CN104283899A - User anonymous identity authentication protocol based on k-pseudonym set in wireless network - Google Patents
User anonymous identity authentication protocol based on k-pseudonym set in wireless network Download PDFInfo
- Publication number
- CN104283899A CN104283899A CN201410598606.XA CN201410598606A CN104283899A CN 104283899 A CN104283899 A CN 104283899A CN 201410598606 A CN201410598606 A CN 201410598606A CN 104283899 A CN104283899 A CN 104283899A
- Authority
- CN
- China
- Prior art keywords
- user
- certificate server
- assailant
- assumed name
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
Abstract
The invention discloses a user anonymous identity authentication protocol based on a k-pseudonym set in a wireless network. In the protocol, a user sends the information includes the k-pseudonym set of the true identity label of the user and the information encrypted through the true user shared key to an authentication server, the authentication server completes user authentication within the range of the traversal and the calculation of k pieces of user information; the average number of users needing traversal is half the sum of k and 1, and two types of methods for constructing the k-pseudonym set are provided at the same time. According to the protocol, anonymous authentication is achieved on the basis of a shared key by introducing the k-pseudonym set, and the resource loss, generated during anonymous authentication, of the user and the authentication server is lowered.
Description
Technical field
The present invention relates to a kind of communication technology, be specifically related to the user anonymity identity authentication protocol based on the set of k-assumed name in a kind of wireless network.
Background technology
The Internet has also caused a lot of potential safety hazard while offering convenience to the life of people, and especially the harmful effect that causes of the leakage of personal information is very extensive.Therefore, the protection of personal information causes the attention of people day by day.In authentication in the wireless context, increasing user, in order to protect the privacy information of oneself, is more prone to anonymous authentication, in case assailant obtains the position of user to obtain more personal information.
Current anonymous authentication scheme can be divided into two classes: a class is based on unshared key; Another kind of is based on shared key.A large amount of unshared key of anonymous authentication scheme focus utilization realizes anonymous authentication at present, but when using unshared key to carry out anonymous authentication, user side needs the calculating carrying out the complexity such as asymmetric encryption and decryption, and resource consumption is serious, is not suitable for the equipment that computing capability is limited.If adopt shared key to realize the anonymity of user, need to be encrypted user name, so, certificate server does not just know to adopt which double secret key user name to be decrypted, be difficult to realize anonymous authentication, so, certificate server does not just know to adopt which double secret key user name to be decrypted, and is difficult to realize anonymous authentication, therefore utilizes shared key to realize the scheme of anonymous authentication less.But most authentication is based on shared key at present, therefore, need research based on the anonymous authentication scheme of shared key.
In anonymous authentication based on unshared key, user or can utilize the mathematical methods such as elliptic curve to realize anonymous authentication with the public key encryption identity information of certificate server, and this type of anonymity schemes achievement in research is more.But this kind of scheme amount of calculation is comparatively large, the expense of public key certificate management and storage is higher, and the anonymous authentication efficiency of scheme is not high.
Zhu Hui etc. propose a kind of scheme in the correlation properties of " the anonymous wireless authentication scheme of identity-based " main research and utilization Bilinear map and elliptic curve, local domain authentication server is to after the signature verification of access domain, utilize the private key of oneself to calculate the message sent by access domain certificate server to obtain subscriber identity information and complete certification to user, and authentication result is informed access domain certificate server, thus achieve the anonymous authentication of access domain certificate server to user.
The service centre in " ABAKA:an anonymous batch authenticated and key agreement scheme for value-added services in vehicular Ad-Hoc networks " such as Huang Jiun-Long is that vehicle node and roadside unit issue signing certificate, and roadside node and vehicle node carry out certification by the two-way authentication algorithm based on digital signature of elliptic curve asymmetric encryption to the certificate held separately.
Chim Tat-Wing adopts group ranking certificate scheme to use the name of colony to carry out anonymity signature in " SPECS:secure and privacy enhancing communications schemes for VANETs "; can certifying signature be members label in group during checking; and can not determine that specifically who member does, thus protect for member in group provides anonymous.
Luo Changyuan etc. propose a kind of One-off public key and signature algorithm of identity-based in " based on the anonymous authentication scheme of One-off public key in general environment ", and trusted party only need generate a private key to user, can generate different PKIs when user signs at every turn.Do not comprise identity information in the One-off public key of user and signature, thus other users cannot the true identity of access authentication user, ISP is the whether legal and certification of whether having set up user of signing by checking One-off public key.
The main method using shared key to realize anonymous authentication in 3G network is that assumed name is changed in each certification of user, and new assumed name uses when upper once certification.The assumed name that certificate server must store with user is synchronous, otherwise user can not normally certification.When both store asynchronous, user is needed to carry out certification by true name.Due to network problem or suffer desynchronization attack that assumed name can be caused asynchronous, have a strong impact on the performance of this type of scheme.There are some schemes in addition when using shared key to carry out anonymous authentication, introduce other hardware devices such as smart card, reducing the practicality of scheme.
Zhu Jianmings etc. propose a kind of scheme utilizing hash function and smart card to realize user anonymity at " ID-based wireless authentication scheme with anonymity ". and store the information such as identity and one-way Hash function of user in smart card, utilize smart card to carry out calculating the true identity Information hiding of user in result of calculation.In all the exchanging messages of agreement, all not there is user real identification, but thus realize the anonymous authentication of user. in this type of scheme, the introducing of smart card reduces the practicality of scheme.
The anonymous authentication problem in " On the traceability of tags in SUAP RFID authentication protocols " in main research RFID between label and reader such as Safkhani M. the label information after shared key process is sent to certificate server by user, under worst case, certificate server needs the shared key and other information that travel through the whole users stored in calculated data storehouse, according to the method identical with user, these information are processed, and result and the information received are contrasted, complete the certification to anonymous.When RFID label tag enormous amount, traversal calculates the serious consumption that whole database internal information can cause certificate server resource, assailant can utilize this point to initiate a large amount of anonymous authentication request, takies certificate server resource, hinders the normal certification of other users.
Summary of the invention
The problem that when utilizing shared key to realize anonymous authentication to solve, fail safe is weak and performance is low, fully takes into account user side and stores and the finiteness of computational resource, propose the anonymous authentication scheme based on the set of k-assumed name.In the present invention, user will comprise the k-assumed name set of oneself true identity mark and send to certificate server by the information after real user secret key encryption, certificate server completes the certification to user in the scope of traversal k user profile, avoid consuming excessively of user and certificate server resource, safety, achieve the anonymous authentication of user efficiently.
To achieve these goals, the present invention adopts following technical scheme:
Based on the user anonymity identity authentication protocol of k-assumed name set in wireless network, comprise the steps:
Step 1, sends anonymous authentication request by user to certificate server;
Step 2, after described certificate server receives the access request of user, generates random number N
1, send to user;
Step 3, user is receiving N
1after, first generate a random number N
2, then calculate Article 3 interactive information M
1, M
1be calculated as follows:
M
1=HMAC(N
1‖N
2‖C‖Key‖k?IDs);
Key is the shared key of between user and certificate server 128; K IDs represents k user ID expressly, and user is by user ID (comprising the user ID C of true certification), the random number N of k plaintext
2and M
1send to certificate server;
Step 4, after certificate server receives the message from user, according to sequencing traversal k plaintext user mark of user ID in the set of k-assumed name, and the shared key that inquiring user is corresponding in a database, calculate M '
1, M '
1be calculated as follows:
M′
1=HMAC(N
1‖N
2‖C‖Key‖k?IDs);
Step 5, certificate server has checked whether M '
1equal M
1if there is M '
1equal M
1situation, then certificate server completes the certification to user, and calculates Article 4 interactive information M
2and send to user, M
2be calculated as follows:
M
2=HMAC(N
2‖Key);
Step 6, user receives the Article 4 interactive information M that certificate server is sent
2after, according to the N that this locality stores
2, Key calculates M'
2=HMAC (N
2‖ Key), and check M'
2the M whether sent with certificate server
2result is consistent, and as unanimously, then user completes the certification to certificate server;
Step 7, after the certification that user completes certificate server, both sides' session key generation SK, the session key SK of described certificate server end and user is shown below:
SK=PRNG(Key⊕N
1⊕N
2);
Wherein " ⊕ " represents the XOR pressing bit.
It should be noted that, described k plaintext user mark has two kinds of formation methods:
(1) user oneself generates other k-1 user ID;
(2) by certificate server be user distribute unitedly form the set of k-assumed name time required other k-1 user ID: certificate server registers a time-division provisioned user n user ID user, user is in verification process, privacy requirements according to self determines k value, wherein k≤n.
It should be noted that, described agreement is based on Dolev-Yao model or based on the Dolev-Yao model strengthened:
When agreement is based on Dolev-Yao model, following hypothesis is made to the behavior of assailant:
(1) assailant can eavesdrop and intercept and capture arbitrarily through the message of network;
(2) assailant can store message that is that intercept or oneself structure;
(3) assailant can send message that is that intercept or oneself structure;
(4) assailant can as the operation of legal user's participation agreement.
Further, under Dolev-Yao model, the user in the k-assumed name set that user is formed at every turn in k value and the set of k-assumed name can identical also can be different, user can according to the privacy requirements setting k value of residing anonymous authentication environment, when privacy requirements is larger, setting k value is larger;
When described agreement is based on the Dolev-Yao model strengthened, namely following hypothesis is made to the behavior of assailant:
(1) assailant can eavesdrop and intercept and capture arbitrarily through the message of network;
(2) assailant can store message that is that intercept or oneself structure;
(3) assailant can send message that is that intercept or oneself structure;
(4) assailant can as the operation of legal user's participation agreement;
(5) assailant can have initiate seek common ground attack ability.
Further, under the Dolev-Yao model strengthened, because assailant has the ability seeking common ground and attack, the user in the k-assumed name set that user is formed at every turn in k value and the set of k-assumed name is necessary identical, and user can set k value according to the highest privacy requirements in different anonymous authentication scene.
Beneficial effect of the present invention is: introduce the concept that anonymous authentication is carried out in the set of k-assumed name, user will comprise the k-assumed name set of oneself true identity mark and send to certificate server by the information after real user secret key encryption, certificate server can complete the certification to user in the scope traveling through and calculate k user profile, reduces user and the resource consumption of certificate server when anonymous authentication.
Accompanying drawing explanation
Fig. 1 is inquiry pursuit attack schematic diagram;
Fig. 2 to seek common ground schematic diagram for assailant;
Fig. 3 is protocol interaction schematic diagram of the present invention;
Fig. 4 is that topological schematic diagram is tested in performance evaluation;
Fig. 5 is the authenticated time in performance evaluation experiment under different value of K;
Fig. 6 is the impact of number of users on authenticated time simultaneously proposing authentication request in performance evaluation experiment.
Embodiment
Below with reference to accompanying drawing, the invention will be further described, it should be noted that, the present embodiment, premised on the technical program, gives detailed execution mode and implementation step, but is not limited to the present embodiment.
First, to this agreement based on hypothesis be described:
One, Dolev-Yao model
Dolev-Yao the Attacker Model is widely used in researching and analysing of security protocol, Dolev and Yao have studied the behavior of active attack person, and active attack refers to that assailant first eavesdrops communication line obtaining information and reattempts the information cracking and get.In model, following hypothesis is made to the behavior of assailant:
(1) assailant can eavesdrop and intercept and capture arbitrarily through the message of network;
(2) assailant can store message that is that intercept or oneself structure;
(3) assailant can send message that is that intercept or oneself structure;
(4) assailant can as the operation of legal user's participation agreement.
Seen from the above description, assailant can initiate the attacks such as impersonation attack, Replay Attack, Denial of Service attack.In anonymous authentication, the attack object of assailant is the true identity of user in acquisition anonymous authentication or stops user to carry out normal certification.
Two, the Dolev-Yao the Attacker Model strengthened
In the research of the Privacy Protection of position-based service, a kind of inquiry pursuit attack is proposed.The user proposing continuous-query constantly must submit the positional information of oneself to database server, even if a region is hidden in the exact position that is inquired about by user, assailant still by the multiple snapshots in continuous time are associated, and then can pick out the user proposing inquiry.
As shown in Figure 1, A to I totally 9 users are had in region, at t
iin the moment, the k-used when user A inquires about anonymity set is A, B, C, D, E.Even if assailant observes the anonymity set of user, also can only know inquiry from five users one of them, but uncertain specifically which user.At t
i+1in the moment, assailant again observes current anonymous query region and comprises user A, B, E, H, I.By t
iand t
i+1the snapshot in moment is associated, assailant solve front twice anonymous intersection of sets integrate can guess out propose inquiry user as A, B or E.Same, obtain t
i+2after the snapshot in moment, by asking three anonymous intersection of sets to integrate, assailant finally can determine that the user proposing inquiry is as A.This kind contacts repeatedly snapshot and determines that the attack pattern of targeted customer is the attack that seeks common ground.
In the application background of anonymous authentication, assailant can initiate to seek common ground to attack and namely represent that assailant can intercept and capture the repeatedly authentication information of user, and these information can be associated, and does further process and analyzes.If the k-assumed name Set Global that each certification of user uses is different or local is different, then assailant can improve by the certification set analyzing user the probability determining true authenticated user, as shown in Figure 2, true authenticated user B, within a certain period of time, respectively in the continuous certification of zones of different, t
1when moment carries out anonymous authentication, k-assumed name used set is S
1={ A, B, C, D, E, F}, t
2the k-assumed name set in moment is S
2={ B, C, D, E, G, H}, t
3the k-assumed name set in moment is S
3={ A, B, F, L, M, N}.After assailant intercepts and captures the authentication message of user three times, by MAC (the Media Access Control of analysis authentication information, medium access control) address can find that these authentication informations are from same user, but to analyze separately certification be each time to determine that real user is from which in the set of k-assumed name.If assailant seeks common ground to the set of three k-assumed names and obtains gathering I={B}, then assailant is known is the continuous certification proposed by user B, can determine that the user really initiating certification is B completely.The attack object of assailant is by initiating to seek common ground attack, obtains in anonymous authentication and carries out the true identity of the user of certification and the tracking to user authentication track.
Based on foregoing description, the Dolev-Yao the Attacker Model of reinforcement is on the basis of Dolev-Yao the Attacker Model, assailant have initiate seek common ground attack ability.
Based on the user anonymity identity authentication protocol of k-assumed name set in wireless network, as shown in Figure 3, described agreement comprises the steps:
Step1 user → certificate server
First send anonymous authentication request by user to certificate server, start the mutual authentication process of user and certificate server.
Step2 certificate server → user
After certificate server receives the access request of user, generate random number N
1, send to user.Certificate server end in order to improve the speed of process authentication request, can at one's leisure between generate some random numbers in advance, and store these data, when it receives authentication request, the random number of directly distribution storage is to the user of request authentication.
Step3 user → certificate server
User is receiving N
1after, first generate a random number N
2, then calculate Article 3 interactive information M
1, M
1be calculated as follows:
M
1=HMAC(N
1‖N
2‖C‖Key‖k?IDs);
Key is the shared key of between user and certificate server 128; K IDs represents k user ID expressly, and k plaintext user is identified (comprising the user ID C of true certification), random number N by user
2and M
1send to certificate server;
Step4 certificate server → user
After certificate server receives the message from user, according to sequencing traversal k plaintext user mark of user ID in the set of k-assumed name, and the shared key that inquiring user is corresponding in a database, calculate M '
1, M '
1be calculated as follows:
M′
1=HMAC(N
1‖N
2‖C‖Key‖k?IDs);
Check whether M '
1equal M
1:
If there is M '
1equal M
1situation, then certificate server completes the certification to user, and calculates Article 4 interactive information M
2, be calculated as follows:
M
2=HMAC(N
2‖Key);
By M
2send to user, the N that user stores according to this locality
2, Key calculates M'
2=HMAC (N
2‖ Key), check whether and the M that certificate server sends
2result is consistent, then user completes the certification to certificate server.After the certification that user completes certificate server, both sides' session key generation SK.The session key of certificate server end and user side is: SK=PRNG (Key ⊕ N
1⊕ N
2); Wherein " ⊕ " represents the XOR pressing bit.
Use the set of k-assumed name to carry out in the scheme of anonymous authentication, the formation of k user ID collection is a vital problem.The formation method of two kinds of k-pseudonym identity collection is being proposed based on Dolev-Yao the Attacker Model:
(1) user oneself generates other k-1 user ID.
Under Dolev-Yao model, authentication information in user's different time sections cannot be carried out linking analysis by assailant, namely the attack that seeks common ground can not be initiated, therefore, the k value of each certification can set according to user's privacy requirements at that time, the k-assumed name set used during each certification of user can identical also can be different.
The advantage of the method is: 1) set of k-assumed name is generated by user oneself completely, realizes than being easier to; 2) assist without the need to certificate server, avoid the resource consumption of certificate server; 3) size of adaptive adjustment k value can be carried out according to different privacy requirements.
But also there is the deficiency of following two aspects in the method:
1) if assailant has certain background knowledge, it can infer the user of true certification from the k-assumed name set formed with greater probability.
Such as in mobile radio communication, each certification of user all needs the international mobile subscriber identity IMSI (International Mobile Subscriber Identification Number) sending oneself.IMSI uniquely identifies the number that a mobile subscriber distributes in the world, it has 15 compositions, comprise Mobile Country Code MCC MCC (the MCC unification of the user of China is 460), Mobile Network Code MNC (China Mobile's system uses 00,02,07) and identification number of mobile subscriber MSIN.If user does not understand the structure of IMSI and arbitrarily forges, it is forge that assailant is easy to identify which user ID.As: the MCC in the IMSI of the only one China user that user forges is not 460, and so assailant just can be easy to which identifies is the user forged.This makes it possible to go out real user with larger probabilistic determination.And we can not require that all users can both understand the formation rule of IMSI.
2) if user oneself the k-assumed name set of forging is incorrect, that can give network brings larger expense.
Such as: in mobile radio communication, if the identity of the k-1 that user forges vacation does not belong to territory, same local with this user, so certificate server needs to divide to be clipped in the home network of this k-1 user to obtain its authentication information, and this can cause extra burden to network.
For the deficiency of the method, we have proposed the method for the second structure k-assumed name user ID collection.
(2) by certificate server be user distribute unitedly form the set of k-assumed name time required other k-1 user ID.Certificate server registers a time-division provisioned user n user ID user.User is in verification process, and the privacy requirements according to self determines k value, wherein k≤n.
During each anonymous authentication of user, the k-assumed name collection of formation can identical also can be different.
The advantage of the method is: 1) formation rule of assumed name collection is given certificate server completely and come, and user need not be concerned about how to construct suitable assumed name; 2) certificate server understands the formation rule of assumed name, and the assumed name of its structure has consistency with real user identity, can avoid arbitrarily constructing brought problem by user.As: the structure of inappropriate IMSI can cause assailant easily to infer real user and bring the problem of extra pressure to network.
But the defect of the method is: form the participation that the set of k-assumed name needs certificate server, add the burden of server.
Above-mentioned two kinds of methods cut both ways, and user certification scene can select the method forming the set of k-assumed name residing for oneself.
Under the Dolev-Yao model strengthened, assailant according to many user authentication informations intercepted and captured, can initiate to seek common ground attack, determines the user identity of true certification with higher probability.Therefore, under the Dolev-Yao model strengthened, the method forming the set of k-assumed name must make improvement.
The anonymity set difference that the attack that seeks common ground mainly is formed in the process of its continuous certification due to same user causes.Solving the simplest method of this problem is that the anonymity collection that allows the user of continuous certification be formed when initial authentication and the anonymity set after it in verification process are consistent.As in the example in figure 2, user B is at t
1the anonymity collection that moment is formed is that { A, B, C, D, E, F}, then at t
2, t
3moment anonymity set is still that { A, B, C, D, E, F}, assailant cannot attack by seeking common ground again and reduce the scope determining true authenticated user.
Therefore, under the Dolev-Yao model strengthened, the formation method of two kinds of k-pseudonym identity collection is proposed in literary composition:
(1) identical with k-assumed name user ID set construction method (1) in Dolev-Yao model, generate other k-1 user ID by user oneself.
But under the Dolev-Yao model strengthened, assailant can initiate the attack that seeks common ground, therefore in order to ensure the anonymity of user authentication, user must use identical k-assumed name set when each certification, namely ensures that the number of users k value of assumed name set is identical and user in gathering remains unchanged.User can according in continuous certification, and the highest privacy requirements under different anonymous authentication scene sets k value.
(2) identical with method (2) in Dolev-Yao model, when user registers by certificate server as user distributes assumed name set unitedly.
But because assailant can initiate the attack that seeks common ground under the Dolev-Yao model strengthened, therefore identical assumed name set must be used during each anonymous authentication of user.
Now the fail safe of this agreement and performance are analyzed:
One, safety analysis
For the anonymous authentication scheme proposed under the Dolev-Yao model of Dolev-Yao model and reinforcement-k-assumed name set anonymous authentication, provide following safety analysis.
(1) anonymous success rate
The true identity of user is contained in k the plaintext user mark that user sends.Even if but assailant intercepts and captures authentication information, also cannot determine which user concrete is the user of true certification.The probability that assailant guesses true authenticated user identity right is 1/k, and the anonymous success rate S of user represents, then:
User can regulate k value by the privacy requirements different according to user under Dolev-Yao model, enhances the flexibility of scheme.When the privacy requirements of user is higher, the k value of setting is larger, then the anonymous success rate of user is higher; Otherwise when the k value of setting is less, the anonymous success rate of user is lower.In order to resist the attack that seeks common ground under the Dolev-Yao model strengthened, the assumed name set k value of user remains unchanged.
(2) two-way authentication
In step3, user sends M to certificate server
1, the key that certificate server is shared traversal k user, then calculates and verifies M
1, in time traversing the shared key of real user, M
1be proved to be successful, complete the certification of certificate server to user with this.In step4, certificate server sends M to user
2, user calculates according to the key shared between certificate server and verifies M
2, carried out the certification to certificate server with this.Above-mentioned verification process have employed challenge-response mechanism, can resist Replay Attack.Therefore, scheme achieves the two-way authentication between user and certificate server.
(3) forward secrecy and backward confidentiality
In agreement, the random number N of certificate server and each self-generating of user is depended in the generation of session key
1and N
2, and shared key Key between the two.Due to N
1and N
2each is all stochastic generation, and the random number that twice session generates is without any relation, so the leakage of a session key can not cause other session key to be broken, therefore suggest plans there is forward secrecy and backward confidentiality.
(4) anti-another name desynchronization attack
The problem changing another name is not related to, the asynchronous safety problem brought of another name that the certificate server therefore caused without the need to considering desynchronization attack and user store in agreement.
With the scheme (being denoted as scheme 1) at " Hash-based mutual authentication protocol for low-cost RFID systems " such as GodorG, the scheme (being denoted as scheme 2) in " Enhancement of anonymous authentication scheme in wireless sensor network " such as Mun H, the scheme (being denoted as scheme 3) in " An gen2-based security authentication protocol for RFID system " such as Yi Xiao-Luo carries out com-parison and analysis, the scheme that participation is compared and the present invention adopt shared key to realize anonymous authentication.Result is as shown in table 1 below, and " Y " representative meets respective attributes, and " N " representative does not meet respective attributes.
Table 1
Wherein, realize the user anonymity of agreement in scheme 2 by smart card, the introducing of hardware makes the equipment not installing this hardware all cannot use this kind of certificate scheme, reduces the practicality of scheme.In addition, in scheme 2, timestamp mechanism is employed when verifying the freshness of message, but the problem that many equipment rooms possibility life period is not exclusively synchronous, and the use of timestamp can introduce potential safety hazard.Safkhani M analyzes scheme 2 can not resist other attacks such as desynchronization attack, but does not provide improvement project.
Two, performance evaluation
In order to quantitative evaluation performance of the present invention, we have built test envelope, user side and certificate server end adopt the hardware of identical configuration: Hewlett-Packard's desktop computer, its CPU is 3.00GHZ Core2Duo, inside save as 2GB, operating system is WindowsXP, adopts C Plus Plus to set up socket and realizes communicating between user with certificate server, translation and compiling environment is Microsoft Visual Studio2010, uses function in OpenSSL storehouse to provide SHA-1 to operate.The topological diagram of experiment as shown in Figure 4.
Below by great many of experiments, specifically analyze performance of the present invention from authenticated time, amount of calculation, the traffic and required memory space 4 aspects.
(1) authenticated time
In experiment, we consider the worst situation, that is: the rearmost end of identity C in the set of k-assumed name of real user.Fig. 5 is authentication time delay when k is respectively 1,5,10,15,20 in experiment, and each k value We conducted the test of 40 times.K=1 is actual is do not forge assumed name, only only has real user to carry out the process of real-name authentication.
As can be seen from Table 2, number of users k in the set of k-assumed name changes the impact change of authenticated time little. this is because the increase of k value mainly can bring the impact of two aspects among a small circle: (1) traffic increase: the identification length of each user is 32bits, increase the impact that a small amount of user ID brings the traffic negligible; (2) processing time of certificate server increases: the increase of k value can cause the quantity of certificate server increase search subscriber key and calculating to compare M
1workload.But searching for key is in a database very little to the increase of authenticated time; Relatively M
1relate generally to the calculating of message authentication code, the increase of its amount of calculation is very little, so very limited to the increase of authenticated time.
Table 2
In the tag access certification of RFID, under worst case, certificate server needs the shared key of all labels stored in ergodic data storehouse, and enciphered message is verified, record when the number of labels of databases storage is 100,000, certification required time is 8.2 seconds.Compare the whole database of traversal and complete anonymous authentication, institute's information that need to travel through k user in the worst cases of suggesting plans can complete anonymous authentication, and efficiency obviously promotes.
Meanwhile, utilize carried k assumed name collection to carry out authenticated time needed for anonymous authentication to multiple user to test simultaneously.K value is set as 15, and the change that the authenticated time of a certain user increases with the number of users proposing authentication request simultaneously and causes as shown in Figure 6, does not consider background traffic here.As shown in Figure 6, user authenticated time along with the increase of the number of users simultaneously proposing authentication request be the trend that approximately linear increases.
The reasonability of explained later linear growth, authenticated time forms primarily of two parts: processing time and call duration time.Processing time mainly certificate server end authenticated user time need the information of k user be traveled through and be calculated, and with receive user message compare.Call duration time mainly refers to the time that transmission data spend.In wireless network environment, must by using CSMA/CA (Carrier Sense Multiple Access/Collision Avoi-dance between all users, polynary access/the collision detection of carrier sense) obtain wireless channel, the time delay caused thus should not be underestimated.Suppose that the computing capability of server is powerful and can process the authentication request of multiple user simultaneously, then, when asking conscientious number of users SU to become m+1 by m, originally the processing time of m user is almost constant simultaneously.But fight for channel because add a user with m user, the call duration time of each user in an original m user can be caused elongated.Suppose when SU is m, the average authentication time of each user is D, and the extra communication delay caused by the user newly increased is delta, and so for an original m user, the authenticated time of each user becomes D+delta.For the user newly increased, its authenticated time is general identical with all the other m user.Therefore, the average authentication time of m+1 user is D+delta.
Known described in " An analytical model of MAC access delay in IEEE 802.11eEDCA " literary composition according to Xu Dong-Xia, due to the distributed coordination function DCF mechanism in wireless network, when each user in wireless network always has the packet of fixed size to send, the time that user accesses Wi-Fi is linear approximate relationship with number of users, that is often increase the communication delay that a user just increases a fixed size, that is: delta is a fixed value.Therefore, probably linear between the average authentication time delay of user and the number of users simultaneously proposing authentication request in an experiment.
(2) amount of calculation
Compare with existing anonymous authentication protocol scheme 1, scheme 2, scheme 3 in amount of calculation, the anonymous authentication that existing scheme all adopts the method based on shared key to realize.The institute user that suggests plans only has done twice hash operations at step3 and step4.
The number of users stored in Scenario 1 and scheme 3 is n, and the number of users in literary composition in the set of scheme k-assumed name is k, and result is as shown in table 3.
Table 3
(3) traffic
Random number N in scheme
1, N
2for 64bits, shared key Key is 128bits, and User Identity is 32bits, and hash operations adopts SHA-1, and the length of summarization after process is 160bits, and authentication request is character string type, and size is 32bits, then the traffic of scheme is as shown in table 4.
Table 4
(4) required memory space
Under two kinds of the Attacker Models, user and certificate server all need to store (identify label of user, shared key, session key) tlv triple.In the method for two kinds of structure k-assumed names set, user side all needs to store k User Identity, then the memory space needed for user side is (288+k × 32) bits; The personal information of each user that certificate server stores is 288bits, and total required memory space is determined by the number of users of server stores.
For a person skilled in the art, according to above technical scheme and design, various corresponding change and distortion can be provided, and all these change and distortion, within the protection range that all should be included in the claims in the present invention.
Claims (6)
1. in wireless network based on the user anonymity identity authentication protocol of k-assumed name set, it is characterized in that, described agreement comprises the steps:
Step 1, sends anonymous authentication request by user to certificate server;
Step 2, after described certificate server receives the access request of user, generates random number N
1, send to user;
Step 3, user is receiving N
1after, first generate a random number N
2, then calculate Article 3 interactive information M
1, M
1be calculated as follows:
M
1=HMAC(N
1‖N
2‖C‖Key‖k?IDs);
Key is the shared key of between user and certificate server 128; K IDs represents k user ID expressly, and user is by user ID (comprising the user ID C of true certification), the random number N of k plaintext
2and M
1send to certificate server;
Step 4, after certificate server receives the message from user, according to sequencing traversal k plaintext user mark of user ID in the set of k-assumed name, and the shared key that inquiring user is corresponding in a database, calculate M '
1, M '
1be calculated as follows:
M′
1=HMAC(N
1‖N
2‖C‖Key‖k?IDs);
Step 5, certificate server has checked whether M '
1equal M
1if there is M '
1equal M
1situation, then certificate server completes the certification to user, and calculates Article 4 interactive information M
2and send to user, M
2be calculated as follows:
M
2=HMAC(N
2‖Key);
Step 6, user receives the Article 4 interactive information M that certificate server is sent
2after, according to the N that this locality stores
2, Key calculates M'
2=HMAC (N
2‖ Key), and check M'
2the M whether sent with certificate server
2result is consistent, and as unanimously, then user completes the certification to certificate server;
Step 7, after the certification that user completes certificate server, both sides' session key generation SK, the session key SK of described certificate server end and user is shown below:
SK=PRNG(Key⊕N
1⊕N
2);
Wherein " ⊕ " represents the XOR pressing bit.
2. in wireless network according to claim 1 based on the user anonymity identity authentication protocol of k-assumed name set, it is characterized in that, described k plaintext user mark has two kinds of formation methods:
(1) user oneself generates other k-1 user ID;
(2) by certificate server be user distribute unitedly form the set of k-assumed name time required other k-1 user ID: certificate server registers a time-division provisioned user n user ID user, user is in verification process, privacy requirements according to self determines k value, wherein k≤n.
3. in wireless network according to claim 1 based on the user anonymity identity authentication protocol of k-assumed name set, it is characterized in that, described agreement, based on Dolev-Yao model, namely makes following hypothesis to the behavior of assailant:
(1) assailant can eavesdrop and intercept and capture arbitrarily through the message of network;
(2) assailant can store message that is that intercept or oneself structure;
(3) assailant can send message that is that intercept or oneself structure;
(4) assailant can as the operation of legal user's participation agreement.
4. a kind of user anonymity identity authentication protocol based on the set of k-assumed name according to claim 1, is characterized in that, described agreement, based on the Dolev-Yao model strengthened, namely makes following hypothesis to the behavior of assailant:
(1) assailant can eavesdrop and intercept and capture arbitrarily through the message of network;
(2) assailant can store message that is that intercept or oneself structure;
(3) assailant can send message that is that intercept or oneself structure;
(4) assailant can as the operation of legal user's participation agreement;
(5) assailant can have initiate seek common ground attack ability.
5. in wireless network according to claim 3 based on the user anonymity identity authentication protocol of k-assumed name set, it is characterized in that, under Dolev-Yao model, user in the k-assumed name set that user is formed at every turn in k value and the set of k-assumed name can identical also can be different, user can according to the privacy requirements setting k value of residing anonymous authentication environment, when privacy requirements is larger, setting k value is larger.
6. in wireless network according to claim 4 based on the user anonymity identity authentication protocol of k-assumed name set, it is characterized in that, under the Dolev-Yao model strengthened, because assailant has the ability seeking common ground and attack, user in the k-assumed name set that user is formed at every turn in k value and the set of k-assumed name must be identical, and user can set k value according to the highest privacy requirements in different anonymous authentication scene.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410598606.XA CN104283899B (en) | 2014-10-30 | 2014-10-30 | User anonymity identity identifying method based on k assumed name set in wireless network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410598606.XA CN104283899B (en) | 2014-10-30 | 2014-10-30 | User anonymity identity identifying method based on k assumed name set in wireless network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104283899A true CN104283899A (en) | 2015-01-14 |
| CN104283899B CN104283899B (en) | 2017-10-13 |
Family
ID=52258381
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410598606.XA Active CN104283899B (en) | 2014-10-30 | 2014-10-30 | User anonymity identity identifying method based on k assumed name set in wireless network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104283899B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105262593A (en) * | 2015-09-25 | 2016-01-20 | 长春理工大学 | Space network cross-domain anonymous identity authentication method based on hyper-chaos encryption |
| WO2017185999A1 (en) * | 2016-04-27 | 2017-11-02 | 华为技术有限公司 | Method, apparatus and system for encryption key distribution and authentication |
| CN109768861A (en) * | 2019-01-24 | 2019-05-17 | 西安电子科技大学 | Massive D2D anonymous discovery authentication and key agreement method |
| WO2019144350A1 (en) * | 2018-01-25 | 2019-08-01 | 华为技术有限公司 | Communication method and communication apparatus |
| CN110351076A (en) * | 2019-05-28 | 2019-10-18 | 电子科技大学 | A kind of identity Hidden Authentication encipherment scheme of identity-based |
| CN111490967A (en) * | 2019-01-29 | 2020-08-04 | 中国科学院软件研究所 | Unified identity authentication method and system for providing user-friendly strong authentication and anonymous authentication |
| CN112233759A (en) * | 2020-10-15 | 2021-01-15 | 刘明 | Coronary heart disease management cloud platform system and intelligent medicine box |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101123501A (en) * | 2006-08-08 | 2008-02-13 | 西安电子科技大学 | A WAPI authentication and secret key negotiation method and system |
| CN101282216A (en) * | 2007-04-02 | 2008-10-08 | 中国科学院研究生院 | Method for switching three-partner key with privacy protection based on password authentication |
| CN101599959A (en) * | 2009-07-10 | 2009-12-09 | 西北工业大学 | Anonymous bidirectional authentication method based on identity |
| WO2010034507A1 (en) * | 2008-09-25 | 2010-04-01 | Nec Europe Ltd. | Method for supporting secure authentication of a user using a smartcard |
| CN103020671A (en) * | 2012-11-20 | 2013-04-03 | 南京邮电大学 | Radio frequency identification bidirectional authentication method based on hash function |
| CN103826225A (en) * | 2014-02-19 | 2014-05-28 | 西安电子科技大学 | Identity authentication protocol selection method in wireless network |
-
2014
- 2014-10-30 CN CN201410598606.XA patent/CN104283899B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101123501A (en) * | 2006-08-08 | 2008-02-13 | 西安电子科技大学 | A WAPI authentication and secret key negotiation method and system |
| CN101282216A (en) * | 2007-04-02 | 2008-10-08 | 中国科学院研究生院 | Method for switching three-partner key with privacy protection based on password authentication |
| WO2010034507A1 (en) * | 2008-09-25 | 2010-04-01 | Nec Europe Ltd. | Method for supporting secure authentication of a user using a smartcard |
| CN101599959A (en) * | 2009-07-10 | 2009-12-09 | 西北工业大学 | Anonymous bidirectional authentication method based on identity |
| CN103020671A (en) * | 2012-11-20 | 2013-04-03 | 南京邮电大学 | Radio frequency identification bidirectional authentication method based on hash function |
| CN103826225A (en) * | 2014-02-19 | 2014-05-28 | 西安电子科技大学 | Identity authentication protocol selection method in wireless network |
Non-Patent Citations (1)
| Title |
|---|
| LI XINGHUA,ET AL: "A Lightweight Anonymous Authenticaiton Protocol Using K-pseudonym Set in Wireless Network", 《2015 IEEE GLOBAL COMMUNICATION CONFERENCE(GLOBECOM)》 * |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105262593B (en) * | 2015-09-25 | 2018-07-13 | 长春理工大学 | Based on the cross-domain anonymous Identity authentication method of the encrypted spatial network of hyperchaos |
| CN105262593A (en) * | 2015-09-25 | 2016-01-20 | 长春理工大学 | Space network cross-domain anonymous identity authentication method based on hyper-chaos encryption |
| CN107317674B (en) * | 2016-04-27 | 2021-08-31 | 华为技术有限公司 | Key distribution and authentication method, device and system |
| WO2017185999A1 (en) * | 2016-04-27 | 2017-11-02 | 华为技术有限公司 | Method, apparatus and system for encryption key distribution and authentication |
| CN107317674A (en) * | 2016-04-27 | 2017-11-03 | 华为技术有限公司 | Key distribution, authentication method, apparatus and system |
| US11240218B2 (en) | 2016-04-27 | 2022-02-01 | Huawei Technologies Co., Ltd. | Key distribution and authentication method and system, and apparatus |
| WO2019144350A1 (en) * | 2018-01-25 | 2019-08-01 | 华为技术有限公司 | Communication method and communication apparatus |
| CN111052779A (en) * | 2018-01-25 | 2020-04-21 | 华为技术有限公司 | Communication method and communication device |
| CN109768861A (en) * | 2019-01-24 | 2019-05-17 | 西安电子科技大学 | Massive D2D anonymous discovery authentication and key agreement method |
| CN109768861B (en) * | 2019-01-24 | 2021-07-30 | 西安电子科技大学 | Massive D2D anonymous discovery authentication and key agreement method |
| CN111490967A (en) * | 2019-01-29 | 2020-08-04 | 中国科学院软件研究所 | Unified identity authentication method and system for providing user-friendly strong authentication and anonymous authentication |
| CN110351076A (en) * | 2019-05-28 | 2019-10-18 | 电子科技大学 | A kind of identity Hidden Authentication encipherment scheme of identity-based |
| CN112233759A (en) * | 2020-10-15 | 2021-01-15 | 刘明 | Coronary heart disease management cloud platform system and intelligent medicine box |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104283899B (en) | 2017-10-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Gope et al. | Lightweight and privacy-preserving RFID authentication scheme for distributed IoT infrastructure with secure localization services for smart city environment | |
| Wu et al. | An efficient privacy-preserving mutual authentication scheme for secure V2V communication in vehicular ad hoc network | |
| CN103596173B (en) | Wireless network authentication method, client and service end wireless network authentication device | |
| He et al. | Secure and efficient handover authentication based on bilinear pairing functions | |
| CN104283899B (en) | User anonymity identity identifying method based on k assumed name set in wireless network | |
| Soleymani et al. | A security and privacy scheme based on node and message authentication and trust in fog-enabled VANET | |
| Sun et al. | Privacy-preserving spatiotemporal matching | |
| Limbasiya et al. | Secure message confirmation scheme based on batch verification in vehicular cloud computing | |
| WO2016161583A1 (en) | Gprs system key enhancement method, sgsn device, ue, hlr/hss and gprs system | |
| Timpner et al. | Trustworthy parking communities: Helping your neighbor to find a space | |
| Chiou et al. | An enhanced authentication scheme in mobile RFID system | |
| CN104333539A (en) | RFID security authentication method based on Chebyshev mapping | |
| Roslin | Data validation and integrity verification for trust based data aggregation protocol in WSN | |
| Nanda et al. | A hybrid encryption technique for Secure-GLOR: The adaptive secure routing protocol for dynamic wireless mesh networks | |
| Liu et al. | A new authentication and key agreement protocol for 5G wireless networks | |
| Sun et al. | Privacy-preserving spatiotemporal matching for secure device-to-device communications | |
| Shang et al. | A certificateless authentication protocol for D2D group communications in 5G cellular networks | |
| Zhang et al. | Efficient privacy-preserving anonymous authentication protocol for vehicular ad-hoc networks | |
| Zeng et al. | Deniable-based privacy-preserving authentication against location leakage in edge computing | |
| Gupta et al. | An improved authentication scheme for BLE devices with no I/O capabilities | |
| Li et al. | A lightweight anonymous authentication protocol using k-pseudonym set in wireless networks | |
| Borgohain et al. | A lightweight D2D authentication protocol for relay coverage scenario in 5G mobile network | |
| Kumar et al. | A conditional privacy-preserving and desynchronization-resistant authentication protocol for vehicular ad hoc network | |
| Papadimitratos et al. | A randomized countermeasure against parasitic adversaries in wireless sensor networks | |
| Lai et al. | SPGS: a secure and privacy‐preserving group setup framework for platoon‐based vehicular cyber‐physical systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |