CN110912692A - Sensor network authentication key establishment method based on light certificate and implementation device thereof - Google Patents

Sensor network authentication key establishment method based on light certificate and implementation device thereof Download PDF

Info

Publication number
CN110912692A
CN110912692A CN201911133260.5A CN201911133260A CN110912692A CN 110912692 A CN110912692 A CN 110912692A CN 201911133260 A CN201911133260 A CN 201911133260A CN 110912692 A CN110912692 A CN 110912692A
Authority
CN
China
Prior art keywords
key
packet
certificate
node
new1
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911133260.5A
Other languages
Chinese (zh)
Other versions
CN110912692B (en
Inventor
孙发军
何炎祥
张晓曈
李清安
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan University WHU
Original Assignee
Wuhan University WHU
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan University WHU filed Critical Wuhan University WHU
Priority to CN201911133260.5A priority Critical patent/CN110912692B/en
Publication of CN110912692A publication Critical patent/CN110912692A/en
Application granted granted Critical
Publication of CN110912692B publication Critical patent/CN110912692B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The method aims to solve the problems that the maximum transmission unit limit and the low reliability are not considered in the public key-based authentication key establishment method in the existing sensor network. The invention discloses a sensor network authentication key establishment method based on a light certificate and an implementation device thereof, which adopt the light certificate and a digital signature mode to realize public key authentication, private key authentication and secret value authentication, and realize the confidentiality for calculating a session key secret value through a public key encryption/decryption mechanism. The invention also provides an implementation device based on ECC public key primitives ECIES, ECDSA and other operations, and the implementation device is realized on a TelosB node by using TinyECC based on a TinyOS platform, and the result shows that the key establishment of the two nodes needs 66.5 seconds when the method disclosed by the invention is applied to the ECC primitive, and the repeated negotiation parameter is set to be 1 to be most cost-effective for improving the reliability.

Description

Sensor network authentication key establishment method based on light certificate and implementation device thereof
Technical Field
The invention belongs to the technical field of authentication key establishment in network security, and particularly relates to an authentication key establishment (or negotiation, distribution and exchange) method of a sensor network, which can be used for safely and efficiently negotiating a shared session key among nodes in the sensor network.
Background
As part of the internet of things and fog computing, sensor networks have been widely studied for many years, and providing security in network environments where their resources are limited has been a research hotspot. Early researchers focused on providing security using symmetric key mechanisms, but key agreement has not been perfectly resolved because of the inherent features of symmetric key mechanisms. Until the feasibility of the public key mechanism in the sensor network is authenticated later, the ECC-based public key mechanism is widely applied to key agreement of the sensor network, but the existing solutions consider security issues from the transport layer, which is mainly embodied in two aspects:
1) the lower layer is assumed to be reliable, so that the problem of loss of the negotiation packet is not considered in the existing method;
2) no consideration is given to the limitations of the MTU (Maximum Transmission Unit) in the lower layer, such as the frame length specified in ieee802.15.4 being 127B and the payload being 118B (assuming that the frame header and the frame tail are 9B and the security level is 80 bit level). Existing solutions either exceed this limit or implement non-authenticated key establishment (e.g., EPKI). When the limit is exceeded, the key establishment package is generated on the bottom layer fragment, so that an attacker can destroy the whole key negotiation process by destroying one of the fragments, and the safety is reduced. The key agreement without authentication can cause various attacks such as impersonation attack, MITM attack and the like.
We have analyzed and found that most of the existing authentication key agreement is based on a certificateless scheme (such as CL-EKM), and the length of an agreement packet in the scheme is always larger than 118B due to the need of public key self-certification, and the certificate-based scheme can separate the authentication of the public key and the authentication of key agreement data, so that the data volume of each packet is lower than 118B, and the public key mechanism is favorable for realizing key agreement between sensor network nodes.
Disclosure of Invention
Based on the above thought, the invention provides an authentication key establishment method based on a light certificate and suitable for a low configuration environment of a wireless sensor network, and provides an authentication key transmission device for implementing the method on TelosB running TinyOS, wherein an ECIES algorithm is used for encryption/decryption operation in the transmission device, and an ECDSA algorithm is used for digital signature operation.
The main structure of the authentication key establishment method provided by the invention is shown in fig. 1, and comprises the following two stages:
stage one: pre-distribution of keys
This phase is implemented in two steps:
step 1, initializing; firstly, selecting security parameters according to the application scene security requirements of the method, and then selecting used public key primitives, Hash functions and parameters related to the primitives according to the security parameters;
step 2, generating a public and private key pair and a certificate and loading the public and private key pair and the certificate into a node;
first of all a private/public key pair (d) is generated for the key generation center KGCs,Qs) Subsequently, a private/public key pair is generated by the KGC for each node (d)i,Qi) And simultaneously generating a light certificate for the method, wherein the light certificate of the method is defined as:
Figure BDA0002278905310000021
then the public key of KGC, the private/public key pair (d) of the nodei,Qi) Certificates, used public key primitives, Hash functions, parameters related to the primitives and the like are loaded into the nodes along with the application programs;
and a second stage: key establishment
(2a) After the sensor node loaded with the security material is deployed, the following key negotiation process is started, and the nodes (such as a) which participate in the negotiation firstly create a New1 packet and broadcast the packet:
New1:=NonceA||CertA
(2b) when A receives a New1 packet of a certain neighbor node B, if A does not establish a shared key with B, the certificate Cert in the packet is verifiedBAfter the verification is passed, the node A stores the public key and the related information of the node B into a neighbor list; a will then generate a random KeyAUse it as the other partyPublic key encryption into
Figure BDA0002278905310000022
And with the received NonceBHash is combined, signed by the private key of A and
Figure BDA0002278905310000023
constructing a New2 packet to be sent to B, and recording the random Key KeyAEntering the record of the neighbor list B; wherein the New2 packet structure is as follows:
Figure BDA0002278905310000024
(2c) when A receives a New2 packet of a neighbor node B, if the A does not receive the New1 operation of the B, the A is sent to a queue cache, otherwise, the A is combined with the previously sent NonceAAnd the received ciphertext
Figure BDA0002278905310000025
The signature is verified, if the signature passes the verification, the private key d of the user is usedAFor ciphertext
Figure BDA0002278905310000026
Decrypt and obtain KeyBMatch it with previously stored KeyAPerforming XOR operation, if no Key is generated yetAOne is generated immediately, and a corresponding New2 is created and sent to B, and finally the shared key of a and B is obtained as follows:
Figure BDA0002278905310000027
of course, if New1 of a neighbor is received but no New2 is received within a certain time, the New is discarded as a replay attack, and if New2 is received and no New1 is received within a certain time, New2 is also cleared from the queue.
In the method for establishing the sensor network authentication key based on the lightweight certificate, the used lightweight certificate is defined as:
Figure BDA0002278905310000031
in the method for establishing the sensor network authentication key based on the light certificate, the following four mechanisms are used in the negotiation process:
the challenge-response mechanism: because time synchronization in the sensor network is not easy, in order to resist replay attack, a random Nonce is used for constructing a challenge-response mechanism to resist replay attack;
a queue buffering mechanism: the queue buffer mechanism is used for solving the problems of unreliability of WSNs and time consumption of a public key mechanism, and each received packet is put into a circular queue for buffering, and similarly, the transmitted packet is also sent into another transmission queue for buffering; the queue buffer mechanism is utilized to realize the orderly receiving and transmitting of the New1 and the New 2;
a retransmission mechanism: in order to further solve the problem of high packet loss rate of WSNs and ensure successful establishment of a negotiation key, a parameterized retransmission mechanism is arranged to improve the successful establishment probability of the secure connection, and a MicaZ node simulation experiment in TinyOS shows that the retransmission value of 1 time is better;
invalid packet clearing mechanism: a timing cleaning mechanism is used to perform timing cleaning on the false registered neighbors and the received New2 packet without the corresponding New1 packet, so as to increase the opportunity of establishing session keys with the real neighbors.
In the method for establishing the sensor network authentication key based on the light certificate, two messages transmitted in the negotiation process are defined as follows:
New1:=NonceA||CertA
Figure BDA0002278905310000032
an implementation apparatus of a sensor network authentication key establishment method based on a lightweight certificate is characterized in that, based on the authentication key establishment method defined in claim 1, an ECC primitive is used, and a relationship between a private key and a public key is defined as follows: q ═ dP; encryption/decryption is realized by using ECIES, and signature/signature verification is realized by using ECDSA; setting the number of New1 transmissions to 2, the key agreement process takes 1 minute at the TelosB node.
The invention separates the key establishing process of the authentication into two parts of public key authentication and key agreement data authentication by using the light certificate and the digital signature, so that each part of authentication packet does not exceed the regulation of the existing relevant standard, thereby being beneficial to the protocol to be implemented under the actual industrial standard. Meanwhile, in the key establishment method, a challenge-response mechanism is used for resisting replay attack, a queue buffer mechanism is used for improving reliability and solving the time-consuming problem of a public key mechanism, a retransmission mechanism is used for improving the proportion of establishing secure connection, an invalid packet cleaning mechanism is used for preventing buffer filling attack, the number of sent packets and the amount of each packet are reduced as far as possible in design, and the calculation amount is minimized under the condition of ensuring security by using ingenious ECIES and ECDSA primitive collocation, so that the method provided by the invention has the characteristics of high security, reliability, lower overhead and the like. In terms of security, as long as there are not the following three cases: the private keys of two parties are leaked at the same time, the secret values of the two parties are leaked at the same time, and the private key and the secret value of one party are leaked at the same time. Our subsequent embodiments show that when a retransmission mechanism is used to improve the secure connection rate, it is most cost effective to retransmit once.
Drawings
Fig. 1 is a body flow diagram of key establishment in accordance with the present invention.
Fig. 2 is a detailed flow chart of an embodiment of the present invention.
Fig. 3 is a block diagram of the implementation of stage one of the method in TinyOS.
Fig. 4 is a diagram of the implementation of stage two of the method in TinyOS.
Detailed Description
The technical scheme of the invention is further specifically described by the following embodiments and the accompanying drawings.
The authentication key establishment method provided by the invention comprises the following two stages:
stage one: pre-distribution of keys
This phase is implemented in two steps:
and step 1, initializing.
Assuming that the application scenario security requirement of the method is at the level of 80 bits, if we select the used public key primitive as ECC, the security parameter λ may be selected as 160.
Taking the curve as E: y is2=x3+ ax + b (a, b are constants, 4 a)3+27b2Not equal to 0), a large prime number p of lambda bits is selected, based on E/FpA cyclic abelian group G of order q (q is also a sufficiently large lambda-bit prime number) is constructed from which a generator P can be determined.
Selecting a proper hash function:
Figure BDA0002278905310000041
because the Hash function is only used for generating the message digest by using the compressibility of the signature, the Hash function with moderate security, such as SHA-1, can be selected.
The public parameter set of the construction system is as follows:
Figure BDA0002278905310000042
and selects the used ECC public key primitives as ECIES (encryption/decryption), ECDSA (signature/signature verification).
And 2, generating a public and private key pair and a certificate and loading the public and private key pair and the certificate into the node.
First of all a private/public key pair (d) is generated for the key generation center KGCs,Qs) Wherein
Figure BDA0002278905310000043
Qs=dsFor simplicity, the operations of modq and modp are omitted in this specification, and all the operations between point components require modp and all the operations between pre-point coefficients require modq. A private/public key pair is then generated by the KGC for each node (d)i,Qi) Is also taken
Figure BDA0002278905310000051
Qi=diP, generating a lightweight certificate for it at the same time:
Figure BDA0002278905310000052
selectable compression mode
Figure BDA0002278905310000053
When compressed mode is used, Qi[x]Except for storing QiBesides the x-coordinate of the point, a flag bit is also stored, and the non-compressed mode is preferable for the sensor network because the compressed mode requires a large amount of calculation when recovering the point.
Then the public key of KGC, the private/public key pair (d) of the nodei,Qi) The certificate, the used public key primitives, the Hash function and parameters related to these primitives are loaded into the node along with the application.
And a second stage: key establishment (as shown in FIG. 2)
(2a) After the sensor node loaded with the security material is deployed, the key agreement process shown in fig. 2 is started, and the nodes (such as a) participating in the agreement first create and broadcast a New1 packet:
New1:=NonceA||CertA
(2b) when A receives a New1 package of a certain neighbor node (such as B), if A does not establish a shared key with B, the certificate Cert in the package is verifiedBAfter the verification is passed, the node A stores the public key and the related information of the node B into a neighbor list. A will then generate a random KeyAIt is encrypted into with the public key of the other party
Figure BDA0002278905310000054
And with the received NonceBHash is combined, signed by the private key of A and
Figure BDA0002278905310000055
constructing a New2 packet to be sent to B, and recording the random Key KeyAEnter the record in which neighbor list B is located. Wherein the New2 packet structure is as follows:
Figure BDA0002278905310000056
(2c) when A receives a New2 packet of a neighbor node (such as B), if the A does not receive the New1 operation of B, the A is sent to a queue buffer, otherwise, the A is combined with the previously sent NonceAAnd the received ciphertext
Figure BDA0002278905310000057
The signature is verified, if the signature passes the verification, the private key d of the user is usedAFor ciphertext
Figure BDA0002278905310000058
Decrypt and obtain KeyBMatch it with previously stored KeyAPerforming XOR operation (if the Key is not generated yet at this time)AOne is generated immediately and a corresponding New2 is created and sent to B), and the shared key of a and B is finally obtained as:
Figure BDA0002278905310000059
if the signature verification fails, the New2 packet is discarded as a transmission error or attack.
Of course, if New1 of a neighbor is received but no New2 is received within a certain time, the New is discarded as a replay attack, and if New2 is received and no New1 is received within a certain time, New2 is also cleared from the queue.
Four mechanisms are adopted in the implementation:
the challenge-response mechanism: because time synchronization in the sensor network is not easy, in order to resist replay attack, a random Nonce is used in the method to construct a challenge-response mechanism to resist replay attack, and the specific implementation is shown in New1 and New2 packets.
A queue buffering mechanism: according to the method, a queue buffer mechanism is designed to solve the problems of unreliability of a sensor network, time consumption of a public key mechanism and the like, each received packet is placed into one circular queue for buffering, and similarly, a transmitted packet is also sent into the other transmission queue for buffering. The queue buffer mechanism is used for realizing the ordered transceiving of the New1 and the New 2.
A retransmission mechanism: in order to further solve the problem of high packet loss rate of a sensor network and ensure successful establishment of a negotiation key, a parameterized retransmission mechanism is arranged to improve the successful establishment probability of a secure connection, and a MicaZ node simulation experiment in TinyOS shows that a retransmission value of 1 time is preferred.
Invalid packet clearing mechanism: in the implementation of the method, a timing cleaning mechanism is used to perform timing cleaning on the false registered neighbor and the received New2 packet without the corresponding New1 packet, so as to increase the opportunity of establishing the session key with the real neighbor.
The four mechanisms are all embodied in the stage two, and the queue length, the retransmission times, the packet clearing delay and the like can be parameterized in implementation, so that the adjustment can be favorably carried out according to the actual platform and the safety and reliability requirements.
The method of the present invention is implemented on tinyos2.1.2 in the prior embodiment, and it is measured that a key agreement establishment process of one round of authentication takes about 66.5 seconds on TelosB, and the implementation main body structures of the stage one and the stage two are shown in fig. 3 and fig. 4, wherein NNM, ECCC, ECIES, ECDSA, and the like are all modules provided in tinyc 2.0, and tinpkg, testTinyAKE, and New1, New2, and the like among them are designed according to the above method, and the specific flow is similar to the above implementation process, and will not be described again.
The invention provides an authentication key establishment method suitable for a sensor network based on a light certificate mechanism, and solves the problem that the existing method cannot adapt to IEEE802.15.4 frame length limitation on the premise of ensuring safety by using ECIES, ECDSA and other primitives in a fine matching way. The method simultaneously considers the factor of high loss rate of sensor network packets which is not considered by the existing method, adds a retransmission negotiation packet mechanism to improve the proportion of establishing the safety connection, and optimally sets the effective retransmission times to 1 time through simulation experiments. The invention can be used for constructing a safer and more reliable basic environment for high-level data transmission and application of the sensor network.
The above embodiment is merely a specific example of the present invention, and does not constitute any limitation to the present invention. Various modifications or additions may be made or substituted in a similar manner to the described embodiments by those skilled in the art, while remaining within the scope of the invention as defined in the appended claims, e.g. by substituting ECC for future-appearing more efficient public key primitives.
Noun explanation and symbol explanation
The user: a legal session entity, a participant in a session in the network, or a message sender/receiver of a communication, which may be a process, a computer, a mobile terminal or a sensor node, etc.;
KGC: key Generation Center, which is responsible for generating system public parameter, main public/private Key pair, and each user's part public/private Key pair, and distributing public parameter and part public/private Key pair for each user;
ECC: eliptic Curve Cryptography, Elliptic Curve Cryptography, a theory for constructing Elliptic Curve Cryptography;
ECIES: an Elliptic Curve integrated encryption Scheme, an ECC primitive-based encryption/decryption Scheme;
ECDSA: an Elliptic Curve Digital Signature Algorithm, a Signature/Signature verification scheme based on ECC primitives;
(·)K: encrypting the content with a key K;
{·}K: signing the Hash value of the content with a key K;
λ: system safety parameters, which are selected by an application using the invention according to safety requirements, are at least not less than 160;
p, q: two large prime numbers selected by KGC to satisfy p ≥ 2λ-1
Fp: finite field of order (number of elements) p;
g: q-order addition cycle group, which is based on E/F after selecting elliptic curve E by KGCpConstructing to obtain a generator P;
Figure BDA0002278905310000071
a set of positive integers less than q {1,2, …, q-1 };
H:
Figure BDA0002278905310000072
a cryptographic hash function;
mod: performing modulo remainder operation;
R: belongs to and is randomly selected;
scalar multiplication: operation of a point on a number-times elliptic curve
Point component: the x or y component of a point on the elliptical curve;
hash: cryptographic hash function operations, such as SHA-2 series of functions, etc.;
MAC: a message authentication code generation operation.

Claims (5)

1. A sensor network authentication key establishment method based on a light certificate is characterized by comprising the following two stages:
stage one: pre-distribution of keys
This phase is implemented in two steps:
step 1, initializing; firstly, selecting security parameters according to the application scene security requirements of the method, and then selecting used public key primitives, Hash functions and parameters related to the primitives according to the security parameters;
step 2, generating a public and private key pair and a certificate and loading the public and private key pair and the certificate into a node;
first of all a private/public key pair (d) is generated for the key generation center KGCs,Qs) Subsequently, a private/public key pair is generated by the KGC for each node (d)i,Qi) And simultaneously generating a light certificate for the method, wherein the light certificate of the method is defined as:
Figure FDA0002278905300000016
then the public key of KGC, the private/public key pair (d) of the nodei,Qi) Certificates, used public key primitives, Hash functions and parameters related to these primitives, etc. along with applicationsLoading into the node together;
and a second stage: key establishment
(2a) After the sensor node loaded with the security material is deployed, the following key negotiation process is started, and the nodes (such as a) which participate in the negotiation firstly create a New1 packet and broadcast the packet:
New1:=NonceA||CertA
(2b) when A receives a New1 packet of a certain neighbor node B, if A does not establish a shared key with B, the certificate Cert in the packet is verifiedBAfter the verification is passed, the node A stores the public key and the related information of the node B into a neighbor list; a will then generate a random KeyAIt is encrypted into with the public key of the other party
Figure FDA0002278905300000011
And with the received NonceBHash is combined, signed by the private key of A and
Figure FDA0002278905300000012
constructing a New2 packet to be sent to B, and recording the random Key KeyAEntering the record of the neighbor list B; wherein the New2 packet structure is as follows:
Figure FDA0002278905300000013
(2c) when A receives a New2 packet of a neighbor node B, if the A does not receive the New1 operation of the B, the A is sent to a queue cache, otherwise, the A is combined with the previously sent NonceAAnd the received ciphertext
Figure FDA0002278905300000014
The signature is verified, if the signature passes the verification, the private key d of the user is usedAFor ciphertext
Figure FDA0002278905300000015
Decrypt and obtain KeyBMatch it with previously stored KeyAPerforming XOR operation, if no Key is generated yetAOne is generated immediately, and a corresponding New2 is created and sent to B, and finally the shared key of a and B is obtained as follows:
Figure FDA0002278905300000021
of course, if New1 of a neighbor is received but no New2 is received within a certain time, the New is discarded as a replay attack, and if New2 is received and no New1 is received within a certain time, New2 is also cleared from the queue.
2. The lightweight certificate based sensor network authentication key establishment method according to claim 1, wherein the lightweight certificate used is defined as:
Figure FDA0002278905300000022
3. the method for establishing the authentication key of the sensor network based on the lightweight certificate as claimed in claim 1, wherein the following four mechanisms are used in the negotiation process:
the challenge-response mechanism: because time synchronization in the sensor network is not easy, in order to resist replay attack, a random Nonce is used for constructing a challenge-response mechanism to resist replay attack;
a queue buffering mechanism: the queue buffer mechanism is used for solving the problems of unreliability of WSNs and time consumption of a public key mechanism, and each received packet is put into a circular queue for buffering, and similarly, the transmitted packet is also sent into another transmission queue for buffering; the queue buffer mechanism is utilized to realize the orderly receiving and transmitting of the New1 and the New 2;
a retransmission mechanism: in order to further solve the problem of high packet loss rate of WSNs and ensure successful establishment of a negotiation key, a parameterized retransmission mechanism is arranged to improve the successful establishment probability of the secure connection, and a MicaZ node simulation experiment in TinyOS shows that the retransmission value of 1 time is better;
invalid packet clearing mechanism: a timing cleaning mechanism is used to perform timing cleaning on the false registered neighbors and the received New2 packet without the corresponding New1 packet, so as to increase the opportunity of establishing session keys with the real neighbors.
4. The lightweight certificate based sensor network authentication key establishment method as claimed in claim 1, wherein two messages transmitted in the negotiation process are defined as:
New1:=NonceA||CertA
Figure FDA0002278905300000023
5. an implementation apparatus of a sensor network authentication key establishment method based on a lightweight certificate is characterized in that, based on the authentication key establishment method defined in claim 1, an ECC primitive is used, and a relationship between a private key and a public key is defined as follows: q ═ dP; encryption/decryption is realized by using ECIES, and signature/signature verification is realized by using ECDSA; setting the number of New1 transmissions to 2, the key agreement process takes 1 minute at the TelosB node.
CN201911133260.5A 2019-11-19 2019-11-19 Sensor network authentication key establishment method based on light certificate and implementation device thereof Active CN110912692B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911133260.5A CN110912692B (en) 2019-11-19 2019-11-19 Sensor network authentication key establishment method based on light certificate and implementation device thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911133260.5A CN110912692B (en) 2019-11-19 2019-11-19 Sensor network authentication key establishment method based on light certificate and implementation device thereof

Publications (2)

Publication Number Publication Date
CN110912692A true CN110912692A (en) 2020-03-24
CN110912692B CN110912692B (en) 2022-03-04

Family

ID=69818045

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911133260.5A Active CN110912692B (en) 2019-11-19 2019-11-19 Sensor network authentication key establishment method based on light certificate and implementation device thereof

Country Status (1)

Country Link
CN (1) CN110912692B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111669748A (en) * 2020-05-20 2020-09-15 中国科学院软件研究所 Mobile communication authentication method with privacy protection function
CN114007220A (en) * 2021-10-20 2022-02-01 武汉大学 Short-term session key generation method, authentication key negotiation method and system
CN114070570A (en) * 2021-11-16 2022-02-18 华北电力大学 Safe communication method of power Internet of things

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101702804A (en) * 2009-11-23 2010-05-05 西安电子科技大学 Two-party key agreement method based on self-certified public key
WO2011047548A1 (en) * 2009-10-21 2011-04-28 西安西电捷通无线网络通信股份有限公司 Key management and node authentication method for sensor network
CN103825742A (en) * 2014-02-13 2014-05-28 南京邮电大学 Authentication key agreement method applicable to large-scale sensor network
CN108882238A (en) * 2018-06-21 2018-11-23 中国石油大学(华东) A kind of lightweight rotation ca authentication method in mobile ad hoc network based on common recognition algorithm

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011047548A1 (en) * 2009-10-21 2011-04-28 西安西电捷通无线网络通信股份有限公司 Key management and node authentication method for sensor network
KR20120085826A (en) * 2009-10-21 2012-08-01 차이나 아이더블유엔콤 씨오., 엘티디 Key management and node authentication method for sensor network
CN101702804A (en) * 2009-11-23 2010-05-05 西安电子科技大学 Two-party key agreement method based on self-certified public key
CN103825742A (en) * 2014-02-13 2014-05-28 南京邮电大学 Authentication key agreement method applicable to large-scale sensor network
CN108882238A (en) * 2018-06-21 2018-11-23 中国石油大学(华东) A kind of lightweight rotation ca authentication method in mobile ad hoc network based on common recognition algorithm

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
郭萍等: "基于轻量级CA无线传感器网络双向认证方案", 《小型微型计算机系统》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111669748A (en) * 2020-05-20 2020-09-15 中国科学院软件研究所 Mobile communication authentication method with privacy protection function
CN114007220A (en) * 2021-10-20 2022-02-01 武汉大学 Short-term session key generation method, authentication key negotiation method and system
CN114007220B (en) * 2021-10-20 2023-12-08 武汉大学 Short-term session key generation method, authentication key negotiation method and system
CN114070570A (en) * 2021-11-16 2022-02-18 华北电力大学 Safe communication method of power Internet of things

Also Published As

Publication number Publication date
CN110912692B (en) 2022-03-04

Similar Documents

Publication Publication Date Title
CN108650227B (en) Handshaking method and system based on datagram secure transmission protocol
CN110011795B (en) Symmetric group key negotiation method based on block chain
Rohatgi A compact and fast hybrid signature scheme for multicast packet authentication
KR100956482B1 (en) Establishment of a trusted relationship between unknown communication parties
Perrig et al. SPINS: Security protocols for sensor networks
US8397062B2 (en) Method and system for source authentication in group communications
JP4527358B2 (en) An authenticated individual cryptographic system that does not use key escrow
CN110912692B (en) Sensor network authentication key establishment method based on light certificate and implementation device thereof
CN112468490B (en) Authentication method for access of power grid terminal layer equipment
CN110971401A (en) Authentication key negotiation method based on cross-interlocking mechanism and implementation device thereof
Flood et al. Peer to peer authentication for small embedded systems: A zero-knowledge-based approach to security for the Internet of Things
CN118802114A (en) Computer-implemented system and method for highly secure, high-speed encryption and transmission of data
KR101704540B1 (en) A method of managing group keys for sharing data between multiple devices in M2M environment
CN117879833A (en) Digital signature generation method based on improved elliptic curve
Bicakci et al. Server assisted signatures revisited
CN106953727A (en) Based on the group safety certifying method without certificate in D2D communications
Sun et al. Securing network access in wireless sensor networks
Fung et al. A denial-of-service resistant public-key authentication and key establishment protocol
CN114021165A (en) Partial private-public key pair construction method, authentication key negotiation method and system
CN114024668A (en) Efficient certificateless authentication key agreement method and system without bilinear pairing operation
Ma et al. A Proxy Signature Based Re-authentication Scheme for Secure Fast Handoff in Wireless Mesh Networks.
CN114007220B (en) Short-term session key generation method, authentication key negotiation method and system
Gahlin Secure ad hoc networking
Gauhar Fatima et al. A security protocol for wireless sensor networks
Wu Connection-oriented computer network secure communication and encryption algorithm

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant