CN109586913B - Security authentication method, security authentication device, communication device, and storage medium - Google Patents

Security authentication method, security authentication device, communication device, and storage medium Download PDF

Info

Publication number
CN109586913B
CN109586913B CN201710898720.8A CN201710898720A CN109586913B CN 109586913 B CN109586913 B CN 109586913B CN 201710898720 A CN201710898720 A CN 201710898720A CN 109586913 B CN109586913 B CN 109586913B
Authority
CN
China
Prior art keywords
key
security
terminal
session key
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710898720.8A
Other languages
Chinese (zh)
Other versions
CN109586913A (en
Inventor
刘福文
彭晋
左敏
齐旻鹏
李笑如
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Communications Ltd Research Institute
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Communications Ltd Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Communications Ltd Research Institute filed Critical China Mobile Communications Group Co Ltd
Priority to CN201710898720.8A priority Critical patent/CN109586913B/en
Publication of CN109586913A publication Critical patent/CN109586913A/en
Application granted granted Critical
Publication of CN109586913B publication Critical patent/CN109586913B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • H04L9/0844Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords

Abstract

The invention provides a security authentication method, a security authentication device, a communication device and a storage medium. The method comprises the following steps: and when a session key is generated by adopting a Diffie Hellman DH protocol, sending a session key security indication to the terminal, wherein the session key security indication is used for indicating the terminal to generate the session key Ks by adopting one of at least two preset security modes. The method can meet different security requirements of the terminal for DH key exchange and the session key generation calculation efficiency by presetting at least two security modes, and can solve the problem that DH key exchange in the prior art can not meet different security requirements of the terminal and the session key generation calculation efficiency by sending the session key security indication to the terminal.

Description

Security authentication method, security authentication device, communication device, and storage medium
Technical Field
The present invention relates to the field of security technologies, and in particular, to a security authentication method, a security authentication apparatus, a communication device, and a storage medium.
Background
Long Term Evolution (LTE) is an important component of 5G, where 5G will include all parts of the network Evolution, such as the core and management system, and all protocol layers from the radio layer to the application layer. Thus, security concerns may be ubiquitous.
Authentication and Key Agreement (AKA) on LTE networks is a practically proven Authentication and Key management process, but in recent years the security of the assumed conditions on the AKA protocol has been questioned. As a result, an attacker may not need to break the AKA protocol to obtain the session key to eavesdrop on the communication.
Therefore, to address this problem, 5.2.4.2 in TR33.899 proposes a scheme to incorporate the DH (Diffie-Hellman) key exchange protocol into the secure mode command phase. With this scheme, in case of long-term key leakage, since the session key Ks needs to be shared by the shared key KDHAnd a root key K1It is calculated that the key Ks is not generally available to passive attackers and therefore is highly secure.
However, when the prior art adopts a scheme of merging the DH key exchange protocol into the secure mode command phase, the terminal and the network device side need to perform public key and shared key K before generating the session key Ks each timeDHAnd (4) calculating. The use of the asymmetric algorithm in the calculation processes increases the calculation amount of each attachment process compared with the existing LTE attachment process, and causes lower authentication efficiency.
For a terminal, different service processes have different requirements on the security requirement of an authentication process and the session key generation calculation efficiency, and the above scheme in the prior art cannot meet different requirements of the terminal.
Disclosure of Invention
The technical scheme of the invention aims to provide a security authentication method, a security authentication device, communication equipment and a storage medium, which are used for solving the problem that DH key exchange in the prior art cannot meet different security requirements of a terminal and the generation and calculation efficiency of a session key.
The specific embodiment of the invention provides a security authentication method, which comprises the following steps:
and when a session key is generated by adopting a Diffie Hellman DH protocol, sending a session key security indication to the terminal, wherein the session key security indication is used for indicating the terminal to generate the session key Ks by adopting one of at least two preset security modes.
Preferably, the security authentication method, wherein the step of sending the session key security indication to the terminal includes:
and sending a non-access stratum (NAS) security mode command to the terminal, wherein the NAS security mode command comprises the session key security indication.
Preferably, the method for security authentication, wherein the presetting of at least two security modes includes:
a first security mode: need to perform DH key exchange to generate shared key KDHAccording to said shared secret key KDHAnd pre-authentication of the generated root key K1Generating a session key Ks;
a second security mode: shared key K generation without DH key exchangeDHA shared secret key K generated from the last authenticationDHAnd pre-authentication of the generated root key K1Generating a session key Ks;
the third safety mode: without DH key exchange, the root key K generated by pre-authentication is used1Set to the session key Ks.
Preferably, before the step of sending the session key security indication to the terminal, the method further includes:
authenticating with the terminal to obtain the root key K1
Preferably, the secure authentication method further includes, when the session key security indication is used to instruct the terminal to generate the session key Ks in the first secure mode, the method further includes: sending a network key group identifier, the security capability of the terminal, an encryption algorithm, an integrity algorithm, a DH public key of the network equipment and a root key K according to the pre-authentication to the terminal1Performing message verification operation to obtain a Media Access Control (MAC) result;
when the session key security indication is used to instruct the terminal to generate the session key Ks in the second security mode or the third security mode, the method further includes: sending to the terminal a network key set identifier, the terminal's security capabilities, encryption algorithm, integrity algorithm and upon pre-authenticationRoot key K of1And carrying out message verification operation to obtain an MAC result.
Preferably, when the session key security indication is used to instruct the terminal to generate the session key Ks in the first security mode, after the step of sending the session key security indication to the terminal, the method further includes:
receiving a safety mode completion message fed back by the terminal;
calculating a shared secret key K according to the safety mode completion messageDHAnd a session key Ks;
saving the shared secret key KDHAnd the shared secret key KDHAnd the corresponding relation between the terminal and the authentication identity of the terminal.
Preferably, when the session key security indication is used to instruct the terminal to generate the session key Ks in the second security mode, after the step of sending the session key security indication to the terminal, the method further includes:
receiving a safety mode completion message fed back by the terminal;
according to the safety mode completion message, utilizing the shared secret key K which is stored during the last DH secret key exchange and corresponds to the authentication identity of the terminalDHThe session key Ks is calculated.
Another aspect of the specific embodiment of the present invention provides another security authentication method, including:
when a session key is generated by adopting a Diffie Hellman DH protocol, receiving a session key security indication sent by network equipment, wherein the session key security indication is used for indicating a terminal to generate a session key Ks by adopting one of at least two preset security modes;
and calculating the session key Ks according to the security mode in the session key security indication.
Preferably, the security authentication method, wherein the step of receiving a session key security indication sent by the network device includes:
receiving a NAS security mode command sent by a network device, wherein the NAS security mode command comprises the session key security indication.
Preferably, the method for security authentication, wherein the presetting of at least two security modes includes:
a first security mode: need to perform DH key exchange to generate shared key KDHAccording to said shared secret key KDHAnd pre-authentication of the generated root key K1Generating a session key Ks;
a second security mode: shared key K generation without DH key exchangeDHFrom the last generated shared secret key KDHAnd pre-authentication of the generated root key K1Generating a session key Ks;
the third safety mode: without DH key exchange, the root key K generated by pre-authentication is used1Set to the session key Ks.
Preferably, before the step of receiving the session key security indication sent by the network device, the method further includes:
authenticating with the network equipment to obtain the root key K1
Preferably, the secure authentication method further includes, when the session key security indication is used to instruct the terminal to generate the session key Ks in the first secure mode, the method further includes: receiving network key group identification, terminal security capability, encryption algorithm, integrity algorithm, network device public key and root key K according to pre-authentication sent by network device1Performing message verification operation to obtain a Media Access Control (MAC) result;
when the session key security indication is used to instruct the terminal to generate the session key Ks in the second security mode or the third security mode, the method further includes: receiving network key group identification, terminal security capability, encryption algorithm, integrity algorithm and root key K according to pre-authentication sent by network equipment1And carrying out message verification operation to obtain an MAC result.
Preferably, in the secure authentication method, when the session key security indication is used to instruct the terminal to generate the session key Ks by using the first secure mode, the step of calculating the session key Ks according to the secure mode in the session key security indication includes:
obtaining a shared secret key K according to the public key of the network equipmentDH
According to the shared secret key KDHAnd pre-authentication of the generated root key K1And calculating by adopting a Hash algorithm to obtain the session key Ks.
Preferably, the secure authentication method is that the shared secret key K is obtainedDHThereafter, the method further comprises:
saving the shared secret key KDHAnd the shared secret key KDHAnd the identity of the network device.
Preferably, in the secure authentication method, when the session key security indication is used to instruct the terminal to generate the session key Ks by using the second security mode, the step of calculating the session key Ks according to the security mode in the session key security indication includes:
reading a shared secret key K which is stored during the last DH secret key exchange and corresponds to the identification of the network equipment according to the identification of the network equipmentDH
According to the read shared secret key KDHAnd pre-authentication of the generated root key K1And calculating by adopting a Hash algorithm to obtain the session key Ks.
The specific embodiment of the present invention further provides a network device, including:
the session key security indication is used for indicating the terminal to generate the session key Ks by adopting one of at least two preset security modes.
Preferably, in the network device, the first transceiver is specifically configured to:
and sending an NAS security mode command to the terminal, wherein the NAS security mode command comprises the session key security indication.
Preferably, the network device, wherein the presetting of at least two security modes includes:
a first security mode: need to perform DH key exchange to generate shared key KDHAccording to said shared secret key KDHAnd pre-authentication of the generated root key K1Generating a session key Ks;
a second security mode: shared key K generation without DH key exchangeDHA shared secret key K generated from the last authenticationDHAnd pre-authentication of the generated root key K1Generating a session key Ks;
the third safety mode: without DH key exchange, the root key K generated by pre-authentication is used1Set to the session key Ks.
Preferably, the network device, wherein the network device further comprises:
a second transceiver for authenticating with the terminal to obtain the root key K1
Preferably, the network device, wherein the first transceiver is further configured to:
when the session key security indication is used for indicating the terminal to generate the session key Ks by adopting the first security mode, sending a network key group identifier, the security capability of the terminal, a cryptographic algorithm, an integrity algorithm, a DH public key of the network equipment and a root key K according to the pre-authentication to the terminal1Performing message verification operation to obtain a Media Access Control (MAC) result;
when the session key security indication is used for indicating the terminal to adopt the second security mode or the third security mode to generate the session key Ks, sending a network key group identifier, the security capability of the terminal, a ciphering algorithm, an integrity algorithm and a root key K according to pre-authentication to the terminal1And carrying out message verification operation to obtain an MAC result.
Preferably, the network device, wherein the network device further comprises:
the third transceiver is used for receiving the safety mode completion message fed back by the terminal;
a first processor for calculating a shared secret key K according to the security mode completion messageDHAnd a session key Ks; and saving the shared secret key KDHAnd the shared secret key KDHAnd the corresponding relation between the terminal and the authentication identity of the terminal.
Preferably, the network device, wherein the network device further comprises:
the fourth transceiver is used for receiving the safety mode completion message fed back by the terminal;
a second processor, configured to utilize, according to the security mode completion message, a shared key K stored in a last DH key exchange and corresponding to the authentication identity of the terminalDHThe session key Ks is calculated.
A specific embodiment of the present invention further provides a terminal, including:
the first transceiver is used for receiving a session key security indication sent by the network device when a session key is generated by adopting a diffie hellman DH protocol, wherein the session key security indication is used for indicating the terminal to generate a session key Ks by adopting one of at least two preset security modes;
and the processor is used for calculating the session key Ks according to the security mode in the session key security indication.
Preferably, in the terminal, the first transceiver is specifically configured to:
receiving a NAS security mode command sent by a network device, wherein the NAS security mode command comprises the session key security indication.
Preferably, the terminal, wherein the presetting of at least two security modes includes:
a first security mode: need to perform DH key exchange to generate shared key KDHAccording to said shared secret key KDHAnd pre-authentication of the generated root key K1Generating a session key Ks;
a second security mode: shared key K generation without DH key exchangeDHFrom the last generated shared secret key KDHAnd pre-authentication of the generated root key K1Generating a session key Ks;
the third safety mode: without DH key exchange, the root key K generated by pre-authentication is used1Set to the session key Ks.
Preferably, the terminal, wherein the terminal further includes:
a second transceiver for authenticating with the network device to obtain the root key K1
Preferably, the terminal, wherein the first transceiver is further configured to:
when the session key security indication is used for indicating the terminal to generate the session key Ks by adopting the first security mode, receiving a network key group identifier, a security capability of the terminal, a cryptographic algorithm, an integrity algorithm, a network device public key and a root key K according to pre-authentication sent by the network device1Performing message verification operation to obtain a Media Access Control (MAC) result;
when the session key security indication is used for indicating the terminal to generate the session key Ks by adopting the second security mode or the third security mode, receiving a network key group identifier, the security capability of the terminal, an encryption algorithm and an integrity algorithm sent by the network equipment and a root key K according to pre-authentication1And carrying out message verification operation to obtain an MAC result.
Preferably, in the terminal, when the session key security indication is used to instruct the terminal to generate the session key Ks in the first security mode, the processor is specifically configured to:
obtaining a shared secret key K according to the public key of the network equipmentDH
According to the shared secret key KDHAnd pre-authentication of the generated root key K1And calculating by adopting a Hash algorithm to obtain the session key Ks.
Preferably, the terminal, wherein the processor is further configured to:
saving the shared secret key KDHAnd the shared secret key KDHAnd the identity of the network device.
Preferably, in the terminal, when the session key security indication is used to instruct the terminal to generate the session key Ks in the second security mode, the processor is specifically configured to:
reading a shared secret key K which is stored during the last DH secret key exchange and corresponds to the identification of the network equipment according to the identification of the network equipmentDH
According to the read shared secret key KDHAnd pre-authentication of the generated root key K1And calculating by adopting a Hash algorithm to obtain the session key Ks.
Embodiments of the present invention further provide a communication device, including a memory, a processor, and a computer program stored on the memory and executable on the processor; wherein the processor implements the security authentication method as described in any one of the above when executing the program.
Embodiments of the present invention further provide a computer-readable storage medium, on which a computer program is stored, wherein the program, when executed by a processor, implements the steps in the security authentication method as described in any one of the above. One or more embodiments of the invention have at least the following beneficial effects:
according to the security authentication method, at least two security modes are preset according to different security requirements of a terminal for DH key exchange and session key generation calculation efficiency, and the different security modes can meet the different security requirements of the terminal for DH key exchange and the session key generation calculation efficiency; in addition, the terminal can be instructed to adopt one of the security modes to carry out the session key Ks by sending a session key security instruction to the terminal; by adopting the security authentication method, the DH key exchange has great flexibility, and the problem that the DH key exchange in the prior art cannot meet different security requirements of the terminal and the calculation efficiency of session key generation can be solved.
Drawings
Fig. 1 is a schematic flowchart of a security authentication method according to an embodiment of the present invention;
FIG. 2 is a schematic diagram illustrating the detailed flow of the NAS security mode command;
fig. 3 is a schematic flowchart of a security authentication method according to a second embodiment of the present invention;
fig. 4 is a schematic structural diagram of a network device according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a terminal according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
According to the security authentication method provided by the embodiment of the invention, at least two security modes are preset according to different security requirements of the terminal on DH key exchange and session key generation calculation efficiency, and the different security modes can meet the different security requirements of the terminal on DH key exchange and session key generation calculation efficiency.
Specifically, the security authentication method according to the first embodiment of the present invention is applied to a network device, as shown in fig. 1, and includes:
s110, when a session key is generated by adopting a Diffie Hellman DH protocol, sending a session key security instruction to the terminal, wherein the session key security instruction is used for instructing the terminal to generate a session key Ks by adopting one of at least two preset security modes.
Through step S110, a session key security indication is sent to the terminal according to at least two preset security modes that can meet different security requirements of the terminal for DH key exchange and session key generation calculation efficiency, so that the terminal calculates the session key Ks according to the security mode indicated by the session key security indication.
Specifically, in step S110, the step of sending the session key security indication to the terminal includes:
and sending a Non-Access Stratum (NAS) security mode command to the terminal, wherein the NAS security mode command comprises the session key security indication.
According to the above steps, when the DH protocol is used to generate the session key, the session key security indication may be sent to the terminal via the NAS security mode command.
In an embodiment of the present invention, preferably, the presetting of at least two security modes includes:
a first security mode: need to perform DH key exchange to generate shared key KDHAccording to a shared secret key KDHAnd pre-authentication of the generated root key K1Generating a session key Ks;
a second security mode: shared key K generation without DH key exchangeDHA shared secret key K generated from the last authenticationDHAnd pre-authentication of the generated root key K1Generating a session key Ks;
the third safety mode: without DH key exchange, the root key K generated by pre-authentication is used1Set to the session key Ks.
Specifically, for the first security mode, when the terminal and the network device generate the session key using the DH protocol, DH key exchange needs to be performed to generate the shared key KDHThe session key Ks is formed by the shared key KDHAnd pre-authentication of the generated root key K1And (4) deducing and generating. By adopting the security mode, the terminal and the network equipment generate a shared secret key KDHIn time, the public key calculation is needed, the calculation amount is large, but the session key Ks is composed of the shared key KDHAnd a root key K1The generation is carried out, and the mutual association is avoided, so that the authentication process is the most safe; for the second security mode, the session key Ks is the root key K generated by pre-authentication1And shared secret key K generated by last authenticationDHDerived generation since authentication process need not be repeatedNewly generated shared secret key KDHTherefore, compared with the first security mode, the calculation amount is reduced, and in addition, only the shared secret key K generated by the last authentication is ensuredDHThe system is not acquired by an attacker, and certain authentication security can be ensured; for the third security mode, the generated root key K is pre-authenticated1The session key Ks is set to have the least amount of calculation, but the least authentication security, compared to the first security mode and the second security mode.
Therefore, the three preset security modes correspond to different security requirements and session key generation calculation efficiencies respectively, and different security modes can be adopted to generate the session key Ks according to different requirements of the terminal.
Specifically, the network device may determine which security mode to employ based on the requirements of the end user, the local policy of the operator, and whether there is a shared key between the terminal and the network device. The principle of determining the safety mode may be set according to the above-mentioned specific requirements, which are not the focus of the present invention and will not be described in detail herein.
In the embodiment of the present invention, specifically, the session key security indication sent to the terminal is completed by the NAS security mode command flow, as shown in fig. 2, before the specific flow of the NAS security mode command is executed, the terminal and the network device mutually authenticate each other by using an Authentication and key agreement protocol (AKA for short), and respectively derive and obtain the root key K1And then starting a security mode command process by the network equipment, specifically comprising:
s210, the network equipment starts integrity protection, namely a root key K generated by mutual authentication between the terminal and the network equipment is prepared to be used1Integrity protection is carried out on a safety mode command message to be sent to the terminal;
s220, the network equipment sends an NAS security mode command message to the terminal;
s230, the terminal receives the command message of the security mode, carries out verification operation, if the verification is successful, calculates the session key Ks, and starts the uplink encryption, downlink decryption and integrity protection of the NAS message;
s240, the terminal returns an NAS security mode completion message to the network equipment;
and S250, the network equipment receives the NAS security mode completion message sent by the terminal, executes verification operation, and starts downlink encryption, uplink decryption and integrity protection of the NAS message if the verification is successful.
Based on the NAS security mode command flow, the security mode command message sent in step S220 of the network device includes a session key security instruction, which is used to instruct the terminal to generate the session key Ks by using the first security mode, the second security mode, or the third security mode.
The following describes in detail the specific procedures of the above-mentioned security mode command flow when the security mode command message sent in step S220 is the first security mode, the second security mode and the third security mode, respectively.
When the security mode command message sent in step S220 is the first security mode:
in step S220, the NAS security mode command message sent by the network device to the terminal specifically includes: network key group identification, session key safety indication (indicated as a first safety mode), safety capability of the terminal, encryption algorithm, integrity algorithm, DH public key of the network equipment and root key K according to pre-authentication1Performing message verification operation to obtain a first Media Access Control (MAC) result;
in step S230, the terminal verifies the first MAC result obtained in step S220, performs a verification operation, and terminates the connection when the verification fails; when the verification is successful, according to the DH public key of the network equipment and the root secret key K authenticated in advance1Calculating the session key Ks, specifically, the calculation method of the session key Ks is as follows:
the terminal decodes the DH public key of the network equipment, and generates a DH private key and a DH public key of the terminal according to the DH public key of the network equipment;
calculating a shared secret key K between the network equipment according to a DH private key of the terminal and a DH public key of the network equipmentDH
According to the sharing secretKey KDHAnd pre-authentication of the generated root key K1Calculating by adopting a Hash algorithm to obtain a session key Ks;
that is, specifically, the session key Ks is calculated in the following manner: ks ═ HASH (K)1,KDH)。
With the security authentication method according to the embodiment of the present invention, when the security mode command message sent in step S220 is the first security mode, in step S230, the shared secret key K is obtainedDHThereafter, the method further comprises:
the terminal stores the shared secret key KDHAnd the shared secret key KDHAnd the identity of the network device.
In particular, the terminal may share the secret key KDHAnd a shared secret key KDHThe correspondence with the identifier of the network device is stored in a Universal Subscriber Identity Module (USIM) or other storage area where information is not modifiable, for subsequent use when receiving the session key security indication of the second security mode.
In addition, after the session key Ks is obtained, keys of the NAS and the access stratum AS are derived according to the session key Ks, and uplink encryption, downlink decryption and integrity protection of NAS signaling messages are started.
In step S240, the NAS security mode completion message returned by the terminal to the network device specifically includes: the registration request message of the terminal, the DH public key of the terminal and the second media access control MAC result obtained by adopting the session key Ks to carry out message verification operation.
In step S250, after receiving the NAS security mode complete message sent by the terminal, the network device performs session key Ks calculation, verifies the second MAC result according to the calculated session key Ks, derives keys of the NAS and the AS based on the session key Ks when the verification is successful, and starts downlink encryption, uplink decryption, and integrity protection of the NAS signaling message; when the authentication fails, the connection is terminated.
Specifically, the specific process of the network device for calculating the session key Ks is as follows:
obtaining a DH public key of a terminal;
deriving a shared secret key K according to a DH public key of a terminalDH
According to a shared secret key KDHAnd pre-authentication of the generated root key K1Calculating by adopting a Hash algorithm to obtain a session key Ks;
that is, specifically, the session key Ks is calculated in the following manner: ks ═ HASH (K)1,KDH)。
Preferably, in the authentication method according to the embodiment of the present invention, after the network device obtains the session key Ks, the method further includes:
saving the shared secret key KDHAnd the shared secret key KDHAnd the corresponding relation between the terminal and the authentication identity of the terminal.
The network terminal equipment stores a shared secret key KDHAnd a shared secret key KDHCorresponding relation with the authentication identity of the terminal, and sharing secret key K of the terminalDHAnd the authentication identity of the terminal is bound and stored so as to be convenient for inquiring and using when the terminal is indicated to adopt the second security mode in the following.
In the security authentication method according to the specific embodiment of the present invention, when the session key security indication sent in the NAS security mode command is in the first security mode, the terminal performs DH key exchange with the network device, and generation of the session key Ks requires the shared key KDHThe generation of the session key Ks not only depends on the root key K derived from the long-term key K1Also dependent on the shared secret KDHTherefore, even if the long-term key K is leaked, the session key Ks which is difficult for an attacker to obtain is high in security by adopting the security mode, but the calculation process is complex and low in efficiency.
In addition, when the security mode command message sent in step S220 is the second security mode:
in step S220, the NAS security mode command message sent by the network device to the terminal specifically includes: network key group identification, session key security indication (indicating a second security mode), security capabilities of the terminal, encryptionAlgorithm, integrity algorithm and root key K according to pre-authentication1Performing message verification operation to obtain a first Media Access Control (MAC) result; when the NAS security mode command message is compared with the first security mode, the DH public key of the network equipment is not included in the NAS security mode command message;
in step S230, the terminal verifies the first MAC result obtained in step S220, performs a verification operation, and terminates the connection when the verification fails; when the verification is successful, reading a shared secret key K which is stored during the last DH secret key exchange and corresponds to the identifier of the network equipment according to the identifier of the network equipmentDHBased on the read shared secret key KDHAnd pre-authentication of the generated root key K1Calculating by adopting a Hash algorithm to obtain a session key Ks;
that is, specifically, the session key Ks is calculated in the following manner: ks ═ HASH (K)1,KDH)。
After obtaining the session key Ks, deriving the keys of the NAS layer and the AS layer according to the session key Ks, and starting the uplink encryption, the downlink decryption and the integrity protection of the NAS signaling message.
In step S240, the NAS security mode completion message returned by the terminal to the network device specifically includes: the registration request message of the terminal and the second media access control MAC result obtained by performing message verification operation by adopting the session key Ks. Compared with the first security mode, the NAS security mode complete message sent in this step does not include the DH public key of the terminal.
In step S250, after receiving the NAS security mode complete message sent by the terminal, the network device performs session key Ks calculation, verifies the second MAC result according to the calculated session key Ks, derives keys of the NAS and the AS based on the session key Ks when the verification is successful, and starts downlink encryption, uplink decryption, and integrity protection of the NAS signaling message; when the authentication fails, the connection is terminated. Specifically, the specific process of the network device for calculating the session key Ks is as follows:
according to the authentication identity of the terminal and the pre-stored shared secret key KDHCorrespondence with the authentication identity of the terminalRelation, determining shared secret key K between terminalDH
According to a shared secret key KDHAnd pre-authentication of the generated root key K1And calculating by adopting a Hash algorithm to obtain the session key Ks.
In the security authentication method according to the specific embodiment of the present invention, when the session key security indication sent in the NAS security mode command is the second security mode, the generation of the session key Ks uses the shared key K generated by the previous security authenticationDHDH cipher key exchange is not needed between the terminal and the network equipment, so compared with the first security mode of the session cipher key security indication, the calculation amount is reduced, and the efficiency of security authentication is effectively improved; furthermore, due to the second security mode, the generation of the session key Ks still depends on the root key K1And a shared secret key KDHEven if the long-term key K is leaked, the session key Ks which is difficult to obtain by an attacker still has certain security.
When the security mode command message sent in step S220 is the third security mode:
in step S220, the NAS security mode command message sent by the network device to the terminal specifically includes: network key group identification, session key security indication (indicated as third security mode), security capability of terminal, encryption algorithm, integrity algorithm and root key K according to pre-authentication1Performing message verification operation to obtain a first Media Access Control (MAC) result; when the NAS security mode command message is compared with the first security mode, the DH public key of the network equipment is not included in the NAS security mode command message;
in step S230, the terminal verifies the first MAC result obtained in step S220, performs a verification operation, and terminates the connection when the verification fails; when the verification is successful, the pre-authenticated root key K is used1Set to the session key Ks.
After obtaining the session key Ks, the keys of the NAS and the AS are derived according to the session key Ks, and uplink encryption, downlink decryption and integrity protection of the NAS signaling message are started.
In step S240, the NAS security mode completion message returned by the terminal to the network device specifically includes: the registration request message of the terminal and the second media access control MAC result obtained by performing message verification operation by adopting the session key Ks.
In step S250, after the network device receives the NAS security mode complete message sent by the terminal, the network device sets a root key K for pre-authentication1Verifying the second MAC result according to the session key Ks for the session key Ks, deriving keys of the NAS and the AS based on the session key Ks when the verification is successful, and starting downlink encryption, uplink decryption and integrity protection of NAS signaling messages; when the authentication fails, the connection is terminated.
As described above, according to the security authentication method in the embodiment of the present invention, when the session key security indication sent in the NAS security mode command is the third security mode, there is no need to perform DH key exchange between the terminal and the network device, and there is no need to perform the session key Ks.
The present invention further provides a security authentication method of another embodiment, which is applied to a terminal, and specifically as shown in fig. 3, the security authentication method includes:
s310, when a session key is generated by adopting a Diffie Hellman DH protocol, receiving a session key security indication sent by network equipment, wherein the session key security indication is used for indicating a terminal to generate a session key Ks by adopting one of at least two preset security modes;
s320, calculating the session key Ks according to the security mode in the session key security indication.
By adopting the security authentication method of the embodiment of the invention, the network equipment can instruct the terminal to adopt one of the security modes to carry out the session key Ks by sending the session key security instruction to the terminal; by adopting the security authentication method, the DH key exchange has great flexibility, and the problem that the DH key exchange in the prior art cannot meet different security requirements of the terminal and the calculation efficiency of session key generation can be solved.
Specifically, in step S310, the step of receiving the session key security indication sent by the network device includes:
receiving a NAS security mode command sent by a network device, wherein the NAS security mode command comprises the session key security indication.
In an embodiment of the present invention, preferably, the presetting of at least two security modes includes:
a first security mode: need to perform DH key exchange to generate shared key KDHAccording to a shared secret key KDHAnd pre-authentication of the generated root key K1Generating a session key Ks;
a second security mode: shared key K generation without DH key exchangeDHA shared secret key K generated from the last authenticationDHAnd pre-authentication of the generated root key K1Generating a session key Ks;
the third safety mode: without DH key exchange, the root key K generated by pre-authentication is used1Set to the session key Ks.
The three preset security modes correspond to different security requirements and session key generation calculation efficiencies respectively, and different security modes can be adopted to generate the session key Ks according to different requirements of the terminal.
In a specific embodiment of the present invention, specifically, the session Key security indication sent by the network device to the terminal is completed by the NAS security mode command flow, and before the specific flow of the NAS security mode command is executed, the terminal and the network device mutually authenticate each other by using an Authentication and Key Agreement (AKA), and respectively derive and obtain the root Key K1And then the network device starts the security mode command flow. The specific process of the safety mode command process can be shown in fig. 2, and is not described herein again.
With reference to fig. 2 and the specific process in the foregoing embodiment when NAS security mode command message indicates different security modes of the three security modes, when the security authentication method is applied to the terminal, and when the session key security indication indicates that the terminal employs the first security mode, the session key security indication generates a session keyWhen the session key Ks is received, in step S220, the NAS security mode command message sent by the network device to the terminal includes, in addition to the session key security indication (indicated as the first security mode), a network key group identifier, the security capability of the terminal, a ciphering algorithm, an integrity algorithm, a network device public key, and a root key K according to pre-authentication sent by the network device1Performing message verification operation to obtain a Media Access Control (MAC) result;
when the session key security indication is used to instruct the terminal to generate the session key Ks in the second security mode or the third security mode, in step S220, the NAS security mode command message sent by the received network device to the terminal includes, in addition to the session key security indication (which indicates the second security mode or the third security mode), a session key security indication: receiving a root key K which is sent by the network equipment and comprises a network key group identifier, the security capability of the terminal, an encryption algorithm, an integrity algorithm and pre-authentication1And performing a MAC result obtained by the message verification operation, but not including the public key of the network equipment.
In addition, when the session key security indication is used to instruct the terminal to generate the session key Ks in the first security mode, in step S230, the step of calculating the session key Ks according to the security mode in the session key security indication includes:
obtaining a shared secret key K according to the public key of the network equipmentDH
According to the shared secret key KDHAnd pre-authentication of the generated root key K1And calculating by adopting a Hash algorithm to obtain the session key Ks.
Further, the shared secret key K is obtainedDHThereafter, the method further comprises:
saving the shared secret key KDHAnd the shared secret key KDHAnd the identity of the network device.
When the session key security indication is used to instruct the terminal to generate the session key Ks in the second security mode, in step S230, the step of calculating the session key Ks according to the security mode in the session key security indication includes:
reading a shared secret key K which is stored during the last DH secret key exchange and corresponds to the identification of the network equipment according to the identification of the network equipmentDH
According to the read shared secret key KDHAnd pre-authentication of the generated root key K1And calculating by adopting a Hash algorithm to obtain the session key Ks.
Specifically, when the security authentication method according to the specific embodiment of the present invention is applied to a terminal, and when security modes in a security mode command message sent by a network device are a first security mode, a second security mode, and a third security mode, a specific process of a specific security mode command flow may be described in detail in the foregoing embodiment with reference to fig. 2, and is not described herein again.
It should be understood that, in the security authentication method according to the specific embodiment of the present invention, the DH key exchange in the security mode command flow may also be an elliptic curve DH key exchange, and a person skilled in the art can understand a specific manner of the security authentication method using the elliptic curve DH key exchange according to the above detailed description, which is not described in detail herein.
Another aspect of the specific embodiment of the present invention further provides a network device, as shown in fig. 4, where the network device includes:
the session key security indication is used for indicating the terminal to generate the session key Ks by adopting one of at least two preset security modes.
According to different security requirements of the terminal for DH key exchange and session key generation calculation efficiency, the network equipment of the embodiment of the invention presets at least two security modes, and the different security modes can meet the different security requirements of the terminal for DH key exchange and the session key generation calculation efficiency; the terminal can be instructed to adopt one of the security modes to carry out the session key Ks by sending the session key security indication to the terminal; by adopting the security authentication method, the DH key exchange has great flexibility, and the problem that the DH key exchange in the prior art cannot meet different security requirements of the terminal and the calculation efficiency of session key generation can be solved.
Preferably, the first transceiver is specifically configured to:
and sending an NAS security mode command to the terminal, wherein the NAS security mode command comprises the session key security indication.
In addition, presetting the at least two security modes includes:
a first security mode: need to perform DH key exchange to generate shared key KDHAccording to said shared secret key KDHAnd pre-authentication of the generated root key K1Generating a session key Ks;
a second security mode: shared key K generation without DH key exchangeDHA shared secret key K generated from the last authenticationDHAnd pre-authentication of the generated root key K1Generating a session key Ks;
the third safety mode: without DH key exchange, the root key K generated by pre-authentication is used1Set to the session key Ks.
Specifically, for the first security mode, when the terminal and the network device generate the session key using the DH protocol, DH key exchange needs to be performed to generate the shared key KDHThe session key Ks is formed by the shared key KDHAnd pre-authentication of the generated root key K1And (4) deducing and generating. By adopting the security mode, the terminal and the network equipment generate a shared secret key KDHIn time, the public key calculation is needed, the calculation amount is large, but the session key Ks is composed of the shared key KDHAnd a root key K1The generation is carried out, and the mutual association is avoided, so that the authentication process is the most safe; for the second security mode, the session key Ks is the root key K generated by pre-authentication1And shared secret key K generated by last authenticationDHDerived generation since the authentication process does not require regeneration of the shared secret key KDHTherefore, compared with the first safety mode, the calculation amount is reduced, and in addition, the calculation amount is ensuredShared secret key K generated by secondary authenticationDHThe system is not acquired by an attacker, and certain authentication security can be ensured; for the third security mode, the generated root key K is pre-authenticated1The session key Ks is set to have the least amount of calculation, but the least authentication security, compared to the first security mode and the second security mode.
Therefore, the three preset security modes correspond to different security requirements and session key generation calculation efficiencies respectively, and different security modes can be adopted to generate the session key Ks according to different requirements of the terminal.
Specifically, the network device may determine which security mode to employ based on the requirements of the end user, the local policy of the operator, and whether there is a shared key between the terminal and the network device.
With further reference to fig. 4, the network device further includes:
a second transceiver for authenticating with the terminal to obtain the root key K1
In the network device according to the specific embodiment of the present invention, the session Key security indication sent to the terminal is completed by the NAS security mode command flow, and before the specific flow of the NAS security mode command is executed, the second transceiver and the network device mutually authenticate each other by using an Authentication and Key Agreement protocol (AKA for short), and respectively derive and obtain the root Key K1
With reference to fig. 2 and referring to the security authentication method in the first embodiment, when the session key security indication is used to indicate the terminal to generate the session key Ks in the first security mode, the first transceiver sends the network key group identifier, the security capability of the terminal, the encryption algorithm, the integrity algorithm, the DH public key of the network device, and the root key K according to the pre-authentication to the terminal1Performing message verification operation to obtain a Media Access Control (MAC) result;
when the session key security indication is used for indicating the terminal to adopt the second security mode or the third security modeWhen the session key Ks is formed, the first transceiver sends the network key group identification, the security capability of the terminal, the encryption algorithm, the integrity algorithm and the root key K according to the pre-authentication to the terminal1And carrying out message verification operation to obtain an MAC result.
Further, with reference to fig. 4, the network device further includes:
the third transceiver is used for receiving the safety mode completion message fed back by the terminal;
a first processor for calculating a shared secret key K according to the security mode completion messageDHAnd a session key Ks; and saving the shared secret key KDHAnd the shared secret key KDHAnd the corresponding relation between the terminal and the authentication identity of the terminal.
Specifically, when the session key security indication is used to indicate the terminal to generate the session key Ks in the first security mode, after the first transceiver sends the session key security indication to the terminal, the second transceiver can receive a security mode completion message fed back by the terminal, and the first processor can calculate the shared key K according to the security mode completion messageDHAnd a session key Ks; and saving the shared secret key KDHAnd the shared secret key KDHAnd the corresponding relation between the terminal and the authentication identity of the terminal.
Preferably, as shown in fig. 4, the network device further includes:
the fourth transceiver is used for receiving the safety mode completion message fed back by the terminal;
a second processor, configured to utilize, according to the security mode completion message, a shared key K stored in a last DH key exchange and corresponding to the authentication identity of the terminalDHThe session key Ks is calculated.
Specifically, when the first transceiver is used to instruct the terminal to generate the session key Ks in the second secure mode through the session key security indication, after the step of sending the session key security indication to the terminal, the third transceiver can receive a security mode completion message fed back by the terminal; the second processor is capable of utilizing last D according to the secure mode complete messageShared secret key K stored in the process of exchanging the H secret key and corresponding to the authentication identity of the terminalDHThe session key Ks is calculated.
Another aspect of the specific embodiment of the present invention further provides a terminal, as shown in fig. 5, where the terminal includes:
the first transceiver is used for receiving a session key security indication sent by the network device when a session key is generated by adopting a diffie hellman DH protocol, wherein the session key security indication is used for indicating the terminal to generate a session key Ks by adopting one of at least two preset security modes;
and the processor is used for calculating the session key Ks according to the security mode in the session key security indication.
In the terminal according to the specific embodiment of the present invention, the network device may instruct the terminal to use one of the security modes to perform the session key Ks by sending the session key security instruction to the terminal; by adopting the security authentication method, the DH key exchange has great flexibility, and the problem that the DH key exchange in the prior art cannot meet different security requirements of the terminal and the calculation efficiency of session key generation can be solved.
Wherein the first transceiver is specifically configured to:
receiving a NAS security mode command sent by a network device, wherein the NAS security mode command comprises the session key security indication.
Specifically, presetting at least two security modes includes:
a first security mode: need to perform DH key exchange to generate shared key KDHAccording to said shared secret key KDHAnd pre-authentication of the generated root key K1Generating a session key Ks;
a second security mode: shared key K generation without DH key exchangeDHFrom the last generated shared secret key KDHAnd pre-authentication of the generated root key K1Generating a session key Ks;
the third safety mode: without DH key exchange, the root key K generated by pre-authentication is used1Is set to beThe session key Ks.
The three preset security modes correspond to different security requirements and session key generation calculation efficiencies respectively, and different security modes can be adopted to generate the session key Ks according to different requirements of the terminal.
With further reference to fig. 5, the terminal further includes:
a second transceiver for authenticating with the network device to obtain the root key K1
In a specific embodiment of the present invention, specifically, the session Key security indication sent by the network device to the terminal is completed by the NAS security mode command flow, and before the specific flow of the NAS security mode command is executed, the terminal and the network device mutually authenticate each other by using an Authentication and Key Agreement protocol (AKA for short) through the second transceiver, and respectively derive and obtain the root Key K1And then the network device starts the security mode command flow. The specific process of the safety mode command process can be shown in fig. 2, and is not described herein again.
With reference to fig. 2 and referring to the specific process when the NAS security mode command message indicates different security modes of the three security modes, when the session key security indication is used to indicate the terminal to generate the session key Ks using the first security mode, the NAS security mode command message sent by the network device to the terminal and received by the first transceiver includes, in addition to the session key security indication (indicated as the first security mode), a network key group identifier sent by the network device, the security capability of the terminal, a ciphering algorithm, an integrity algorithm, a network device public key, and a root key K based on pre-authentication1Performing message verification operation to obtain a Media Access Control (MAC) result;
when the session key security indication is used to instruct the terminal to generate the session key Ks in the second security mode or the third security mode, the NAS security mode command message sent by the network device to the terminal and received by the first transceiver includes the session key security indication (which indicates the second security mode or the third security mode) and also includes the NAS security mode command messageIncluding network key group identification, terminal security capability, encryption algorithm, integrity algorithm and root key K according to pre-authentication1And carrying out message verification operation to obtain an MAC result.
Specifically, when the session key security indication is used to instruct the terminal to generate the session key Ks in the first security mode, the processor is specifically configured to:
obtaining a shared secret key K according to the public key of the network equipmentDH
According to the shared secret key KDHAnd pre-authentication of the generated root key K1And calculating by adopting a Hash algorithm to obtain the session key Ks.
Additionally, the processor is further configured to:
saving the shared secret key KDHAnd the shared secret key KDHAnd the identity of the network device.
Further, when the session key security indication is used to instruct the terminal to generate the session key Ks in the second security mode, the processor is specifically configured to:
reading a shared secret key K which is stored during the last DH secret key exchange and corresponds to the identification of the network equipment according to the identification of the network equipmentDH
According to the read shared secret key KDHAnd pre-authentication of the generated root key K1And calculating by adopting a Hash algorithm to obtain the session key Ks.
Specifically, in the network device and the terminal according to the specific embodiment of the present invention, when the security mode in the security mode command message sent by the network device is the first security mode, the second security mode, and the third security mode, the specific process of the specific security mode command flow may be described in detail in the above embodiment with reference to fig. 2, and is not described herein again.
In another aspect, embodiments of the present invention further provide a communication device, including a memory, a processor, and a computer program stored in the memory and executable on the processor; wherein the processor implements the security authentication method as described in any one of the above when executing the program.
The communication device may be a network device or a terminal.
Another aspect of the embodiments of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps in the security authentication method as described in any one of the above.
Based on the above detailed description, those skilled in the art should be able to understand specific embodiments of the communication device and the computer-readable storage medium using the security authentication method according to the specific embodiments of the present invention, and detailed descriptions thereof are omitted here.
According to the security authentication method, the security authentication device, the communication device and the computer readable storage medium of the embodiments of the present invention, at least two security modes are preset according to different security requirements of the terminal for DH key exchange and session key generation calculation efficiency, and the different security modes can satisfy the different security requirements of the terminal for DH key exchange and session key generation calculation efficiency.
While the preferred embodiments of the present invention have been described, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention as defined in the following claims.

Claims (28)

1. A method of secure authentication, comprising:
when a session key is generated by adopting a Diffie Hellman DH protocol, sending a session key safety indication to a terminal, wherein the session key safety indication is used for indicating the terminal to generate a session key Ks by adopting one of at least two preset safety modes;
wherein, predetermine at least two safe modes and include:
a first security mode: need to perform DH key exchange to generate shared key KDHAccording to said shared secret key KDHAnd pre-authentication of the generated root key K1Generating a session key Ks;
a second security mode: shared key K generation without DH key exchangeDHA shared secret key K generated from the last authenticationDHAnd pre-authentication of the generated root key K1Generating a session key Ks;
the third safety mode: without DH key exchange, the root key K generated by pre-authentication is used1Set to the session key Ks.
2. The secure authentication method of claim 1, wherein the step of sending a session key security indication to the terminal comprises:
and sending a non-access stratum (NAS) security mode command to the terminal, wherein the NAS security mode command comprises the session key security indication.
3. The secure authentication method of claim 1, wherein before the step of sending a session key security indication to the terminal, the method further comprises:
authenticating with the terminal to obtain the root key K1
4. The secure authentication method according to claim 1, wherein when the session key security indication is used to instruct the terminal to generate the session key Ks in the first secure mode, the method further comprises: sending network key group identification, terminal security capability, encryption algorithm, integrity algorithm, DH public key of network equipment and root key K according to pre-authentication to the terminal1Performing message verification operation to obtain a Media Access Control (MAC) result;
when the session key security indication is used to instruct the terminal to generate the session key Ks in the second security mode or the third security mode, the method further includes: sending a network key group identifier, the security capability of the terminal, an encryption algorithm, an integrity algorithm and a root key K according to pre-authentication to the terminal1And carrying out message verification operation to obtain an MAC result.
5. The secure authentication method according to claim 1, wherein when the session key security indication is used to instruct the terminal to generate the session key Ks in the first secure mode, after the step of sending the session key security indication to the terminal, the method further comprises:
receiving a safety mode completion message fed back by the terminal;
calculating a shared secret key K according to the safety mode completion messageDHAnd a session key Ks;
saving the shared secret key KDHAnd the shared secret key KDHAnd the corresponding relation between the terminal and the authentication identity of the terminal.
6. The secure authentication method according to claim 1, wherein when the session key security indication is used to instruct the terminal to generate the session key Ks in the second secure mode, after the step of sending the session key security indication to the terminal, the method further comprises:
receiving a safety mode completion message fed back by the terminal;
according to the safety mode completion message, utilizing the shared secret key K which is stored during the last DH secret key exchange and corresponds to the authentication identity of the terminalDHThe session key Ks is calculated.
7. A method of secure authentication, comprising:
when a session key is generated by adopting a Diffie Hellman DH protocol, receiving a session key security indication sent by network equipment, wherein the session key security indication is used for indicating a terminal to generate a session key Ks by adopting one of at least two preset security modes;
calculating the session key Ks according to the security mode in the session key security indication;
wherein, predetermine at least two safe modes and include:
a first security mode: need to perform DH key exchange to generate shared key KDHAccording to said shared secret key KDHAnd pre-authentication of the generated root key K1Generating a session key Ks;
a second security mode: shared key K generation without DH key exchangeDHFrom the last generated shared secret key KDHAnd pre-authentication of the generated root key K1Generating a session key Ks;
the third safety mode: without DH key exchange, the root key K generated by pre-authentication is used1Set to the session key Ks.
8. The secure authentication method of claim 7, wherein the step of receiving the session key security indication sent by the network device comprises:
receiving a NAS security mode command sent by a network device, wherein the NAS security mode command comprises the session key security indication.
9. The secure authentication method of claim 7, wherein before the step of receiving the session key security indication sent by the network device, the method further comprises:
authenticating with the network equipment to obtain the root key K1
10. The secure authentication method according to claim 7, wherein when the session key security indication is used to instruct the terminal to generate the session key Ks in the first secure mode, the method further comprises: receiving network key group identification, terminal security capability, encryption algorithm, integrity algorithm, network device public key and root key K according to pre-authentication sent by network device1Performing message verification operation to obtain a Media Access Control (MAC) result;
when the session key security indication is used to instruct the terminal to generate the session key Ks in the second security mode or the third security mode, the method further includes: receiving network key group identification sent by network equipment, security capability of terminal and addingCryptographic algorithm, integrity algorithm and root key K according to pre-authentication1And carrying out message verification operation to obtain an MAC result.
11. The security authentication method according to claim 10, wherein when the session key security indication indicates that the terminal uses the first security mode to generate the session key Ks, the step of calculating the session key Ks according to the security mode in the session key security indication comprises:
obtaining a shared secret key K according to the public key of the network equipmentDH
According to the shared secret key KDHAnd pre-authentication of the generated root key K1And calculating by adopting a Hash algorithm to obtain the session key Ks.
12. The secure authentication method of claim 11, wherein the shared secret key K is obtainedDHThereafter, the method further comprises:
saving the shared secret key KDHAnd the shared secret key KDHAnd the identity of the network device.
13. The secure authentication method according to claim 10, wherein when the session key security indication indicates that the terminal uses the second security mode to generate the session key Ks, the step of calculating the session key Ks according to the security mode in the session key security indication comprises:
reading a shared secret key K which is stored during the last DH secret key exchange and corresponds to the identification of the network equipment according to the identification of the network equipmentDH
According to the read shared secret key KDHAnd pre-authentication of the generated root key K1And calculating by adopting a Hash algorithm to obtain the session key Ks.
14. A network device, comprising:
the session key security indication is used for indicating the terminal to generate a session key Ks by adopting one of at least two preset security modes;
wherein, predetermine at least two safe modes and include:
a first security mode: need to perform DH key exchange to generate shared key KDHAccording to said shared secret key KDHAnd pre-authentication of the generated root key K1Generating a session key Ks;
a second security mode: shared key K generation without DH key exchangeDHFrom the last generated shared secret key KDHAnd pre-authentication of the generated root key K1Generating a session key Ks;
the third safety mode: without DH key exchange, the root key K generated by pre-authentication is used1Set to the session key Ks.
15. The network device of claim 14, wherein the first transceiver is specifically configured to:
and sending an NAS security mode command to the terminal, wherein the NAS security mode command comprises the session key security indication.
16. The network device of claim 14, wherein the network device further comprises:
a second transceiver for authenticating with the terminal to obtain the root key K1
17. The network device of claim 14, wherein the first transceiver is further configured to:
when the session key security indication is used for indicating the terminal to generate the session key Ks by adopting the first security mode, sending a network key group identifier, the security capability of the terminal, a ciphering algorithm, an integrity algorithm, a DH public key of the network equipment to the terminal and sending a session key group identifier, a ciphering algorithm, an integrity algorithm and a DH public key of the network equipment to the terminal according to the session key security indicationPre-authenticated root Key K1Performing message verification operation to obtain a Media Access Control (MAC) result;
when the session key security indication is used for indicating the terminal to adopt the second security mode or the third security mode to generate the session key Ks, sending a network key group identifier, the security capability of the terminal, a ciphering algorithm, an integrity algorithm and a root key K according to pre-authentication to the terminal1And carrying out message verification operation to obtain an MAC result.
18. The network device of claim 14, wherein the network device further comprises:
the third transceiver is used for receiving the safety mode completion message fed back by the terminal;
a first processor for calculating a shared secret key K according to the security mode completion messageDHAnd a session key Ks; and saving the shared secret key KDHAnd the shared secret key KDHAnd the corresponding relation between the terminal and the authentication identity of the terminal.
19. The network device of claim 14, wherein the network device further comprises:
the fourth transceiver is used for receiving the safety mode completion message fed back by the terminal;
a second processor, configured to utilize, according to the security mode completion message, a shared key K stored in a last DH key exchange and corresponding to the authentication identity of the terminalDHThe session key Ks is calculated.
20. A terminal, comprising:
the first transceiver is used for receiving a session key security indication sent by the network device when a session key is generated by adopting a diffie hellman DH protocol, wherein the session key security indication is used for indicating the terminal to generate a session key Ks by adopting one of at least two preset security modes;
a processor, configured to calculate the session key Ks according to the security mode in the session key security indication;
wherein, predetermine at least two safe modes and include:
a first security mode: need to perform DH key exchange to generate shared key KDHAccording to said shared secret key KDHAnd pre-authentication of the generated root key K1Generating a session key Ks;
a second security mode: shared key K generation without DH key exchangeDHFrom the last generated shared secret key KDHAnd pre-authentication of the generated root key K1Generating a session key Ks;
the third safety mode: without DH key exchange, the root key K generated by pre-authentication is used1Set to the session key Ks.
21. The terminal of claim 20, wherein the first transceiver is specifically configured to:
receiving a NAS security mode command sent by a network device, wherein the NAS security mode command comprises the session key security indication.
22. The terminal of claim 20, wherein the terminal further comprises:
a second transceiver for authenticating with the network device to obtain the root key K1
23. The terminal of claim 20, wherein the first transceiver is further configured to:
when the session key security indication is used for indicating the terminal to generate the session key Ks by adopting the first security mode, receiving a network key group identifier, a security capability of the terminal, a cryptographic algorithm, an integrity algorithm, a network device public key and a root key K according to pre-authentication sent by the network device1Performing message verification operation to obtain a Media Access Control (MAC) result;
when the session key safety indication is used for indicating the terminal to adoptWhen the second security mode or the third security mode generates the session key Ks, the network key group identifier, the security capability of the terminal, the encryption algorithm, the integrity algorithm and the root key K according to the pre-authentication sent by the network equipment are received1And carrying out message verification operation to obtain an MAC result.
24. The terminal according to claim 23, wherein when the session key security indication is used to instruct the terminal to generate the session key Ks in the first security mode, the processor is specifically configured to:
obtaining a shared secret key K according to the public key of the network equipmentDH
According to the shared secret key KDHAnd pre-authentication of the generated root key K1And calculating by adopting a Hash algorithm to obtain the session key Ks.
25. The terminal of claim 24, wherein the processor is further configured to:
saving the shared secret key KDHAnd the shared secret key KDHAnd the identity of the network device.
26. The terminal according to claim 23, wherein when the session key security indication is used to instruct the terminal to generate the session key Ks in the second security mode, the processor is specifically configured to:
reading a shared secret key K which is stored during the last DH secret key exchange and corresponds to the identification of the network equipment according to the identification of the network equipmentDH
According to the read shared secret key KDHAnd pre-authentication of the generated root key K1And calculating by adopting a Hash algorithm to obtain the session key Ks.
27. A communication device comprising a memory, a processor and a computer program stored on the memory and executable on the processor; wherein the processor implements the secure authentication method of any one of claims 1 to 6 or implements the secure authentication method of any one of claims 7 to 13 when executing the program.
28. A computer-readable storage medium, on which a computer program is stored, which program, when being executed by a processor, carries out the steps of the security authentication method as claimed in any one of claims 1 to 6, or carries out the steps of the security authentication method as claimed in any one of claims 7 to 13.
CN201710898720.8A 2017-09-28 2017-09-28 Security authentication method, security authentication device, communication device, and storage medium Active CN109586913B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710898720.8A CN109586913B (en) 2017-09-28 2017-09-28 Security authentication method, security authentication device, communication device, and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710898720.8A CN109586913B (en) 2017-09-28 2017-09-28 Security authentication method, security authentication device, communication device, and storage medium

Publications (2)

Publication Number Publication Date
CN109586913A CN109586913A (en) 2019-04-05
CN109586913B true CN109586913B (en) 2022-04-01

Family

ID=65913837

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710898720.8A Active CN109586913B (en) 2017-09-28 2017-09-28 Security authentication method, security authentication device, communication device, and storage medium

Country Status (1)

Country Link
CN (1) CN109586913B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113132979B (en) * 2019-12-30 2023-03-21 中移雄安信息通信科技有限公司 Method for acquiring and issuing IMSI encrypted public key and equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101336000A (en) * 2008-08-06 2008-12-31 中兴通讯股份有限公司 Protocol configuration option transmission method, system and user equipment
CN101640886A (en) * 2008-07-29 2010-02-03 上海华为技术有限公司 Authentication method, re-authentication method and communication device
CN101835156A (en) * 2010-05-21 2010-09-15 中兴通讯股份有限公司 Method and system for safeguarding user access
CN102187599A (en) * 2008-08-15 2011-09-14 三星电子株式会社 Security protected non-access stratum protocol operation supporting method in a mobile telecommunication system
CN103220674A (en) * 2007-09-03 2013-07-24 华为技术有限公司 Method and system for preventing quality degradation attack during terminal movement and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103220674A (en) * 2007-09-03 2013-07-24 华为技术有限公司 Method and system for preventing quality degradation attack during terminal movement and device
CN101640886A (en) * 2008-07-29 2010-02-03 上海华为技术有限公司 Authentication method, re-authentication method and communication device
CN101336000A (en) * 2008-08-06 2008-12-31 中兴通讯股份有限公司 Protocol configuration option transmission method, system and user equipment
CN102187599A (en) * 2008-08-15 2011-09-14 三星电子株式会社 Security protected non-access stratum protocol operation supporting method in a mobile telecommunication system
CN101835156A (en) * 2010-05-21 2010-09-15 中兴通讯股份有限公司 Method and system for safeguarding user access

Also Published As

Publication number Publication date
CN109586913A (en) 2019-04-05

Similar Documents

Publication Publication Date Title
US11496320B2 (en) Registration method and apparatus based on service-based architecture
CN107800539B (en) Authentication method, authentication device and authentication system
CN107820239B (en) Information processing method and device
KR102112542B1 (en) Method and system for generating session key using Diffie-Hellman procedure
US9654284B2 (en) Group based bootstrapping in machine type communication
EP2905719B1 (en) Device and method certificate generation
US11044084B2 (en) Method for unified network and service authentication based on ID-based cryptography
US20130305386A1 (en) Method for protecting security of data, network entity and communication terminal
WO2018046017A1 (en) Information processing method, device, electronic equipment and computer storage medium
JP7237200B2 (en) Parameter transmission method and device
CN113228721B (en) Communication method and related product
CN110690966B (en) Method, system, equipment and storage medium for connecting terminal and service server
CN110635901B (en) Local Bluetooth dynamic authentication method and system for Internet of things equipment
CN109314693B (en) Method and apparatus for authenticating a key requestor
CN112312393A (en) 5G application access authentication method and 5G application access authentication network architecture
EP3413508A1 (en) Devices and methods for client device authentication
CN104243452A (en) Method and system for cloud computing access control
WO2022135391A1 (en) Identity authentication method and apparatus, and storage medium, program and program product
WO2006026925A1 (en) A method for setting the authentication key
CN109586913B (en) Security authentication method, security authentication device, communication device, and storage medium
CN109561431B (en) WLAN access control system and method based on multi-password identity authentication
CN107733929B (en) Authentication method and authentication system
US20240064006A1 (en) Identity authentication method and apparatus, storage medium, program, and program product
US11223954B2 (en) Network authentication method, device, and system
EP2389031A1 (en) Secure handoff method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant