CN108737383A - A kind of anonymous authentication method obscured - Google Patents

A kind of anonymous authentication method obscured Download PDF

Info

Publication number
CN108737383A
CN108737383A CN201810368800.7A CN201810368800A CN108737383A CN 108737383 A CN108737383 A CN 108737383A CN 201810368800 A CN201810368800 A CN 201810368800A CN 108737383 A CN108737383 A CN 108737383A
Authority
CN
China
Prior art keywords
key
rand
certification
system user
obscured
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810368800.7A
Other languages
Chinese (zh)
Other versions
CN108737383B (en
Inventor
史扬
梁竞文
张清
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tongji University
Original Assignee
Tongji University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tongji University filed Critical Tongji University
Priority to CN201810368800.7A priority Critical patent/CN108737383B/en
Publication of CN108737383A publication Critical patent/CN108737383A/en
Application granted granted Critical
Publication of CN108737383B publication Critical patent/CN108737383B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to a kind of anonymous authentication methods obscured; to protect the identity information of user and privately owned authentication key in Verification System; a system manager and a pursuer are equipped in the Verification System; system manager is configured with global common parameter, master key and the key pair for linear encryption and decryption; there are one privately owned authentication key, the anonymous authentication method is specially for system user configuration:System user carries out privately owned authentication key to obscure processing, and key is obscured in acquisition;System user generates a certification array for including service request based on key is obscured, and is sent to server-side;Server-side carries out legitimacy certification to the certification array, and carries out the verification of appearing vividly property to system user;Server-side to legitimacy certification and the verification of appearing vividly property by system user corresponding with service request service is provided;When legitimacy certification and appearing vividly property verification in it is any not by when, pursuer is tracked correspondence system user.Compared with prior art, the present invention has the advantages that traceable, success attack probability is low etc..

