The session node ID of oneself is updated to couple in router in the load of session private key response message by mobile node X
The new session node ID of AR2 distribution, sends conversation request message to mobile node Y, and conversation request message load is step 604
It is middle to use private key KY-AR2The load of session private key response message is encrypted and by private key KY-AR2Load with session private key response message
Used as the hash function output valve that the |input paramete of one-way Hash function is calculated, source address is the new session sections of mobile node X
Point ID, session node ID of the destination address for mobile node Y;
Step 607:After mobile node Y receives conversation request message, private key K is usedY-AR2Decryption obtains session private key response message and bears
Carry, use private key KY-AR2Kazakhstan is calculated as the |input paramete of one-way Hash function with the session private key response message load for decrypting
The output valve of uncommon function, if the cryptographic Hash for calculating is identical with the hash function output valve for receiving, carries out step 608, no
Step 615 is carried out then;
Step 608:Mobile node Y-direction mobile node X sends conversational response message, and the load of session private key response message is session sequence
Row number n, source address is the session node ID of oneself, and destination address is the new session node ID of mobile node X, and mobile node Y is used
Session private key KX-YMessage Payload is encrypted and by session private key KX-YWith the load of session private key response message as unidirectional Kazakhstan
The |input paramete of uncommon function calculates hash function output valve, will be the session private key response message load of encryption and hash function defeated
Go out value and be sent to mobile node X;
Step 609:After mobile node X receives the session private key response message load of encryption and hash function output valve, session is used
Private key KX-YDecryption obtains the load of session private key response message, and with session private key KX-YWith the session private key response message for decrypting
Load the |input paramete as one-way Hash function and calculate the output valve of hash function, if the cryptographic Hash for calculating with receive
Hash function output valve it is identical, then carry out step 610, otherwise carry out step 615;
Step 610:Mobile node X sends data request information, session node of the source address for mobile node X to mobile node Y
ID, session node ID of the destination address for mobile node Y, with session private key KX-YIt is negative to session serial number n and data request information
Carry encryption and by session private key KX-YHash letter is calculated with |input paramete of the data request information load as one-way Hash function
The session serial number n of encryption and data request information load and hash function output valve are sent to movable joint by number output valve
Point Y;
Step 611:Mobile node Y receives the session serial number n of encryption and data request information load and hash function output
After value, with session private key KX-YDecryption obtains session serial number n and data request information load, and with session private key KX-YAnd decryption
The data request information load for going out calculates the output valve of hash function as the |input paramete of one-way Hash function, if calculated
Cryptographic Hash it is identical with the hash function output valve for receiving, then carry out step 612, otherwise carry out step 615;
Step 612:Node Y-direction mobile node X sends data response message, session node ID of the source address for mobile node Y, mesh
Address for mobile node X session node ID, with session private key KX-YSession serial number n and the load of data response message are added
It is close and by session private key KX-YTo calculate hash function defeated for the |input paramete for loading as one-way Hash function with data response message
Go out value, the session serial number n of encryption and the load of data response message and hash function output valve are sent to into mobile node X;
Step 613:Mobile node X receives the session serial number n of encryption and the load of data response message and hash function output
After value, with session private key KX-YDecryption obtains session serial number n and the load of data response message, and with session private key KX-YAnd decryption
The data response message load for going out calculates the output valve of hash function as the |input paramete of one-way Hash function, if calculated
Cryptographic Hash it is identical with the hash function output valve for receiving, then carry out step 614, otherwise carry out step 615;
Step 614:Data in mobile node X processing data response messages;
Step 615:Terminate.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410557974.XA CN104243504B (en) | 2014-10-20 | 2014-10-20 | Safety communication implementation of next generation wireless network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410557974.XA CN104243504B (en) | 2014-10-20 | 2014-10-20 | Safety communication implementation of next generation wireless network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104243504A CN104243504A (en) | 2014-12-24 |
| CN104243504B true CN104243504B (en) | 2017-04-26 |
Family
ID=52230853
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410557974.XA Active CN104243504B (en) | 2014-10-20 | 2014-10-20 | Safety communication implementation of next generation wireless network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104243504B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10210347B2 (en) * | 2015-06-22 | 2019-02-19 | Symantec Corporation | Techniques for managing privacy of a network communication |
| CN106686019B (en) * | 2017-03-29 | 2019-05-21 | 常熟理工学院 | A kind of safe car networking data communication implementation method |
| CN106878991B (en) * | 2017-03-29 | 2019-08-30 | 常熟理工学院 | A kind of safe wireless network communication method |
| CN111277497B (en) * | 2020-03-18 | 2021-09-21 | 常熟理工学院 | Method for realizing network service deployment and discovery based on distribution |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103945491A (en) * | 2014-05-14 | 2014-07-23 | 常熟理工学院 | Router communication implementation method for next generation wireless mobile network |
| CN103945415A (en) * | 2014-05-14 | 2014-07-23 | 常熟理工学院 | Communication implementation method for wireless network |
| CN103957162A (en) * | 2014-05-14 | 2014-07-30 | 常熟理工学院 | Routing communication realization method of wireless network |
-
2014
- 2014-10-20 CN CN201410557974.XA patent/CN104243504B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103945491A (en) * | 2014-05-14 | 2014-07-23 | 常熟理工学院 | Router communication implementation method for next generation wireless mobile network |
| CN103945415A (en) * | 2014-05-14 | 2014-07-23 | 常熟理工学院 | Communication implementation method for wireless network |
| CN103957162A (en) * | 2014-05-14 | 2014-07-30 | 常熟理工学院 | Routing communication realization method of wireless network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104243504A (en) | 2014-12-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Nizzi et al. | IoT security via address shuffling: The easy way | |
| CN101150849B (en) | Method for binding management secret key, system, mobile node and communication node | |
| CN104243504B (en) | Safety communication implementation of next generation wireless network | |
| US8345878B2 (en) | Method for distributing cryptographic keys in a communication network | |
| Rathore et al. | Simple, secure, efficient, lightweight and token based protocol for mutual authentication in wireless sensor networks | |
| Tajeddine et al. | Authentication schemes for wireless sensor networks | |
| US10805082B2 (en) | ID-based data plane security for identity-oriented networks | |
| Sudarsono et al. | An implementation of secure data exchange in wireless delay tolerant network using attribute-based encryption | |
| Leshov et al. | Content name privacy in tactical named data networking | |
| Pravin et al. | Preserving Privacy Using an Unobservable Secure Routing Protocol for MANETs | |
| Mathi et al. | A secure and efficient binding update scheme with decentralized design for next generation IP mobility | |
| CN106878991B (en) | A kind of safe wireless network communication method | |
| Rajendran et al. | Secure anonymous routing in ad hoc networks | |
| Lachner et al. | ORIOT: A Source Location Privacy System for Resource Constrained IoT Devices | |
| Manandhar et al. | Preserving the Anonymity in MobilityFirst networks | |
| Jiang et al. | A novel mix-based location privacy mechanism in Mobile IPv6 | |
| Martucci et al. | Chameleon and the identity-anonymity paradox: Anonymity in mobile ad hoc networks | |
| Raju R et al. | A bilinear pairing based key management security scheme to NEMO in heterogeneous networks | |
| Fathi et al. | Protocols for purpose-restricted anonymous communications in IP-based wireless networks | |
| Patil et al. | Improve the Security of CGA using Adjustable Key Block Cipher based AES, to Prevent Attack on AES in IPV6 over MANET | |
| Cao et al. | A Note on``A Secure Anonymous D2D Mutual Authentication and Key Agreement Protocol for IoT'' | |
| Ranjan | Cryptanalysis of secure routing among authenticated nodes in manets | |
| CN105162766B (en) | Visit protocol systems and communication means based on peer-to-peer network distributed hashtable | |
| CN114374564A (en) | Internal gateway routing link safety management system and method | |
| Zhao et al. | Research of Security Schemes for Mobile IP |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220317 Address after: 215500 5th floor, building 4, 68 Lianfeng Road, Changfu street, Changshu City, Suzhou City, Jiangsu Province Patentee after: Changshu intellectual property operation center Co.,Ltd. Address before: 215500 School of computer science and engineering, Changshu Institute of Technology (southeast campus), Changshu City, Suzhou City, Jiangsu Province Patentee before: CHANGSHU INSTITUTE OF TECHNOLOGY |