CN108965243B - Symmetric key pool and cross-relay based AKA-like identity authentication system and method - Google Patents

Symmetric key pool and cross-relay based AKA-like identity authentication system and method Download PDF

Info

Publication number
CN108965243B
CN108965243B CN201810530027.XA CN201810530027A CN108965243B CN 108965243 B CN108965243 B CN 108965243B CN 201810530027 A CN201810530027 A CN 201810530027A CN 108965243 B CN108965243 B CN 108965243B
Authority
CN
China
Prior art keywords
key
authentication
relay
server
random number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810530027.XA
Other languages
Chinese (zh)
Other versions
CN108965243A (en
Inventor
富尧
钟一民
余秋炜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ruban Quantum Technology Co Ltd
Original Assignee
Ruban Quantum Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ruban Quantum Technology Co Ltd filed Critical Ruban Quantum Technology Co Ltd
Priority to CN201810530027.XA priority Critical patent/CN108965243B/en
Publication of CN108965243A publication Critical patent/CN108965243A/en
Application granted granted Critical
Publication of CN108965243B publication Critical patent/CN108965243B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • H04L9/0844Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority

Abstract

The invention discloses a system and a method for AKA-like identity authentication based on a symmetric key pool and a cross-relay, wherein the AKA identity authentication system comprises a member participating in AKA identity authentication, a relay and a server, and is characterized in that the member, the relay and the server share a group key pool; the member and the relay also have a private key pool for generating an authentication key respectively, and the member and the relay are mutually independent and share the private key pool with the server; the members and the relays share corresponding pointer addresses in the AKA identity authentication process, and then first negotiation keys between the members and the relays are generated by combining respective group key pools; the member and the server also share corresponding pointer addresses in the AKA identity authentication process, and then generate a second negotiation key between the member and the server by combining respective authentication keys. The invention can further improve the communication security.

Description

Symmetric key pool and cross-relay based AKA-like identity authentication system and method
Technical Field
The invention relates to the technical field of secure communication, in particular to private identity authentication and key agreement based on a group data network.
Background
Authentication, namely identity authentication, is a basic technology for realizing information security, a system checks the identity of a user to confirm whether the user has access and use rights to certain resources, and identity authentication between the system and the system can also be performed.
With the development of quantum computers, classical asymmetric encryption algorithms are no longer secure, and symmetric key algorithms will make the best way no matter in the authentication or encryption and decryption fields. Such as AKA mechanism, which is one of authentication methods based on symmetric key algorithm and is commonly used in the field of mobile communication. AKA is known as Authentication and Key agent, i.e. Authentication and Key Agreement. As the name suggests, the AKA mechanism performs key negotiation while performing identity authentication, and provides key guarantee for encryption of subsequent communication.
As a scheme for security upgrade, the manner of symmetric key pool will be an important scheme or even a mainstream scheme for ensuring key security. Meanwhile, all or part of the content in the symmetric key pool can be encrypted and stored, and the encrypted key can be stored in a security isolation device hosted by the symmetric key pool. When the key operation is subsequently performed on the symmetric key pool, the symmetric key pool needs to be decrypted by the security isolation device and then used. The invention patent document with the patent publication number of CN105337726A and the title of "end-to-end handheld device encryption method and system based on quantum cryptography" discloses an end-to-end handheld device encryption method based on quantum cryptography, wherein a pair of symmetric keys is formed between two key distribution devices for quantum communication through QKD, and is used for quantum encryption communication between users of both sides of the QKD.
In a multicast network formed by a part of units, group members encrypt and send data in a group key encryption mode. Currently, two groups session key generation methods are generally adopted in the group session field: group key distribution and group key negotiation. The advantage of group key distribution is that it is simple and requires less computation and traffic. But this way of key establishment requires a trusted third party as key distributor. This condition is difficult to achieve in a real network environment. In the group key agreement protocol, all participants provide secret information specified by the protocol to jointly establish a session key. Although the group key agreement protocol requires more computation and traffic consumption than the group key distribution protocol, no participation from a trusted third party is required. This advantage makes group key agreement a research hotspot in current group key establishment protocols.
The problems existing in the prior art are as follows:
1. in group communication, the number of key seeds involved in group key agreement is usually only 1 or a small number, and the freshness of the key seeds cannot be kept or the variable range is small, so that the key seeds are easy to crack.
2. At present, an encryption mode for realizing the encryption between the members and the relay in the group mainly depends on a group key for encryption, a key for independent communication is not arranged between the two parties, and the transmission of important information is relatively unsafe. Once the group key is broken, all the information is revealed.
And3, the random number parameter in the key generation in the AKA mechanism is in an exposed state, so that the risk of cracking the negotiation key is increased. And the verification of the check mechanism of the SQN is in scope without uniqueness, and certain contingency exists.
4. Most of the messages in the authentication are sent in a plaintext form or encrypted in a weak confidentiality encryption mode, so that key information is easily leaked, and the security of the authentication is reduced.
Disclosure of Invention
The invention provides an AKA-like identity authentication system based on a symmetric key pool, which can further improve the communication security.
A kind of AKA identity authentication system based on symmetric key pool and cross-relay, including participating in member, relay and server of AKA identity authentication, said member, relay and server share the key pool of the group; the member and the relay also have a private key pool for generating an authentication key respectively, and the member and the relay are mutually independent and share the private key pool with the server;
the member and the relay respectively use key seeds from a group key pool in the AKA identity authentication process and then combine a first random number parameter to calculate to obtain a first negotiation key between the member and the relay; the first random number parameter is correspondingly obtained in the group key pool by using a pointer address A, the relay obtains the pointer address A through the server, and the member obtains the parameter for calculating the pointer address A from the server through the relay and then generates the pointer address A through the parameter;
the member and the server respectively use the authentication key between the member and the server in the AKA identity authentication process and then calculate by combining a second random number parameter to obtain a second negotiation key between the member and the server; the second random number parameter is correspondingly obtained in a private key pool between the member and the server by using the pointer address B, the member obtains the parameter for calculating the pointer address B from the server through the relay, and then the pointer address B is generated by the parameter;
the parameters of the calculation pointer address A and the parameters of the calculation pointer address B are random numbers A generated by the server, the server sends the random numbers A and anonymous keys to the relay, the relay encrypts the random numbers A by using the anonymous keys and then sends the random numbers A to the member, and the anonymous keys are generated by the server by using authentication keys shared between the server and the member.
In the invention, the member and the relay share corresponding pointer addresses in the AKA identity authentication process, the pointer addresses are the pointer addresses A, and the pointer addresses A participate in a key agreement algorithm. In the invention, the member and the server share corresponding pointer addresses in the AKA identity authentication process, the pointer addresses are the pointer addresses B, and the member and the server participate in a key agreement algorithm through the pointer addresses B. The sharing process can be directly obtained or can be generated by obtaining necessary parameters and then calculating by itself.
In the invention, the member and the relay share the first negotiation key through AKA identity authentication, in the subsequent communication process, the encryption mode of the two members during the independent communication can adopt the first negotiation key, other members cannot know the content, and even if the group key pool is cracked, the first negotiation key can still further ensure the communication security of the group key pool.
In the same way, the member and the server share the second negotiation key through the same AKA identity authentication process for the subsequent mutual encryption communication.
The invention has the further improvement that the members, the relay and the server (namely the key management server) share the group key pool, the provided key amount is larger, the freshness of the key seeds can be ensured by combining an updating strategy, and the key seeds are more difficult to crack.
The invention has the further improvement that the random number parameters adopted when generating the negotiation key are not directly transmitted in the network, but the related pointer address or the parameter for generating the pointer address are transmitted, and the random number parameters can be generated by the members and the relays according to the owned pointer address or the parameter for generating the pointer address and the local group key pool or the private key pool, thereby further improving the security level.
In order to ensure the safety of the AKA identity authentication process, encryption communication is adopted between the member and the relay and between the relay and the server.
Preferably, during the AKA authentication, the member and the relay use a group key pool to encrypt communication, and the relay and the server use a pre-shared negotiation key to encrypt communication, where the AKA authentication specifically includes:
the member sends an authentication request to the relay;
the relay responds to the authentication request and obtains a corresponding authentication vector from the server, and the authentication vector comprises the pointer address A, the anonymous key and the random number A;
the relay sends a question message to the member, and the question message contains a random number A encrypted by the anonymous key;
the member responds to the question message and sends authentication responses aiming at the relay and the server respectively to the relay;
after the authentication response aiming at the own party is verified by the relay, the authentication response aiming at the server is forwarded to the server, and a corresponding verification result is obtained from the server;
and the relay sends a corresponding authentication result to the member according to the own party and the server verification result so that the member can confirm to complete AKA identity authentication.
Since the random number a has been encrypted once by the anonymity key and the encrypted communication between the member and the relay is further encrypted by reusing the group key pool, the random number a is encrypted twice as a whole. The random number A adopts double encryption, so that the safety is further improved.
In the process that the member sends the authentication request to the relay, the relay sends the question message to the member, the member sends the authentication response to the relay and the relay sends the authentication result to the member, the communication between the member and the relay is involved, and the member and the relay share the group key pool, so the communication can be encrypted by using the group key pool.
Preferably, when the member communicates with the relay, the master generates a negotiation code in the form of a random number, obtains a pointer address through a specified pointer address algorithm by using the negotiation code, takes out the random number with a specified length from the group key pool according to the pointer address, and generates a group chat secret key and a group chat integrity key by using a specified key generation algorithm and the taken-out random number;
the group chat integrity key is used for generating and verifying a corresponding verification code in combination with communication content;
the group chat privacy key is used to encrypt and decrypt in conjunction with the communication content.
Similarly, when the relay obtains the authentication vector and the verification result from the server, the relay sends an authentication vector request to the server, the server sends an authentication vector feedback to the relay, the relay sends a secondary authentication response (namely forwarding the authentication response from the member to the server) to the server, and the server sends a server-side authentication result (namely the verification result of the server) to the relay, both involve the communication between the relay and the server, and since the relay and the server share the agreement key in advance, the communication can be encrypted by using the shared key between the relay and the server.