Description

A kind of anonymous authentication method obscured
Technical field
The present invention relates to cryptography, anonymous authentication and obscure theoretical field, recognizes more particularly, to a kind of anonymity obscured Card method.
Background technology
Anonymous authentication (Anonymous Authentication, abbreviation AA) is one kind based on digital signature and is capable of providing The authentication method of anonymity.In recent years, had a series of anonymous authentication schemes to be proposed to be suitable for various application fields in succession In.Traditional anonymous authentication usually possesses following property:1) authentication property/correctness, 2) unforgeable, 3) non-reproduction, 4) non-repudiation, 5) anonymity, 6) Unlinkability, 7) condition traceability.One anonymous authentication method can be based on not Same endorsement method is such as:Proxy Signature, ring signatures, traceable signature, group ranking etc..
In traditional anonymous authentication scheme, the privately owned authentication key of user is usually used directly to generate the certification of user Request, this requires key algorithm to run in believable terminal.But today widely available in mobile terminal, smart mobile phone Property easy to be lost will cause white-box attack context, this enables the malicious attacker of acquisition mobile phone to obtain easily in some way The relevant informations such as privately owned authentication key.In order to ensure that the safety of critical data and mobile application, mobile terminal manufacturer are generally being transported The mechanism such as many measures, such as data encryption, right access control, application operation isolation are taken in row environment (REE).But Numerous system vulnerabilities and attack case, which show these measures also, can far from protect the sensitive number of storage on the terminal device According to.In order to resist white-box attack, obfuscation is combined by scholar with cryptography, it is proposed that whitepack characteristic and whitepack password.It is mixed Transformation of confusing provides certain transformation mechanism, makes transformed program keep function constant, but program or its decompiling result at this time It is difficult to be understood, analyze.
Invention content
It is an object of the present invention to overcome the above-mentioned drawbacks of the prior art and provide one kind to be suitable in whitepack Under attack context (in such as mobile terminal loss or malicious host), the anonymity of protection subscriber identity information and privately owned authentication key is recognized Card method.
The purpose of the present invention can be achieved through the following technical solutions:
A kind of anonymous authentication method obscured, to protect the identity information of system user and privately owned certification in system close Key, the system are equipped with a system manager and a pursuer, and there are one global common parameters for system manager's configuration Pub, a master key MK and a pair of key pair (PK for being used for linear encryption and decryptione,SKe), there are one the system user configurations Privately owned authentication key KID, the anonymous authentication method specifically includes following steps:
System user is based on the key pair (PKe,SKe), to the privately owned authentication key KIDIt carries out obscuring processing, obtain Obscure key z;
System user is sent to server-side based on the certification array obscured key z generations one and include service request;
Server-side carries out legitimacy certification to the certification array, and carries out the verification of appearing vividly property to system user;
Server-side to legitimacy certification and appearing vividly property verification by system user provide it is corresponding with the service request Service;
When legitimacy certification and appearing vividly property verification in it is any not by when, pursuer is tracked correspondence system user;
In above-mentioned steps, the server-side carries out legitimacy certification to the certification array of at least one system user simultaneously, And different authentication algorithm is used according to different authentication scene, the certification scene includes one-to-one certification scene and many-one certification Scene.
Further, the system is built and is initialized by system manager, and the initialization includes message-length m, uses Family transformation 2rSetting with security parameter λ and global common parameter pub, master key MK, tracking cipher key T K and key To (PKe,SKe) generation;
The overall situation common parameter pub, master key MK, tracking cipher key T K and key pair (PKe,SKe) expression formula such as Under:
PP=(Ω, A, v1,…,vm,v',g,h,u)
MK=(gα,ω)
TK=q
SKe=(a, b)
PKe=(ga,gb)
Wherein, n=pq is the conjunction number that Big prime p is multiplied with Big prime q, G, GTFor n rank cyclic groups,For G → GT Bilinear map, PP be for parameters in series.In parameters in series PP, Ω=gωFor the element in group G,For group GTIn element, the two parameters can regard public key needed for verification process as.G is the generation member in group G, and the rank that h is G is q Cyclic subgroup GqIn generation member, u, v', v1,…,vmIt is the random element in crowd G, and α, ω, a and b are modulo n residue class Ring ZnIn random element;
The number of users upper limit 2rIn parameter r and λ meet constraints:The size of first, r are linear relationship with λ; Second, there are positive coefficient d1And d2, there is d1·λ≤log2p≤d2λ and d1·λ≤log2q≤d2λ is set up.
Further, the system user distributes the privately owned authentication key in the system of addition by system manager, tool Body process is:
Using global common parameter pub, master key MK and system user ID as input, privately owned authentication key is calculated KID
KID=(K1,K2,K3)
Wherein, sIDFor residue class ring module n ZnIn random element;
Simultaneously by sIDAs the secret identities information of system user, andIt stores to a hash and reflects as key-value pair It penetrates in HashMap.
Further, described to obscure processing and be specially:
11) it obtainsPKe=(PKe,0,PKe,1) and KID=(K1,K2,K3);
12) respectively to KIDAnd PKeIt is converted, obscures key z after being obscured:
Wherein, x1,y1,x2,y2,x3,y3For ZnIn the parameter that randomly selects.
Further, the generating process of the certification array is specially:
21) request message R is obtained, judges whether request message R is empty, if so, directly output (pub, PKe), if it is not, It thens follow the steps 22);
22) current time TS is obtained, session key CK is generated using AES-128 key schedules, and choose one 128 The random number rand of bitU
23) by request message R, current time TS, random number randUIt is spliced into a message mu with session key CK, and right Session key CK in message mu and random number randUEncapsulation is encrypted and obtains CT, protects session key and is further ensured that and recognize The confidentiality of card scheme:
μ=(μ1,…,μm)=(R | | TS | | randU||CK)
Wherein, Encode is the function for an element being encoded to a Bit String in crowd G;
24) certification request ∑ is calculated:
Σ=(c1,c2,c34,c42)
Wherein, s, x0,y0,x1 *…,x4 *,y1 *,…,y4 *,t1,…t4It is ZnIn the parameter that randomly selects;
25) certification array is generated<R,TS,CT,∑>.
Further, for the pair of certification scene, legitimacy certification the specific steps are:
311) CT=(CT [1], CT [2], CT [3]) is taken, calculate (CK | | randU):
(CK||randU)=Decode (CT [3]/(CT [1]1/a·CT[2]1/b))
Wherein, Decode is by function that the element decoded in a group G is a Bit String;
312) splice R, TS, randUμ is obtained with CK:
μ=(μ1,…,μm)=(R | | TS | | randU||CK)
313) T is calculated1And T2
C={ ci|ci=(ci[1],ci[2],ci[3]), i=1,2,3 }
σ={ σii=DecSKe(ci)=ci[3]/(ci[1]1/a·ci[2]1/b), i=1,2,3 }
c4=(c4[1],c4[2],c4[3])
π1=DecSKe(c4)=c4[3]/(c4[1]1/a·c4[2]1/b)
If 314)OrOtherwise output 0 carries out step 315);
315) the random number rand of 128 bits is chosenS, AES-128 Encryption Algorithm BC.Enc is called using CK as keyCKAdd Close randS||randU, obtain Q=BC.EncCK(randS||randU);
316) triple is exported<TS,R,Q>.
Further, for the many-one certification scene, system user number is l, while being carried out to l system user Legitimacy certification, the specific steps are:
421) four-tuple for including certification request that each system user k is generated<Rk,TSk,CTk,∑k>, take out CTk =(CTk[1],CTk[2],CTk[3]), it and calculates
Wherein, k is number, 1≤k≤l;
422) splice Rk、TSkAnd CKkObtain μk
423) c is calculatedk、σkWith
424) T is calculated1And T2
If 425)OrOutput 0, verification do not pass through, otherwise carry out step 426);
426) random number of 128 bits is chosenAES-128 Encryption Algorithm is called using CK as key EncryptionIt obtains
427) triple is exported<TSk,Rk,Qk>。
Further, in the appearing vividly property verification, server-side sends inquiry message to system user, and system user generates one Response message is sent to server-side, and server-side judges that appearing vividly property verifies whether to pass through according to the response message, the response letter The generation step of breath includes:
51) basis<R,TS>Obtain one or two tuples<randU,CK>;
If 52)<randU,CK>For sky, otherwise output 0 carries out step 53);
53) AES-128 decipherment algorithms BC.Dec is called using CK as keyCKQ is decrypted, (r is obtainedS||rU)=BC.DecCK (Q);
If 54) rU≠randU, 0 is exported, step 55) is otherwise carried out;
55) user response C is calculated:
C=(C [1], C [2], C [3])=(PKe,0 x,PKe,1 y,gx+y·Encode(rS||rU))
Wherein, x, y are ZnIn the parameter that randomly selects;
56) output response triple<R,TS,C>, information in response.
Further, the server-side judges that appearing vividly property is verified whether by being specially according to the response message:
61) C=(C [1], C [2], C [3]) is taken, is calculated:
(rS||rU)=Decode (C [3]/(C [1]1/a·C[2]1/b));
62) basis<R,TS>Obtain one or two tuples<randS,randU>;
If 63)<randS,randU>For sky, otherwise output 0 carries out step 74);
If 64) randS≠rSOr randU≠rUOutput 0, otherwise exports 1;
Wherein, 0 indicate that verification does not pass through, 1 indicates to be verified.
Further, the pursuer be tracked the specific steps are:
71) SK is takene, ∑ and c2, calculate σ2=c2[3]/(c2[1]1/a·c2[2]1/b), c2[1]、c2[2]、c2[3] it is c2In Element;
72) to each system user ID in HashMap, step 73) is carried out;
73) it is obtained according to system user ID from HashMapIf (σ2)TKWithIt is equal, export ID, algorithm knot Beam, otherwise output is empty.
Compared with prior art, the present invention has the following advantages:
One, from the aspect of function, the existing traceability of the present invention, and there is batch verification algorithm to be suitable for a large number of users while recognizing The scene of card, this is that existing many other anonymous authentication schemes are not had.
Two, from the aspect of efficiency, the present invention have passed through the experiment test on different mobile terminal, and test result shows this hair Bright operational efficiency is acceptable, and significant impact can't be generated to original system performance by obscuring.
Three, in terms of secure context, the most significant feature of the present invention is can to obscure, which makes the algorithm after obscuring hide Privately owned authentication key, even if mobile terminal can not almost obtain system user if being controlled attacker completely by malicious attacker Privately owned authentication key.Strictly speaking, in the polynomial time complexity of λ, no matter which kind of attack method, attacker are used The probability for obtaining the privately owned authentication key is insignificant compared with security parameter λ.Insignificant mathematical definition is:To appointing The polynomial f of meaning, attack cost are less than 1/f (λ).In fact, in order to obtain higher safety, λ=n=can be taken 1024, at this point, attacking the present invention, about need 2512Complexity, so realization after obscuring has higher safety Property.In addition to this, the present invention can also resist the resistless DoS attack of other many anonymous authentication scheme institutes.
Description of the drawings
Fig. 1 is flow chart of the method for the present invention.
Fig. 2 is the flow chart for obscuring anonymous authentication scheme in embodiment.
Specific implementation mode
The present invention is described in detail with specific embodiment below in conjunction with the accompanying drawings.The present embodiment is with technical solution of the present invention Premised on implemented, give detailed embodiment and specific operating process, but protection scope of the present invention is not limited to Following embodiments.
The present invention realizes a kind of anonymous authentication method obscured, for (such as mobile terminal is lost in the white-box attack context In mistake or malicious host), realize the protection to subscriber identity information and privately owned authentication key.
As shown in Figure 1, the anonymous authentication method that can be obscured includes the following steps:
1) system manager build Verification System, after determining pursuer, run Setup algorithm acquisitions office's common parameter and Variable pub, master key MK, tracking cipher key T K and a pair of key pair (PK for being used for linear encryption and decryptione,SKe).Setup algorithms are set Determine that message-length is m bits, the number of users upper limit is 2rIt is λ with security parameter, and generates global common parameter pub, master key MK, tracking cipher key T K and a pair of key pair (PK for being used for linear encryption and decryptione,SKe), expression is as follows:
PP=(Ω, A, v1,…,vm,v',g,h,u)
MK=(gα,ω)
TK=q
SKe=(a, b)
PKe=(ga,gb)
Wherein, n=pq is the conjunction number that Big prime p is multiplied with Big prime q, G, GTFor n rank cyclic groups,It is G → GT Bilinear map, PP is parameters in series for subsequent algorithm, wherein Ω=gωFor the element in group G,For Group GTIn element, the two parameters can regard public key needed for verification process as.G is the generation member in group G, and the rank that h is G is The cyclic subgroup G of qqIn generation member, u, v' and v1,…,vmIt is the random element in G, α, ω, a and b are residue class ring module n ZnIn random element,
And parameter r and λ meets constraints:The size of first, r are linear relationship with λ;Second, there are positive integer c1 And c2, there is c1×λ≤log2p≤c2× λ and c1×λ≤log2q≤c2× λ is set up.
2) system manager runs registration algorithm Reg, and a secret identities information s is generated for newcomerIDWith one Privately owned authentication key KID, and willIt is added in Hash maps (HashMap) as key-value pair and is sent to pursuer.Reg With pub, MK and system user ID, as input, K is obtained by calculation in algorithmID
KID=(K1,K2,K3)
Wherein, sIDFor ZnIn random element.
3) system user operation Obfuscating Algorithms ObfAA, input is used for generating the primal algorithm of certification request, by it is therein at The privately owned authentication key K of memberIDObscure processing, final output one be confused after the constant certification request algorithm of function ObfAuthReq, Obfuscating Algorithms ObfAAProcess is:
31) input for the primal algorithm for generating certification request is obtainedPKe=(PKe,0, PKe,1) and KID=(K1,K2,K3);
32) respectively to KIDAnd PKeIt is converted, obtains the key z for obscuring rear certification request generating algorithm:
Wherein x1,y1,x2,y2,x3,y3For ZnIn the parameter that randomly selects;
33) K is abandonedIDAnd output algorithm ObfAuthReq.
4) system user operation ObfAuthReq algorithms generate a four-tuple for including certification request<R,TS,CT,∑>, ObfAuthReq algorithms are with pub, z, PKeWith request message R as input, the four-tuple for including certification request is generated<R,TS, CT,∑>The specific steps are:
41) judge whether request message R is empty, if it is empty exports (pub, PKe), it is no to then follow the steps 42);
42) call function getTimeStamp () obtains current time TS=getTimeStamp (), calls classics Key schedule BC.KG () session key CK of AES-128, and choose the random number rand of 128 bitsU
43) by R, TS, randUSplice to obtain m message mus with CK, and to the session key CK and random number in message mu randUEncapsulation is encrypted and obtains CT, protect session key and is further ensured that the confidentiality of certificate scheme:
μ=(μ1,…,μm)=(R | | TS | | randU||CK)
Wherein Encode is the function for an element being encoded to a Bit String in crowd G, and CT is an intermediate parameters;
44) certification request ∑ is calculated:
Σ=(c1,c2,c34,c42)
Wherein s, x0,y0,x1 *…,x4 *,y1 *,…,y4 *,t1,…t4It is ZnIn the parameter that randomly selects;
45) call operation AddToMap (<<R,TS>,<randU,CK>>) by key-value pair<<R,TS>,<randU,CK>>Add It is added in a local HashMap;
46) algorithm final output certification four-tuple<R,TS,CT,∑>.
5) server-side runs different algorithms for different certification scenes:It is directed to one-to-one authentication scenario operation Otherwise the legitimacy of SPResp proof of algorithm certification requests exports triple if illegal output 0 terminates certification<R,TS,Q>; Many-to-one certification scene operation SPResp with BV realizations are directed to disposably to be authenticated multiple system users.
SPResp algorithms are with pub, SKeAnd four-tuple<R,TS,CT,∑>As input, step is:
511) CT=(CT [1], CT [2], CT [3]) in four-tuple is taken, calculate (CK | | randU):
(CK||randU)=Decode (CT [3]/(CT [1]1/a·CT[2]1/b))
Wherein Decode is by function that the element decoded in a group G is a Bit String;
512) splice R, TS, randUμ is obtained with CK:
μ=(μ1,…,μm)=R | | TS | | randU||CK
513) T is calculated1And T2
C={ ci|ci=(ci[1],ci[2],ci[3]), i=1,2,3 }
c4=(c4[1],c4[2],c4[3])
If 514)OrOtherwise output 0 carries out step 515);
515) the random number rand of 128 bits is chosenS, AES-128 Encryption Algorithm BC.Enc is called using CK as keyCKAdd Close randS||randU, obtain Q=BC.EncCK(randS||randU);
516) call AddToMap (<<R,TS>,<randS,randU>>) will<<R,TS>,<randS,randU>>It is put into one In a HashMap and export triple<TS,R,Q>.
SPResp with BV algorithms are with pub, SKeWhile asking the system user number l of certification and l couples four corresponding Tuple<Rk,TSk,CTk,∑k>, 1≤k≤l is used as input, and has carried out batch processing to l certification four-tuple.Compared to calling l Secondary common SPResp algorithms realize that the verification to l user, SPResp with BV algorithms reduce Bilinear map calculatingBehaviour Make number.The specific steps are:
521) in l system user each member (number k, 1≤k≤l) carry out step 522), 523) and 524);
522) CT in four-tuple is takenk=(CTk[1],CTk[2],CTk[3]), it calculates
523) splice Rk、TSkAnd CKkObtain μk
524) it calculatesWith
525) T is calculated1And T2, method is:
If 526)OrOutput 0, the member for being otherwise k to each number Carry out step 527) and 528);
527) random number of 128 bits is chosenAES-128 Encryption Algorithm is called using CK as key EncryptionIt obtains
528) it callsIt will<<Rk,TSk>,It puts Enter in a HashMap and exports triple<TSk,Rk,Qk>。
6) system user runs UResp algorithms and verifies appearing vividly property to server-side, will include the triple of response C<R,TS,C> It is sent to server-side in response.UResp algorithms are with pub, PK and triple<TS,R,Q>As input, it will include response C's Triple<R,TS,C>It is sent to server-side in response, algorithm steps are:
61) call GetFromMap functions with keyword<R,TS>As input, according to maintenance is locally stored HashMap, taking-up and keyword<R,TS>Corresponding value<randU,CK>;
If 62)<randU,CK>For sky, otherwise output 0 carries out step 63);
63) AES-128 decipherment algorithms BC.Dec is called using CK as keyCKQ is decrypted, (r is obtainedS||rU)=BC.DecCK (Q);
If 64) rU≠randU, 0 is exported, step 65 is otherwise carried out;
65) user response C is calculated, method is:
C=(PKe,0 x,PKe,1 y,gx+y·Encode(rS||rU))
Wherein x, y are ZnIn the parameter that randomly selects;
66) output response triple<R,TS,C>.
7) server-side operation AuthPermit algorithms decide whether to allow certification by provide certain service, AuthPermit algorithms are with pub, SKeWith response triple<R,TS,C>As input, step is:
71) C=(C [1], C [2], C [3]) in triple is taken, is calculated:
(rS||rU)=Decode (C [3]/(C [1]1/a·C[2]1/b));
72) from HashMap with<R,TS>As input, GetFromMap functions is called to obtain<randS,randU>;
If 73)<randS,randU>For sky, otherwise output 0 carries out step 74;
If 74) randS≠rSOr randU≠rUOutput 0, otherwise exports 1;
If 8) find delinquency system user, the pursuer that system manager specifies runs Trace algorithms, and tracking should The true ID of user corresponding to certification request Σ.Trace algorithms are with pub, Σ, SKe, TK and haveHashMap make For input, the system user ID corresponding to certification request ∑ is obtained, step is:
81) SK is takene=(a, b), Σ=(c1,c2,c34,c42)、c2=(c2[1],c2[2],c2[3]), σ is calculated2
σ2=c2[3]/(c2[1]1/a·c2[2]1/b)
82) to each system user ID in HashMap, step 83) is carried out;
83) it is obtained according to system user ID from HashMapIf (σ2)TKWithIt is equal, export ID, algorithm knot Beam, otherwise output is empty.
The present invention will not expose the identity of specific system user (unless this is encrypted in the encrypted authentication request of generation Certification request is decrypted and is operated using Open to carry out special investigation by pursuer), in the safety approach for being related to secret protection There is relatively broad application prospect.
Embodiment
It is perceived as shown in Fig. 2, the above method is applied to an intelligent movable group for finding parking stall by the present embodiment In system, for user firstly the need of to system manager's enrollment status information, validated user after registration can be to being in system Server in system initiates anonymous authentication request, and server is authenticated rear line to user validation and provides available parking places Information.Anonymous certification request has ensured that the privacy information of user is not exposed, if but having user to perform and not being inconsistent collaboration Illegal operation as defined in system, pursuer can pass through the certification request of user and search user identity in system.
Application is as follows:
1 system manager initializes (Setup) system
2 newcomers carry out user's registration
Its identity ID when user asks addition system, is issued system manager by 2.1
2.2 system managers execute Reg operations, and privately owned authentication key K is distributed for the IDID
2.3 are sent to KIDNewcomer
3 obfuscators obscure algorithm
Original certification request generating algorithm is sent to obfuscator by 3.1 system users (system user)
K of 3.2 obfuscators to memberIDIt carries out transformation and generates the certification request algorithm after obscuring
The algorithm is sent to corresponding system user by 3.3
4 execute certification request generating algorithm
4.1 system user invocation components execute algorithm and generate the four-tuple for including certification request ∑
Four-tuple is sent to system server by 4.2 system users
5 system server terminals respond certification request
5.1 system servers called according to number of users different proof of algorithm certification requests legitimacy (it is assumed hereinafter that Verification is passed through)
5.2 system servers send inquiry to system user and are used for verifying whether user has appearing vividly property
The inquiry of 6 system user response system servers, and by response message return system server
7 system servers decide whether to allow certification by the way that come can to system user offer by system user response message Parking space information
Pursuer carries out system Subscriber Identity tracking in 8 systems (when occurring executing the user of illegal operation)
Certification request ∑ is sent to pursuer in system by 8.1 system servers
Pursuer executes Trace algorithms in 8.2 systems, searches the ID of correspondence system user
The preferred embodiment of the present invention has been described in detail above.It should be appreciated that those skilled in the art without It needs creative work according to the present invention can conceive and makes many modifications and variations.Therefore, all technologies in the art Personnel are available by logical analysis, reasoning, or a limited experiment on the basis of existing technology under this invention's idea Technical solution, all should be in the protection domain being defined in the patent claims.

Claims (10)

1. a kind of anonymous authentication method obscured, to protect the identity information of system user and privately owned certification in Verification System Key is equipped with a system manager and a pursuer in the Verification System, which is characterized in that the system manager is configured with One global common parameter pub, master key MK and a pair of key pair (PK for being used for linear encryption and decryptione,SKe), the system There are one privately owned authentication key K for user configuration of unitingID, the anonymous authentication method specifically includes following steps:
System user is based on the key pair (PKe,SKe), to the privately owned authentication key KIDIt carries out obscuring processing, be obscured Key z;
System user is sent to server-side based on the certification array obscured key z generations one and include service request;
Server-side carries out legitimacy certification to the certification array, and carries out the verification of appearing vividly property to system user;
Server-side to legitimacy certification and the verification of appearing vividly property by system user corresponding with service request clothes are provided Business;
When legitimacy certification and appearing vividly property verification in it is any not by when, pursuer is tracked correspondence system user;
In above-mentioned steps, the server-side carries out legitimacy certification, and root to the certification array of at least one system user simultaneously Different authentication algorithm is used according to different authentication scene, the certification scene includes one-to-one certification scene and many-one certification feelings Scape.
2. the anonymous authentication method according to claim 1 obscured, which is characterized in that the system is by system manager It builds and initializes, the initialization includes message-length m, the number of users upper limit 2rSetting with security parameter λ and the overall situation Common parameter pub, master key MK, tracking cipher key T K and key pair (PKe,SKe) generation;
The overall situation common parameter pub, master key MK, tracking cipher key T K and key pair (PKe,SKe) expression formula it is as follows:
PP=(Ω, A, v1,…,vm,v',g,h,u)
MK=(gα,ω)
TK=q
SKe=(a, b)
PKe=(ga,gb)=(PKe,0,PKe,1)
Wherein, n=pq is the conjunction number that Big prime p is multiplied with Big prime q, G, GTFor n rank cyclic groups,For G × G → GT's Bilinear map, PP are parameters in series, Ω=gωFor the element in group G, A is group GTIn element, g be group G in generation member, The cyclic subgroup G that the rank that h is G is qqGeneration member, u, v', v1,…,vmIt is the random element in crowd G, and α, ω, a and b are equal For residue class ring module n ZnIn random element;
The number of users upper limit 2rIn parameter r and λ meet constraints:The size of first, r are linear relationship with λ;Second, There are positive coefficient d1And d2, there is d1·λ≤log2p≤d2λ and d1·λ≤log2q≤d2λ is set up.
3. the anonymous authentication method according to claim 2 obscured, which is characterized in that system is being added in the system user When system, the privately owned authentication key is distributed by system manager, detailed process is:
Using global common parameter pub, master key MK and system user ID as input, privately owned authentication key K is calculatedID
KID=(K1,K2,K3)
Wherein, sIDFor residue class ring module n ZnIn random element;
Simultaneously by sIDAs the secret identities information of system user, andIt is stored to a Hash maps as key-value pair In HashMap.
4. the anonymous authentication method according to claim 3 obscured, which is characterized in that described to obscure processing and be specially:
11) it obtainsPKe=(PKe,0,PKe,1) and KID=(K1,K2,K3);
12) respectively to KIDAnd PKeIt is converted, obscures key z after being obscured:
Wherein, x1,y1,x2,y2,x3,y3For ZnIn the parameter that randomly selects.
5. the anonymous authentication method according to claim 4 obscured, which is characterized in that the generation of the certification array Journey is specially:
21) request message R is obtained, judges whether request message R is empty, if so, directly output (pub, PKe), if it is not, then holding Row step 22);
22) current time TS is obtained, session key CK is generated using AES-128 key schedules, and choose 128 bits Random number randU
23) by request message R, current time TS, random number randUIt is spliced into a message mu with session key CK, and to message mu In session key CK and random number randUEncapsulation is encrypted and obtains CT, protect session key and is further ensured that authenticating party The confidentiality of case:
μ=(μ1,…,μm)=(R | | TS | | randU||CK)
Wherein, | | the functional symbol for concatenating different Bit Strings is represented, and Encode is one Bit String is encoded in crowd G The function of a element;
24) certification request ∑ is calculated:
Σ=(c1,c2,c34,c42)
Wherein, s, x0,y0,t1,…t4It is ZnIn the parameter that randomly selects;
25) certification array < R, TS, CT, ∑ > are generated.
6. the anonymous authentication method according to claim 5 obscured, which is characterized in that be directed to the pair of certification feelings Scape, legitimacy certification the specific steps are:
311) CT=(CT [1], CT [2], CT [3]) is taken, calculate (CK | | randU):
(CK||randU)=Decode (CT [3]/(CT [1]1/a·CT[2]1/b))
Wherein, Decode is by function that the element decoded in a group G is a Bit String;
312) splice R, TS, randUμ is obtained with CK:
μ=(μ1,…,μm)=(R | | TS | | randU||CK)
313) T is calculated1And T2
C={ ci|ci=(ci[1],ci[2],ci[3]), i=1,2,3 }
c4=(c4[1],c4[2],c4[3])
If 314)OrOutput 0, verification do not pass through, otherwise carry out step 315);
315) the random number rand of 128 bits is chosenS, AES-128 Encryption Algorithm BC.Enc is called using CK as keyCKEncryption randS||randU, obtain Q=BC.EncCK(randS||randU);
316) output triple < TS, R, Q >.
7. the anonymous authentication method according to claim 5 obscured, which is characterized in that be directed to the many-one certification feelings Scape, system user number are l, while to the legal verification of l system user progress, the specific steps are:
421) the four-tuple < R comprising certification request that each system user k is generatedk,TSk,CTk,∑k> takes out element CTk=(CTk[1],CTk[2],CTk[3]), it and calculates
Wherein, k is number, 1≤k≤l;
422) splice Rk、TSkAnd CKkObtain μk
423) c is calculatedk、σkWith
424) T is calculated1And T2
If 425)OrOutput 0, verification do not pass through, otherwise carry out step 426);
426) random number of 128 bits is chosenAES-128 Encryption Algorithm is called using CK as keyEncryptionIt obtains
427) triple is exported<TSk,Rk,Qk>。
8. the anonymous authentication method according to claim 5 obscured, which is characterized in that in the appearing vividly property verification, clothes End be engaged in system user transmission inquiry message, system user generates a response message and is sent to server-side, and server-side is according to Response message judges that appearing vividly property verifies whether to pass through, and the generation step of the response message includes:
51) basis<R,TS>Obtain one or two tuples<randU,CK>;
If 52)<randU,CK>For sky, otherwise output 0 carries out step 53);
53) AES-128 decipherment algorithms BC.Dec is called using CK as keyCKQ is decrypted, (r is obtainedS||rU)=BC.DecCK(Q);
If 54) rU≠randU, 0 is exported, step 55) is otherwise carried out;
55) user response C is calculated:
C=(C [1], C [2], C [3])=(PKe,0 x,PKe,1 y,gx+y·Encode(rS||rU))
Wherein, x, y are ZnIn the parameter that randomly selects;
56) output response triple<R, TS, C >, in response information.
9. the anonymous authentication method according to claim 8 obscured, which is characterized in that the server-side is according to the sound Information is answered to judge that appearing vividly property is verified whether by being specially:
61) C=(C [1], C [2], C [3]) is taken, is calculated:
(rS||rU)=Decode (C [3]/(C [1]1/a·C[2]1/b));
62) basis<R,TS>Obtain one or two tuples<randS,randU>;
If 63)<randS,randU>For sky, otherwise output 0 carries out step 74);
If 64) randS≠rSOr randU≠rUOutput 0, otherwise exports 1;
Wherein, 0 indicate that verification does not pass through, 1 indicates to be verified.
10. the anonymous authentication method according to claim 5 obscured, which is characterized in that the pursuer is tracked The specific steps are:
71) SK is takene, ∑ and c2, calculate σ2=c2[3]/(c2[1]1/a·c2[2]1/b), c2[1]、c2[2]、c2[3] it is c2In member Element;
72) to each system user ID in HashMap, step 73) is carried out;
73) it is obtained according to system user ID from HashMapIf (σ2)TKWithIt is equal, ID is exported, algorithm terminates, Otherwise output is empty.
CN201810368800.7A 2018-04-23 2018-04-23 Anonymous authentication method capable of confusing Active CN108737383B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810368800.7A CN108737383B (en) 2018-04-23 2018-04-23 Anonymous authentication method capable of confusing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810368800.7A CN108737383B (en) 2018-04-23 2018-04-23 Anonymous authentication method capable of confusing

Publications (2)

Publication Number Publication Date
CN108737383A true CN108737383A (en) 2018-11-02
CN108737383B CN108737383B (en) 2021-05-11

Family

ID=63939773

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810368800.7A Active CN108737383B (en) 2018-04-23 2018-04-23 Anonymous authentication method capable of confusing

Country Status (1)

Country Link
CN (1) CN108737383B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111785077A (en) * 2020-09-07 2020-10-16 城云科技(中国)有限公司 Smart city parking service system
CN111835516A (en) * 2020-06-14 2020-10-27 西安电子科技大学 Public key repudiatable encryption method and system
CN113315628A (en) * 2021-04-09 2021-08-27 中国科学院信息工程研究所 Key packaging method, device, equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101345619A (en) * 2008-08-01 2009-01-14 清华大学深圳研究生院 Electronic data protection method and device based on biological characteristic and mobile cryptographic key
CN101459509A (en) * 2008-12-18 2009-06-17 上海交通大学 Password protocol safety detection method based on novelty verification condition
US20100058454A1 (en) * 2008-09-01 2010-03-04 Microsoft Corporation Collecting anonymous and traceable telemetry
CN104917617A (en) * 2015-05-26 2015-09-16 同济大学 Confounding method of encrypted group signatures
CN105306483A (en) * 2015-11-13 2016-02-03 厦门安胜网络科技有限公司 Safe and rapid anonymous network communication method and system
CN105429941A (en) * 2015-10-27 2016-03-23 西安电子科技大学 Multi-receiver identity anonymity signcryption method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101345619A (en) * 2008-08-01 2009-01-14 清华大学深圳研究生院 Electronic data protection method and device based on biological characteristic and mobile cryptographic key
US20100058454A1 (en) * 2008-09-01 2010-03-04 Microsoft Corporation Collecting anonymous and traceable telemetry
CN101459509A (en) * 2008-12-18 2009-06-17 上海交通大学 Password protocol safety detection method based on novelty verification condition
CN104917617A (en) * 2015-05-26 2015-09-16 同济大学 Confounding method of encrypted group signatures
CN105429941A (en) * 2015-10-27 2016-03-23 西安电子科技大学 Multi-receiver identity anonymity signcryption method
CN105306483A (en) * 2015-11-13 2016-02-03 厦门安胜网络科技有限公司 Safe and rapid anonymous network communication method and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
YANG SHI,ETC: "An Obfuscatable Aggregatable Signcryption Scheme for Unattended Devices in IoT Systems", 《IEEE INTERNET OF THINGS JOURNAL》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111835516A (en) * 2020-06-14 2020-10-27 西安电子科技大学 Public key repudiatable encryption method and system
CN111835516B (en) * 2020-06-14 2021-11-23 西安电子科技大学 Public key repudiatable encryption method and system
CN111785077A (en) * 2020-09-07 2020-10-16 城云科技(中国)有限公司 Smart city parking service system
CN113315628A (en) * 2021-04-09 2021-08-27 中国科学院信息工程研究所 Key packaging method, device, equipment and storage medium
CN113315628B (en) * 2021-04-09 2022-12-16 中国科学院信息工程研究所 Key packaging method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN108737383B (en) 2021-05-11

Similar Documents

Publication Publication Date Title
US9009484B2 (en) Method and system for securing communication
CN112926092A (en) Privacy-protecting identity information storage and identity authentication method and device
Dabra et al. LBA-PAKE: lattice-based anonymous password authenticated key exchange for mobile devices
Lin et al. A new strong-password authentication scheme using one-way hash functions
Kiraz A comprehensive meta-analysis of cryptographic security mechanisms for cloud computing
Boneh et al. Hosting services on an untrusted cloud
CN111241492A (en) Product multi-tenant secure credit granting method, system and electronic equipment
CN108737383A (en) A kind of anonymous authentication method obscured
Yu et al. Veridedup: A verifiable cloud data deduplication scheme with integrity and duplication proof
US8954728B1 (en) Generation of exfiltration-resilient cryptographic keys
Li et al. A secure two-factor authentication scheme from password-protected hardware tokens
CN117456646B (en) Intelligent log cabin access control verification method and system based on Internet of things
Mishra et al. MPoWS: Merged proof of ownership and storage for block level deduplication in cloud storage
Wong et al. Secure biometric-based authentication for cloud computing
CN111245615B (en) Digital signature password reverse firewall method based on identity
CN117370952A (en) Multi-node identity verification method and device based on block chain
WO2020144110A1 (en) Authentication system with reduced attack surface
Wong et al. Towards Biometric-based Authentication for Cloud Computing.
Paillier Paillier Encryption and Signature Schemes.
CN111490967A (en) Unified identity authentication method and system for providing user-friendly strong authentication and anonymous authentication
CN114553557A (en) Key calling method, key calling device, computer equipment and storage medium
CN116318636A (en) SM 2-based threshold signature method
Eldow et al. Literature review of authentication layer for public cloud computing: a meta-analysis
Talkhaby et al. Cloud computing authentication using biometric-Kerberos scheme based on strong Diffi-Hellman-DSA key exchange
Kiefer Advancements in password-based cryptography

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant