CN109474438B - Intelligent terminal access authentication method based on selective leakage - Google Patents

Intelligent terminal access authentication method based on selective leakage Download PDF

Info

Publication number
CN109474438B
CN109474438B CN201811585180.9A CN201811585180A CN109474438B CN 109474438 B CN109474438 B CN 109474438B CN 201811585180 A CN201811585180 A CN 201811585180A CN 109474438 B CN109474438 B CN 109474438B
Authority
CN
China
Prior art keywords
intelligent terminal
node
access unit
authentication
root
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201811585180.9A
Other languages
Chinese (zh)
Other versions
CN109474438A (en
Inventor
刘虹
程乾阳
陈长松
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
East China Normal University
Third Research Institute of the Ministry of Public Security
Original Assignee
East China Normal University
Third Research Institute of the Ministry of Public Security
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by East China Normal University, Third Research Institute of the Ministry of Public Security filed Critical East China Normal University
Priority to CN201811585180.9A priority Critical patent/CN109474438B/en
Publication of CN109474438A publication Critical patent/CN109474438A/en
Application granted granted Critical
Publication of CN109474438B publication Critical patent/CN109474438B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses an intelligent terminal access authentication method based on selective leakage, which utilizes light operators such as a single-term HMAC function, an exclusive-or operation and the like and combines a Huffman tree to realize mutual authentication between an intelligent terminal V and an access unit R. Before formal authentication, the intelligent terminal V pre-shares a certificate containing a hash value root through the trusted third party to the access unit R. The authentication process is divided into two phases: in the first stage, the intelligent terminal V uses random numbers and secret value mapping to finish the authentication of the identity validity of an access unit R; and in the second stage, the information of the intelligent terminal V is selectively revealed by means of the Huffman tree, and the authentication of the identity validity of the intelligent terminal V by the access unit R is realized. The method and the system remarkably improve the safety and flexibility of the authentication process, can effectively avoid directly exposing sensitive data of the intelligent network connection vehicle to the roadbed unit besides defending attacks such as message replay and the like, and are suitable for a safe interaction application scene with data sharing requirements.

Description

Intelligent terminal access authentication method based on selective leakage
Technical Field
The invention relates to the field of intelligent terminal safety, in particular to an intelligent terminal access authentication method based on selective leakage.
Background
With the rise of the internet of things, the application prospect of the intelligent terminal becomes wider. Nowadays, intelligent terminals are widely deployed in various systems and applied to security critical industries such as vehicle networking and industrial control, which makes the functions of the intelligent terminals more important and makes the network environment more complex. The problem of how to safely and efficiently access the intelligent terminal to the increasingly complex network needs to be solved urgently. The traditional end-to-end encryption-based communication protocol faces various threats, and replay attack can be easily realized by intercepting data packets transmitted on a channel, so that an unforeseen result is generated. Therefore, a secure authentication protocol is needed to verify the validity of the identity of the authentication object in the access link.
In the application scenarios of many intelligent terminals, the specific requirements of authentication are often different from those of most traditional networks. Taking the car networking as an example, on one hand, the performance and the storage space of the network access unit are limited, and the network access unit may need to process a large number of access requests from the intelligent terminal at the same time; on the other hand, the service received by the internet connection after accessing the network may not need to authenticate all the attribute information stored on the intelligent terminal. Many conventional authentication methods based on cryptographic algorithms are no longer suitable for this scenario. Therefore, the authentication method used by the intelligent terminal when accessing the network not only needs high efficiency and low storage, but also needs to use a selective disclosure mechanism to avoid exposing privacy information irrelevant to the session.
Disclosure of Invention
Aiming at the technical problem, the invention provides an intelligent terminal access authentication method based on selective leakage, which comprises an intelligent terminal V, an access unit R and a trusted third party, wherein the intelligent terminal V has a pseudo-identity identifier PIDVSharing secret SVAnd local data set
Figure BDA0001918913750000011
(l∈N*) (ii) a The access unit R maintains a secret mapping table, and the secret mapping table is used for mapping the shared secret S of each intelligent terminal VVPseudo-identity identifier PID mapped to corresponding intelligent terminal VVAnd a pre-shared key kv;kvThe key of the HMAC function used for authentication between the intelligent terminal V and the access unit R is also the encryption key of the subsequent session; the intelligent terminal V also needs to be connected with a trusted third party
Figure BDA0001918913750000012
The generated certificate is pre-shared to an access unit R; the method comprises the following steps:
the method comprises the following steps: the intelligent terminal V pre-shares the certificate containing the hash value root through the trusted third direction access unit R;
step two: the intelligent terminal V uses the random number and the secret value mapping to finish the authentication of the identity validity of the access unit R;
step three: and selectively revealing the information of the intelligent terminal V by means of the Huffman tree, and realizing the authentication of the identity legitimacy of the intelligent terminal V by the access unit R.
In the method for authenticating the access of the intelligent terminal based on the selective leakage, the intelligent terminal V pre-shares the certificate containing the hash value root through the trusted third direction access unit R, and the method comprises the following steps: step a 1: the intelligent terminal V utilizes a pseudo-random function generator to generate a group of pseudo-random numbers
Figure BDA0001918913750000013
Reuse of
Figure BDA0001918913750000014
For local data set
Figure BDA0001918913750000021
Record as
Figure BDA0001918913750000022
Performing random processing, and calculating to obtain temporary data set
Figure BDA0001918913750000023
Figure BDA0001918913750000024
Figure BDA0001918913750000025
……
Figure BDA0001918913750000026
Wherein "#" is used as a special symbol for dividing and defining
Figure BDA0001918913750000027
And
Figure BDA0001918913750000028
the data field of (1);
step a 2: the intelligent terminal V obtains a group of values by utilizing the one-way Hash function calculation
Figure BDA0001918913750000029
Figure BDA00019189137500000210
Figure BDA00019189137500000211
……
Figure BDA00019189137500000212
Step a 3: intelligent terminal V will
Figure BDA00019189137500000213
Record as
Figure BDA00019189137500000214
) Will be
Figure BDA00019189137500000215
Recording and sending to a trusted third party;
step a 4: trusted third party detection
Figure BDA00019189137500000216
The value of (d) ensures one-to-one correspondence;
step a 5: the trusted third party takes the probability of each attribute being shown as a weight to construct a Huffman tree, and uses the probability
Figure BDA00019189137500000217
As leaf nodes, constructing a Huffman tree according to the corresponding weight of each node;calculating hash values F of non-leaf nodesnode=H(child1||child2),child1And child2Respectively representing the values of left and right child nodes of a certain non-leaf node, | | | represents cascade connection; all node values of the Huffman tree can be obtained through the calculation, and the value of the root node is marked as root;
step a 6: and the trusted third party sends the hash value root to the access unit R and sends the whole Huffman tree to the intelligent terminal V.
In the method for authenticating the access of the intelligent terminal based on the selective leakage, the intelligent terminal V uses random numbers and secret value mapping to finish the authentication of the identity validity of an access unit R, and the method comprises the following steps:
step b 1: the intelligent terminal V utilizes a pseudo-random function generator to generate pseudo-random number r'VExtracting local SV(ii) a R 'of intelligent terminal V'V||SVSending the request to an access unit R as an access request and opening a new session period;
step b 2: when access unit R receives R'V||SVThereafter, a pseudo random number r is generated using a pseudo random function generatorRAccording to SVExtracting corresponding pseudo ID PID from the secret mapping table stored locallyVAnd kvCalculating to obtain MRAnd concatenates the messages rR||MRReturning to P as a response;
Figure BDA00019189137500000218
step b 3: when the intelligent terminal V receives rR||MRThereafter, local PID is extractedVAnd kvCalculated using them
Figure BDA00019189137500000219
By comparing received MRAnd M'RThe identity authenticity of the access unit R is verified; if the two values are equal, the intelligent terminal V considers thatThe access unit R is a legal device, and the protocol continues; otherwise the protocol terminates.
In the method for authenticating the access of the intelligent terminal based on the selective leakage, the information of the intelligent terminal V is selectively leaked by means of the Huffman tree, so that the identity validity of the intelligent terminal V is authenticated by the access unit R, and the method comprises the following steps:
step c 1: the intelligent terminal V selects a part of temporary data set to be shared
Figure BDA0001918913750000031
(i ∈ {1, 2.., m }), the remaining dataset is labeled as
Figure BDA0001918913750000032
(i ∈ {1, 2.,. n }), can be found directly in the Huffman tree
Figure BDA0001918913750000033
And
Figure BDA0001918913750000034
corresponding leaf node
Figure BDA0001918913750000035
(i ∈ {1, 2.,. m }) and
Figure BDA0001918913750000036
(i e {1, 2.., n }), all inclusive
Figure BDA0001918913750000037
Medium node, none
Figure BDA0001918913750000038
Root node set of subtree of middle nodes
Figure BDA0001918913750000039
(i ∈ {1, 2.., k }), and then from
Figure BDA00019189137500000310
Finding parent node not belonging to
Figure BDA00019189137500000311
The nodes of (2) form a set
Figure BDA00019189137500000312
(i ∈ {1, 2...., s }), according to a Huffman tree, utilizing
Figure BDA00019189137500000313
And
Figure BDA00019189137500000314
calculating to obtain a root node value root of the Huffman tree; intelligent terminal V calculation
Figure BDA00019189137500000315
And MVAnd r isR
Figure BDA00019189137500000316
MVAnd
Figure BDA00019189137500000317
sending to an access unit R;
Figure BDA00019189137500000329
Figure BDA00019189137500000318
step c 2: when access unit R receives RR
Figure BDA00019189137500000319
MVAnd
Figure BDA00019189137500000320
first calculate
Figure BDA00019189137500000321
Comparison MVAnd M'V(ii) a If not, the protocol is terminated, otherwise, the process continues;
step c 3: access Unit R computation
Figure BDA00019189137500000322
By using
Figure BDA00019189137500000323
And
Figure BDA00019189137500000324
calculating to obtain a root ', comparing whether the root' is equal to a locally stored root or not, and verifying the authenticity of the identity of the intelligent terminal V; if the two values are equal, the access unit R considers that the intelligent terminal V is a legal device, and the protocol is normally ended.
In the selective leakage-based intelligent terminal access authentication method, a once recursion function mark (node) is used for searching
Figure BDA00019189137500000325
The process of (2), comprising:
(1) if the node is a leaf node, executing:
if it is not
Figure BDA00019189137500000326
Marking the node, otherwise returning;
(2) if the node is not a leaf node, performing:
mark (c) is executed first1) And mark (c)2),c1And c2Is a child node of the node; and then judging c1And c2If the nodes are marked, marking the nodes, and otherwise returning.
In the selective leakage-based intelligent terminal access authentication method, a function search (node) is searched for through one-time traversal
Figure BDA00019189137500000327
The process of (2), comprising:
(1) if the node is a leaf node, executing:
if the node is marked, the node is added to the result set
Figure BDA00019189137500000328
Otherwise, returning;
(2) if the node is not a leaf node, performing:
if the node is marked, the node is added
Figure BDA0001918913750000041
Otherwise, execute search (c)1) And search (c)2),c1And c2Are child nodes of the node.
The method provided by the invention obviously improves the safety and flexibility of the authentication process, can effectively avoid directly exposing sensitive data of the intelligent network connection vehicle to the roadbed unit besides defending attacks such as message replay and the like, and is suitable for a safe interaction application scene with a data sharing requirement.
Drawings
Fig. 1 is a flowchart of an intelligent terminal access authentication method based on selective leakage according to the present invention.
Fig. 2 is a schematic flowchart of an intelligent terminal access authentication method based on selective leakage according to the present invention.
FIG. 3 is a hash tree constructed according to weights in an embodiment of the present invention.
Detailed Description
The technical solutions of the present invention are described in detail below with reference to the drawings and specific embodiments, and it should be understood that the specific features in the embodiments and examples of the present invention are described in detail in the technical solutions of the present application, and are not limited to the technical solutions of the present application, and the technical features in the embodiments and examples of the present application may be combined with each other without conflict.
As shown in fig. 1 and fig. 2, the present invention discloses an intelligent terminal access authentication method based on selective leakage. The method utilizes light operators such as a single HMAC function, an exclusive-or operation and the like, and combines a Huffman tree to realize mutual authentication between the intelligent terminal V and the access unit R. Before formal authentication, the intelligent terminal V pre-shares a certificate containing a hash value root through the trusted third party to the access unit R. The authentication process is divided into two phases: in the first stage, the intelligent terminal V uses random numbers and secret value mapping to finish the authentication of the identity validity of an access unit R; and in the second stage, the information of the intelligent terminal V is selectively revealed by means of the Huffman tree, and the authentication of the identity validity of the intelligent terminal V by the access unit R is realized.
The embodiment of the invention provides an intelligent terminal access authentication method based on selective leakage. The invention is realized by adopting the following technical scheme:
intelligent terminal V possesses pseudo-identity identifier PIDVSharing secret SVAnd local data set
Figure BDA0001918913750000042
(l∈N*) (ii) a The access unit R maintains a secret mapping table which maps the shared secret S of each intelligent terminal VVPseudo-identity identifier PID mapped to corresponding intelligent terminal VVAnd a pre-shared key kv;kvThe key of the HMAC function used for authentication between the intelligent terminal V and the access unit R is also the encryption key of the subsequent session; before starting authentication, the intelligent terminal V also needs to pass through a trusted third party
Figure BDA0001918913750000043
The generated certificate is pre-shared to the access unit R.
The certificate generation and pre-sharing process is as follows:
step a 1: the intelligent terminal V firstly utilizes a pseudo-random function generator to generate a group of pseudo-random numbers
Figure BDA0001918913750000044
Reuse of
Figure BDA0001918913750000045
For local data set
Figure BDA0001918913750000046
(note as
Figure BDA0001918913750000047
) Performing random processing, and calculating to obtain temporary data set
Figure BDA0001918913750000048
Figure BDA0001918913750000051
Figure BDA0001918913750000052
……
Figure BDA0001918913750000053
Wherein "#" is used as a special symbol for dividing and defining
Figure BDA0001918913750000054
And
Figure BDA0001918913750000055
the data field of (1);
step a 2: the intelligent terminal V obtains a group of values by utilizing the one-way Hash function calculation
Figure BDA0001918913750000056
Figure BDA0001918913750000057
Figure BDA0001918913750000058
……
Figure BDA0001918913750000059
Step a 3: intelligent terminal V will
Figure BDA00019189137500000510
(note as
Figure BDA00019189137500000511
)、
Figure BDA00019189137500000512
(note as
Figure BDA00019189137500000513
) To a trusted third party (e.g., a certificate authority);
step a 4: trusted third party detection
Figure BDA00019189137500000514
The value of (d) ensures one-to-one correspondence;
step a 5: in order to reduce the storage space required for storing the certificate, a trusted third party needs to implement a selective leakage mechanism by using a huffman tree with hash values as nodes. This selective leakage authentication scheme constructs a huffman tree considering the probability (requiring advanced statistics) that each attribute is presented as a weight, and the depth of attribute nodes with high probability in the tree is smaller than nodes with low probability, which makes the scheme more efficient than the selective leakage authentication scheme based on the Merkle tree in most cases.
Trusted third party usage
Figure BDA00019189137500000515
And as leaf nodes, constructing a Huffman tree according to the corresponding weight of each node. Calculating hash values F of non-leaf nodesnode=H(child1||child2),child1And child2Respectively representing the values of the left and right child nodes of a certain non-leaf node,and | represents concatenation. All node values of the Huffman tree can be obtained through the calculation, and the value of the root node is marked as root.
Step a 6: and then, the trusted third party sends the hash value root to the access unit R and sends the whole Huffman tree to the intelligent terminal V.
The security authentication method for the intelligent terminal comprises the following steps:
step b 1: the intelligent terminal V utilizes a pseudo-random function generator to generate pseudo-random number r'VExtracting local SV(ii) a R 'of intelligent terminal V'V||SVSending the request to an access unit R as an access request and opening a new session period;
step b 2: when access unit R receives R'V||SVThereafter, a pseudo random number r is generated using a pseudo random function generatorRAccording to SVExtracting corresponding pseudo ID PID from the secret mapping table stored locallyVAnd kvCalculating to obtain MRAnd concatenates the messages rR||MRReturning to P as a response;
Figure BDA0001918913750000061
step b 3: when the intelligent terminal V receives rR||MRThereafter, local PID is extractedVAnd kvCalculated using them
Figure BDA0001918913750000062
By comparing received MRAnd M'RThe identity authenticity of the access unit R is verified; if the two values are equal, the intelligent terminal V considers that the access unit R is a legal device, and the protocol continues; otherwise the protocol terminates.
Step c 1: the intelligent terminal V selects a part of temporary data set to be shared
Figure BDA0001918913750000063
Marking as
Figure BDA0001918913750000064
(i ∈ {1, 2.,. n }), can be found directly in the Huffman tree
Figure BDA0001918913750000065
And
Figure BDA0001918913750000066
corresponding leaf node
Figure BDA0001918913750000067
(i ∈ {1, 2.,. m }) and
Figure BDA00019189137500000620
(i ∈ {1, 2., n }). All are contained in
Figure BDA0001918913750000068
Medium node, none
Figure BDA0001918913750000069
Root node set of subtree of middle nodes
Figure BDA00019189137500000610
(i ∈ {1, 2.., k }), and then from
Figure BDA00019189137500000611
Electing a parent node not belonging to
Figure BDA00019189137500000612
The nodes of (2) form a set
Figure BDA00019189137500000613
(i ∈ {1, 2.., s }). According to Huffman tree, using
Figure BDA00019189137500000614
And
Figure BDA00019189137500000615
the root node value root of the huffman tree can be calculated. Lookup
Figure BDA00019189137500000616
Can be implemented by a recursion and a traversal.
The recursive function mark (node) performs the following procedure:
(1) if the node is a leaf node, executing:
if it is not
Figure BDA00019189137500000617
Marking the node, otherwise returning;
(2) if the node is not a leaf node, performing:
mark (c) is executed first1) And mark (c)2),c1And c2Is a child node of the node; and then judging c1And c2If the nodes are marked, marking the nodes, and otherwise returning.
The traversal function search (node) performs the following:
(1) if the node is a leaf node, executing:
if the node is marked, the node is added to the result set
Figure BDA00019189137500000618
Otherwise, returning;
(2) if the node is not a leaf node, performing:
if the node is marked, the node is added
Figure BDA00019189137500000619
Otherwise, execute search (c)1) And search (c)2),c1And c2Are child nodes of the node.
Intelligent terminal V calculation
Figure BDA0001918913750000071
And MVAnd r isR
Figure BDA0001918913750000072
MVAnd
Figure BDA0001918913750000073
to the access unit R.
Figure BDA0001918913750000074
Figure BDA0001918913750000075
Step c 2: when access unit R receives RR
Figure BDA0001918913750000076
MVAnd
Figure BDA0001918913750000077
first calculating similarly to step 3
Figure BDA0001918913750000078
Figure BDA0001918913750000079
Comparison MVAnd M'V(ii) a If not, the protocol terminates, otherwise continues.
Step c 3: access Unit R computation
Figure BDA00019189137500000710
By using
Figure BDA00019189137500000711
And
Figure BDA00019189137500000712
calculating to obtain a root ', comparing whether the root' is equal to a locally stored root or not, and verifying the authenticity of the identity of the intelligent terminal V; if the two values are equal, the access unit R considers the intelligent terminal V as a legal device and the protocol is positiveAnd (5) ending the process.
Example (b):
first, system initialization
Intelligent terminal V possesses pseudo-identity identifier PIDVSharing secret SVAnd local data set
Figure BDA00019189137500000713
(l∈N*) (ii) a The access unit R maintains a secret mapping table which maps the shared secret S of each intelligent terminal VVPseudo-identity identifier PID mapped to corresponding intelligent terminal VVAnd a pre-shared key kv;kvThe key of the HMAC function used for authentication between the intelligent terminal V and the access unit R is also the encryption key of the subsequent session; before starting authentication, the intelligent terminal V also needs to pass through a trusted third party
Figure BDA00019189137500000714
The generated certificate is pre-shared to the access unit R.
Intelligent terminal V possesses pseudo-identity identifier PIDVSharing secret SVAnd local data set
Figure BDA00019189137500000715
The access unit R maintains a secret mapping table which is used for sharing the secret S of each intelligent terminal VVPseudo-identity identifier PID mapped to corresponding intelligent terminal VVAnd a pre-shared key kv;kvThe key of the HMAC function used for authentication between the intelligent terminal V and the access unit R is also the encryption key of the subsequent session; before starting authentication, the intelligent terminal V also needs to pass through a trusted third party
Figure BDA00019189137500000716
The generated certificate is pre-shared to the access unit R.
The certificate generation and pre-sharing process is as follows:
the intelligent terminal V firstly utilizes a pseudo-random function generator to generate a group of pseudo-random numbers
Figure BDA00019189137500000717
Reuse of
Figure BDA00019189137500000718
For local data set
Figure BDA00019189137500000719
Performing random processing, and calculating to obtain temporary data set
Figure BDA00019189137500000720
Figure BDA00019189137500000721
Figure BDA00019189137500000722
Figure BDA0001918913750000081
Figure BDA0001918913750000082
Figure BDA0001918913750000083
Figure BDA0001918913750000084
Wherein "#" is used as a special symbol for dividing and defining
Figure BDA0001918913750000085
And
Figure BDA0001918913750000086
the data field of (1);
the intelligent terminal V obtains a group of values by utilizing the one-way Hash function calculation
Figure BDA0001918913750000087
Figure BDA0001918913750000088
Figure BDA0001918913750000089
Figure BDA00019189137500000810
Figure BDA00019189137500000811
Figure BDA00019189137500000812
Figure BDA00019189137500000813
Intelligent terminal V will
Figure BDA00019189137500000820
(note as
Figure BDA00019189137500000814
)、
Figure BDA00019189137500000815
(note as
Figure BDA00019189137500000816
) To a trusted third party (e.g. certificate authority) that is trustedSquare detection
Figure BDA00019189137500000817
The value of (d) ensures one-to-one correspondence; in order to reduce the storage space required for storing the certificate, a selection leakage mechanism needs to be implemented by means of a huffman tree with hash values as nodes. This selective leakage authentication scheme constructs a huffman tree considering the probability (requiring advanced statistics) that each attribute is presented as a weight, and the depth of attribute nodes with high probability in the tree is smaller than nodes with low probability, which makes the scheme more efficient than the selective leakage authentication scheme based on the Merkle tree in most cases.
Trusted third party usage
Figure BDA00019189137500000818
And as leaf nodes, constructing a Huffman tree according to the corresponding weight of each node. Calculating hash values F of non-leaf nodesnode=H(child1||child2),child1And child2Respectively representing the values of the left and right child nodes of a certain non-leaf node, and | l represents cascade connection. All node values of the Huffman tree can be obtained through the calculation, and the value of the root node is marked as root.
In order to explain the construction of the Huffman tree and the use of the Huffman tree in authentication in detail, a road vehicle limit behavior scene is explained. It is assumed that a certain road section is restricted according to the license plate attribution and the vehicle type, and only cars or buses with local license plates are allowed to pass. Assuming that the six attributes of the identity, the license plate, the type, the brand, the color and the service life of a certain vehicle driver are shown as 21, 31, 9, 10, 6 and 5 in sequence, and obtaining the attribute through random processing and Hash
Figure BDA00019189137500000819
The hash tree constructed according to the weight values is as shown in fig. 3.
The hash value of each non-leaf node is:
Figure BDA0001918913750000091
Figure BDA0001918913750000092
Figure BDA0001918913750000093
Figure BDA0001918913750000094
Figure BDA0001918913750000095
and then, the trusted third party sends the hash value root to the access unit R and sends the whole Huffman tree to the intelligent terminal V.
Second, authentication process
The security authentication method for the intelligent terminal comprises the following steps:
the intelligent terminal V utilizes a pseudo-random function generator to generate pseudo-random number r'VExtracting local SV(ii) a R 'of intelligent terminal V'V||SVSending the request to an access unit R as an access request and opening a new session period;
when access unit R receives R'V||SVThereafter, a pseudo random number r is generated using a pseudo random function generatorRAccording to SVExtracting corresponding pseudo ID PID from the secret mapping table stored locallyVAnd kvCalculating to obtain MRAnd concatenates the messages rR||MRReturning to P as a response;
Figure BDA0001918913750000096
when the intelligent terminal V receives rR||MRThereafter, local PID is extractedVAnd kvCalculated using them
Figure BDA0001918913750000097
Figure BDA0001918913750000098
By comparing received MRAnd M'RThe identity authenticity of the access unit R is verified; if the two values are equal, the intelligent terminal V considers that the access unit R is a legal device, and the protocol continues; otherwise, the protocol is terminated;
the intelligent terminal V selects a part of temporary data set to be shared
Figure BDA0001918913750000099
And
Figure BDA00019189137500000910
remaining data set flag
Figure BDA00019189137500000911
Can be directly found in a Huffman tree
Figure BDA00019189137500000912
And
Figure BDA00019189137500000913
corresponding leaf node
Figure BDA00019189137500000914
And
Figure BDA00019189137500000915
all are contained in
Figure BDA00019189137500000916
Medium node, none
Figure BDA00019189137500000917
Root node set of subtree of middle nodes
Figure BDA00019189137500000918
(i ∈ {1, 2.., k }), and then from
Figure BDA00019189137500000919
Electing a parent node not belonging to
Figure BDA00019189137500000920
The nodes of (2) form a set
Figure BDA00019189137500000921
(i ∈ {1, 2.., s }). According to Huffman tree, using
Figure BDA00019189137500000922
And
Figure BDA00019189137500000923
the root node value root of the huffman tree can be calculated. Lookup
Figure BDA0001918913750000101
Can be implemented by a recursion and a traversal.
The recursive function mark (node) performs the following procedure:
(1) if the node is a leaf node, executing:
if it is not
Figure BDA0001918913750000102
Marking the node, otherwise returning;
(2) if the node is not a leaf node, performing:
mark (c) is executed first1) And mark (c)2),c1And c2Is a child node of the node; and then judging c1And c2If the nodes are marked, marking the nodes, and otherwise returning.
The traversal function search (node) performs the following:
(1) if the node is a leaf node, executing:
if the node is marked, the node is addedResult set
Figure BDA0001918913750000103
Otherwise, returning;
(2) if the node is not a leaf node, performing:
if the node is marked, the node is added
Figure BDA0001918913750000104
Otherwise, execute search (c)1) And search (c)2),c1And c2Are child nodes of the node.
Intelligent terminal V calculates AV、BVAnd CVAnd r isR
Figure BDA0001918913750000105
Figure BDA0001918913750000106
And MVTo the access unit R.
Figure BDA0001918913750000107
Figure BDA0001918913750000108
Figure BDA0001918913750000109
When access unit R receives RR
Figure BDA00019189137500001010
And MVLike calculation first
Figure BDA00019189137500001011
Figure BDA00019189137500001012
Comparison MVAnd M'V(ii) a If not, the protocol terminates, otherwise continues. Access Unit R computation
Figure BDA00019189137500001013
And
Figure BDA00019189137500001014
Figure BDA00019189137500001015
by using
Figure BDA00019189137500001016
And
Figure BDA00019189137500001017
calculating to obtain a root ', comparing whether the root' is equal to a locally stored root or not, and verifying the authenticity of the identity of the intelligent terminal V; if the two values are equal, the access unit R considers that the intelligent terminal V is a legal device, and the protocol is normally ended.
Still taking the vehicle restriction scene used in pre-sharing as an example, the intelligent terminal V is finally released
Figure BDA00019189137500001018
Figure BDA00019189137500001019
And AV||CVAnd step 4, the access unit R is calculated as follows:
Figure BDA00019189137500001020
Figure BDA00019189137500001021
Figure BDA0001918913750000111
Figure BDA0001918913750000112
Figure BDA0001918913750000113
Figure BDA0001918913750000114
and finally comparing the root' with the root to authenticate the validity of the intelligent terminal V.
The above description is only a preferred embodiment of the present invention, and does not limit the present invention in any way. It will be understood by those skilled in the art that various changes, substitutions and alterations can be made herein without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (6)

1. An intelligent terminal access authentication method based on selective disclosure is characterized by comprising an intelligent terminal V, an access unit R and a trusted third party, wherein the intelligent terminal V has a pseudo-identity identifier PIDVSharing secret SVAnd local data set
Figure FDA0002941435090000011
The access unit R maintains a secret mapping table, and the secret mapping table is used for mapping the shared secret S of each intelligent terminal VVPseudo-identity identifier PID mapped to corresponding intelligent terminal VVAnd a pre-shared key kv;kvThe key of the HMAC function used for authentication between the intelligent terminal V and the access unit R is also the encryption key of the subsequent session; the intelligent terminal V also needs to be connected with a trusted third party
Figure FDA0002941435090000012
The generated certificate is pre-shared to an access unit R; the method comprises the following steps:
the method comprises the following steps: the intelligent terminal V pre-shares the certificate containing the hash value root through the trusted third direction access unit R;
step two: the intelligent terminal V uses the random number and the secret value mapping to finish the authentication of the identity validity of the access unit R;
step three: and selectively revealing the information of the intelligent terminal V by means of the Huffman tree, and realizing the authentication of the identity legitimacy of the intelligent terminal V by the access unit R.
2. The access authentication method for the intelligent terminal based on the selective leakage, according to claim 1, wherein the pre-sharing the certificate containing the hash value root by the intelligent terminal V through the trusted third party access unit R, comprises the following steps:
step a 1: the intelligent terminal V utilizes a pseudo-random function generator to generate a group of pseudo-random numbers
Figure FDA0002941435090000013
Reuse of
Figure FDA0002941435090000014
For local data set
Figure FDA0002941435090000015
Record as
Figure FDA0002941435090000016
Performing random processing, and calculating to obtain temporary data set
Figure FDA0002941435090000017
Figure FDA0002941435090000018
Wherein "#" is used as a special symbol for dividing and defining
Figure FDA0002941435090000019
And
Figure FDA00029414350900000110
the data field of (1);
step a 2: the intelligent terminal V obtains a group of values by utilizing the one-way Hash function calculation
Figure FDA00029414350900000111
Figure FDA00029414350900000112
Step a 3: intelligent terminal V will
Figure FDA00029414350900000113
Record as
Figure FDA00029414350900000114
Will be
Figure FDA00029414350900000115
Record as
Figure FDA00029414350900000116
Sending the information to a trusted third party;
step a 4: trusted third party detection
Figure FDA00029414350900000117
The value of (d) ensures one-to-one correspondence;
step a 5: the trusted third party takes the probability of each attribute being shown as a weight to construct a Huffman tree, and uses the probability
Figure FDA00029414350900000118
As leaf nodes, constructing a Huffman tree according to the corresponding weight of each node; calculating hash values F of non-leaf nodesnode=H(child1||child2),child1And child2Respectively representing the values of left and right child nodes of a certain non-leaf node, | | | represents cascade connection; all node values of the Huffman tree can be obtained through the calculation, and the value of the root node is marked as root;
step a 6: and the trusted third party sends the hash value root to the access unit R and sends the whole Huffman tree to the intelligent terminal V.
3. The intelligent terminal access authentication method based on selective leakage, according to claim 1, wherein the intelligent terminal V uses random number and secret value mapping to complete authentication of the identity validity of the access unit R, comprising the following steps:
step b 1: the intelligent terminal V utilizes a pseudo-random function generator to generate pseudo-random number r'VExtracting local SV(ii) a R 'of intelligent terminal V'V||SVSending the request to an access unit R as an access request and opening a new session period;
step b 2: when access unit R receives R'V||SVThereafter, a pseudo random number r is generated using a pseudo random function generatorRAccording to SVExtracting corresponding pseudo ID PID from the secret mapping table stored locallyVAnd kvCalculating to obtain MRAnd concatenates the messages rR||MRReturning to P as a response;
Figure FDA0002941435090000021
step b 3: when the intelligent terminal V receives rR||MRThereafter, local PID is extractedVAnd kvIs obtained by calculation
Figure FDA0002941435090000022
Figure FDA0002941435090000023
By comparing received MRAnd M'RThe identity authenticity of the access unit R is verified; if the two values are equal, the intelligent terminal V considers that the access unit R is a legal device, and the protocol continues; otherwise the protocol terminates.
4. The intelligent terminal access authentication method based on selective leakage according to claim 1, wherein the authentication of the identity validity of the intelligent terminal V by the access unit R is realized by selectively leaking information of the intelligent terminal V through a huffman tree, comprising the following steps:
step c 1: the intelligent terminal V selects a part of temporary data set to be shared
Figure FDA0002941435090000024
Wherein i ∈ {1, 2,..., m }; remaining data set flag
Figure FDA0002941435090000025
Wherein i ∈ {1, 2., n }, which can be directly found in a Huffman tree
Figure FDA0002941435090000026
And
Figure FDA0002941435090000027
corresponding leaf node
Figure FDA0002941435090000028
Where i ∈ {1, 2.,. m } and
Figure FDA0002941435090000029
where i ∈ {1, 2., n }, it is said to include all but
Figure FDA00029414350900000210
Medium node, none
Figure FDA00029414350900000211
Root node set of subtree of middle nodes
Figure FDA00029414350900000212
Where i ∈ {1, 2.., k }, and then from
Figure FDA00029414350900000213
Finding parent node not belonging to
Figure FDA00029414350900000214
The nodes of (2) form a set
Figure FDA00029414350900000215
Where i ∈ {1, 2.,. s }, according to a Huffman tree, utilizing
Figure FDA00029414350900000216
And
Figure FDA00029414350900000217
calculating to obtain a root node value root of the Huffman tree; intelligent terminal V calculation
Figure FDA00029414350900000218
And MVAnd r isR
Figure FDA00029414350900000219
MVAnd
Figure FDA00029414350900000220
sending to an access unit R;
Figure FDA00029414350900000221
Figure FDA00029414350900000222
step c 2: when access unit R receives RR
Figure FDA00029414350900000223
MVAnd
Figure FDA00029414350900000224
first calculate
Figure FDA00029414350900000225
Comparison MVAnd M'V(ii) a If not, the protocol is terminated, otherwise, the process continues;
step c 3: access Unit R computation
Figure FDA00029414350900000226
By using
Figure FDA00029414350900000227
And
Figure FDA00029414350900000228
calculating to obtain a root ', comparing whether the root' is equal to a locally stored root or not, and verifying the authenticity of the identity of the intelligent terminal V; if the two values are equal, the access unit R considers that the intelligent terminal V is a legal device, and the protocol is normally ended.
5. The intelligent terminal access authentication method based on selective leakage of claim 1, wherein the search is performed by a recursive function mark (node)
Figure FDA0002941435090000031
The process of (2), comprising:
(1) if the node is a leaf node, executing:
if it is not
Figure FDA0002941435090000032
Marking the node, otherwise returning;
(2) if the node is not a leaf node, performing:
mark (c) is executed first1) And mark (c)2),c1And c2Is a child node of the node; and then judging c1And c2If the nodes are marked, marking the nodes, and otherwise returning.
6. The selective leakage-based intelligent terminal access authentication method as claimed in claim 1, wherein the search is performed by traversing a function search (node) once
Figure FDA0002941435090000033
The process of (2), comprising:
(1) if the node is a leaf node, executing:
if the node is marked, the node is added to the result set
Figure FDA0002941435090000034
Otherwise, returning;
(2) if the node is not a leaf node, performing:
if the node is marked, the node is added
Figure FDA0002941435090000035
Otherwise, execute search (c)1) And search (c)2),c1And c2Are child nodes of the node.
CN201811585180.9A 2018-12-24 2018-12-24 Intelligent terminal access authentication method based on selective leakage Expired - Fee Related CN109474438B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811585180.9A CN109474438B (en) 2018-12-24 2018-12-24 Intelligent terminal access authentication method based on selective leakage

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811585180.9A CN109474438B (en) 2018-12-24 2018-12-24 Intelligent terminal access authentication method based on selective leakage

Publications (2)

Publication Number Publication Date
CN109474438A CN109474438A (en) 2019-03-15
CN109474438B true CN109474438B (en) 2021-08-17

Family

ID=65677679

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811585180.9A Expired - Fee Related CN109474438B (en) 2018-12-24 2018-12-24 Intelligent terminal access authentication method based on selective leakage

Country Status (1)

Country Link
CN (1) CN109474438B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112307519B (en) * 2020-10-23 2022-06-17 复旦大学 Hierarchical verifiable query system based on selective leakage
CN112887981B (en) * 2021-01-12 2022-10-04 国网电力科学研究院有限公司 Authentication method and system for power wireless private network terminal access

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105323074A (en) * 2015-11-17 2016-02-10 西安电子科技大学 Trusted verification method for geographic position of terminal equipment
CN105553981A (en) * 2015-12-18 2016-05-04 成都三零瑞通移动通信有限公司 Rapid authentication and key negotiation method for WLAN
CN105871869A (en) * 2016-04-28 2016-08-17 湖南科技学院 Anonymous bidirectional authentication method in mobile social network based on single hash function and false identity
CN106790278A (en) * 2017-02-21 2017-05-31 中国信息安全测评中心 A kind of mutual authentication method and communication system
CN107919956A (en) * 2018-01-04 2018-04-17 重庆邮电大学 End-to-end method for protecting under a kind of internet of things oriented cloud environment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105323074A (en) * 2015-11-17 2016-02-10 西安电子科技大学 Trusted verification method for geographic position of terminal equipment
CN105553981A (en) * 2015-12-18 2016-05-04 成都三零瑞通移动通信有限公司 Rapid authentication and key negotiation method for WLAN
CN105871869A (en) * 2016-04-28 2016-08-17 湖南科技学院 Anonymous bidirectional authentication method in mobile social network based on single hash function and false identity
CN106790278A (en) * 2017-02-21 2017-05-31 中国信息安全测评中心 A kind of mutual authentication method and communication system
CN107919956A (en) * 2018-01-04 2018-04-17 重庆邮电大学 End-to-end method for protecting under a kind of internet of things oriented cloud environment

Also Published As

Publication number Publication date
CN109474438A (en) 2019-03-15

Similar Documents

Publication Publication Date Title
CN108964919B (en) Lightweight anonymous authentication method with privacy protection based on Internet of vehicles
Kumari et al. An enhanced and secure trust‐extended authentication mechanism for vehicular ad‐hoc networks
Zhang et al. A privacy-aware PUFs-based multiserver authentication protocol in cloud-edge IoT systems using blockchain
CN105873031B (en) Distributed unmanned plane cryptographic key negotiation method based on credible platform
CN113256290A (en) Decentralized encrypted communication and transaction system
Liu et al. Bua: A blockchain-based unlinkable authentication in vanets
Wu et al. A provably secure authentication and key exchange protocol in vehicular ad hoc networks
Rasheed et al. Adaptive group-based zero knowledge proof-authentication protocol in vehicular ad hoc networks
Adil et al. Three byte-based mutual authentication scheme for autonomous Internet of Vehicles
Dharminder et al. LCPPA: Lattice‐based conditional privacy preserving authentication in vehicular communication
CN113452764B (en) SM 9-based vehicle networking V2I bidirectional authentication method
He et al. An accountable, privacy-preserving, and efficient authentication framework for wireless access networks
Patel et al. Vehiclechain: Blockchain-based vehicular data transmission scheme for smart city
Lee et al. An efficient multiple session key establishment scheme for VANET group integration
Zhang et al. A Novel Privacy‐Preserving Authentication Protocol Using Bilinear Pairings for the VANET Environment
CN109474438B (en) Intelligent terminal access authentication method based on selective leakage
CN115580488A (en) Vehicle-mounted network message authentication method based on block chain and physical unclonable function
CN110572392A (en) Identity authentication method based on HyperLegger network
US11240661B2 (en) Secure simultaneous authentication of equals anti-clogging mechanism
Gao et al. An Anonymous Access Authentication Scheme Based on Proxy Ring Signature for CPS‐WMNs
Sharma et al. Secure authentication and session key management scheme for Internet of Vehicles
Yao et al. An anonymous authentication scheme in data-link layer for VANETs
Gao et al. Bc-aka: Blockchain based asymmetric authentication and key agreement protocol for distributed 5g core network
CN112887979A (en) Network access method and related equipment
CN114071463B (en) Batch authentication method of vehicle-mounted self-organizing network based on bilinear mapping

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20210817