The negotiation key between the relay and the server can be generated according to the prior art, and in addition, the relay and the server can share a private key pool, so the negotiation key between the relay and the server can be generated by utilizing the private key pool, and the safety is further improved.
Preferably, the pointer address A is a random number A and is obtained by a specified algorithm correspondingly in combination with an authentication key between the member and the server; the pointer address B is obtained by using the random number A and an authentication key between the member and the server through a specified algorithm.
The authentication key between the member and the server can be generated by utilizing the private key pool by adopting the existing means, and the authentication key between the member and the server can also be generated by utilizing the private key pool as required.
Preferably, the key seed for generating the first negotiation key is obtained from the group key pool by using a pointer address C, the pointer address C is obtained by using a random number B through a specified algorithm, and the random number B is generated by the relay and distributed to the members through the challenge message.
Besides possessing the group key pool, the acquisition of the key seed also needs the corresponding pointer address B, the random number B is generated by the relay, and the pointer address B is obtained by combining the pointer address algorithm, thus further improving the security,
the information used for generating each negotiation key can be key seeds, random number parameters or pointer address A, random number A, pointer address B, random number B, pointer address C, corresponding algorithm, algorithm ID and the like used for generating the former, and the authentication vector and the question message comprise at least part of information, so that members and relays finally acquire all conditions for generating the negotiation keys.
Preferably, the authentication request further carries a communication identifier which is generated by the member and is in a true random number form, the communication identifier is sent to the server when the relay obtains the authentication vector from the server, the server encrypts the communication identifier by using the anonymous key and sends the encrypted communication identifier to the member along with the authentication vector and the question message in sequence, and the member verifies the question message by using the communication identifier.
Preferably, the communication identifier participates in the generation of an anonymity key as a random number parameter.
I.e. the communication identifier together with the authentication key shared between the server and the member is used as input and the anonymous key is calculated by means of a corresponding algorithm.
Preferably, the authentication vector further includes a message encryption algorithm ID and a message authentication algorithm ID when the first negotiation key is used between the member and the relay in subsequent communication;
and in the authentication vector, a message encryption algorithm ID and a message authentication algorithm ID when the second negotiation key is used between the member and the server in the subsequent communication are also included.
The negotiation key comprises a confidentiality key and an integrity key, and the corresponding algorithm ID also comprises an algorithm ID for generating the confidentiality key and an algorithm ID for generating the integrity key.
Preferably, the server and the relay each calculate an expected authentication response for verifying the authentication response from the member and for the own party;
the expected authentication response of the server side is generated by using the random number A and an authentication key between the member and the server;
the expected authentication response of the relay terminal is generated by using the random number A, the random number B and the group key pool.
Preferably, the AKA identity authentication system is implemented based on a wireless multi-hop network, and the communication nodes participating in AKA identity authentication further comprise a plurality of communication nodes for transmitting messages between the members and the relay.
Each communication node can be regarded as one member, if there is no other communication node between the member and the relay, the member and the relay correspond to the two and directly communicate, and if there are other communication nodes, the message transmission between the member and the relay needs to be sequentially forwarded, but the forwarded communication node does not participate in the encryption and decryption of the message. Members of the group may decrypt the message unless it is for a group message that each member needs to receive.
The server participating in the AKA identity authentication may be multiple, each server is in the quantum communication network, the server in direct communication with the relay is the first server, and the second negotiation key is shared between the member and the first server.
When the server is multiple, for example, one of the servers is a first server to which the relay belongs, the other server is a second server to which the member belongs, and one of the first server and the second server owns the group key pool;
after receiving the authentication vector request from the relay, the first server forwards the authentication vector request to the second server, the second server responds to the authentication vector request and generates a corresponding authentication vector, and then the authentication vector is sent to the relay through the first server in the form of authentication vector feedback.
The relay home first server, it is understood that both can communicate securely, i.e., pre-shared negotiation keys, and shared private key pool. The member belongs to the second server, can understand the shared authentication key of the two and share the private key pool, in addition, the second server also prestores the information related to the member, the information can be sent to the member along with the authentication vector and the question message, for the member to authenticate the question message.
Because the secure communication can be implemented between the servers, any one server can request the required data from other servers according to the requirements, and therefore, a plurality of servers can be regarded as a whole, and the implementation of the invention is not influenced.
The invention also provides a symmetric key pool and cross-relay based AKA identity authentication method, which comprises the following steps:
step S1, the member sends authentication request to the relay;
step S2, the relay sends an authentication vector request to the server in response to the authentication request,
step S3, the server responds to the request of the authentication vector, generates the authentication vector and a second negotiation key between the member and the server, and sends the authentication vector to the relay through the feedback of the authentication vector; the authentication vector comprises a pointer address A, an anonymous key and a random number A;
the pointer address A is obtained by combining a random number A with an authentication key between a member and a server through a specified algorithm, and the random number A is generated by the server;
step S4, after the relay receives the authentication vector feedback, it sends a question message to the member, and the question message contains the random number A from the authentication vector encrypted by the anonymous key;
the group key pool is shared by the members, the relay and the server, the relay correspondingly obtains a first random number parameter in the group key pool through the pointer address A after receiving the authentication vector feedback, and the first random number parameter is combined with the key seed of the group key pool to calculate a first negotiation key between the members and the relay;
step S5, the member receives the question message and sends authentication response to the relay and the server respectively;
after receiving the question message, the member also correspondingly generates a first negotiation key between the member and the relay through a random number A;
after receiving the question message, the member also generates a pointer address B through a random number A, and correspondingly obtains a second random number parameter in a private key pool between the member and the server through the pointer address B, and the second random number parameter is calculated by combining an authentication key between the member and the server to obtain a second negotiation key between the member and the server;
step S6, after the authentication response aiming at the own party is verified by the relay, the secondary authentication response aiming at the server is forwarded to the server;
step S7, the server receives the secondary authentication response and sends the corresponding server authentication result to the relay after verification;
step S8, the relay sends the corresponding authentication result to the member according to the own party and the server verification result, so that the member can confirm to complete the AKA identity authentication.
The relevant operations of each step can also be combined with the relevant description in the AKA identity authentication system of the invention, and are not described again.
The invention improves the capacity and the replaceability of the key seeds in the group key negotiation aspect, simultaneously ensures the true randomness and the safety of the random numbers required by the key generation, and improves the high confidentiality of the group chat information to a great extent. In the aspects of identity authentication and key agreement, the invention realizes the dual authentication between members in the group and the relay and the key management server. The group key pool and the private key pool provide a large number of random numbers for the negotiation keys among the members, the relays and the key management server, and the difficulty of cracking the negotiation keys is improved. The key seed of the negotiation key between the group member and the relay can not be calculated and obtained outside the group, and the random number parameter of the negotiation key can not be calculated and obtained inside the group. The key seeds and random number parameters required by the generation of the negotiation key between the group members and the key management server can not be obtained by other members, so that the security of the negotiation key is ensured. The key is negotiated between the group members and the key management server independently, so that some important data can be highly encrypted, and information leakage in the message transmission process is prevented. Meanwhile, the authentication key used in the authentication system can be replaced regularly, so that the risk of the authentication key being cracked is reduced. The message freshness check in the classical AKA authentication mechanism is checked by taking a random number as a unique identifier, so that the passing contingency of the check is reduced, and the resynchronization loophole of an SQN check mechanism in the AKA authentication is solved. Meanwhile, the key management server is positioned in the quantum communication network, and the transmission among the servers adopts the encryption transmission in the QKD mode, so that the safety of the message transmission of the servers is ensured.
Drawings
FIG. 1 is a view of the scene of example 1;
FIG. 2 is a diagram showing some parameters possessed by the members C, R and S in example 1;
fig. 3 is an authentication flow chart of embodiment 1 (the dotted line is an additional message transmission flow when the authentication key set is updated);
FIG. 4 is a view showing the scenario of example 2;
FIG. 5 is a schematic diagram showing the partial parameters possessed by the members C, R, S1 and S2, respectively, in example 2;
fig. 6 is an authentication flow chart of embodiment 2 (the dotted line is an additional message transmission flow when the authentication key set is updated);
fig. 7 is a derived scene diagram of example 2.
Detailed Description
Example 1
Description of the System
The scenario of this embodiment is shown in fig. 1, in this figure, member R, member a0, member a1, member a2, member A3, member a4, and member C are all members of the same group, and member R is a relay unit. The active party participating in authentication in this figure is C, which contains a private key pool KCAnd a group key pool KG(ii) a The passive party participating in authentication isR, containing a pool of private keys KRAnd a group key pool KG. The private key pool is a symmetric key pool between both the members and the server, and the group key pool is a symmetric key pool between the members in the group. The member S is a key management server and also serves as a server, the member C and the member R belong to S, and the member S comprises a private key pool and a group key pool K of all membersG. The member R is used as a communication relay and has performed identity authentication and key agreement with the member S, so that the communication between the R and the S has been realized by symmetric encryption, and the agreement key of the R side is CKRAnd IKRIndicating that CK is used for negotiating a key on the S sideR' and IKR' means.
As shown in fig. 2, the IDs of the member C, the member R and the member S are ID ═ ID respectivelyC、ID=IDRAnd ID ═ IDSAt the same time, member C and member R both record the ID code PID of the home key management server, i.e. ID-ID of member SS. C. The cryptography modules of R and S each hold a corresponding key pool (including a private key pool and a group key pool), various algorithms, and an authentication key set. The length of the authentication key group is 2, the first is a history key, the second is a use key, and the key management server to which the authentication key group belongs has the corresponding authentication key group. The authentication key set is implemented based on a pool of private keys. The symbolic representation of each key is detailed in fig. 2. In this embodiment, both member C and member R have security isolation devices to store the key pool.
In this embodiment, the key finally negotiated after authentication of the member C and the member R is the message encryption key CKCR(i.e., confidentiality key) and message authentication key IKCR(i.e., integrity key), the key finally negotiated by the member C and the server S is the message encryption key CKCS(i.e., confidentiality key) and message authentication key IKCS(i.e., integrity key).
The embodiment may be in a wireless multihop network and then there may not be direct communication between member C and member R. As in fig. 1, the communication of messages between member C and member R requires forwarding through member a 1. Where member a1 does not participate in the encryption and decryption of the message. Members within the group may each decrypt a message sent by a group member if the message is a group message.
The suffix A, B, the number of letters, the suffix 1, the number of numerals, the prefix first, the prefix second, etc. are used for distinguishing and convenience of description, and are not limited to the meaning of the noun itself.
In both communication parties, keys, authentication codes, and the like corresponding to contents are generally distinguished by superscript 'in order to distinguish differences between holders, and for example, when a member generates RAND1 and issues it to a relay, and the relay holds and uses the random number, it is called random number RAND 1', but the contents of both are the same.
Description of the flow
Referring to fig. 3, a schematic diagram of an authentication message flow of this embodiment shows a message indicated by a solid line as an authentication and key agreement part of this embodiment. The detailed description of the present embodiment is as follows:
step 1: member C initiates an authentication request to relay R
1.1, group key generation: the member C generates a random number RAND1 as needed, and the random number RAND1 is preferably a quantum random number generated by a quantum true random number generator to improve security, and may be generated in advance and stored for calling or generated as needed to transmit a group chat message. RAND1 is entered as a parameter into the pointer address algorithm. From the group key pool K according to the pointer address obtainedGA random number of a specified length is fetched. Generation of group chat privacy key, CK, using a key generation algorithm and a fetched random numberGAnd group chat integrity key IKG
1.2, generating an authentication request: member C generates a random number RAND2, and random number RAND2 is preferably a quantum random number generated by a quantum true random number generator to improve security performance, and may be generated in advance and stored for calling or generated as required to generate an authentication request. The random number RAND2, the ID of the key management server of member CSKey information splicing with authentication request and group chat integrity key IKGInputting the parameters into message authentication algorithm to generate message authentication code MAC1. The spliced key information is added with a message authentication code MAC1 and a group chat security key CKGTogether as a parameter input to the message encryption algorithm to generate ciphertext M1. The authentication request includes the identity ID of the member C (i.e., the authentication master) in clear textCThe identification code ID of the relay member R (namely the authentication passive party)RAnd a random number RAND1 and a ciphertext M1.
1.3, sending an authentication request: the member C sends an authentication request, which may be sent directly to the relay R or may be sent to the relay R via the transmission mode of the multi-hop network. According to the designation of the receiver as ID in the messageR. Other group members do not decrypt and parse the request message.
Step 2: the relay R receives the authentication request and forwards the authentication request to the server
2.1, the relay R identifies the message, splits and analyzes the message: after the relay R receives the authentication request from the member C, the relay R analyzes the request message to obtain the identity identifier ID of the active party of the authentication requestC', ID of passive party of authentication request (i.e. relay R)R' and random number RAND1 ' and ciphertext M1 '. Relay R authentication IDR' compare with own identification code, match and then go to next step.
2.2, relay R decrypts the authentication message: RAND 1' is entered as a parameter into the specified pointer address algorithm. From the group key pool K according to the pointer address obtainedGA random number of a specified length is fetched. Generation of group chat privacy key CK using a specified key generation algorithm and fetched random numbersG' and group chat integrity key IKG'. Using group chat privacy key CKG' and the corresponding message decryption algorithm decrypts the ciphertext M1 ' to obtain the key information of the authentication request and the message authentication code MAC1 '. Using group chat integrity key IKG' and the corresponding message authentication algorithm calculates the key information to obtain the message authentication code MAC 2. Comparing MAC2 with MAC 1', if equal, the message is not tampered; otherwise, the request is invalid.
2.3, the relay R generates an authentication vector request: relay R according to memberIdentification code ID of CC' identification code ID of key management server to which member C belongsS'and the random number RAND 2' generate a request for an authentication vector to the key management server S. Integrity key IK using a negotiated key of a relay R and a key management server SRAnd a corresponding message authentication algorithm generates a message authentication code MAC3, and uses the authentication vector request and MAC3 together with a secret key CK of the negotiation keyRAnd the message encryption algorithm to obtain a ciphertext M2.
2.4, the relay R sends an authentication vector request: the relay R sends its own identity identifier IDRAnd the identity ID of the key management server SSAnd the ciphertext M2 into a message packet in a corresponding format. The relay R sends a request to S.
And step 3: the server receives the authentication vector request and generates an authentication vector
3.1, the server receives the request message, decrypts and authenticates the message: the key management server S receives a request for an authentication vector from the relay R. The ciphertext M2' is obtained through analysis. Server S uses key CK negotiated with relay RR' and IKR'decrypting the ciphertext M2' and authenticating the message to obtain the IDC”、IDS"and RAND 2". Please refer to step 2.2 above for the specific process of decryption and message authentication.
3.2, the server S generates an authentication vector: the key management server S follows the ID in the requestC"and IDS"find out the appointed authentication key group, take out and use the key KIC2' calculating key of authentication vector. The key management server S generates a random number RAND3, and the random number RAND3 is preferably a quantum random number generated by a quantum true random number generator to improve security, and may be generated in advance and stored for calling or generated according to the needs of the server. The key management server S will also generate a parameter AMF, which functions slightly differently from the prior AKA technique and is longer in parameter length than the AMF of the prior AKA. AMF includes message encryption algorithm ID and message authentication algorithm ID used for data encryption transmission between member C and relay R and cancellation used for data encryption transmission between member C and server SAn information encryption algorithm ID and a message authentication algorithm ID, as well as a time stamp and a lifetime of the negotiated key. The relay R related information is information included in the authentication vector request of the relay R.
Set group key pool KGTotal data amount of PA. Let member C's private key pool KCTotal data amount of PB. The device is used as a secret key CK between a member C and a server SCSHas a key seed (i.e., random number) of N1 and a pointer address of PC1Length of LC1Integrity key IKCSHas a key seed (i.e., random number) of N2 and a pointer address of PI1Length of LI1. N1 and N2 are taken from the pool of private keys corresponding to member C, respectively.
Secret key CK for negotiating key between member C and relay RCRHas a pointer address of PC2Integrity key IKCRHas a pointer address of PI2The specific calculation formula is as follows (⊕ represents bitwise exclusive or, | | represents concatenation):
compute message authentication code (MAC 4): MAC4 ═ f1 (KI)C2’,RAND2”||RAND3||AMF);
Computing expected authentication response (XRES) for server SS):XRESS=f2(KIC2’,RAND3);
Calculating CKCRPointer address (P)C2):PC2=f3(KIC2’,RAND3,PA);
Calculating IKCRPointer address (P)I2):PI2=f4(KIC2’,RAND3,PA);
Calculating CKCSPointer address (P)C1):PC1=f5(KIC2’,RAND3,PB);
Calculating IKCSPointer address (P)I1):PI1=f6(KIC2’,RAND3,PB);
Computing server side privacy key (CK)CS):CKCS=f7(KIC2’,N1);
Computing a server Integrity Key (IK)CS):IKCS=f8(KIC2’,N2);
Calculating an Anonymity Key (AK): AK f9 (KI)C2’,RAND2”);
Initial network authentication token (AUTN)0):AUTN0=RAND2”||RAND3||AMF||MAC4;
Authentication Vector (AV): AV (AV-AK-P)C2||PI2||AUTN0
(Note: algorithms f1 and f2 are designated message authentication algorithms, f3, f4, f5 and f6 are designated pointer address algorithms, f7 and f8 are designated key generation algorithms, f9 is designated anonymous key generation algorithm.)
3.3, the server S sends an authentication vector to the relay R: the key management server generates n sets of authentication vectors (all for the same authentication) in the above manner, and uses the negotiation key CK with RR' and IKR' encrypted and sent to relay R. Please refer to step 2.3 above for the process of encryption and message authentication.
And4, step 4: the relay R receives the message, calculates the negotiation key and issues a question to the C
4.1, the relay R receives the message and decrypts and authenticates the message: the relay R receives the encrypted information from the server S and uses the key CK negotiated with the server SRAnd IKRPlease refer to step 2.2 above for the specific process of decrypting and authenticating the message.
4.2, relay R generates a negotiation key: the relay R selects a set of authentication vectors AV (0) with a sequence number of 0 among the n sets of authentication vectors. The relay R analyzes the authentication vector AV (0) to obtain AK' and PC2’、PI2’、AUTN0', and further resolving AUTN0' obtain RAND2 ' ″, RAND3 ', AMF ' and MAC4 '. The relay R compares and checks the RAND2 'and the RAND 2', if the RAND2 'and the RAND 2' are the same, the authentication is continued, and otherwise, the authentication is abnormal. The relay R generates a random number RAND4, and the random number RAND4 is preferably a quantum random number generated by a quantum true random number generator to improve security, and may be generated in advance and stored for calling or generated as needed by the relay R. Using random number RAND4 and a specified pointer addressAnd calculating by an algorithm to obtain the pointer address. According to the pointer address, taking out the random number with the appointed length from the group key pool as CKCRAnd IKCRK is set as the key seed of (1). And according to the pointer address P in the authentication vector AV (0)C2' and PI2' Slave group Key pool KGThe random numbers N3 and N4 of the specified lengths were taken out. CK (CK)CRAnd IKCRIs as follows
Computing expected authentication response (XRES) for Relay RR):XRESR=f10(K,RAND3’);
Compute network authentication token (AUTN): AUTN ═ RAND3 '| AK' | | AMF '| MAC 4';
calculating a privacy key (CK) for a relay RCR):CKCR=f11(K,N3);
Calculating an Integrity Key (IK) for a Relay RCR):IKCR=f12(K,N4);
(note: f10 is a designated message authentication algorithm, f11 and f12 are designated key generation algorithms, respectively)
4.3, the relay R sends a question message to the member C: the relay R adds RAND4| | RAND 2' | | AUTN in the question message. The relay R generates a random number RAND5, and the random number RAND5 is preferably a quantum random number generated by a quantum true random number generator to improve security, and may be generated in advance and stored for calling or generated as needed by the relay R. The relay R encrypts the question message by using a group message encryption mode and sends the encrypted question message to the member C. For the specific encryption process, refer to the corresponding part of step 1, where the use of RAND5 is identical to RAND 1.
And 5: member C verifies the challenge message and returns a response
5.1, receiving the message by the member C, decrypting the authentication question message: the member C decrypts the challenge message and authenticates the message according to the random number RAND 5' and a corresponding algorithm. Please refer to step 2.2 above for the specific process. Decryption yields RAND4 ', RAND2 ', and AUTN '.
5.2, resolving and verifying the question message of the relay R by the member C: the member C compares the RAND2 'with the RAND2, if the RAND 2' and the RAND2 are the same, the random number check is passed, and the next step is carried outMember C splits AUTN ' into (RAND3 ' ⊕ AK) ', AMF ' and MAC4 '. Member C takes KI from the authentication key setC2And RAND2 as parameter input, and using f9 'algorithm corresponding to f9 to calculate AK'. A end XOR (RAND3 '⊕ AK)' and AK 'to obtain RAND 3'. Member C concatenates RAND2, RAND3 'and AMF' together, and uses key KIC2And f 1' algorithm corresponding to f1 is calculated to obtain XMAC. And comparing the XMAC with the MAC4 'obtained by analyzing the message, and if the XMAC is not the same as the MAC 4', the relay R fails to authenticate the identity. The failure reason may be that the message is tampered with or the relay R identity is in doubt, etc. If so, the member C successfully authenticates the relay R identity.
5.3, generating a negotiation key and generating a response message by the member C: member C utilizes RAND 3' and KIC2CK is obtained through calculation and operation of the same algorithm as that in the server SCS' and IKCS' (for concrete steps, refer to the corresponding parts of step 3.2 above).
Reuse of RAND 3' and KIC2P is obtained through calculation of pointer address algorithm corresponding to f3 and f4 in the server SC2"and PI2". Member C utilizes RAND 3' and pointer address PC2”、PI2"obtaining the key seed K' and the negotiation key CK through the same algorithm and operation as in the relay RCR' and IKCR' (see corresponding part of step 4.2).
The lifetime of the negotiated key is derived in the AMF "and the algorithm for encryption of the following data is also parsed from the AMF". Member C will RAND 3' and KIC2Calculating by an algorithm corresponding to f2 to obtain a message authentication code RESS. The member C obtains a message authentication code RES through calculation by an algorithm corresponding to f10 in the relay R by utilizing K' and a random number RAND3 ″R
5.4, the member C returns a response message: member C authenticates the message with the message authentication code RESSAnd RESRThe group message is sent to the relay R in an encrypted manner, and the specific encryption process refers to the corresponding part of step 1 above, and RAND1 can be used continuously or new random numbers can be generated again to replace RAND 1).
Step 6: the relay R verifies the identity of the member C and forwards the authentication response
6.1, relay R authentication response message: after the relay R receives the response message of the A end, the response message is decrypted and authenticated in a group message decryption mode and analyzed to obtain RESS' and RESRPlease refer to the corresponding part of step 2.2 above for the specific decryption and message authentication flow. Subjecting RES toR' and relay R calculated XRESRAnd comparing, wherein if the two are the same, the relay R successfully authenticates the identity of the member C, and if the two are different, the identity authentication fails.
6.2, the relay R forwards the question response message to the server S: RES obtained by analysis of relay RS' by CKRAnd IKRThe encryption is sent to the key management server S. Please refer to step 2.3 above for the specific encryption process.
And 7: the server S receives and verifies the identity of the member C and returns an authentication result
7.1, the server S receives and decrypts the authentication response forwarded by the authentication relay R: the key management server S receives the encrypted message from the relay R and uses the key CK negotiated with the relay RR' and IKR' decrypting encrypted information and authenticating the message to RESS". Please refer to step 2.2 above for the specific process of decryption and message authentication.
7.2, the server S checks the authentication response message: key management Server S sends RESS"and XRESSPerforming comparison and verification, if the two are the same, successfully authenticating the identity of the member C, and reserving the CK generated by the authenticationCSAnd IKCS(ii) a Otherwise, if authentication fails, the CK generated by the authentication is eliminatedCSAnd IKCS
7.3, the server S sends the authentication result to the relay R: the key management server S utilizes the authentication result and the negotiation key CK of the relay RR' and IKR' generation of a message authentication code and encryption of a message are performed, and encryption information is transmitted to the relay R.
And 8: the relay R receives the authentication result of the server S and sorts and returns the authentication result to the member C
8.1, the relay R receives the authentication result of the server S and decrypts the authentication: the relay R receives the encryption information sent by the key management server S. Using a negotiation key CK with a key management server SRAnd IKRAnd decrypting the encrypted information and authenticating the information to obtain an authentication result of the key management server S.
8.2, the relay R returns the authentication result to the member C: if the authentication result of the key management server is successful, the relay R returns the successful result to the member C, and if the authentication result of the key management server is failed, the relay R returns the failed authentication result to the member C. The relay R returns the authentication result to the member C, the authentication result is encrypted and sent to the member C in the same way of group message encryption, and the step 1 is referred for the generation and encryption of the message authentication code. If the authentication is successful, the CK generated by the authentication is reservedCRAnd IKCR(ii) a If the authentication fails, the CK generated by the authentication is clearedCRAnd IKCR
And step 9: member C receives the verification authentication result
And the member C receives the return message of the relay R and decrypts and authenticates the return result of the relay R by using a group message decryption mode. And the member C analyzes the authentication result and judges whether the identity authentication is successful. If the authentication fails, the authentication request is reinitiated; if successful, the subsequent message transmissions can be encrypted and decrypted.
Updating of authentication keys
In the invention, the authentication key between the member and the server can be updated according to the requirement, for example, according to a set updating period, or in response to an updating request of an upper application, and the like.
Updating method of authentication key and CK in the authentication methodCSAnd IKCSThe generation method is similar, and please refer to fig. 3 for a specific message flow. The key management server S uses the algorithm f5 or f6 to generate the pointer address of the authentication key, and takes the random number with the designated length from the private key pool corresponding to the member C according to the pointer address, and the random number and the authentication key KIC2' calculation of new authentication Using Key Generation AlgorithmThe rights key. At the first time, a random number at the beginning of the pool of private keys is taken as the authentication key by default. When updating the authentication key, the currently used authentication key is covered with the previous authentication key set, and the currently used authentication key set is covered with the synchronous authentication key set, and the updating of the authentication key is shown in fig. 3. Generating only XRES in Relay RRThe associated negotiation key is no longer generated.
Authentication and authentication key update combination
When the update of the authentication key needs to be bound to the authentication, member C may be declared in the authentication request of step 1, e.g. setting an identifier in the authentication request. Please refer to the "update of the authentication key" in this embodiment. But at this point relay R still generates a negotiation key with member C.
Handling of authentication exceptions
The message transmitted and received between the member C and the server S may be an authentication request, an authentication vector feedback, a challenge message, an authentication response, a secondary authentication response, a server authentication result, or an authentication result. Referring to fig. 3, an authentication request, an authentication vector feedback, a challenge message, an authentication response, a secondary authentication response, a server side authentication result or an authentication result are respectively abbreviated as message (i) to message (b). If slight packet loss occurs in the message transmission process, the respective signaling retransmission mechanisms do not influence the message receiving and sending in general. For example, the member C cannot receive the question message from the relay R after sending the authentication request to the relay R, and can regenerate the request message and send the request message to the relay R until the maximum sending times of the request is reached; the relay R, after sending the challenge message, will not receive the response message, and will also resend it to the maximum number of times of sending.
If the packet loss is severe or even the network is disconnected in the authentication process, the authentication process is terminated, and the next authentication request of the lower application layer is waited. The various abnormal conditions are handled as follows:
1. if only authentication and key negotiation are carried out in the process, no matter any one of the messages (i), (ii), (iii), (iv), (v), (c), and (r) is lost, the private key pool and the authentication key group cannot be influenced. The only effect is authentication failure and key agreement failure, which can be re-authenticated according to the application layer request.
2. If the authentication key is updated, the packet loss of the messages I, II, III and IV does not influence the synchronization of the authentication key group. When the message (C) is lost, (C) does not receive the return message from the relay (R), the update of the authentication key fails. Member C will make the initiation request again and declare the last authentication key update failure. After receiving the update request, the server S judges whether to use the first key or the second key in the authentication key group to calculate the authentication vector according to the message whether the last update receives the update of the authentication key. If the last update receives the message of updating the authentication key, which means that the server S has finished updating, but the member C has not updated, the server S uses the first key in the authentication key group to calculate the authentication vector. If the last update does not receive the message of updating the authentication key, which means that neither the server S nor the member C is updated, the server S uses the second key in the authentication key group to calculate the authentication vector.
3. If the combination of authentication and updating of the authentication key is used, the processing mode may refer to the exception handling in case 2.
Example 2
Description of the System
As shown in fig. 4, the identity authentication system of the present invention may include a plurality of key management servers, and different key management servers are located in different quantum network service stations. Each quantum network service station is in the quantum communication network, so quantum keys between the quantum network service stations can be shared in a QKD mode, and high information safety is guaranteed.
Referring to fig. 4, in this figure, member R, member a0, member a1, member a2, member A3, member a4 and member C are all members of the same group, and member R is a relay unit. The active party participating in authentication is C and contains a private key pool KCAnd a group key pool KG(ii) a The passive party participating in authentication is R and contains a private key pool KRAnd a group key pool KG(ii) a Become intoMembers S1 and S2 are key management servers, also serving as servers, member R belongs to S1, member C belongs to S2, the key management server contains a pool of private keys for registered members, wherein the key management server S1 is a group key pool K for member C and relay RGAlso having a group key pool KG. Or as shown in FIG. 7, group key pool K for member C and relay RGIs a key management server S2, has a group key pool KGAnd S1 has no group key pool KG. The member R acts as a communication relay and has performed identity authentication and key agreement with the member S1, so that the communication between the R and the S has been implemented by symmetric encryption, and the agreement key of the R side is used by CKRAnd IKRIndicating that CK for negotiating a key on the S1 sideR' and IKR' means. As shown in fig. 5, the IDs of the member C, the member R, the member S1, and the member S2 are ID ═ ID, respectivelyC、ID=IDR、ID=IDS1And ID ═ IDS2At the same time, member C and member R both record the ID code PID of the home key management server, i.e. the PID of member C is IDS2The PID of the member R is IDS1. C. R, S1 and S2 each hold a corresponding pool of keys (including a pool of private keys and a pool of group keys), various classes of algorithms, and sets of authentication keys. The length of the authentication key group is 2, the first is a history key, the second is a use key, and the key management server to which the authentication key group belongs has the corresponding authentication key group. The authentication key set is implemented based on a pool of private keys. The symbolic representation of each key is detailed in fig. 5. In this embodiment, both member C and member R have security isolation devices to store the key pool. In this embodiment, the key finally negotiated after authentication of the member C and the member R is the message encryption key CKCR(i.e., confidentiality key) and message authentication key IKCR(i.e., integrity key), the key eventually negotiated by the member C and the server S1 is the message encryption key CKCS(i.e., confidentiality key) and message authentication key IKCS(i.e., integrity key). The embodiment may be in a wireless multihop network and then there may not be direct communication between member C and member R. As in FIG. 1, the communication of messages between member C and member R requires passing through member A1And (6) forwarding. Where member a1 does not participate in the encryption and decryption of the message. Members within the group may each decrypt a message sent by a group member if the message is a group message.
Description of the flow
Referring to fig. 6, a schematic diagram of an authentication message flow of this embodiment is shown, where a message indicated by a solid line is an authentication and key agreement part of this embodiment. The detailed description of the present embodiment is as follows:
step 1: member C initiates an authentication request to relay R
Please refer to step 1 in example 1.
Step 2: the relay R receives the authentication request and forwards the authentication request to the server
Please refer to step 2 in example 1.
And step 3: server S1 forwards authentication vector request
The key management server S1 receives a request for an authentication vector from the relay R. Using a negotiation key CK with a relay RR' and IKR' decrypt the ciphertext in the request and authenticate the message. Please refer to step 2.2 in embodiment 1 above for the specific flow of decryption and message authentication. The key management server S1 relays R ID according to the messageRAnd the ID of the key management server S2S2The request is directed to a key management server in the quantum communication network in a specified format S2. In transmission, stations encrypt transmission in a mode of sharing quantum keys among the stations in a QKD mode. The quantum network service station where the key management server S1 is located and the quantum network service station where the key management server S2 is located may be adjacent stations, and may also communicate through multiple relays.
And4, step 4: the server S2 receives the authentication vector request and generates an authentication vector
After receiving the authentication vector request forwarded by the key management server S1, the key management server S2 decrypts, authenticates, and parses the request. And generating n groups of authentication vectors about the member C according to the requested related information. Please refer to step 3 in example 1. The key management server S2 authenticates the n groupsVector and corresponding server expected authentication response XRESSNegotiating a key CK with a serverCS、IKCS. The encrypted data is sent to the key management server S1 through a quantum communication network.
And 5: server S1 encrypted forwarding authentication vector
The key management server S1 receives the n sets of authentication vectors from the key management server S2. The key management server S1 uses a key CK for negotiation with the relay RR' and IKR' message authentication code generation and message encryption are performed on the authentication vector and sent to the relay R. For a specific way of encrypting and generating the message authentication code, please refer to step 2.3 in the above embodiment 1.
Step 6: the relay R receives the message, calculates the negotiation key and issues a question to the C
Please refer to step 4 of example 1.
And 7: member C verifies the challenge message and returns a response
Please refer to step 5 in example 1.
And 8: the relay R verifies the identity of the member C and returns an authentication result
Please refer to step 6 in example 1.
And step 9: member C receives the verification authentication result
Refer to step 7 of example 1.
Updating of authentication keys
Please refer to the method for updating the authentication key in embodiment 1, and refer to fig. 6 for a specific message flow.
Combination method for authentication and updating authentication key
The present combination method can be performed by referring to example 1. Please refer to the "update of the authentication key" in this embodiment.
Handling of authentication exceptions
For the case of exception handling, refer to the processing in example 1. When the method is used for updating the authentication key or participating in updating the authentication key, embodiment 1 may be referred to if packet loss occurs in the message transmission process. After the member C receives the question message, the packet loss occurring in the message transmission from the member C to the key management server S2 is consistent with the exception handling situation in embodiment 1 from the member C to the key management server S; after the key management server S2 updates the authentication key group, the packet loss occurring in the message transmission from the key management server S2 to the member C is consistent with the exception handling situation between the key management server S and the member C in embodiment 1.
The notation of each parameter in the present invention is for convenience of description only and does not set any particular limitation to the present invention. In the invention, n authentication vectors can be generated at a time, and the size of n depends on the situation. The invention can be applied to various wireless multi-hop networks, such as a sensor network, a data link and the like.
The identity authentication and key agreement system and method of the invention build a safe channel for both parties of the group member and the relay. The mechanism can ensure that the information with high importance level can be decrypted only by the appointed user, and the safe transmission of the information in the group is ensured. And meanwhile, the group key pool reduces the risk of the session key (namely, the negotiation key) being cracked.
The above disclosure is only an embodiment of the present invention, but the present invention is not limited thereto, and those skilled in the art can make various changes and modifications to the present invention without departing from the spirit and scope of the present invention. It is to be understood that such changes and modifications are intended to be included within the scope of the appended claims. Furthermore, although specific terms are employed herein, they are used in a generic and descriptive sense only and not for purposes of limitation.

Claims (10)

1. A kind of AKA identity authentication system based on symmetric key pool and cross-relay, including participating in member, relay and server of AKA identity authentication, characterized by that, said member, relay and server share the key pool of the group; the member and the relay also have a private key pool for generating an authentication key respectively, and the member and the relay are mutually independent and share the private key pool with the server;
the member and the relay respectively use key seeds from a group key pool in the AKA identity authentication process and then combine a first random number parameter to calculate to obtain a first negotiation key between the member and the relay; the first random number parameter is correspondingly obtained in the group key pool by using a pointer address A, the relay obtains the pointer address A through the server, and the member obtains the parameter for calculating the pointer address A from the server through the relay and then generates the pointer address A through the parameter;
the member and the server respectively use the authentication key between the member and the server in the AKA identity authentication process and then calculate by combining a second random number parameter to obtain a second negotiation key between the member and the server; the second random number parameter is correspondingly obtained in a private key pool between the member and the server by using the pointer address B, the member obtains the parameter for calculating the pointer address B from the server through the relay, and then the pointer address B is generated by the parameter;
the parameters of the calculation pointer address A and the parameters of the calculation pointer address B are random numbers A generated by the server, the server sends the random numbers A and anonymous keys to the relay, the relay encrypts the random numbers A by using the anonymous keys and then sends the random numbers A to the member, and the anonymous keys are generated by the server by using authentication keys shared between the server and the member.
2. The AKA-like authentication system based on a symmetric key pool and a cross-relay of claim 1, wherein in the AKA authentication process, the member and the relay use the group key pool to encrypt communication, and the relay and the server use a pre-shared negotiation key to encrypt communication, and the AKA authentication process specifically includes:
the member sends an authentication request to the relay;
the relay responds to the authentication request and obtains a corresponding authentication vector from the server, and the authentication vector comprises the pointer address A, the anonymous key and the random number A;
the relay sends a question message to the member, and the question message contains a random number A encrypted by the anonymous key;
the member responds to the question message and sends authentication responses aiming at the relay and the server respectively to the relay;
after the authentication response aiming at the own party is verified by the relay, the authentication response aiming at the server is forwarded to the server, and a corresponding verification result is obtained from the server;
and the relay sends a corresponding authentication result to the member according to the own party and the server verification result so that the member can confirm to complete AKA identity authentication.
3. The AKA-like identity authentication system based on the symmetric key pool and the cross-relay as claimed in claim 2, wherein when the member communicates with the relay, the master generates a negotiation code in the form of a random number, obtains a pointer address through a designated pointer address algorithm by using the negotiation code, takes out a random number of a designated length from the group key pool according to the pointer address, and generates a group chat security key and a group chat integrity key by using a designated key generation algorithm and the taken-out random number;
the group chat integrity key is used for generating and verifying a corresponding verification code in combination with communication content;
the group chat privacy key is used to encrypt and decrypt in conjunction with the communication content.
4. The AKA-like identity authentication system based on symmetric key pools and across relays according to claim 3, characterized in that the pointer address A is a random number A obtained by a prescribed algorithm in response to an authentication key between a member and a server; the pointer address B is obtained by using the random number A and an authentication key between the member and the server through a specified algorithm.
5. The AKA-like identity authentication system based on a symmetric key pool and across relays according to claim 4, characterized in that the key seed for generating the first negotiation key is obtained from the group key pool by a pointer address C obtained by a given algorithm using a random number B generated by the relay and distributed to the members by the challenge message.
6. The AKA-like identity authentication system based on a symmetric key pool and across relays according to claim 5, characterized in that the authentication request further carries a communication identifier generated by the member and in the form of a true random number, which is sent to the server when the relay obtains the authentication vector from the server, the server encrypts the communication identifier with the anonymous key and sends it to the member in turn along with the authentication vector and the challenge message, and the member verifies the challenge message with the communication identifier.
7. The symmetric-key-pool-based and cross-relay AKA-like identity authentication system of claim 6, wherein the communication identifier participates in the generation of an anonymous key as a random number parameter.
8. The AKA-like identity authentication system based on a symmetric key pool and across relays according to claim 7,
in the authentication vector, a message encryption algorithm ID and a message authentication algorithm ID when a first negotiation key is used between a member and a relay in subsequent communication are also included;
and in the authentication vector, a message encryption algorithm ID and a message authentication algorithm ID when the second negotiation key is used between the member and the server in the subsequent communication are also included.
9. The AKA-like identity authentication system based on a symmetric key pool and across relays according to claim 8,
the server and the relay respectively calculate expected authentication responses for verifying the authentication responses from the members and aiming at the own party;
the expected authentication response of the server side is generated by using the random number A and an authentication key between the member and the server;
the expected authentication response of the relay terminal is generated by using the random number A, the random number B and the group key pool.
10. A symmetric key pool and cross-relay based AKA-like identity authentication method is characterized by comprising the following steps:
step S1, the member sends authentication request to the relay;
step S2, the relay sends an authentication vector request to the server in response to the authentication request,
step S3, the server responds to the request of the authentication vector, generates the authentication vector and a second negotiation key between the member and the server, and sends the authentication vector to the relay through the feedback of the authentication vector; the authentication vector comprises a pointer address A, an anonymous key and a random number A;
the pointer address A is obtained by combining a random number A with an authentication key between a member and a server through a specified algorithm, and the random number A is generated by the server;
step S4, after the relay receives the authentication vector feedback, it sends a question message to the member, and the question message contains the random number A from the authentication vector encrypted by the anonymous key;
the group key pool is shared by the members, the relay and the server, the relay correspondingly obtains a first random number parameter in the group key pool through the pointer address A after receiving the authentication vector feedback, and the first random number parameter is combined with the key seed of the group key pool to calculate a first negotiation key between the members and the relay;
step S5, the member receives the question message and sends authentication response to the relay and the server respectively;
after receiving the question message, the member also correspondingly generates a first negotiation key between the member and the relay through a random number A;
after receiving the question message, the member also generates a pointer address B through a random number A, and correspondingly obtains a second random number parameter in a private key pool between the member and the server through the pointer address B, and the second random number parameter is calculated by combining an authentication key between the member and the server to obtain a second negotiation key between the member and the server;
step S6, after the authentication response aiming at the own party is verified by the relay, the secondary authentication response aiming at the server is forwarded to the server;
step S7, the server receives the secondary authentication response and sends the corresponding server authentication result to the relay after verification;
step S8, the relay sends the corresponding authentication result to the member according to the own party and the server verification result, so that the member can confirm to complete the AKA identity authentication.
CN201810530027.XA 2018-05-29 2018-05-29 Symmetric key pool and cross-relay based AKA-like identity authentication system and method Active CN108965243B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810530027.XA CN108965243B (en) 2018-05-29 2018-05-29 Symmetric key pool and cross-relay based AKA-like identity authentication system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810530027.XA CN108965243B (en) 2018-05-29 2018-05-29 Symmetric key pool and cross-relay based AKA-like identity authentication system and method

Publications (2)

Publication Number Publication Date
CN108965243A CN108965243A (en) 2018-12-07
CN108965243B true CN108965243B (en) 2020-10-16

Family

ID=64492319

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810530027.XA Active CN108965243B (en) 2018-05-29 2018-05-29 Symmetric key pool and cross-relay based AKA-like identity authentication system and method

Country Status (1)

Country Link
CN (1) CN108965243B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101459506A (en) * 2007-12-14 2009-06-17 华为技术有限公司 Cipher key negotiation method, system, customer terminal and server for cipher key negotiation
CN104159223A (en) * 2014-07-15 2014-11-19 清华大学 Identification method for relay communication user
WO2016114604A1 (en) * 2015-01-14 2016-07-21 Samsung Electronics Co., Ltd. Method and system for establishing a secure communication between remote ue and relay ue in a device to device communication network
CN106357649A (en) * 2016-09-23 2017-01-25 浙江神州量子网络科技有限公司 User identity authentication system and method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101459506A (en) * 2007-12-14 2009-06-17 华为技术有限公司 Cipher key negotiation method, system, customer terminal and server for cipher key negotiation
CN104159223A (en) * 2014-07-15 2014-11-19 清华大学 Identification method for relay communication user
WO2016114604A1 (en) * 2015-01-14 2016-07-21 Samsung Electronics Co., Ltd. Method and system for establishing a secure communication between remote ue and relay ue in a device to device communication network
CN106357649A (en) * 2016-09-23 2017-01-25 浙江神州量子网络科技有限公司 User identity authentication system and method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
improved extensible authentication protocol method for 3rd generation authentication and key agreement;J.Arkko;《IETF》;20171030;全文 *

Also Published As

Publication number Publication date
CN108965243A (en) 2018-12-07

Similar Documents

Publication Publication Date Title
CN108599925B (en) Improved AKA identity authentication system and method based on quantum communication network
US10841104B2 (en) System and method for secure relayed communications from an implantable medical device
CN108712252B (en) Symmetric key pool and relay-crossing based AKA identity authentication system and method
RU2421922C2 (en) METHOD AND DEVICE TO ESTABLISH SAFETY ASSOCIATIONS BETWEEN UNITS OF WIRELESS SELF-ORGANISING SINGLE-RANGE (ad-hoc) NETWORK
KR101019300B1 (en) Method and system for secure processing of authentication key material in an ad hoc wireless network
US7793103B2 (en) Ad-hoc network key management
RU2406251C2 (en) Method and device for establishing security association
WO2017185999A1 (en) Method, apparatus and system for encryption key distribution and authentication
CN108768632B (en) AKA identity authentication system and method based on symmetric key pool and relay communication
CN108964888B (en) Improved AKA identity authentication system and method based on symmetric key pool and relay communication
CN108599926B (en) HTTP-Digest improved AKA identity authentication system and method based on symmetric key pool
CN108964897B (en) Identity authentication system and method based on group communication
Guo et al. FogHA: An efficient handover authentication for mobile devices in fog computing
CN108964896B (en) Kerberos identity authentication system and method based on group key pool
CN108616350B (en) HTTP-Digest class AKA identity authentication system and method based on symmetric key pool
CN108632042A (en) A kind of class AKA identity authorization systems and method based on pool of symmetric keys
CN108880799B (en) Multi-time identity authentication system and method based on group key pool
CN108964895B (en) User-to-User identity authentication system and method based on group key pool and improved Kerberos
Khan et al. Secure authentication and key management protocols for mobile multihop WiMAX networks
CN106209384B (en) Use the client terminal of security mechanism and the communication authentication method of charging unit
CN108768661B (en) Improved AKA identity authentication system and method based on symmetric key pool and cross-relay
CN108965243B (en) Symmetric key pool and cross-relay based AKA-like identity authentication system and method
CN108737091B (en) AKA-like identity authentication system and method based on symmetric key pool and relay communication
CN109067705B (en) Improved Kerberos identity authentication system and method based on group communication
Gupta et al. Security mechanisms of Internet of things (IoT) for reliable communication: a comparative review

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant