CN105978906A - Identity based communication handshake protocol - Google Patents

Identity based communication handshake protocol Download PDF

Info

Publication number
CN105978906A
CN105978906A CN201610511378.7A CN201610511378A CN105978906A CN 105978906 A CN105978906 A CN 105978906A CN 201610511378 A CN201610511378 A CN 201610511378A CN 105978906 A CN105978906 A CN 105978906A
Authority
CN
China
Prior art keywords
session
service end
identity
client
message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610511378.7A
Other languages
Chinese (zh)
Inventor
王小峰
苏金树
陈曙晖
薛天
钟求喜
王飞
张博锋
孙品
孙一品
刘宇靖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
National University of Defense Technology
Original Assignee
National University of Defense Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by National University of Defense Technology filed Critical National University of Defense Technology
Priority to CN201610511378.7A priority Critical patent/CN105978906A/en
Publication of CN105978906A publication Critical patent/CN105978906A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses an identity based communication handshake protocol, and relates to the basic field of network communication. According to the communication handshake protocol, the trouble of certificate transmission and verification can be removed; the handshake process is simplified; moreover, two-party authentication is finished; and a secure session is established. The technical scheme is that according to the identity based communication handshake protocol, through definition of new message contents, a TLS (Transport Layer Security) handshake protocol is thoroughly simplified; the handshake delay is reduced; and moreover, security parameter negotiation is finished. Specifically, the identity based communication handshake protocol comprises the steps of 1, establishing an identity based cryptosystem and distributing keys; and 2, carrying out handshake to negotiate security parameters. According to the identity based communication handshake protocol, through adoption of an identity based cryptography, identities and public keys are most naturally bound; use of a certificate is avoided; only two messages need to be sent in the negotiation process; the delay is low; the operation is simple and convenient; totally, there is one-time bilinear operation and one-time hash operation shared in the negotiation process; the operation efficiency is high; the calculation complexity is low; and the communication demand of the internet of things can be adapted well.

Description

A kind of communication handshake agreement of identity-based
Technical field
The present invention relates to network service basic field, the communication handshake agreement of a kind of identity-based.
Background technology
Transport Layer Security (Transport Layer Security, TLS) agreement is between transport layer and application layer, for Information transmission provides the security service such as certification, confidentiality and integrity.Handshake Protocol is the core of TLS, and it completes client The functions such as cryptographic algorithm negotiation, certification and session key generation between end and service end, are that communicating pair carries out data safety The premise of transmission.Traditional tls handshake protocol is issued based on PKIX (Public Key Infrastructure, PKI) Send out certificate realize certification and key exchange, on the one hand, certificate query and Certificate Path Construction cause bigger computing cost and Time delay, on the other hand, certificate exchange brings bigger communication overhead, and these problems limit TLS's to a certain extent Deployment scope.
1984, Shamir proposed ID-based cryptosystem system (Identity Based Cryptosystem, IBC), This system does not use any certificate, directly by believable private key, the identity of user is generated center as PKI, private key (Private Key Generator, PKG) generates and is distributed to user.IBC certificate of necessity in solving PKI generates, signs While sending out, backing up, the problem such as cancel, hence it is evident that the system that reduces is set up and the cost safeguarded and complexity, is greatly saved and deposits Storage space and the network bandwidth.The application of IBC becomes more and more extensive.
Quick, efficient, the development trend of miniaturization for adaptation future network, IBC is applied to network service by the present invention, carries Going out the simplification Handshake Protocol of a kind of identity-based, its know-why being mainly concerned with has:
Zero bilinear map character:
If q is a Big prime, G1It is q rank modules, G2It is q rank multiplicative groups, maps e:G1×G1→G2For bilinear map, Then to any Q, R ∈ G1, a, b ∈ Z, there is e (aQ, bR)=e (Q, R)ab
Subjective entropy (the Identity Based Authenticated Key of zero identity-based Agreement, IBAKA)
In ID-based cryptosystem system, it is ensured that the session key consulting to obtain only has communicating pair to know, i.e. at key Completing the agreement of mutual authentication during negotiation, the present invention simply uses the one of IBAKA.
Summary of the invention
For above-mentioned technological deficiency, the present invention proposes the communication handshake agreement of a kind of identity-based, and IBC is applied to network Communication, adaptation future network is quick, efficient, the development trend of miniaturization.
The concrete technical scheme of the present invention is:
By defining new message content, simplify tls handshake protocol, while delay is shaken hands in reduction, complete safe ginseng The negotiation of number;Specifically include following steps:
1) foundation and the key of ID-based cryptosystem system is distributed;
2) hand shaking security parameter.
As the preferred technical solution of the present invention, described step 1) to be embodied as step as follows: PKG select certain specific Elliptic curve, and constituted q rank addition cyclic group G by point thereon1, wherein q is a Big prime, and generating unit is P.Randomly chooseAs the master key of PKG, calculate Ppub=sP;
Further according to group G1Select bilinear map e so that e:G1×G1→G2, G2For q rank multiplicative group;
Map e:G1×G1→G 2For bilinear map, then to any Q, R ∈ G1, a, b ∈ Z, have e (aQ, bR)=e (Q, R)ab
Finally select relevant hash function H1:{0,1}*→G1, H2:G2→{0,1}n, n is key length;
After completing to initialize, the common parameter list < q, G of public address system1,G2,e,n,P,Ppub,H1,H2>;PKG generates The public and private key pair of given identity ID, if client identity is A, then its PKI and private key are respectively QA=H1And S (A)A=sQA; Service end identity is B, then its PKI and private key are respectively QB=H1And S (B)B=sQB, private key is sent to by safe lane User.
As the preferred technical solution of the present invention, described step 2) specifically comprise the following steps that
(1) client sends ClientHello message, initiates session connection.
ClientHello message, structure is defined as follows:
Wherein:
Client_version is the protocol version of client;
Identity deposits the identity information of client, for producing the PKI of client;
Session_id is session identification, and its value is produced by service end;Without reusable session identification or hope Consulting security parameter, this field should be empty, otherwise represents that client wishes to reuse this session;Session identification should be protected after generating always Hold and deleted by time-out or the connection relevant to this session runs into fatal error and be closed;
The cipher suit list that cipher_suites is supported by client, prioritized, select for service end Select;Newly-increased cipher suite IBAKA_WITH_AES_CBC, represents and uses IBAKA to carry out key exchange and certification, symmetric cryptography is calculated Method is 128 AES, and encryption mode is CBC;
The compression algorithm list that compression_methods is supported by client, prioritized, for clothes Business end selects;
(2) service end sends SeverHello message, completes the negotiation of security parameter;
SeverHello message, structure is defined as follows:
Wherein:
Server_version is the protocol version of service end;
The identity information of identity service end, for producing the PKI of service end;
Session_id is the session identification that service end uses, if the session identification in ClientHello message is not Sky, and there is the session identification of coupling in service end, then service end is reused the session establishment corresponding with this mark and is newly connected, and is returning The upper session identification consistent with client of band in the SeverHello message answered, otherwise service end produces a new session mark Know, be used for setting up a new session;
Cipher_suite is the cipher suite that service end is chosen from ClientHello message, in handshake procedure For the IBAKA_WITH_AES_CBC external member selected;During Session state reuse, this field is deposited and is reused the cipher suite that session uses;
Compression_method is the compression algorithm that service end is chosen from ClientHello message, session When reusing, this field is deposited and is reused the compression algorithm that session uses;
(3) service end has sent SeverHello message, according to KB=H2(e(QA,SB)) session key preserving;
(4) after client receives SeverHello message, according to KA=H2(e(SA,QB)) session key preserving;
Above handshake procedure should be carried out according to flow process order, otherwise will cause fatal mistake.
Compared with prior art, the invention has the beneficial effects as follows:
(1) use ID-ased cryptography technology, complete the most natural binding of identity and PKI, it is to avoid making of certificate With;
(2) negotiations process only needs to send two message, postpones little, easy and simple to handle;Negotiations process shares 1
Secondary bilinear operation, 1 Hash operation, operation efficiency is high, and computational complexity is low, can preferably adapt to Internet of Things Netcom The demand of letter.
Accompanying drawing explanation
Fig. 1 is embodiment general diagram;
Fig. 2 is embodiment handshake information flow process.
Detailed description of the invention
Below in conjunction with Figure of description and concrete preferred embodiment, the invention will be further described, but the most therefore and Limit the scope of the invention.
It is an object of the invention to design the communication handshake agreement of a kind of identity-based, break away from the tired of certificate transmission and checking Disturb, simplify handshake procedure, complete the certification of both sides simultaneously, set up secured session.Below with reference to same intra domain user Alice (letter Claim A) to the specific embodiment of user Bob (being called for short B) initiation secure connection, the present invention will be described.In the present embodiment, by territory The interior believable task of completing PKG from trust authority (Self-Trust Authority, STA).
The know-why being mainly concerned with has:
Zero bilinear map character:
If q is a prime number, G1 is q rank modules, and G2 is q rank multiplicative groups, maps e:G1×G1→G2For bilinear map, Then to any Q, R ∈ G1, a, b ∈ Z, there is e (aQ, bR)=e (Q, R)ab
Subjective entropy (the Identity Based Authenticated Key of zero identity-based Agreement, IBAKA).
In ID-based cryptosystem system, it is ensured that the session key consulting to obtain only has communicating pair to know, i.e. at key Completing the agreement of mutual authentication during negotiation, the present invention simply uses the one of IBAKA.
As it is shown in figure 1, the identity-based communication handshake agreement main-process stream of the present invention comprises the following steps:
1. the foundation of ID-based cryptosystem system and Private key distribution;
PKG selects certain specific elliptic curve, and such as selecting elliptic curve is y2=x3-3x, and by thereon some structure Become q (q is a Big prime) rank addition cyclic group G1, wherein generating unit is P.Randomly chooseAs the master key of PKG, meter Calculate Ppub=sP.Further according to group G1Utilize weil on elliptic curve to or Tate pair, construct bilinear map e so that e:G1 ×G1→G2, G2For q rank multiplicative group.Finally select relevant hash function H1:{0,1}*→G1, H2:G2→{0,1}n, n key is long Degree.After completing to initialize, the common parameter list < q, G of public address system1,G2,e,n,P,Ppub,H1,H2>.PKG generates given The public and private key pair of identity ID, identity ID of AliceAFor Alice@company.com, then the PKI Q of its correspondenceAFor H1 (IDA), PKG is its private key S generatedAFor sQA.Identity ID of BobBFor Bob@company.com, then the PKI Q of its correspondenceBFor H1(IDB), PKG is its private key S generatedBFor sQB, PKG passes through escape way by Private key distribution to user.
Shaken hands interactive authentication and security parameter of 2.TLS is consulted;
As in figure 2 it is shown, handshake procedure is as follows:
(1) customer end A lice sends ClientHello message, initiates session connection.Client_version is set to 1.0;Identity puts into Alice@company.com;Session_id is empty;Cipher_suites prioritization IBAKA_WITH_AES_CBC cipher suite also arranges rational compression algorithm list.
ClientHello message, structure is defined as follows:
Wherein:
Client_version is the protocol version of client;
Identity deposits the identity information of client, for producing the PKI of client;
Session_id is session identification, and its value is produced by service end;Without reusable session identification or hope Consulting security parameter, this field should be empty, otherwise represents that client wishes to reuse this session;Session identification should be protected after generating always Hold and deleted by time-out or the connection relevant to this session runs into fatal error and be closed;
The cipher suit list that cipher_suites is supported by client, prioritized, select for service end Select;The present invention increases cipher suite IBAKA_WITH_AES_CBC newly, represents and uses IBAKA to carry out key exchange and certification, symmetrical AES is 128 AES, and encryption mode is CBC;
The compression algorithm list that compression_methods is supported by client, prioritized, for clothes Business end selects;
(2) service end Bob sends SeverHello message, completes security parameter and consults.Client_version is chosen as TLS 1.0;Identity puts into Bob@company.com;Suitable session_id is set;Cipher_suites selects IBAKA_WITH_AES_CBC cipher suite also selects suitable compression algorithm.
SeverHello message, structure is defined as follows:
Wherein:
Server_version is the protocol version of service end;
The identity information of identity service end, for producing the PKI of service end;
Session_id is the session identification that service end uses, if the session identification in ClientHello message is not Sky, and there is the session identification of coupling in service end, then service end is reused the session establishment corresponding with this mark and is newly connected, and is returning The upper session identification consistent with client of band in the SeverHello message answered, otherwise service end produces a new session mark Know, be used for setting up a new session;
Cipher_suite is the cipher suite that service end is chosen from ClientHello message, and the present invention proposes Handshake procedure in for select IBAKA_WITH_AES_CBC external member.During Session state reuse, this field is deposited and is reused session use Cipher suite;
Compression_method is the compression algorithm that service end is chosen from ClientHello message, session When reusing, this field is deposited and is reused the compression algorithm that session uses.
(3), after Bob has sent SeverHello message, H is passed through1(Alice@company.com) produces the PKI of Alice QA, and pass through KB=H2(e(QA,SB)) session key preserving.
(4), after Alice receives SeverHello message, H is passed through1(Bob@company.com) produces the PKI Q of BobB, and Pass through KA=H2(e(SA,QB)) session key preserving.
After session key has produced, both sides formally set up connection.
Obviously, the above embodiment of the present invention is only for clearly demonstrating example of the present invention, and is not right The restriction of embodiments of the present invention.For those of ordinary skill in the field, the most also may be used To make other changes in different forms.Here without also cannot all of embodiment be given exhaustive.All at this The spirit of invention and interior made any amendment, equivalent and the improvement etc. of principle, should be included in the claims in the present invention Protection domain in.

Claims (3)

1. a communication handshake agreement for identity-based, by defining new message content, simplifies tls handshake protocol, is reducing Shake hands while delay, complete the negotiation of security parameter;It is characterized in that, specifically include following steps:
1) foundation and the key of ID-based cryptosystem system is distributed;
2) hand shaking security parameter.
The communication handshake agreement of a kind of identity-based the most according to claim 1, it is characterised in that described step 1) tool It is as follows that body implements step: PKG selects certain specific elliptic curve, and is constituted q rank addition cyclic group G by point thereon1, wherein Q is a Big prime, and generating unit is P;Randomly chooseAs the master key of PKG, calculate Ppub=sP;
Further according to group G1Select bilinear map e so that e:G1×G1→G2, G2For q rank multiplicative group;e:G1×G1→G2For two-wire Property map, then to any Q, R ∈ G1, a, b ∈ Z, there is e (aQ, bR)=e (Q, R)ab
Finally select relevant hash function H1:{0,1}*→G1, H2:G2→{0,1}n, n is key length;
After completing to initialize, the common parameter list < q, G of public address system1,G2,e,n,P,Ppub,H1,H2>;PKG generates given The public and private key pair of identity ID, if client identity is A, then its PKI and private key are respectively QA=H1And S (A)A=sQA;Service End identity is B, then its PKI and private key are respectively QB=H1And S (B)B=sQB, send private key to user by safe lane.
The communication handshake agreement of a kind of identity-based the most according to claim 2, it is characterised in that described step 2) tool Body step is as follows:
(1) client sends ClientHello message, initiates session connection;
ClientHello message, structure is defined as follows:
Wherein:
Client_version is the protocol version of client;
Identity deposits the identity information of client, for producing the PKI of client;
Session_id is session identification, and its value is produced by service end;Consult without reusable session identification or hope Security parameter, this field should be empty, otherwise represents that client wishes to reuse this session;Session identification should be always maintained at after generating Deleted by time-out or the connection relevant to this session runs into fatal error and be closed;
The cipher suit list that cipher_suites is supported by client, prioritized, select for service end; Newly-increased cipher suite IBAKA_WITH_AES_CBC, represents and uses IBAKA to carry out key exchange and certification, symmetric encipherment algorithm is 128 AES, encryption mode is CBC;
The compression algorithm list that compression_methods is supported by client, prioritized, for service end Select;
(2) service end sends SeverHello message, completes the negotiation of security parameter;
SeverHello message, structure is defined as follows:
Wherein:
Server_version is the protocol version of service end;
The identity information of identity service end, for producing the PKI of service end;
Session_id is the session identification that service end uses, if the session identification in ClientHello message is not empty, and There is the session identification of coupling in service end, then service end is reused the session establishment corresponding with this mark and newly connected, and is responding The upper session identification consistent with client of band in SeverHello message, otherwise service end produces a new session identification, uses Set up a new session;
Cipher_suite is the cipher suite that service end is chosen from ClientHello message, for choosing in handshake procedure The IBAKA_WITH_AES_CBC external member selected;During Session state reuse, this field is deposited and is reused the cipher suite that session uses;
Compression_method is the compression algorithm that service end is chosen from ClientHello message, Session state reuse Time, this field is deposited and is reused the compression algorithm that session uses;
(3) service end has sent SeverHello message, according to KB=H2(e(QA,SB)) session key preserving;
(4) after client receives SeverHello message, according to KA=H2(e(SA,QB)) session key preserving;
Above handshake procedure should be carried out according to flow process order, otherwise will cause fatal mistake.
CN201610511378.7A 2016-07-01 2016-07-01 Identity based communication handshake protocol Pending CN105978906A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610511378.7A CN105978906A (en) 2016-07-01 2016-07-01 Identity based communication handshake protocol

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610511378.7A CN105978906A (en) 2016-07-01 2016-07-01 Identity based communication handshake protocol

Publications (1)

Publication Number Publication Date
CN105978906A true CN105978906A (en) 2016-09-28

Family

ID=56954602

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610511378.7A Pending CN105978906A (en) 2016-07-01 2016-07-01 Identity based communication handshake protocol

Country Status (1)

Country Link
CN (1) CN105978906A (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106788997A (en) * 2016-12-08 2017-05-31 深圳奥联信息安全技术有限公司 A kind of real-time multimedia encryption method based on id password
CN107241190A (en) * 2017-08-04 2017-10-10 南京理工大学 The key agreement construction method and the network platform of a kind of identity-based
CN107835196A (en) * 2017-12-13 2018-03-23 成都长城开发科技有限公司 A kind of safety communicating method based on HDLC
CN109617675A (en) * 2018-11-15 2019-04-12 国网电动汽车服务有限公司 Both sides' identification authentication method and system between a kind of charge-discharge facility and user terminal
CN109639426A (en) * 2019-02-26 2019-04-16 中国人民解放军国防科技大学 Bidirectional self-authentication method based on identification password
CN110324290A (en) * 2018-03-30 2019-10-11 贵州白山云科技股份有限公司 Method, network element device, medium and the computer equipment of network equipment certification
CN112768018A (en) * 2020-12-15 2021-05-07 扬州大学 Electronic medical record security sharing method based on integrated credit evaluation intelligent contract
US11134379B2 (en) 2016-11-24 2021-09-28 Huawei Technologies Co., Ltd. Identity authentication method, device, and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
彭长艳,张权,唐朝京: "基于IBC的TLS握手协议设计与分析", 《计算机应用》 *

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11134379B2 (en) 2016-11-24 2021-09-28 Huawei Technologies Co., Ltd. Identity authentication method, device, and system
CN106788997A (en) * 2016-12-08 2017-05-31 深圳奥联信息安全技术有限公司 A kind of real-time multimedia encryption method based on id password
CN106788997B (en) * 2016-12-08 2019-07-12 深圳奥联信息安全技术有限公司 A kind of real-time multimedia encryption method based on id password
CN107241190A (en) * 2017-08-04 2017-10-10 南京理工大学 The key agreement construction method and the network platform of a kind of identity-based
CN107835196A (en) * 2017-12-13 2018-03-23 成都长城开发科技有限公司 A kind of safety communicating method based on HDLC
CN107835196B (en) * 2017-12-13 2020-10-27 成都长城开发科技有限公司 HDLC-based secure communication method
CN110324290A (en) * 2018-03-30 2019-10-11 贵州白山云科技股份有限公司 Method, network element device, medium and the computer equipment of network equipment certification
CN110324290B (en) * 2018-03-30 2022-02-01 贵州白山云科技股份有限公司 Network equipment authentication method, network element equipment, medium and computer equipment
CN109617675A (en) * 2018-11-15 2019-04-12 国网电动汽车服务有限公司 Both sides' identification authentication method and system between a kind of charge-discharge facility and user terminal
CN109617675B (en) * 2018-11-15 2024-02-06 国网电动汽车服务有限公司 Method and system for authenticating identifiers of both sides between charge and discharge facility and user terminal
CN109639426A (en) * 2019-02-26 2019-04-16 中国人民解放军国防科技大学 Bidirectional self-authentication method based on identification password
CN109639426B (en) * 2019-02-26 2022-03-01 中国人民解放军国防科技大学 Bidirectional self-authentication method based on identification password
CN112768018A (en) * 2020-12-15 2021-05-07 扬州大学 Electronic medical record security sharing method based on integrated credit evaluation intelligent contract

Similar Documents

Publication Publication Date Title
CN106060070B (en) The tls handshake protocol of ID-based cryptosystem system
CN105978906A (en) Identity based communication handshake protocol
JP6670395B2 (en) System and method for distribution of identity-based key material and certificate
CN106209369B (en) A kind of communication means of ID-based cryptosystem system
CN110535628B (en) Method and device for performing multi-party security calculation through certificate signing and issuing
CN102318258B (en) The subjective entropy of identity-based
US10985910B2 (en) Method for exchanging keys authenticated by blockchain
JP4527358B2 (en) An authenticated individual cryptographic system that does not use key escrow
CN102833253B (en) Set up method and server that client is connected with server security
CN107437993A (en) One kind is based on without the side's authentication key agreement method of certificate two and device
CN112104453B (en) Anti-quantum computation digital signature system and signature method based on digital certificate
CN113612605A (en) Method, system and equipment for enhancing MQTT protocol identity authentication by using symmetric cryptographic technology
CN112087428B (en) Anti-quantum computing identity authentication system and method based on digital certificate
CN109194474A (en) A kind of data transmission method and device
CN110113150A (en) The encryption method and system of deniable authentication based on no certificate environment
CN103414559A (en) Identity authentication method based on IBE-like system in cloud computing environment
CN116886288A (en) Quantum session key distribution method and device
CN111756530B (en) Quantum service mobile engine system, network architecture and related equipment
CN113098681B (en) Port order enhanced and updatable blinded key management method in cloud storage
WO2018021963A1 (en) System and method for obtaining a common session key between devices
Ponomarev Attribute-based access control in service mesh
CN116232759A (en) Mist-blockchain assisted smart grid aggregation authentication method
KR20040013966A (en) Authentication and key agreement scheme for mobile network
CN113014376B (en) Method for safety authentication between user and server
Reimair et al. In Certificates We Trust--Revisited

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20160928

RJ01 Rejection of invention patent application after publication