CN109274489A - A kind of authentication key agreement method under TWDM-PON system - Google Patents

A kind of authentication key agreement method under TWDM-PON system Download PDF

Info

Publication number
CN109274489A
CN109274489A CN201811116391.8A CN201811116391A CN109274489A CN 109274489 A CN109274489 A CN 109274489A CN 201811116391 A CN201811116391 A CN 201811116391A CN 109274489 A CN109274489 A CN 109274489A
Authority
CN
China
Prior art keywords
onu
network unit
olt
key
line terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811116391.8A
Other languages
Chinese (zh)
Other versions
CN109274489B (en
Inventor
罗文俊
曾学茹
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing University of Post and Telecommunications
Original Assignee
Chongqing University of Post and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing University of Post and Telecommunications filed Critical Chongqing University of Post and Telecommunications
Priority to CN201811116391.8A priority Critical patent/CN109274489B/en
Publication of CN109274489A publication Critical patent/CN109274489A/en
Application granted granted Critical
Publication of CN109274489B publication Critical patent/CN109274489B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04QSELECTING
    • H04Q11/00Selecting arrangements for multiplex systems
    • H04Q11/0001Selecting arrangements for multiplex systems using optical switching
    • H04Q11/0062Network aspects

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Small-Scale Networks (AREA)

Abstract

The present invention relates to a kind of authentication key agreement methods under TWDM-PON system, belong to optical communication network security fields, including step S1: generating system master key and open parameter by OLT;S2: according to the unique identity of ONU, OLT is ONU generating portion private key, and part private key is sent to ONU, then generate complete private key and public key by ONU;S3:OLT sends request registration information and checks the signature that OLT is sent to ONU, ONU to verify authenticity, obtains the random number that OLT is sent, and be sent to OLT after the information for carrying registered value is signed and encrypted;S4:OLT is decrypted the ONU information sent and checks that ONU signs, and verifies message integrity and ONU identity, obtains random number and registered value;S5: according to the random number and registered value mutually transmitted, OLT and each self-generating master session key of ONU.The present invention can resist the attack patterns such as camouflage, eavesdropping, playback, ensure the safety of master session key.

Description

A kind of authentication key agreement method under TWDM-PON system
Technical field
The invention belongs to optical communication network security technology areas, are related to a kind of authentication key association under TWDM-PON system Quotient's method.
Background technique
Passive optical network (Passive Optical Network) is easily accessed with it, at low cost, can be provided high performance The advantages that data, the triple play service ability of voice and video, become the access technology of current mainstream.But with height The rapid growth of bandwidth applications and Internet service take 10Gbps as the ten thousand mbit ethernet optical-fiber networks and ten thousand of maximum bandwidth rates Million passive optical network have been unable to satisfy the following demand to bandwidth and quality of service.In May, 2011, full service access network forum hair The demand white paper of cloth next-generation passive optical network second stage (Next Generation PON Stage2, NG-PON2), will Long term evolution scheme of the NG-PON2 as next generation's PON technology needs mainly based on requirement of the user to high bandwidth is met Reach at least rate of 40Gbps.2012, FSAN was determined time-division Wave division multiplexing passive optical network (Time and Wavelength Division Multiplexed-PON, TWDM-PON) main research approach as NG-PON2, and start Draft G.989 series standard.Advantageous candidate of the TWDM-PON as next-generation passive optical network, using wavelength-division multiplex and time-division The advantages of being multiplexed hybrid multiplex mode, a large amount of wavelength can be provided in conjunction with time division multiplexing high capacity and wavelength-division multiplex, by not Wavelength-division multiplex frame is transferred to multiple users on co-wavelength, can lifting system on a large scale capacity and rate.
Passive optical network is typical point-to-multipoint structure, optical line terminal (Optical Line Terminal, OLT) It can be communicated with multiple optical network units (Optical Network Units, ONUs), in down direction, OLT passes through broadcast letter Road transmits same data to ONU, and then ONU selects data relevant to oneself to be received, remaining abandons it;In up direction, ONU independently sends data to OLT, and then OLT is handled and responded to the data of ONU.However, this structure will be to communication Process brings very big safety problem.With the development of TWDM-PON technology, each OLT can access the quantity of ONU increasingly It is more, even it can achieve 256 following, therefore, the authenticity of verifying OLT and ONU becomes particularly important.Join in international telecommunication In the G.989.3 standard of alliance's publication, three kinds of authentication mechanisms are proposed, are recognizing based on registered value Registration_ID respectively Card mechanism, the authentication mechanism based on OMCI and the authentication mechanism based on 802.1X, the protocol layer of operating position and TWDM-PON Relationship is as shown in Figure 1.Meanwhile also add in systems the no Request_Registration information of previous PON and Registration information is authenticated for ONU, it is desirable to the security threat faced in TWDM-PON is solved with this, still, in standard There is no propose detailed authentication method.
Generally speaking, face two problems at present about the security study of TWDM-PON system: one is for OLT and It is securely communicated between ONU, before the uplink and downlink data to PON encrypt, ONU should also be recognized each other mutually with OLT Card, then both sides calculate common master session key;The second is presently, there are certificate schemes to be largely all only applicable to ether Net passive optical network is not suitable for the detailed authenticated key agreement scheme of TWDM-PON system.
Bilinear map mapping: G is enabled1And G2Respectively q rank addition cyclic group and multiplicative cyclic group, wherein P is G1In any Member is generated, G is claimed1And G2Between be mapped as a bilinear map e:G1×G1→G2.Bilinear map mapping meets following item Part:
(1) bilinearity.Meet P, Q, R ∈ G for all1, there is e (P+Q, R)=e (P, R) e (Q, R) and e (P, Q+R) =e (P, Q) e (P, R).
(2) non-degeneracy.There are P, Q ∈ G1, so that e (P, Q) ≠ 1.
(3) computability.For any P, Q ∈ G1, there are the efficient algorithms of calculating e (P, Q).
Due to Bilinear map mapping be it is symmetrical, then for any P andThere is e (aP, bQ)=e (P, Q)ab
Dyscalculia of the safety of technical solution of the present invention based on following mathematical problem:
(1) discrete logarithm problem (DLP).It is known that there are two element P, Q ∈ G1, an integer can be foundSo that G1In There is Q=aP.
(2) Diffie-Hellman (CDH) problem is calculated.Given (P, aP, bP) ∈ G1AbP is calculated, whereinIt is Two random numbers, P are prime number q rank group G1Any generation member.
Summary of the invention
In view of this, it is an object of the invention to using ITU-T G.989.3 in based on registered value (Registration_ID) login mechanism, two-way authentication can be provided under TWDM-PON system and generate main meeting by providing one kind The method for talking about key enables TWDM-PON system effectively to avoid the security threats such as eavesdropping attack, spoof attack and bit flipping attack.
In order to achieve the above objectives, the invention provides the following technical scheme:
A kind of authentication key agreement method under TWDM-PON system, comprising the following steps:
S1: initial phase generates system master key and open parameter by optical line terminal OLT;
S2: registration phase, according to the unique identity of optical network unit ONU, optical line terminal OLT is optical network unit ONU generating portion private key, and the part private key is sent to optical network unit ONU by safe lane, then by optical network unit ONU generates complete private key and public key according to the part private key received;
S3: two-way authentication stage one, optical line terminal OLT send request registration information to optical network unit ONU, optical-fiber network Unit ONU obtains optical link by checking the signature that optical line terminal OLT is sent to verify the authenticity of optical line terminal OLT The random number that terminal OLT is sent, and be sent to after the information for carrying registered value Registration_ID is signed and encrypted Optical line terminal OLT;
S4: two-way authentication stage two, the information that optical line terminal OLT sends optical network unit ONU are decrypted and examine The signature of optical network unit ONU is looked into, the identity of message integrity and optical network unit ONU is verified, finally obtains and generates master session Random number needed for key and registered value;
S5: key generation phase, according to the random number and Registration_ID mutually transmitted, optical line terminal OLT and Each self-generating master session key of optical network unit ONU.
Further, in the TWDM-PON system, entity is authenticated there are two classes: optical line terminal OLT and more A optical network unit ONU, there is no Third Party Authentication centers or private key to generate center in the system, is given birth to by optical line terminal OLT It is optical network unit ONU generating portion key at system master key and open parameter, and by optical line terminal OLT.It does so Advantage is: having saved arrangement private key and has generated the cost at center, while having avoided private key escrow attack.
Further, in the authentication key agreement method under TWDM-PON system, the unique identities of optical network unit ONU Mark is made of two parts: the sequence number SN and optical line terminal OLT of optical network unit ONU are optical network unit ONU point The ONU-ID matched;
Further, in the TWDM-PON system, described in step C and signature operation described in step D includes two-wire Property to operation, Hash operation and scalar multiplication, encryption, decryption operation include XOR operation, Hash operation, scalar multiplication and Bilinear map operation.
Further, in the TWDM-PON system, key agreement phase described in step E, the purpose is to generate light Master session key needed for road terminal OLT and optical network unit ONU secure communication generates the packet that master session key needs Include: the identity information of optical line terminal OLT and optical network unit ONU both sides, both sides generate two random numbers and The registered value of optical network unit ONU transmitting.Meanwhile the specific steps of key agreement phase described in step E include:
S51: shared key is calculated according to the random number and optical line terminal OLT public key;
S52: according to shared key, it is close to generate master session by hashed value operation for identity information and registered value described in both sides Key.
Wherein the registered value Registration_ID is that TWDM-PON system is distinctive, and it is necessary to generate master session key Special parameter.
Further, during carrying out Authentication and Key Agreement, when needing to carry out information transmitting, the method is specific The following steps are included:
A: optical line terminal OLT is given open parameter broadcast delivery each by Serial_Number_Request information In the optical network unit ONU registered;
B1: optical network unit ONU passes through Serial_Number-ONU information for the sequence number of optical network unit ONU (Serial_Number) it is sent to authenticator's optical line terminal OLT;
B2: optical line terminal OLT is sent out the ONU-ID distributed for optical network unit ONU by Assign_ONU-ID information Give the optical network unit ONU;
C: optical line terminal OLT passes through after the necessary data of optical line terminal OLT and corresponding signature Registration_Request information is sent to the optical network unit ONU;
D: it after necessary data is signed and encrypted by optical network unit ONU, is sent to by Registration information Optical line terminal OLT.
Above-mentioned all information is all stored in the part PLOAM of the framing sublayer under the transmission convergence layer of TWDM-PON system In, fixed word length is 48 bytes.
Further, in the authentication key agreement method under TWDM-PON system, Registration_Request frame It is the peculiar frame of TWDM-PON with Registration frame, is to discriminate between the important mark of TWDM-PON system and other PON systems Know.
The technical solution of the present invention brings about beneficial effects:
Based on the unilateral authentication mechanism based on registered value proposed in ITU-T 989.3, propose a kind of detailed in TWDM- Authentication key agreement method in PON system can complete two-way authentication compared to the authentication mechanism proposed in standard, and generate Optical line terminal OLT and the necessary master session key of optical network unit ONU subsequent exchange of data.
Certification sufficiently is completed with the authentication information increased newly in TWDM-PON system, in the method, with open letter The PLOAM information transmitting signature in road and encryption information, when certification, only need to interact twice, and interaction flow is simple.
The part private key that system public parameter and optical network unit ONU are generated by optical line terminal OLT, avoids non-honest The attack of private key escrow caused by third party, while reducing the third-party cost of construction.
Optical line terminal OLT and optical network unit ONU are used in carrying out verification process using random number and timestamp mechanism To resist Replay Attack, while signing to encryption information is realized based on the related problem of Bilinear map hypothesis, can be supported The attack patterns such as anti-camouflage, eavesdropping, playback, and can ensure the safety of master session key.
Detailed description of the invention
In order to keep the purpose of the present invention, technical scheme and beneficial effects clearer, the present invention provides following attached drawing and carries out Illustrate:
Fig. 1 is the three kinds of authentication mechanism schematic diagrames G.989.3 proposed;
Fig. 2 is the certification code key machinery of consultation flow chart of the present invention under TWDM-PON system;
Fig. 3 is that information described in the embodiment of the present invention transmits schematic diagram.
Specific embodiment
Below in conjunction with attached drawing, a preferred embodiment of the present invention will be described in detail.
As shown in Figure 2 and Figure 3, the present invention provides a kind of authentication key agreement methods under TWDM-PON system, first It is initial phase, system master key and open parameter is generated by OLT, specific initialization procedure is as follows:
The common parameter of step 101:ONU generation system: the specific implementation process is as follows:
OLT selects two cyclic groups according to security parameter k: enabling G1For q rank addition cyclic group, G2For q rank multiplicative cyclic group, Wherein q > 2k, P G1In any generation member.Claim G1And G2Between be mapped as a bilinear map e:G1→G2.IfH2:{0,1}*→G1, H3:{0,1}*→{0,1}*For Hash Function,For cipher key derivation function.Then, OLT selects random numberMaster as system is close The private key of key and OLT, and calculate public key Ppub=sP ∈ G1.Finally, OLT announces the common parameter of TWDM-PON system:
{G1,G2,e,q,P,Ppub,H0,H1,H2,H3,H}
But s is maintained secrecy.
The mode that OLT announces the common parameter of TWDM-PON system is: being Serial_ by common parameter Information encapsulation Number_Request information, downlink broadcast is into each ONU.
After OLT completes system initialization and discloses parameter by Serial_Number_Request information announcement, it is contemplated that add Each ONU for entering the TWDM-PON system will carry out registration work, and specific registration process is as follows:
Step 102: generating the public and private key of ONU.Main includes generating ONU identity information, the fetching portion private key from OLT, ONU calculates complete private key and four partial content of public key.
(1) it generates ONU identity information: after ONU receives Serial_Number_Request information, sending its sequence to OLT Number SN, after OLT receives SN, first check for the SN whether there is in existing list of sequence numbers, then be the ONU if it does not exist An ONU-ID is distributed, has thus generated identity information<SN of ONU, ONU-ID>;
(2) fetching portion private key: OLT calculates QONU=H0(SN, ONU-ID) and dONU=sQONU, and part private key dONU Corresponding ONU is returned to by safe lane, meanwhile, ONU-ID is also sent to the ONU by Assign_ONU-ID information;
(3) calculate complete private key: ONU passes through first calculates the authenticity that following formula verifies its ONU-ID:Then random number is selectedCalculate the complete private key of oneself: skONU=xQONU+ dONU
(4) calculate public key: ONU calculates and announces the public key P of oneselfONU=xP.
When ONU needs to carry out partial data communication with OLT, it is necessary first to be mutually authenticated with OLT, specifically be authenticated Journey is as follows:
Step 103:OLT selects a random numberCalculate r1=n1P, and record current time stamp t0, then mention OLT identity information OLT-ID ∈ { 0,1 } * is taken, and generates message mOLT=(OLT-ID, ONU-ID, r1,t0, request), wherein OLT-ID field is used to declare the identity of ONU oneself, and ONU-ID is relevant to the ONU for extracting ONU from broadcast message PLOAM information, r1As freshness identifier and bipartite master session key is generated, request is for identifying frame type For Request_Registration information.
Then, OLT is to message mOLTIt signs: calculating h=H1(mOLT), then generate the information signature e (P of OLTONUh, QONU)。
Finally by information < mOLT,e(PONUh,QONU) > be encapsulated as Request_Registration frame is sent to ONU.
Step 104: after receiving Request_Registration frame, ONU obtains current time stamp t1, and check t1-t0≤ Δ T and r1Whether in existing current database table, the signature of OLT is then verified: according to the m receivedOLTCalculate h=H1 (mOLT), it is then whether true by the following signature for calculating verifying OLT: e (PONUh,QONU)=e (skONUP-PpubQONU, h), if One of them is invalid, then ONU refusal responds the information;If correct, then it represents that mOLTIt is not changed, confirms the message Integrality and OLT authenticity.
After being verified, ONU selects a random number being not used byCalculate r2=n2P.Record current time stamp t2, and generate information mONU=(ONU-ID, OLT-ID, r2,t2,R_ID).Wherein R_ID field contains the registered value of ONU Registraion_ID。
Then to information mONUIt is encrypted.Specific cryptographic operation is: calculating separately μ=H1(mONU, δ),Finally, ONU willIt is encapsulated as Registration information It is sent to OLT.
In step 104, ONU checks r1Whether the reason in existing current database table is, simultaneously due to multiple ONU It is authenticated with an OLT, may collide when sending message or the information of OLT has been more than time threshold, therefore The verification process of ONU can not may once succeed, and at this moment, ONU just needs to check whether the random number received is duplicate, use To resist Replay Attack.
Further, the correctness proof that above-mentioned signature is verified in step 104 is as follows:
e(PONUh,QONU)=e (xPQONU, h) and=e ((s+x) QONUP-QONUSP, h)=e (skONUP-PpubQONU,h)
After step 105:OLT receives Registration information, it is decrypted using part private key and the information received:
Firstly, calculatingObtain the value of δ;
Then, it calculatesExtract message mONU, OLT acquisition current time stamp t3, and check t3-t2≤ Δ T and r2Whether in existing current database table, H is finally verified1(mONU, δ) it is whether equal with μ.If equal, i.e., provable mONU's Message integrity, and demonstrate the authenticity of ONU.
In step 105, OLT checks r2Whether the reason in existing current database table is, simultaneously due to multiple ONU It is authenticated with an OLT, used random number may be sent to OLT by camouflage ONU, by checking the random number received Whether repeat, to prevent Replay Attack and spoof attack.
The correctness proof of Bilinear map operation is as follows in step 104 and 105:
e(Ppub+PONU,QONM)=e (sP+xP, QONU)=e ((s+x) QONU, P) and=e (skONU,P)
Further, in step 104 and 105, d is known due to only having OLT and the ONUONUValue, dONUIt is by exit passageway Transmission, it is determined that its confidentiality, accordingly, it is determined that only OLT and the ONU can calculate the value of δ, meanwhile, pass throughWith δ ability Calculate correct message mONU, avoid listener-in's progress message and distort, finally, verifying m againONUSigning messages H1(mONU, It is δ) whether equal with μ, by decrypting above and verification process, not only ensured the confidentiality of registered value Registration_ID, but also Demonstrate the authenticity of ONU.
More preferably, the information in step 101-105 is stored in of the framing under the transmission convergence layer of TWDM-PON system In the part PLOAM of layer, fixed word length is 48 bytes.
Step 106:OLT and ONU generate master session key respectively, and process includes:
ONU generates master session key:
(1) ONU calculates shared key K firstONU=n1×r2×Ppub
(2) SK is calculatedONU=H (ONU-ID, OLT-ID, KOLT, R_ID), SKONUAs master session key.
OLT generates master session key:
(1) OLT calculates shared key K firstOLT=n2×r1×Ppub
(2) SK is calculatedOLT=H (OLT-ID, ONU-ID, KOLT, R_ID), SKOLTAs master session key.
Due to KOLT=n2×r1×Ppub=n2×n1×P×Ppub=r2×n1×Ppub=KONU, so SKONU=SKOLT
In step 106, according to dispersed accumulation, even if attacker intercepts r1And r2Value, be also unable to get n2And n2 Value.If attacker calculates r1×r2×Ppub=n1×n2×s×P3≠KONU≠KOLT, shared key can not be constructed, also can not Therefore the value for obtaining s has ensured the safety of shared key and master session key.
Finally, it is stated that preferred embodiment above is only used to illustrate the technical scheme of the present invention and not to limit it, although logical It crosses above preferred embodiment the present invention is described in detail, however, those skilled in the art should understand that, can be Various changes are made to it in form and in details, without departing from claims of the present invention limited range.

Claims (7)

1. a kind of authentication key agreement method under TWDM-PON system, it is characterised in that: the following steps are included:
S1: initial phase generates system master key and open parameter by optical line terminal OLT;
S2: registration phase, according to the unique identity of optical network unit ONU, optical line terminal OLT is optical network unit ONU Generating portion private key, and the part private key is sent to optical network unit ONU by safe lane, then by optical network unit ONU Complete private key and public key are generated according to the part private key received;
S3: two-way authentication stage one, optical line terminal OLT send request registration information to optical network unit ONU, optical network unit ONU obtains optical line terminal by checking the signature that optical line terminal OLT is sent to verify the authenticity of optical line terminal OLT The random number that OLT is sent, and light is sent to after the information for carrying registered value Registration_ID is signed and encrypted Road terminal OLT;
S4: two-way authentication stage two, the information that optical line terminal OLT sends optical network unit ONU are decrypted and check light The signature of network unit ONU verifies the identity of message integrity and optical network unit ONU, finally obtains and generates master session key Required random number and registered value;
S5: key generation phase, according to the random number and Registration_ID mutually transmitted, optical line terminal OLT and light net Each self-generating master session key of network unit ONU.
2. the authentication key agreement method according to claim 1 under TWDM-PON system, it is characterised in that: described In TWDM-PON system, only exist two classes certification entity: an optical line terminal OLT and multiple optical network unit ONUs are not present Third Party Authentication center or private key generate center, generate system master key and open parameter by optical line terminal OLT, and by light Road terminal OLT is optical network unit ONU generating portion key.
3. the authentication key agreement method according to claim 1 under TWDM-PON system, it is characterised in that: the light The unique identity of network unit ONU includes the sequence number SN of optical network unit ONU and optical line terminal OLT is light net The ONU-ID of network unit ONU distribution;
4. the authentication key agreement method according to claim 1 under TWDM-PON system, it is characterised in that: step S3 It include Bilinear map operation, Hash operation and scalar multiplication, encryption, decryption with the operation mode sign in step S4 Operation includes XOR operation, Hash operation, scalar multiplication and Bilinear map operation.
5. the authentication key agreement method according to claim 1 under TWDM-PON system, it is characterised in that: in step In S5, the identity information and optical network unit that the information that master session key needs includes: optical line terminal OLT self-generating are generated The unique identity of ONU, the registered value for two random numbers and the optical network unit ONU transmitting that both sides generate;
The specific steps of step S5 include:
S51: shared key is calculated according to the random number and optical line terminal OLT public key;
S52: according to shared key, the identity information of optical line terminal OLT self-generating, optical network unit ONU unique identities mark Knowledge and registered value pass through hashed value operation and generate master session key.
Wherein the registered value Registration_ID is that TWDM-PON system is distinctive, generates the necessary spy of master session key Different parameter.
6. the authentication key agreement method according to claim 1 under TWDM-PON system, it is characterised in that: carrying out Certification and key generation process in, carry out information transmitting the step of it is as follows:
A: optical line terminal OLT gives open parameter broadcast delivery to each needs by Serial_Number_Request information In the optical network unit ONU registered;
B1: optical network unit ONU passes through Serial_Number-ONU information for the sequence number Serial_ of optical network unit ONU Number is sent to authenticator's optical line terminal OLT;
B2: the ONU-ID distributed for optical network unit ONU is sent to by optical line terminal OLT by Assign_ONU-ID information The optical network unit ONU;
C: optical line terminal OLT passes through Registration_ for after the necessary data of optical line terminal OLT and corresponding signature Request information is sent to the optical network unit ONU;
D: after necessary data is signed and encrypted by optical network unit ONU, light is sent to by Registration information Road terminal OLT.
Above-mentioned all information is all stored in the part PLOAM of the framing sublayer under the transmission convergence layer of TWDM-PON system, Fixed word length is 48 bytes.
7. -6 any authentication key agreement method under TWDM-PON system according to claim 1, it is characterised in that: Registration_Request frame and Registration frame are the peculiar frame of TWDM-PON, are to discriminate between TWDM-PON system With the important logo of other PON systems.
CN201811116391.8A 2018-09-25 2018-09-25 Authentication key negotiation method under TWDM-PON system Active CN109274489B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811116391.8A CN109274489B (en) 2018-09-25 2018-09-25 Authentication key negotiation method under TWDM-PON system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811116391.8A CN109274489B (en) 2018-09-25 2018-09-25 Authentication key negotiation method under TWDM-PON system

Publications (2)

Publication Number Publication Date
CN109274489A true CN109274489A (en) 2019-01-25
CN109274489B CN109274489B (en) 2021-05-28

Family

ID=65198045

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811116391.8A Active CN109274489B (en) 2018-09-25 2018-09-25 Authentication key negotiation method under TWDM-PON system

Country Status (1)

Country Link
CN (1) CN109274489B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111786773A (en) * 2020-06-24 2020-10-16 重庆邮电大学 TWDM-PON system physical layer security method based on MD5 check sum AES encryption
CN114124578A (en) * 2022-01-25 2022-03-01 湖北芯擎科技有限公司 Communication method, device, vehicle and storage medium
EP4422120A1 (en) * 2023-02-27 2024-08-28 Nokia Solutions and Networks Oy Secure identifier exchange in an optical network

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103220588A (en) * 2012-01-18 2013-07-24 中兴通讯股份有限公司 Registration method and registration system of optical network unit (ONU)
CN103905209A (en) * 2014-04-30 2014-07-02 殷爱菡 Mutual authentication method based on NTRUSign passive optical network access

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103220588A (en) * 2012-01-18 2013-07-24 中兴通讯股份有限公司 Registration method and registration system of optical network unit (ONU)
CN103905209A (en) * 2014-04-30 2014-07-02 殷爱菡 Mutual authentication method based on NTRUSign passive optical network access

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
XIAOLING XU等: "《ENCRYPTION METHOD OF NEXT GENERATION PON SYSTEM》", 《PROCEEDINGS OF IC-BNMT2010》 *
闫复利: "《TWDM-PON技术研究》", 《信息通信》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111786773A (en) * 2020-06-24 2020-10-16 重庆邮电大学 TWDM-PON system physical layer security method based on MD5 check sum AES encryption
CN111786773B (en) * 2020-06-24 2022-10-18 重庆邮电大学 TWDM-PON system physical layer security method based on MD5 check and AES encryption
CN114124578A (en) * 2022-01-25 2022-03-01 湖北芯擎科技有限公司 Communication method, device, vehicle and storage medium
CN114124578B (en) * 2022-01-25 2022-04-15 湖北芯擎科技有限公司 Communication method, device, vehicle and storage medium
EP4422120A1 (en) * 2023-02-27 2024-08-28 Nokia Solutions and Networks Oy Secure identifier exchange in an optical network

Also Published As

Publication number Publication date
CN109274489B (en) 2021-05-28

Similar Documents

Publication Publication Date Title
CN109194478B (en) Method for generating SM9 digital signature by combining multiple parties under asymmetric environment
JP5366108B2 (en) Passive optical network security enhancement based on optical network terminator management control interface
KR100675836B1 (en) Authentication method for a link protection in EPON
CN112039872A (en) Cross-domain anonymous authentication method and system based on block chain
KR100715679B1 (en) System and method for providing authenticated encryption in gpon network
CN110087239A (en) Based on the anonymous access authentication and cryptographic key negotiation method and device in 5G network
CN110011802A (en) A kind of two side of efficient SM9 cooperates with the method and system of generation digital signature
US10742426B2 (en) Public key infrastructure and method of distribution
CN107947913A (en) The anonymous authentication method and system of a kind of identity-based
US9992177B2 (en) Method and system for modifying an authenticated and/or encrypted message
CN109274489A (en) A kind of authentication key agreement method under TWDM-PON system
CN108833373A (en) The instant messaging and anonymous access method of facing relation secret protection social networks
CN102239661A (en) Method and device for exchanging key
Tian A new strong multiple designated verifiers signature
CN102239654B (en) Authentication method and apparatus for passive optical network device
CN113676448B (en) Offline equipment bidirectional authentication method and system based on symmetric key
CN116488800B (en) Heterogeneous aggregation signature system applied to signature terminal
CN116566646A (en) Internet of vehicles anonymous quick identity authentication method based on double-chain architecture and national encryption algorithm
Roh et al. Design of authentication and key exchange protocol in Ethernet passive optical networks
Shim Security analysis of various authentication schemes based on three types of digital signature schemes
Yin et al. Secure authentication scheme for 10 Gbit/s Ethernet passive optical networks
Garcia-Morchon et al. Efficient quantum-resistant trust Infrastructure based on HIMMO
WO2024168435A1 (en) Multimodal cryptographic system, computer executable instructions and method
Tanwar et al. Applications of Digital Signatures in Cryptography
Yin et al. Design of a mutual authentication based on NTRUsign with a perturbation and inherent multipoint control protocol frames in an Ethernet-based passive optical network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant