CN105376230A - Two-way access authentication method for multi-layer-MAP oriented HMIPv6 network - Google Patents

Abstract

The invention provides a two-way access authentication method for a multi-layer-MAP oriented HMIPv6 network. The two-way access authentication method comprises the following steps that: a root PKG server is used as a trusted third party; a trusted channel is established among the root PKG server, PKG servers and AR routers in various layers; the root PKG server generates common parameters and private keys; the root PKG server issues the private keys to the PKG servers in the various layers according to identity information of the PKG servers in the various layers; the PKG server in each layer distributes the private key to the AR router in this layer according to identity information of the AR router in this layer; when a mobile node MN leaves a home homework and is accessed to the AR router under a certain MAP in the HMIPv6 network for the first time, initial two-way access authentication is carried out; and, when the mobile node MN is in a currently accessed foreign network and the AR router in the current MAP domain is switched into another MAP domain or another AR router, switching authentication is carried out. The invention provides a short signature scheme based on node certificate hierarchical identity; the security is based on the h-CDH problem; the short signature scheme has the advantages that: the lengths of the private keys are reduced along with increasing of hierarchical levels; and the lengths of the private keys are independent of the hierarchical levels.

Description

The HMIPv6 network bi-directional access authentication method of a kind of oriented multilayer MAP

Technical field

The invention belongs to mobile radio network access security field, particularly the HMIPv6 network bi-directional access authentication method of a kind of oriented multilayer MAP.

Background technology

The fast development of computer network greatly changes the life style of people, and the Internet forward supports mobility future development on a large scale, and people it is also proposed higher requirement to network.Along with the develop rapidly of wireless access wide band technology and mobile terminal technology, the continuous increase of mobile device quantity and access network demand, mobile IP v 6 (MIPv6) will become the important support agreement of next generation mobile communication.For promoting applicability and the switching efficiency of mobile node in field network of MIPv6 further, IETF expands MIPv6, formulate Hierarchical mobile IPv6 agreement (HMIPv6), in field network, introduce mobile anchor point compartmentalization mobile management is implemented to mobile node, to reduce mobile node handoff delay, but lack the consideration of fail safe aspect.When mobile node access field network, need the mutual authenticating identity of same field network, this is the primary demand of secure communication.In addition, switching and the certification of mobile node often occur simultaneously, and for ensureing real-time application, authentication mechanism synchronously should carry out with handoff procedure, ensures switching efficiency as far as possible.Efficient bilateral construction authentication mechanism for HMIPv6 becomes study hotspot.

In recent years, Identity Based Cryptography is applied to mobile IP v 6 access authentication procedure by researchers, to ensure the access security of mobile network.Document " AsecureIPv6-basedurbanwirelessmeshnetwork " devises a kind of new address architecture mode and adds in IP address by the identity information of mobile subscriber, adopt the network architecture of fast hierarchical simultaneously, ID-based cryptosystem is used to ensure the fail safe of its identity information, but the IP address after change is all more special in generation and management process, does not have general adaptability.Document " ExperimentalevaluationofproxymobileIPv6:Animplementation perspective " proposes and uses proxy mobile IPv 6 scheme to carry out access authentication to mobile entity, but the communication distance acted on behalf of between mobile entity is usually far, communication delay is large, reduce the efficiency switching certification, and need related entities to change key continually, add communication overhead.Document " the HMIPv6 network access authentication mechanism that node certificate combines with identity " proposes the signature scheme of stratification, and devise the authentication mechanism that node certificate combines with identity, simplify the complicated cipher key management procedures of PKIX, achieve the bilateral construction certification of user and access network, eliminate the interacting message between access network and home network.But this signature scheme lacks the research to HMIPv6 Extended Protocol, under the network environment of multilayer MAP, the program just supports the network environment of simple extension, and mobile terminal lacks flexibility under the network environment of multilayer MAP.Classical identity-based signature scheme is generally along with the increase of signature number of times, and signature length also increases thereupon.Or signature length is fixed, but difficulty hypothesis is but depended in fail safe unduly.

Summary of the invention

For prior art Problems existing, the invention provides the HMIPv6 network bi-directional access authentication method of a kind of oriented multilayer MAP.

Technical scheme of the present invention is:

A HMIPv6 network bi-directional access authentication method of oriented multilayer MAP, comprises the steps:

Step 1:rootPKG server as trusted third party, and each layer PKG server, sets up trusted channel between AR router;

Step 2:rootPKG server generates common parameter and generates private key;

Step 3:rootPKG server issues private key according to the identity information of each layer PKG server for it, and every layer of PKG server is its distribution private key according to the identity information of the AR router of this layer;

Step 4: when mobile terminal MN leaves the AR router under certain MAP that home network is linked in HMIPv6 network first, carry out initial two-way access authentication: when mobile terminal MN accesses in HMIPv6 network, to rootPKG server registration oneself information and carry out bidirectional identity authentication;

Step 5: when mobile terminal MN is in the field network of current access, when being switched to another MAP territory or AR router by the AR router in current MAP territory, carry out switching certification.

Step 4 is carried out as follows:

Step 4.1: mobile terminal MN carries out moving registration:

Step 4.2: the AR router under the MAP that access sends certificate verification request message to mobile terminal MN;

Step 4.3: when the certificate of rootPKG server authentication mobile terminal MN, if be proved to be successful, rootPKG server checks the node type of mobile terminal MN: if be mobile node, then upgrade banding cache according to binding update messages LBU in territory, rootPKG server is to binding acknowledgement message LBA in AR router loopback certificate verification acknowledge message CVA and territory temporarily; If not mobile node, then cancel authentication procedures; If verify unsuccessful, then MN authentication failure, can not be linked in HMIPv6 network;

After step 4.4:AR router receives certificate verification acknowledge message CVA, the identity information extracting mobile terminal MN from the certificate of mobile terminal MN carries out authentication to MN: if authentication success, send authentication success message VA and notify authentication result to current MAP, AR router is signed to binding acknowledgement message LBA in territory and sends to mobile terminal MN simultaneously;

Step 4.5: formally upgrade banding cache after the current MAP that will access receives authentication success message VA, authentication success message VA is successively transmitted to rootPKG server, to rootPKG server notice to mobile terminal MN authentication success;

Step 4.6:rootPKG server upgrades banding cache after receiving authentication success message VA, succeeds in registration to mobile terminal MN identity message; Send all AR routers in list of cert updating message CLU to all MAP territories and MAP territory, notify the success identity to mobile terminal MN, described list of cert updating message CLU message carries the certificate of mobile terminal MN simultaneously;

Step 4.7:AR router to forward remote bind acknowledge message RBA to mobile terminal MN and upgrades list of cert CL, and the certificate of mobile terminal MN is added list of cert;

Step 4.8: mobile terminal MN checks TS ₂freshness and HMAC certification is carried out to RBA, utilize the certificate of AR router to carry out certification to AR router, if whole authentication successs, then complete mobile registration, bilateral construction certification terminates simultaneously.

Step 4.1 is carried out as follows:

Step 4.1.1: mobile terminal MN carries out HMAC protection and short signature to binding update messages LBU in remote bind updating message RBU and territory respectively;

Step 4.1.2: the mobile terminal MN certificate verifying the AR router under the MAP that will access, namely the signature in this certificate is verified: if be proved to be successful, then mobile terminal MN extracts the identity information of this AR router from the certificate of this AR router, otherwise mobile terminal MN cancels the two-way authentication between this AR router.

Step 4.2 is carried out as follows:

Step 4.2.1:AR router review time stamp TS ₁freshness, if fresh, then perform step 4.2.2, otherwise; Cancel the authentication to MN certificate;

Step 4.2.2:AR router checks list of cert, if there is not the certificate of current mobile terminal MN in list of cert, then current mobile terminal MN is first access, AR router successively sends certificate verification request message to rootPKG server, request carries out certification to the certificate of mobile terminal MN, then perform step 4.3, otherwise directly perform step 4.3.

The process of described switching certification is specific as follows:

Current MAP territory receive the certificate of mobile terminal MN and authentication success time, in HMIPv6 network, all MAP and AR routers send the list of cert CL that list of cert updating message CLU upgrades each MAP and AR router; When mobile terminal MN is again in tree-shaped MAP territory during mobile handoff, the AR router of access is then direct carries out certification to this mobile terminal MN, without the need to carrying out ID authentication request to current MAP again.

Beneficial effect:

The present invention proposes a kind of based on node certificate Hierarchical Identity short signature scheme, its fail safe is based on h-CDH problem, and maximum advantage is the increase along with hierarchical level, and private key length is reduced thereupon, and signature length does not rely on hierarchical level.Moreover, the security model that this scheme relies on has more generality, and it is the security model hypothesis that adaptability selects identity.

Signature scheme of the present invention is the stratification short signature mechanism of identity-based, achieve the two-way authentication of MN and access network identity, in signature scheme, common parameter is compared with existing scheme, slightly increase, but as can be seen from signature scheme, the private key length of this programme reduces along with the increase of identity progression, and signature length is a constant, only containing 3 group elements.Due to Bilinear map can precalculate, so verification algorithm only needs 3 Bilinear map computings, this is very efficient on the one hand.In addition, the fail safe of this programme is based on h-CDH difficulty hypothesis instead of other stronger hypothesis, and its fail safe does not rely on random oracle.

Accompanying drawing explanation

Fig. 1 be the multilayer MAP of the specific embodiment of the invention nested under the HMIPv6 network architecture frame diagram of bilateral construction certification;

Fig. 2 is the HMIPv6 network bi-directional access authentication schematic diagram of mechanism of the oriented multilayer MAP of the specific embodiment of the invention;

Fig. 3 is the HMIPv6 network bi-directional access authentication method flow chart of a kind of oriented multilayer MAP of the specific embodiment of the invention.

Embodiment

Below in conjunction with accompanying drawing, the specific embodiment of the present invention is elaborated.

The HMIPv6 network architecture as shown in Figure 1, is divided into three parts: Part I is trusted third party and rootPKG server, is the root server of system default, is responsible for generation system parameter and issues private key for lower floor's PKG server; Part II is multiple PKG server and forms multiple MAP territory; Part III is AR router and mobile terminal MN.When mobile terminal MN moves and accesses certain outer region, initial access authentication process will be produced; When moving in mobile terminal MN outside region and changing access point, generation is switched verification process.

A HMIPv6 network bi-directional access authentication method of oriented multilayer MAP, as shown in Figure 3, comprises the steps:

Step 1:rootPKG server as trusted third party, and each layer PKG server, sets up trusted channel between AR router, adopts the communication between each layer PKG server of ipsec security mechanism protection and between PKG and AR;

Step 2:rootPKG server generates common parameter and generates private key;

Common parameter params=(g, g ₁, g ₂, g ₃, u ₀, H ₁... H _h, U).RootPKG server random selecting α ∈ Ζ _p, choose for master key;

If maximum hierarchical level is h, rootPKG server random selecting rank is group G and the generator g and some elements h of prime number p _ij, g ₂, g ₃, u ₀, u _l∈ G, wherein i=1 ..., h, j=1 ..., n _i, l=1 ..., n _m.In addition, if H _i=(h _ij) and U=(u _l), rootPKG server exports common parameter params and is: params=(g, g ₁, g ₂, g ₃, u ₀, H ₁... H _h, U).RootPKG server random selecting α ∈ Ζ _p, choose for master key, and calculate

J-1 layer PKG server inputs its identity ID to last layer PKG server _j-1=(v ₁, v ₂..., v _j-1) and the private key of correspondence wherein v _j-1represent the identity information of j-1 layer PKG server, d ' _hrepresent the private key of j-1 layer PKG server, the identity ID of jth layer PKG server _j=(v ₁, v ₂..., v _j), v _j∈ Ζ _p, corresponding private key $d_{{\mathrm{ID}}_j}=(d_0,d_1,d_{j+1},...,d_h).$ By calculating with under type: random selecting $\stackrel{\‾}{r}\∈Z_p$

$d_0^{\′}=g_2^{\mathrm{\α}}{\left(g_3\underset{i=1}{\overset{j-1}{\Π}}{F}_i\left(v_i\right)\right)}^{\stackrel{\‾}{r}},$

$d_1^{\′}=g^{\stackrel{\‾}{r}},$

$d_t^{\′}=H_r^{\stackrel{\‾}{r}}=\left(h_{ti}^{\stackrel{\‾}{r}}\right),$

Wherein i=1 ..., n, t=j ..., h, $\stackrel{\‾}{r}\∈Z_p,F_i\left(x\right)=\underset{j=1}{\overset{n_i}{\Π}}{h}_{ij}^{x^j},i=1,...,h.$

Random selecting r ' ∈ Ζ _p, calculate:

$d_0=d_0^{\′}\underset{k=1}{\overset{n_j}{\Π}}{h}_{jk}^{v_j^k}{\left(g_2\underset{i=1}{\overset{j}{\Π}}{F}_i\right(v_i\left)\right)}^{r^{\′}},$

$d_1=d_1^{\′}{g}^{r^{\′}},d_t=d_t^{\′}{H}_t^{r^{\′}}=\left(h_{tj}^{\stackrel{\‾}{r}+r^{\′}}\right),$

Wherein t=j+1 ..., h, if can obtain thus

$d_{ID}=\left(d_0,d_1,d_{j+1},\mathrm{...}{d}_h\right)=\left(g_2^{\mathrm{\α}}{\left(g_3\underset{i=1}{\overset{j}{\mathrm{\Π}}}{F}_i\left(v_i\right)\right)}^r,g^r,H_{j+1}^r,\mathrm{...}{H}_h^r\right).$

Step 3:rootPKG server issues private key according to the identity information of each layer PKG server for it, and every layer of PKG server is its distribution private key according to the identity information of the AR router of this layer;

Step 4: when mobile terminal MN leaves the AR router under certain MAP that home network is linked in HMIPv6 network first, carry out initial two-way access authentication: when mobile terminal MN accesses in HMIPv6 network, to rootPKG server registration oneself information and carry out bidirectional identity authentication;

Suppose that mobile terminal MN is linked into arbitrarily the AR in j layer MAP territory _j,iduring router, AR can be received _j,ithe advertising of route RA of router, this advertising of route can carry AR _j,ithe certificate of router.

Initial two-way access authentication detailed process is as shown in Figure 2:

Step 4.1: mobile terminal MN carries out moving registration: AR _j,i→ MN:{RA ‖ Cert_AR _j,i}

Step 4.1.1: mobile terminal MN carries out HMAC protection and short signature to binding update messages LBU in remote bind updating message RBU and territory respectively;

Step 4.1.2: mobile terminal MN verifies the AR under the MAP that will access _j,icertificate Cert_AR _j,i, namely verify the signature in this certificate: set message M about the signature of identity ID as σ=(σ ₁, σ ₂, σ ₃), treat that label information is $M=(m_1,...,m_i,...m_{n_M}),m_i\∈Z_p,1\≤i\≤n_M,$ Signer random selecting s ∈ Ζ _p, compute signature is as follows:

$\mathrm{\σ}=({\mathrm{\σ}}_1,{\mathrm{\σ}}_2,{\mathrm{\σ}}_3)=\left(d_0{\left(u_0\underset{i=1}{\overset{n_M}{\Π}}{u_i}^{m_i}\right)}^s,d_1,g^s\right)$

First verifier calculates F _i(v _i), then verify whether following equation is set up:

$\hat{e}({\mathrm{\σ}}_1,g)=\hat{e}(g_1,g_2)\hat{e}\left(g_3\underset{i=1}{\overset{j}{\Π}}{F}_i\right(v_i),{\mathrm{\σ}}_2)\hat{e}(u_0\underset{i=1}{\overset{n_M}{\mathrm{\Π}}}{u}_i^{m_i},{\mathrm{\σ}}_3)$

Wherein, it is Bilinear map.

If equation is set up, accept signature, otherwise refusal.

If be proved to be successful, then mobile terminal MN is from AR _j,icertificate Cert_AR _j,imiddle extraction AR _j,iidentity information otherwise mobile terminal MN cancels and AR _j,ibetween two-way authentication.

Step 4.2: the AR router under the MAP that access sends certificate verification request message to mobile terminal MN: MN → AR _j,i: { LBU ‖ TS ₁‖ RBU ‖ (RBU) _mAC‖ σ ₁‖ Cert_MN};

Step 4.2.1:AR _j,ireview time stamp TS ₁freshness, if fresh, then perform step 4.2.2, otherwise; Cancel the authentication to MN certificate;

Step 4.2.2:AR _j,icheck list of cert CL, if list of cert CL does not exist the certificate Cert_MN of current mobile terminal MN, then current mobile terminal MN is first access, AR _j,isuccessively send certificate verification request message CVR to rootPKG server, ask to carry out certification to the certificate Cert_MN of mobile terminal MN, then perform step 4.3, otherwise directly perform step 4.3.

The certificate of step 4.3:rootPKG server authentication mobile terminal MN, AR _j,i~ MAP _j,i: { CVR ‖ TS ₁‖ RBU ‖ LBU ‖ Cert_MN}: if be proved to be successful, rootPKG server checks the node type of mobile terminal MN: if be mobile node, then upgrade banding cache according to binding update messages LBU in territory, rootPKG server is to AR temporarily _j,ibinding acknowledgement message LBA in loopback certificate verification acknowledge message CVA and territory; If not mobile node, then cancel authentication procedures; If verify unsuccessful, then MN authentication failure, can not be linked in HMIPv6 network;

Step 4.4:AR _j,iafter receiving certificate verification acknowledge message CVA, the identity information extracting mobile terminal MN from the certificate Cert_MN of mobile terminal MN carries out authentication to MN, MAP _j,i~ AR _j,i: { CVA ‖ LBA}: if authentication success, send authentication success message VA to MAP _j,inotice authentication result, simultaneously AR _j,ibinding acknowledgement message LBA in territory is signed and sends to mobile terminal MN;

Step 4.5: formally upgrade banding cache after the current MAP that will access receives authentication success message VA, authentication success message VA is successively transmitted to rootPKG server, to rootPKG server notice to mobile terminal MN authentication success: AR _j,i~ MAP _j,i: { VA};

The current MAP that will access _j,iformally upgrade banding cache after receiving VA, then VA is successively transmitted to MAP _1,1, to MAP _1,1notice is to mobile terminal MN authentication success.

Step 4.6:rootPKG server upgrades banding cache after receiving authentication success message VA, succeeds in registration to mobile terminal MN identity message; Send all AR routers in list of cert updating message CLU to all MAP territories and MAP territory simultaneously, notify the success identity to mobile terminal MN;

MAP _j,i~ ... ~ MAP _1,1: { VA ‖ RBU}:MAP _1,1upgrade banding cache after receiving VA, MN identity message is succeeded in registration.Send all AR in list of cert updating message (CLU) to all MAP territories and territory, notify the success identity to MN, CLU message carries Cert_MN simultaneously.

Described list of cert updating message CLU message carries the certificate of mobile terminal MN;

Step 4.7:AR router to forward remote bind acknowledge message RBA to mobile terminal MN and upgrades list of cert CL, and the certificate of mobile terminal MN is added list of cert;

MAP _1,1~ ... ~ MAP _j,i~ AR _j,i: { CLU ‖ RBA ‖ (RBA) _mAC}: AR _j,iforward RBA and upgrade CL to MN, increase Cert_MN list item.

Step 4.8: the mobile terminal MN review time stabs TS ₂freshness and HMAC certification is carried out to RBA, utilize the certificate of AR router simultaneously to AR _j,icarry out certification, if whole authentication success, then complete mobile registration, bilateral construction certification terminates.

AR _j,i→MN：{LBA‖RBA‖(RBA) _MAC‖TS ₂}

Step 5: when mobile terminal MN is in the field network of current access, when being switched to another MAP territory or AR router by the AR router in current MAP territory, carry out switching certification: MAP _1,1receive the certificate Cert_MN of mobile terminal MN and authentication success time, in HMIPv6 network, all MAP and AR routers send the list of cert CL that list of cert updating message CLU upgrades each MAP and AR router; When mobile terminal MN is again in tree-shaped MAP territory during mobile handoff, the AR router of access is then direct carries out certification to this mobile terminal MN, without the need to again to MAP _1,1carry out ID authentication request.In bilateral construction certification and mobile management, so not only ensure that the high efficiency of switching, also assures that the fail safe of certificate.

Claims (5)

1. a HMIPv6 network bi-directional access authentication method of oriented multilayer MAP, is characterized in that, comprise the steps:

Step 1:rootPKG server as trusted third party, and each layer PKG server, sets up trusted channel between AR router;

Step 2:rootPKG server generates common parameter and generates private key;

Step 3:rootPKG server issues private key according to the identity information of each layer PKG server for it, and every layer of PKG server is its distribution private key according to the identity information of the AR router of this layer;

Step 4: when mobile terminal MN leaves the AR router under certain MAP that home network is linked in HMIPv6 network first, carry out initial two-way access authentication: when mobile terminal MN accesses in HMIPv6 network, to rootPKG server registration oneself information and carry out bidirectional identity authentication;

Step 5: when mobile terminal MN is in the field network of current access, when being switched to another MAP territory or AR router by the AR router in current MAP territory, carry out switching certification.

2. the HMIPv6 network bi-directional access authentication method of oriented multilayer MAP according to claim 1, it is characterized in that, step 4 is carried out as follows:

Step 4.1: mobile terminal MN carries out moving registration:

Step 4.2: the AR router under the MAP that access sends certificate verification request message to mobile terminal MN;

Step 4.3: when the certificate of rootPKG server authentication mobile terminal MN, if be proved to be successful, rootPKG server checks the node type of mobile terminal MN: if be mobile node, then upgrade banding cache according to binding update messages LBU in territory, rootPKG server is to binding acknowledgement message LBA in AR router loopback certificate verification acknowledge message CVA and territory temporarily; If not mobile node, then cancel authentication procedures; If verify unsuccessful, then MN authentication failure, can not be linked in HMIPv6 network;

After step 4.4:AR router receives certificate verification acknowledge message CVA, the identity information extracting mobile terminal MN from the certificate of mobile terminal MN carries out authentication to MN: if authentication success, send authentication success message VA and notify authentication result to current MAP, AR router is signed to binding acknowledgement message LBA in territory and sends to mobile terminal MN simultaneously;

Step 4.5: formally upgrade banding cache after the current MAP that will access receives authentication success message VA, authentication success message VA is successively transmitted to rootPKG server, to rootPKG server notice to mobile terminal MN authentication success;

Step 4.6:rootPKG server upgrades banding cache after receiving authentication success message VA, succeeds in registration to mobile terminal MN identity message; Send all AR routers in list of cert updating message CLU to all MAP territories and MAP territory, notify the success identity to mobile terminal MN, described list of cert updating message CLU message carries the certificate of mobile terminal MN simultaneously;

Step 4.7:AR router to forward remote bind acknowledge message RBA to mobile terminal MN and upgrades list of cert CL, and the certificate of mobile terminal MN is added list of cert;

Step 4.8: mobile terminal MN checks TS ₂freshness and HMAC certification is carried out to RBA, utilize the certificate of AR router to carry out certification to AR router, if whole authentication successs, then complete mobile registration, bilateral construction certification terminates simultaneously.

3. the HMIPv6 network bi-directional access authentication method of oriented multilayer MAP according to claim 2, it is characterized in that, step 4.1 is carried out as follows:

Step 4.1.1: mobile terminal MN carries out HMAC protection and short signature to binding update messages LBU in remote bind updating message RBU and territory respectively;

Step 4.1.2: the mobile terminal MN certificate verifying the AR router under the MAP that will access, namely the signature in this certificate is verified: if be proved to be successful, then mobile terminal MN extracts the identity information of this AR router from the certificate of this AR router, otherwise mobile terminal MN cancels the two-way authentication between this AR router.

4. the HMIPv6 network bi-directional access authentication method of oriented multilayer MAP according to claim 2, it is characterized in that, step 4.2 is carried out as follows:

Step 4.2.1:AR router review time stamp TS ₁freshness, if fresh, then perform step 4.2.2, otherwise; Cancel the authentication to MN certificate;

Step 4.2.2:AR router checks list of cert, if there is not the certificate of current mobile terminal MN in list of cert, then current mobile terminal MN is first access, AR router successively sends certificate verification request message to rootPKG server, request carries out certification to the certificate of mobile terminal MN, then perform step 4.3, otherwise directly perform step 4.3.

5. the HMIPv6 network bi-directional access authentication method of oriented multilayer MAP according to claim 1, is characterized in that, the process of described switching certification is specific as follows:

Current MAP territory receive the certificate of mobile terminal MN and authentication success time, in HMIPv6 network, all MAP and AR routers send the list of cert CL that list of cert updating message CLU upgrades each MAP and AR router; When mobile terminal MN is again in tree-shaped MAP territory during mobile handoff, the AR router of access is then direct carries out certification to this mobile terminal MN, without the need to carrying out ID authentication request to current MAP again.