CN111245869A - Cross-domain anonymous authentication method in information physical system - Google Patents

Cross-domain anonymous authentication method in information physical system Download PDF

Info

Publication number
CN111245869A
CN111245869A CN202010332579.7A CN202010332579A CN111245869A CN 111245869 A CN111245869 A CN 111245869A CN 202010332579 A CN202010332579 A CN 202010332579A CN 111245869 A CN111245869 A CN 111245869A
Authority
CN
China
Prior art keywords
domain
certificate
platform
cross
parameters
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010332579.7A
Other languages
Chinese (zh)
Other versions
CN111245869B (en
Inventor
陈立全
姬磊
唐敏
寇贵昱
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Changyang Technology Co ltd
Original Assignee
Nanjing Changyang Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Changyang Technology Co ltd filed Critical Nanjing Changyang Technology Co ltd
Priority to CN202010332579.7A priority Critical patent/CN111245869B/en
Publication of CN111245869A publication Critical patent/CN111245869A/en
Application granted granted Critical
Publication of CN111245869B publication Critical patent/CN111245869B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0877Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry
    • H04L2209/127Trusted platform modules [TPM]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a cross-domain anonymous authentication method in an information physical system, which is used for authenticating the legal identity of access equipment based on the anonymous authentication method in the application field of the information physical system. The method comprises 5 steps of designing internal output parameters of a terminal trusted computing module, initializing a system, issuing an intra-domain certificate application, issuing a cross-domain certificate application and authenticating a cross-domain signature. The method removes redundant calculation amount, and simultaneously improves the operation efficiency of the authentication protocol by adopting a batch certification technology on the premise of not influencing the safety. Meanwhile, the method realizes cross-domain authentication among multiple application fields of the information physical system, repairs the security hole that the platform can hold multiple secret values in the existing elliptic curve scheme, and improves the efficiency.

Description

Cross-domain anonymous authentication method in information physical system
Technical Field
The invention relates to the field of Internet of things and information security in industrial application, in particular to a cross-domain anonymous authentication method in an information physical system.
Background
Recently, the development and deployment scale of software and hardware of cyber-physical systems are rapidly increasing, and they have overall influence on people's lives, such as automatic allocation of power grids, petroleum and natural gas, automatic application of transportation systems, medical equipment and household appliances, and the like, which are very important to our daily lives. It is therefore imperative to fix their potential vulnerability threats and protect these devices from all types of attacks. In fact, in the industrial level internet of things environment, attacks and protections against system security always exist in opposition.
The cyber-physical system architecture is made up of a number of different components. The hardware components comprise sensors, actuators and embedded systems, the software components comprise various software products for control and monitoring, and the lack of security protection of any link in the integration process of the components and the components can cause the information physical system to be attacked. The complexity of the cyber-physical systems network and the heterogeneity of the cyber-physical system components present challenges to the security and privacy protection of the cyber-physical systems. Especially with complex network and physical interaction processes, threats and vulnerabilities become difficult to assess and new set of security issues arise, making it difficult to identify, track and check attacks on multiple cyber-physical system components.
Therefore, for an information physical system communication network based on embedded terminal equipment, establishing a trusted security framework is a very important development direction, and on the premise of ensuring the trustworthiness of the terminal equipment, anonymous security authentication between the information physical system terminal equipment and equipment, and between the equipment and a server needs to be emphasized to ensure the trustworthiness of the network. A trusted Computing group tcg (trusted Computing group) has proposed a platform authentication protocol PrivacyCA based on a trusted third party, but the process of each authentication of the protocol requires the participation of the third party, which affects the execution efficiency of the protocol and has huge overhead.
Disclosure of Invention
In an information physical system, in order to deal with security threats brought by intelligent equipment and an internet of things cloud system, the most effective measure is to ensure that terminal equipment accessed to a communication network of the information physical system is safe and credible.
To achieve the above-stated object of the invention, a cross-domain anonymous authentication method in an cyber-physical system includes the steps of:
s1, generating initialization parameters of the TPM module by calling the TPM command, including the private key
Figure 100002_DEST_PATH_IMAGE001
And public key
Figure 704721DEST_PATH_IMAGE002
Wherein
Figure 100002_DEST_PATH_IMAGE003
Is a fixed generator and designs internal output parameters;
s2, selecting through Setup subprotocol
Figure 286269DEST_PATH_IMAGE004
Figure 100002_DEST_PATH_IMAGE005
Figure 16DEST_PATH_IMAGE006
Elliptic curve finite cycle group with three prime orders and certificate issuing party
Figure 100002_DEST_PATH_IMAGE007
The private key of the certificate Issuer generates a public key pair of the certificate Issuer and hash functions required by each subprotocol;
s3 platform
Figure 717829DEST_PATH_IMAGE008
Applying for the certificate in the domain through the TA-Join subprotocol, and calling the VerSPK after the certificate passes the verificationThe protocol verifies the secret value of the platform to generate a final visa certificate;
s4 platform
Figure 383297DEST_PATH_IMAGE008
Passes after holding visa and certificate in the domain
Figure 100002_DEST_PATH_IMAGE009
Certificate issuing parties to trust domain B by the Join subprotocol
Figure 918052DEST_PATH_IMAGE009
Applying for a cross-domain certificate;
s5 platform
Figure 327168DEST_PATH_IMAGE008
Holding cross-domain certificates
Figure 86439DEST_PATH_IMAGE010
Then, generating a signature through the MD-Sign/Verify subprotocol, and sending the signature to a verifier
Figure 100002_DEST_PATH_IMAGE011
The process of verification is completed.
Preferably, the step S1 specifically includes the following steps:
s11, call
Figure 779650DEST_PATH_IMAGE012
Command, if the command is called for the first time, TPM generates a private key
Figure 427800DEST_PATH_IMAGE001
According to fixed parameters in the domain
Figure 906186DEST_PATH_IMAGE003
Computing TPM public keys
Figure 251455DEST_PATH_IMAGE002
The private key is saved, and then the public key is published;
s12, call
Figure 100002_DEST_PATH_IMAGE013
Command if
Figure 461987DEST_PATH_IMAGE014
The TPM confirms whether an additional message is required
Figure 100002_DEST_PATH_IMAGE015
(ii) a Computing
Figure 771002DEST_PATH_IMAGE016
Then c is output;
s13 calling
Figure 100002_DEST_PATH_IMAGE017
Command if
Figure 725183DEST_PATH_IMAGE018
Is provided with
Figure 100002_DEST_PATH_IMAGE019
Otherwise set up
Figure 597062DEST_PATH_IMAGE020
(ii) a If it is not
Figure 571971DEST_PATH_IMAGE018
And is and
Figure 100002_DEST_PATH_IMAGE021
randomly select one
Figure 102703DEST_PATH_IMAGE022
Figure 100002_DEST_PATH_IMAGE023
Will be
Figure 968896DEST_PATH_IMAGE024
Stored in TPM, otherwise
Figure 100002_DEST_PATH_IMAGE025
Figure 462326DEST_PATH_IMAGE023
(ii) a Is provided with
Figure 516126DEST_PATH_IMAGE026
If, if
Figure 100002_DEST_PATH_IMAGE027
Is provided with
Figure 937749DEST_PATH_IMAGE028
Figure 100002_DEST_PATH_IMAGE029
Otherwise
Figure 968153DEST_PATH_IMAGE030
(ii) a Output of
Figure 100002_DEST_PATH_IMAGE031
At the same time
Figure 743518DEST_PATH_IMAGE032
Self-increment by 1;
s14, call
Figure 100002_DEST_PATH_IMAGE033
A command to, among other things,
Figure 43918DEST_PATH_IMAGE034
is the host random number; according to input
Figure 703569DEST_PATH_IMAGE032
Finding out the corresponding record in the memory
Figure 101446DEST_PATH_IMAGE024
If the record cannot be found, outputting error information; computing
Figure 100002_DEST_PATH_IMAGE035
And are and
Figure 241572DEST_PATH_IMAGE036
then output
Figure 100002_DEST_PATH_IMAGE037
Preferably, the step S2 includes the following specific steps:
s21, selection
Figure 571928DEST_PATH_IMAGE004
Figure 656558DEST_PATH_IMAGE005
Figure 592547DEST_PATH_IMAGE006
Three elliptic curve finite cyclic groups of prime q order, in which
Figure 711812DEST_PATH_IMAGE038
And there is no slave
Figure 839168DEST_PATH_IMAGE005
To
Figure 847313DEST_PATH_IMAGE004
In the sense of effective isomorphism of (c),
Figure 85528DEST_PATH_IMAGE004
is generated as
Figure 100002_DEST_PATH_IMAGE039
Figure 498448DEST_PATH_IMAGE005
Is generated as
Figure 327864DEST_PATH_IMAGE040
There is a bilinear map
Figure 100002_DEST_PATH_IMAGE041
Disclosure of parameters
Figure 26567DEST_PATH_IMAGE042
S22, randomly generating private key of certificate Issuer
Figure 100002_DEST_PATH_IMAGE043
Computing corresponding public key pairs
Figure 537314DEST_PATH_IMAGE044
Disclosure of parameters
Figure 100002_DEST_PATH_IMAGE045
S23, calling each TPM in domain
Figure 222984DEST_PATH_IMAGE012
A command to modify a TPM parameter; here the fixed parameters of the TPM
Figure 957722DEST_PATH_IMAGE046
Disclosure of the invention
Figure 100002_DEST_PATH_IMAGE047
Of (2) a public key
Figure 471618DEST_PATH_IMAGE048
Generating hash functions required for each sub-protocol
Figure 100002_DEST_PATH_IMAGE049
Figure 786056DEST_PATH_IMAGE050
Disclosure of hash function
Figure 100002_DEST_PATH_IMAGE051
Preferably, the step S3 specifically includes the steps of:
s31 platform
Figure 314513DEST_PATH_IMAGE008
First to
Figure 16890DEST_PATH_IMAGE052
Applying for certificate in domain
Figure 100002_DEST_PATH_IMAGE053
And send to
Figure 893448DEST_PATH_IMAGE054
Then a platform
Figure 11577DEST_PATH_IMAGE008
Sending a TA-Join application to a Trusted Authority (TA), randomly generating an integer n and transmitting the integer n to a host
Figure 876765DEST_PATH_IMAGE054
S32, host
Figure 100002_DEST_PATH_IMAGE055
Selecting
Figure 126874DEST_PATH_IMAGE056
Then executing the Prove protocol, inputting the parameters
Figure 100002_DEST_PATH_IMAGE057
To obtain an output
Figure 585668DEST_PATH_IMAGE058
Where the selection is generated using a hash function
Figure 100002_DEST_PATH_IMAGE059
The reason for this is to prevent the leakage of the secret value tsk caused by the attack of the static DH predictor, and it is noted that the hash functions in the pro protocol here are all the hash functions
Figure 615810DEST_PATH_IMAGE060
And
Figure 100002_DEST_PATH_IMAGE061
in the alternative,and is
Figure 774652DEST_PATH_IMAGE062
Is a public key for tsk;
s33, host
Figure 22094DEST_PATH_IMAGE054
Calculating platform public key by using own private key hsk
Figure 100002_DEST_PATH_IMAGE063
Then will be
Figure 873244DEST_PATH_IMAGE064
Information and domain certificates
Figure 598755DEST_PATH_IMAGE053
Blinded processing certificate
Figure 100002_DEST_PATH_IMAGE065
Sending the information to a trusted third party TA;
s34, selecting two small indexes randomly by the trusted third party TA
Figure 110639DEST_PATH_IMAGE066
Verification of equation
Figure 100002_DEST_PATH_IMAGE067
Whether or not, wherein X and Y are
Figure 690832DEST_PATH_IMAGE052
The public key pair of (a) is,
Figure 920956DEST_PATH_IMAGE040
is a circular group in trust Domain A
Figure 715736DEST_PATH_IMAGE005
If the equation is verified, the trusted third party TA selects the secret value of the breached TPM in RogueList
Figure 518345DEST_PATH_IMAGE068
Performing counterfeit detection, verification
Figure 100002_DEST_PATH_IMAGE069
S35, if the counterfeit detection is passed, the trusted third party TA calls the VerSPK protocol verification platform
Figure 45272DEST_PATH_IMAGE008
Proof of zero knowledge about secret values, input parameters
Figure 264158DEST_PATH_IMAGE070
If the output result is 1, the trusted third party TA generation platform
Figure 597050DEST_PATH_IMAGE008
Final visa certificate
Figure 100002_DEST_PATH_IMAGE071
Preferably, in the step S4, the method further comprises
Figure 552368DEST_PATH_IMAGE072
The Join protocol comprises in particular:
is provided with
Figure 76628DEST_PATH_IMAGE009
The system discloses parameters of
Figure 100002_DEST_PATH_IMAGE073
Wherein
Figure 891131DEST_PATH_IMAGE074
Is a cyclic group of order prime q,
Figure 100002_DEST_PATH_IMAGE075
is generated by
Figure 935704DEST_PATH_IMAGE076
Figure 100002_DEST_PATH_IMAGE077
Is generated by
Figure 479949DEST_PATH_IMAGE078
E is a bilinear map satisfy
Figure 100002_DEST_PATH_IMAGE079
Figure 909531DEST_PATH_IMAGE080
Is a hash function such that
Figure 100002_DEST_PATH_IMAGE081
Figure 273647DEST_PATH_IMAGE082
Is also a hash function such that
Figure 100002_DEST_PATH_IMAGE083
Figure 653069DEST_PATH_IMAGE084
And
Figure 100002_DEST_PATH_IMAGE085
is that
Figure 691301DEST_PATH_IMAGE009
By a private key pair
Figure 589987DEST_PATH_IMAGE086
Generating; wherein
Figure 100002_DEST_PATH_IMAGE087
Figure 706979DEST_PATH_IMAGE088
(ii) a The parameter values here are similar to those in the system initialization step of step S2, the subscript B corresponding to a different trust domain B, where
Figure 167390DEST_PATH_IMAGE009
Is a private key pair of
Figure 217385DEST_PATH_IMAGE086
The step S4 specifically includes the steps of:
s41, certificate issuer
Figure 286973DEST_PATH_IMAGE009
Receiving platform
Figure 687998DEST_PATH_IMAGE008
After applying for the cross-domain certificate, randomly generating an integer n and transmitting the integer n to the host
Figure 468610DEST_PATH_IMAGE054
S42, host
Figure 904271DEST_PATH_IMAGE054
Selecting
Figure 100002_DEST_PATH_IMAGE089
Then executing the Prove protocol, inputting the parameters
Figure 459273DEST_PATH_IMAGE090
To obtain an output
Figure 100002_DEST_PATH_IMAGE091
The hash function in the pro protocol here uses
Figure 285278DEST_PATH_IMAGE080
And
Figure 105466DEST_PATH_IMAGE082
and is and
Figure 894169DEST_PATH_IMAGE092
is a public key for tsk;
s43, host
Figure 305558DEST_PATH_IMAGE054
Computing using its own private key hsk
Figure 681176DEST_PATH_IMAGE063
Then will be
Figure 305055DEST_PATH_IMAGE064
Blinded processing certificate for information and visa certificate
Figure 100002_DEST_PATH_IMAGE093
Sent to a certificate issuer
Figure 623298DEST_PATH_IMAGE009
S44 certificate issuing party with TA-Join
Figure 346534DEST_PATH_IMAGE009
Successively executing blind visa certificate validity detection and platform counterfeit detection, then calling VerSPK protocol and inputting parameters
Figure 707983DEST_PATH_IMAGE094
Zero knowledge proof of the verification platform about secret values, if verified, the certificate issuer
Figure 197870DEST_PATH_IMAGE009
Is a platform
Figure 134733DEST_PATH_IMAGE008
Issuing cross-domain certificates
Figure 100002_DEST_PATH_IMAGE095
Preferably, the step S5 specifically includes the following steps:
s51, host
Figure 530336DEST_PATH_IMAGE096
Find out
Figure 208442DEST_PATH_IMAGE009
Recording of the Join protocol
Figure 100002_DEST_PATH_IMAGE097
Randomly select one
Figure 377386DEST_PATH_IMAGE022
For DAA certificate
Figure 401712DEST_PATH_IMAGE098
Is blinded to obtain
Figure 100002_DEST_PATH_IMAGE099
Figure 60226DEST_PATH_IMAGE100
S52, host
Figure 163312DEST_PATH_IMAGE096
For signature association detection in conjunction with TPM
Figure 100002_DEST_PATH_IMAGE101
Value and about
Figure 94534DEST_PATH_IMAGE102
Zero knowledge proof of secret values, by way of the pro sub-protocol, input parameters
Figure 100002_DEST_PATH_IMAGE103
To obtain an output
Figure 209252DEST_PATH_IMAGE104
(ii) a Wherein if the signature does not need to provide correlation, the fourth parameter is set to
Figure 100002_DEST_PATH_IMAGE105
S53, host
Figure 209307DEST_PATH_IMAGE096
Generating a final signature
Figure 65267DEST_PATH_IMAGE106
S54, the verifier inquires a secret value list RoughList of the breached platform;
Figure 100002_DEST_PATH_IMAGE107
if present, of
Figure 310435DEST_PATH_IMAGE108
If so, detecting the attack of the counterfeit platform, and abandoning the authentication, otherwise, entering the step S55;
s55, the verifier verifies the validity of the cross-domain certificate and randomly selects two small indexes
Figure 109020DEST_PATH_IMAGE066
Verification of equation
Figure 100002_DEST_PATH_IMAGE109
If not, abandoning the authentication, otherwise, entering step S56;
s56, the verifier verifies the validity of the signature through VerSPK and inputs parameters
Figure 47020DEST_PATH_IMAGE110
If the output is 1, the authentication is passed, otherwise the authentication is failed.
The cross-domain anonymous authentication method in the information physical system provided by the invention realizes lightweight optimization of protocol efficiency, obviously improves the efficiency on the premise of keeping the security of single-domain authentication, meets the actual requirements of the cross-domain network of the information physical system, and is suitable for information physical system terminal equipment with smaller computing and storing performance.
Drawings
FIG. 1 is a flow chart of a cross-domain anonymous authentication method in an cyber-physical system according to the present invention;
fig. 2 is a working framework diagram of the cross-domain anonymous authentication method in the cyber-physical system according to the present invention.
Detailed Description
In order to make the objects and advantages of the present invention more apparent, the following description is given with reference to the accompanying drawings.
The symbols used in the following examples of the cross-domain anonymous authentication method of the present invention and their definitions are shown in table 1 below:
TABLE 1 symbols and definitions
Symbol Definition of
Description of C \ Program Files (x86) \ gwssi \ CPC client \ cases \ inventions \ fc3517d0-6338-4b7f-b503-b643e88879f1\ new \100002\ dest _ path _ image222.jpg
Figure 327960DEST_PATH_IMAGE112
 Private key held by TPM
Description of C \ Program Files (x86) \ gwssi \ CPC client \ cases \ inventions \ fc3517d0-6338-4b7f-b503-b643e88879f1\ new \100002\ dest _ path _ image224 jpg
Figure 672091DEST_PATH_IMAGE114
 Public key of TPM whereinDescription of C \ Program Files (x86) \ gwssi \ CPC client \ cases \ inventions \ fc3517d0-6338-4b7f-b503-b643e88879f1\ new \100002\ dest _ path _ image226.jpg\
Figure DEST_PATH_IMAGE115
Description of C \ Program Files (x86) \ gwssi \ CPC client \ cases \ inventions \ fc3517d0-6338-4b7f-b503-b643e88879f1\ new \100002\ dest _ path _ image228.jpg
Figure DEST_PATH_IMAGE117
 All TPM fixed generators
Description of C \ Program Files (x86) \ gwssi \ CPC client \ cases \ inventions \ fc3517d0-6338-4b7f-b503-b643e88879f1\ new \100002\ dest _ path _ image230.jpg\
Figure DEST_PATH_IMAGE119
 Description of C \ Program Files (x86) \ gwssi \ CPC client \ cases \ inventions \ fc3517d0-6338-4b7f-b503-b643e88879f1\ new \100002\ dest _ path _ image232.jpg
Figure 200549DEST_PATH_IMAGE120
The base name of (1), ifDescription of C \ Program Files (x86) \ gwssi \ CPC client \ cases \ inventions \ fc3517d0-6338-4b7f-b503-b643e88879f1\ new \100002\ dest _ path _ image234.jpg
Figure DEST_PATH_IMAGE121
,Description of C \ Program Files (x86) \ gwssi \ CPC client \ cases \ inventions \ fc3517d0-6338-4b7f-b503-b643e88879f1\ new \100002\ dest _ path _ image236.jpg
Figure 575030DEST_PATH_IMAGE122
OtherwiseDescription of C \ Program Files (x86) \ gwssi \ CPC client \ cases \ inventions \ fc3517d0-6338-4b7f-b503-b643e88879f1\ new \100002\ dest _ path _ image238.jpg
Figure DEST_PATH_IMAGE123
Description of C \ Program Files (x86) \ gwssi \ CPC client \ cases \ inventions \ fc3517d0-6338-4b7f-b503-b643e88879f1\ new \100002\ dest _ path _ image240.jpg
Figure DEST_PATH_IMAGE125
 Base name of j, ifDescription of C \ Program Files (x86) \ gwssi \ CPC client \ cases \ inventions \ fc3517d0-6338-4b7f-b503-b643e88879f1\ new \100002\ dest _ path _ image242.jpg
Figure 717167DEST_PATH_IMAGE126
,Description of C \ Program Files (x86) \ gwssi \ CPC client \ cases \ inventions \ fc3517d0-6338-4b7f-b503-b643e88879f1\ new \100002\ dest _ path _ image244.jpg
Figure DEST_PATH_IMAGE127
OtherwiseDescription of C \ Program Files (x86) \ gwssi \ CPC client \ cases \ inventions \ fc3517d0-6338-4b7f-b503-b643e88879f1\ new \100002\ dest _ path _ image246 jpg
Figure 477706DEST_PATH_IMAGE128
Description of C \ Program Files (x86) \ gwssi \ CPC client \ cases \ inventions \ fc3517d0-6338-4b7f-b503-b643e88879f1\ new \100002\ dest _ path _ image248 jpg
Figure 280577DEST_PATH_IMAGE130
 Host wants additional message
Description of C \ Program Files (x86) \ gwssi \ CPC client \ cases \ inventions \ fc3517d0-6338-4b7f-b503-b643e88879f1\ new \100002\ dest _ path _ image250.jpg
Figure 357118DEST_PATH_IMAGE132
 TPM wants attached messages
Description of C \ Program Files (x86) \ gwssi \ CPC client \ cases \ inventions \ fc3517d0-6338-4b7f-b503-b643e88879f1\ new \100002\ dest _ path _ image252.jpg
Figure 409387DEST_PATH_IMAGE134
 Containing information about the TPM key tsk or platform key gsk
Description of C \ Program Files (x86) \ gwssi \ CPC client \ cases \ inventions \ fc3517d0-6338-4b7f-b503-b643e88879f1\ new \100002\ dest _ path _ image254 jpg
Figure 95321DEST_PATH_IMAGE136
 Special characters of basic names
The invention discloses a cross-domain anonymous authentication method in an information physical system, which comprises the following steps as shown in figure 1: designing internal output parameters of a terminal trusted computing module, initializing a system, applying and issuing an intra-domain certificate, applying and issuing a cross-domain certificate, and authenticating a cross-domain signature, wherein the method specifically comprises the following 5 steps:
s1, generating initialization parameters of the TPM module by calling the TPM command, including the private key
Figure 18278DEST_PATH_IMAGE001
And public key
Figure 265720DEST_PATH_IMAGE002
Wherein
Figure 193835DEST_PATH_IMAGE003
Is a fixed generator and designs internal output parameters
In step S1, specifically, the following steps are performed:
s11, call
Figure 716083DEST_PATH_IMAGE012
Command, if the command is called for the first time, TPM generates a private key
Figure 227967DEST_PATH_IMAGE001
According to fixed parameters in the domain
Figure 816949DEST_PATH_IMAGE003
Computing TPM public keys
Figure 312653DEST_PATH_IMAGE002
The private key is saved, and then the public key is published;
s12, call
Figure 841854DEST_PATH_IMAGE013
Command if
Figure 473824DEST_PATH_IMAGE014
The TPM confirms whether an additional message is required
Figure 361271DEST_PATH_IMAGE015
(ii) a Computing
Figure 547532DEST_PATH_IMAGE016
Then c is output;
s13 calling
Figure 146004DEST_PATH_IMAGE017
Command if
Figure 898059DEST_PATH_IMAGE018
Is provided with
Figure 828844DEST_PATH_IMAGE019
Otherwise set up
Figure 33560DEST_PATH_IMAGE020
(ii) a If it is not
Figure 904564DEST_PATH_IMAGE018
And is and
Figure 12591DEST_PATH_IMAGE021
randomly select one
Figure 740376DEST_PATH_IMAGE022
Figure 166809DEST_PATH_IMAGE023
Will be
Figure 277722DEST_PATH_IMAGE024
Stored in TPM, otherwise
Figure 738790DEST_PATH_IMAGE025
Figure 575159DEST_PATH_IMAGE023
(ii) a Is provided with
Figure 754468DEST_PATH_IMAGE026
If, if
Figure 531056DEST_PATH_IMAGE027
Is provided with
Figure 581052DEST_PATH_IMAGE028
Figure 385060DEST_PATH_IMAGE029
Otherwise(ii) a Output of
Figure 566697DEST_PATH_IMAGE031
At the same time
Figure 940041DEST_PATH_IMAGE032
Self-increment by 1;
s14, call
Figure 446109DEST_PATH_IMAGE033
On the basis of input of commands
Figure 537693DEST_PATH_IMAGE032
Finding out the corresponding record in the memory
Figure 644365DEST_PATH_IMAGE024
If the record cannot be found, outputting error information; computing
Figure 668953DEST_PATH_IMAGE035
And are and
Figure 18026DEST_PATH_IMAGE036
then output
Figure 924802DEST_PATH_IMAGE037
S2, selecting through Setup subprotocol
Figure 516058DEST_PATH_IMAGE004
Figure 457469DEST_PATH_IMAGE005
Figure 243022DEST_PATH_IMAGE006
Elliptic curve finite cycle group with three prime orders and certificate issuing party
Figure 13926DEST_PATH_IMAGE007
The public key pair of the certificate Issuer and the hash function needed by each subprotocol
In step S2, specifically, the following steps are performed:
s21, selection
Figure 769392DEST_PATH_IMAGE004
Figure 706255DEST_PATH_IMAGE005
Figure 990606DEST_PATH_IMAGE006
Three elliptic curve finite cyclic groups of prime q order, in which
Figure 511455DEST_PATH_IMAGE038
And there is no slave
Figure 805033DEST_PATH_IMAGE005
To
Figure 596403DEST_PATH_IMAGE004
In the sense of effective isomorphism of (c),
Figure 582813DEST_PATH_IMAGE004
is generated as
Figure 889161DEST_PATH_IMAGE039
Figure 300944DEST_PATH_IMAGE005
Is generated as
Figure 133771DEST_PATH_IMAGE040
There is a bilinear map
Figure 369711DEST_PATH_IMAGE041
Disclosure of parameters
Figure 661890DEST_PATH_IMAGE042
S22, randomly generating private key of certificate Issuer
Figure 500533DEST_PATH_IMAGE043
Computing corresponding public key pairs
Figure DEST_PATH_IMAGE137
Disclosure of parameters
Figure 440063DEST_PATH_IMAGE045
S23, calling domainOf each TPM
Figure 174801DEST_PATH_IMAGE012
A command to modify a TPM parameter; here the fixed parameters of the TPM
Figure 518058DEST_PATH_IMAGE046
Disclosure of the invention
Figure 98075DEST_PATH_IMAGE047
Of (2) a public key
Figure 544975DEST_PATH_IMAGE048
Generating hash functions required for each sub-protocol
Figure 122717DEST_PATH_IMAGE049
Figure 484429DEST_PATH_IMAGE050
Disclosure of hash function
Figure 319003DEST_PATH_IMAGE051
S3 platform
Figure 856295DEST_PATH_IMAGE008
Applying for the certificate in the domain through the TA-Join subprotocol, calling the secret value of a VerSPK protocol verification platform after the certificate passes verification, and generating the final visa certificate
In step S3, specifically, the following steps are performed:
s31 platform
Figure 729573DEST_PATH_IMAGE008
First to
Figure 985105DEST_PATH_IMAGE052
Applying for certificate in domain
Figure 936618DEST_PATH_IMAGE053
And send to
Figure 266100DEST_PATH_IMAGE054
Then a platform
Figure 247962DEST_PATH_IMAGE008
Sending a TA-Join application to a trusted third party authority, randomly generating an integer n and transmitting the integer n to a host
Figure 554572DEST_PATH_IMAGE054
S32, host
Figure 280082DEST_PATH_IMAGE055
Selecting
Figure 729649DEST_PATH_IMAGE056
Then executing the Prove protocol, inputting the parameters
Figure 380948DEST_PATH_IMAGE057
To obtain an output
Figure 876652DEST_PATH_IMAGE058
Where the selection is generated using a hash function
Figure 202591DEST_PATH_IMAGE059
The reason for this is also to prevent the leakage of the secret value tsk due to the attack of the static DH predictor, and it is noted that the hash functions in the pro protocol here are all the hash functions
Figure 834561DEST_PATH_IMAGE060
And
Figure 394111DEST_PATH_IMAGE061
is replaced, and
Figure 908269DEST_PATH_IMAGE062
is a public key for tsk;
s33, host
Figure 647686DEST_PATH_IMAGE054
Calculating platform public key by using own private key hsk
Figure 632698DEST_PATH_IMAGE063
Then will be
Figure 392843DEST_PATH_IMAGE064
Information and domain certificates
Figure 394297DEST_PATH_IMAGE053
Blinded processing certificate
Figure 265301DEST_PATH_IMAGE065
Sending the information to a trusted third party TA;
s34, selecting two small indexes randomly by the trusted third party TA
Figure 45432DEST_PATH_IMAGE066
Verification of equation
Figure 976479DEST_PATH_IMAGE067
Whether or not, wherein X and Y are
Figure 261967DEST_PATH_IMAGE052
The public key pair of (a) is,
Figure 671082DEST_PATH_IMAGE040
is a circular group in trust Domain A
Figure 896265DEST_PATH_IMAGE005
If the equation is verified, the trusted third party TA selects the secret value of the breached TPM in RogueList
Figure 998213DEST_PATH_IMAGE068
Performing counterfeit detection, verification
Figure 443101DEST_PATH_IMAGE069
S35, if the counterfeit detection is passed, the trusted third party TA calls the VerSPK protocol verification platform
Figure 390328DEST_PATH_IMAGE008
Proof of zero knowledge about secret values, input parameters
Figure 930070DEST_PATH_IMAGE070
If the output result is 1, the trusted third party TA generation platform
Figure 734078DEST_PATH_IMAGE008
Final visa certificate
Figure 869524DEST_PATH_IMAGE071
S4 platform
Figure 682760DEST_PATH_IMAGE008
Passes after holding visa and certificate in the domain
Figure 820218DEST_PATH_IMAGE009
Certificate issuing parties to trust domain B by the Join subprotocol
Figure 326285DEST_PATH_IMAGE009
Application for cross-domain certificates
In step S4, the method
Figure 949028DEST_PATH_IMAGE072
The Join protocol comprises in particular:
is provided with
Figure 34795DEST_PATH_IMAGE009
The system discloses parameters of
Figure 29689DEST_PATH_IMAGE073
Wherein
Figure 706658DEST_PATH_IMAGE074
Is a cyclic group of order prime q,
Figure 551118DEST_PATH_IMAGE075
is generated by
Figure 440576DEST_PATH_IMAGE076
Figure 818206DEST_PATH_IMAGE077
Is generated by
Figure 603759DEST_PATH_IMAGE078
E is a bilinear map satisfy
Figure 732252DEST_PATH_IMAGE079
Figure 159822DEST_PATH_IMAGE080
Is a hash function such that
Figure 598150DEST_PATH_IMAGE081
Figure 492288DEST_PATH_IMAGE082
Is also a hash function such that
Figure 75454DEST_PATH_IMAGE083
Figure 306715DEST_PATH_IMAGE084
And
Figure 691560DEST_PATH_IMAGE085
is that
Figure 992485DEST_PATH_IMAGE009
By a private key pair
Figure 564412DEST_PATH_IMAGE086
Generating; wherein
Figure 68205DEST_PATH_IMAGE087
Figure 104294DEST_PATH_IMAGE088
(ii) a The parameter values here are similar to those in the system initialization step of step S2, the subscript B corresponding to a different trust domain B, where
Figure 901087DEST_PATH_IMAGE009
Is a private key pair of
Figure 225889DEST_PATH_IMAGE086
On this basis, step S4 specifically includes the steps of:
s41, certificate issuer
Figure 939898DEST_PATH_IMAGE009
Receiving platform
Figure 281361DEST_PATH_IMAGE008
After applying for the cross-domain certificate, randomly generating an integer n and transmitting the integer n to the host
Figure 750519DEST_PATH_IMAGE054
S42, host
Figure 297038DEST_PATH_IMAGE054
Selecting
Figure 204951DEST_PATH_IMAGE089
Then executing the Prove protocol, inputting the parameters
Figure 386272DEST_PATH_IMAGE090
To obtain an output
Figure 964015DEST_PATH_IMAGE091
The hash function in the pro protocol here uses
Figure 997830DEST_PATH_IMAGE080
And
Figure 975013DEST_PATH_IMAGE082
and is and
Figure 951453DEST_PATH_IMAGE092
is a public key for tsk;
s43, host
Figure 762414DEST_PATH_IMAGE054
Computing using its own private key hsk
Figure 814683DEST_PATH_IMAGE063
Then will be
Figure 500618DEST_PATH_IMAGE064
Blinded processing certificate for information and visa certificate
Figure 95678DEST_PATH_IMAGE093
Sent to a certificate issuer
Figure 343120DEST_PATH_IMAGE009
S44 certificate issuing party with TA-Join
Figure 384150DEST_PATH_IMAGE009
Successively executing blind visa certificate validity detection and platform counterfeit detection, then calling VerSPK protocol and inputting parameters
Figure 375240DEST_PATH_IMAGE094
Zero knowledge proof of the verification platform about secret values, if verified, the certificate issuer
Figure 887124DEST_PATH_IMAGE009
Is a platform
Figure 305467DEST_PATH_IMAGE008
Issuing cross-domain certificates
Figure 706230DEST_PATH_IMAGE095
S5 platform
Figure 501011DEST_PATH_IMAGE008
Holding cross-domain certificates
Figure 867401DEST_PATH_IMAGE010
After that, the air conditioner is started to work,generating a signature by MD-Sign/Verify subprotocol
Figure 754848DEST_PATH_IMAGE011
Procedure for completing authentication
In step S5, specifically, the following steps are performed:
s51, host
Figure 206689DEST_PATH_IMAGE096
Find out
Figure 274002DEST_PATH_IMAGE009
Recording of the Join protocol
Figure 291637DEST_PATH_IMAGE097
Randomly select one
Figure 815897DEST_PATH_IMAGE022
For DAA certificate
Figure 20613DEST_PATH_IMAGE098
Is blinded to obtain
Figure 626038DEST_PATH_IMAGE099
Figure 763758DEST_PATH_IMAGE100
S52, host
Figure 653393DEST_PATH_IMAGE096
For signature association detection in conjunction with TPM
Figure 142143DEST_PATH_IMAGE101
Value and about
Figure 20100DEST_PATH_IMAGE102
Zero knowledge proof of secret values, by way of the pro sub-protocol, input parameters
Figure 277906DEST_PATH_IMAGE103
To obtain the outputGo out
Figure 347231DEST_PATH_IMAGE104
(ii) a Wherein if the signature does not need to provide correlation, the fourth parameter is set to
Figure 57698DEST_PATH_IMAGE105
S53, host
Figure 4926DEST_PATH_IMAGE096
Generating a final signature
Figure 320501DEST_PATH_IMAGE106
S54, the verifier inquires a secret value list RoughList of the breached platform;
Figure 360394DEST_PATH_IMAGE107
if present, of
Figure 761420DEST_PATH_IMAGE108
If so, detecting the attack of the counterfeit platform, and abandoning the authentication, otherwise, entering the step S55;
s55, the verifier verifies the validity of the cross-domain certificate and randomly selects two small indexes
Figure 43496DEST_PATH_IMAGE066
Verification of equation
Figure 213578DEST_PATH_IMAGE109
If not, abandoning the authentication, otherwise, entering step S56;
s56, the verifier verifies the validity of the signature through VerSPK and inputs parameters
Figure 421443DEST_PATH_IMAGE110
If the output is 1, the authentication is passed, otherwise the authentication is failed.
In the embodiment of the invention, the step of designing the internal output parameters of the terminal trusted computing module is used for removing the computing redundancy and improving the efficiency; the system initialization is used for initializing some public parameters related to the protocol; the step of issuing an intra-domain certificate application is used for registering to a trusted third party TA to acquire an intra-domain public key certificate; the cross-domain certificate application issuing step is used for registering to a trusted third party of another trust domain to acquire a cross-domain public key certificate; the cross-domain signature authentication step is mainly that cross-domain anonymous authentication is completed by an MD-Sign/Verify subprotocol.
As shown in fig. 2, the proposed cross-domain anonymous authentication method in an cyber-physical system first performs trusted authentication on a platform a, including:
1. at the very beginning, a trusted computing environment is established on an intelligent device platform A, a safe TPM chip needs to be embedded, and integrity verification of a system module and application software is completed through trusted chain transmission;
2. calling TPM interface to redesign internal interface output parameter
First call up
Figure 309764DEST_PATH_IMAGE012
Command, if the command is called for the first time, TPM generates a private key
Figure 395532DEST_PATH_IMAGE001
. According to fixed parameters in the domain
Figure 420120DEST_PATH_IMAGE003
Computing TPM public keys
Figure 893827DEST_PATH_IMAGE002
The private key is saved, and then the public key is published; followed by a call
Figure 177434DEST_PATH_IMAGE013
Command if
Figure 129209DEST_PATH_IMAGE014
The TPM confirms whether an additional message is required
Figure 211566DEST_PATH_IMAGE015
. Computing
Figure 325015DEST_PATH_IMAGE016
Then c is output; invoking
Figure 358568DEST_PATH_IMAGE017
Command if
Figure 254980DEST_PATH_IMAGE018
Is provided with
Figure 316477DEST_PATH_IMAGE019
Otherwise set up
Figure 446500DEST_PATH_IMAGE020
(ii) a If it is not
Figure 796710DEST_PATH_IMAGE018
And is and
Figure 231234DEST_PATH_IMAGE021
randomly select one
Figure 645772DEST_PATH_IMAGE022
Figure 38708DEST_PATH_IMAGE023
Will be
Figure 610634DEST_PATH_IMAGE024
Stored in TPM, otherwise
Figure 299716DEST_PATH_IMAGE025
Figure 7909DEST_PATH_IMAGE023
(ii) a Is provided with
Figure 571745DEST_PATH_IMAGE026
If, if
Figure 896547DEST_PATH_IMAGE027
Is provided with
Figure 702567DEST_PATH_IMAGE028
Figure 530846DEST_PATH_IMAGE029
Otherwise
Figure 796742DEST_PATH_IMAGE030
(ii) a Output of
Figure 516830DEST_PATH_IMAGE031
At the same time
Figure 362426DEST_PATH_IMAGE032
Self-increment by 1; last call
Figure 310790DEST_PATH_IMAGE033
On the basis of input of commands
Figure 216429DEST_PATH_IMAGE032
Finding out the corresponding record in the memory
Figure 545517DEST_PATH_IMAGE024
If the record cannot be found, outputting error information; computing
Figure 663646DEST_PATH_IMAGE035
And are and
Figure 732096DEST_PATH_IMAGE036
then output
Figure 982205DEST_PATH_IMAGE037
3. Initializing parameters by Setup protocol on platform A
Selecting
Figure 237737DEST_PATH_IMAGE004
Figure 221874DEST_PATH_IMAGE005
Figure 144830DEST_PATH_IMAGE006
Three elliptic curve finite cyclic groups of prime q order, in which
Figure 625228DEST_PATH_IMAGE038
And there is no slave
Figure 633635DEST_PATH_IMAGE005
To
Figure 296829DEST_PATH_IMAGE004
In the sense of effective isomorphism of (c),
Figure 310178DEST_PATH_IMAGE004
is generated as
Figure 728521DEST_PATH_IMAGE039
Figure 755383DEST_PATH_IMAGE005
Is generated as
Figure 753426DEST_PATH_IMAGE040
There is a bilinear map
Figure 680668DEST_PATH_IMAGE041
Disclosure of parameters
Figure 738754DEST_PATH_IMAGE042
. Randomly generating an Issuer private key
Figure 252912DEST_PATH_IMAGE043
Computing corresponding public key pairs
Figure 320225DEST_PATH_IMAGE137
To improve the security of the protocol, it is necessary to ensure
Figure 765289DEST_PATH_IMAGE138
Disclosure of parameters
Figure 587751DEST_PATH_IMAGE045
(ii) a Invoking each TPM in a domain
Figure 995730DEST_PATH_IMAGE012
Command, here fixed parameters of TPM
Figure 663472DEST_PATH_IMAGE046
Disclosure of the invention
Figure 502989DEST_PATH_IMAGE047
Of (2) a public key
Figure 965195DEST_PATH_IMAGE048
Generating hash functions required for each sub-protocol
Figure 126049DEST_PATH_IMAGE049
Figure 331902DEST_PATH_IMAGE050
Disclosure of hash function
Figure 28856DEST_PATH_IMAGE051
4. After initialization is complete, the platform
Figure 802908DEST_PATH_IMAGE008
First to
Figure 310113DEST_PATH_IMAGE052
Applying for certificate in domain
Figure 959138DEST_PATH_IMAGE053
And send to
Figure 602609DEST_PATH_IMAGE054
. Then platform
Figure 813141DEST_PATH_IMAGE008
Apply for certificate in domain to trusted third party authority TA, TA receiving platform
Figure 542063DEST_PATH_IMAGE008
The TA-Join application of (1) randomly generating an integer n to be transmitted to
Figure 997709DEST_PATH_IMAGE054
Figure 26844DEST_PATH_IMAGE054
Selecting
Figure DEST_PATH_IMAGE139
Then executing the Prove protocol, inputting the parameters
Figure 408278DEST_PATH_IMAGE140
To obtain an output
Figure 296600DEST_PATH_IMAGE091
. Where the selection is generated using a hash function
Figure DEST_PATH_IMAGE141
The reason for this is to prevent the static DH dialator attack from causing leakage of the secret value tsk. It is noted that the hash functions in the pro protocol are all hash functions
Figure 553007DEST_PATH_IMAGE142
And
Figure DEST_PATH_IMAGE143
is replaced, and
Figure 46436DEST_PATH_IMAGE144
and is the public key for tsk.
Figure 569078DEST_PATH_IMAGE054
Computing using its own private key hsk
Figure 679116DEST_PATH_IMAGE063
Then will be
Figure 834154DEST_PATH_IMAGE064
Information and domainsInternal certificate
Figure 477363DEST_PATH_IMAGE053
Blinded processing certificate
Figure 200599DEST_PATH_IMAGE065
And sending the data to the trusted third party TA. TA random selection of two Small indices
Figure 797934DEST_PATH_IMAGE066
Verification of equation
Figure 269846DEST_PATH_IMAGE067
Whether or not, wherein X and Y are
Figure 269026DEST_PATH_IMAGE052
The public key pair of (a) is,
Figure 491060DEST_PATH_IMAGE040
is a circular group in trust Domain A
Figure 746330DEST_PATH_IMAGE005
The generator of (1). If the certificate is verified, the TA selects the secret value of the broken TPM in the RogueList
Figure 305487DEST_PATH_IMAGE068
Performing counterfeit detection, verification
Figure 159173DEST_PATH_IMAGE069
If the counterfeit detection is passed, the TA calls a VerSPK protocol verification platform
Figure 224213DEST_PATH_IMAGE008
Zero knowledge proof of the secret value. Inputting parameters
Figure DEST_PATH_IMAGE145
If the output result is 1, TA is generated
Figure 766446DEST_PATH_IMAGE008
Final visa certificate
Figure 942343DEST_PATH_IMAGE071
5、
Figure 244012DEST_PATH_IMAGE008
Execute
Figure 978487DEST_PATH_IMAGE009
-Join protocol towards
Figure 772131DEST_PATH_IMAGE009
Application for cross-domain certificates
Figure 876353DEST_PATH_IMAGE010
The platform needs to prove that it holds a visa certificate
Figure 471676DEST_PATH_IMAGE146
. Is provided with
Figure 940834DEST_PATH_IMAGE009
The system disclosure parameters are:
Figure 159457DEST_PATH_IMAGE148
wherein
Figure 238009DEST_PATH_IMAGE009
Is a private key pair of
Figure 186374DEST_PATH_IMAGE086
. Execute
Figure 888751DEST_PATH_IMAGE009
-the Join protocol,
Figure 922566DEST_PATH_IMAGE009
receiving platform
Figure 807739DEST_PATH_IMAGE008
After applying for the cross-domain certificate, an integer n is randomly generated and transmitted to
Figure 876189DEST_PATH_IMAGE054
Figure 624833DEST_PATH_IMAGE054
Selecting
Figure 113321DEST_PATH_IMAGE089
Then executing the Prove protocol, inputting the parameters
Figure DEST_PATH_IMAGE149
To obtain an output
Figure 97457DEST_PATH_IMAGE091
. Hashing function usage in the pro protocol here
Figure 692518DEST_PATH_IMAGE080
And
Figure 164127DEST_PATH_IMAGE082
. And is
Figure 172534DEST_PATH_IMAGE092
And is the public key for tsk.
Figure 898044DEST_PATH_IMAGE054
Computing using its own private key hsk
Figure 472245DEST_PATH_IMAGE063
Then will be
Figure 592386DEST_PATH_IMAGE064
Blinded processing certificate for information and visa certificate
Figure 619247DEST_PATH_IMAGE093
Is sent to
Figure 148449DEST_PATH_IMAGE009
. As with the TA-Join procedure,
Figure 311577DEST_PATH_IMAGE009
successively executing blind visa certificate validity detection and platform counterfeit detection, then calling VerSPK protocol and inputting parameters
Figure 136707DEST_PATH_IMAGE150
Zero knowledge proof of the verification platform about the secret value. If the authentication is passed, the authentication is verified,
Figure 119706DEST_PATH_IMAGE009
is composed of
Figure 187020DEST_PATH_IMAGE008
Issuing cross-domain certificates
Figure 407916DEST_PATH_IMAGE095
6. Performing a final cross-domain anonymous authentication stage
Firstly, the MD-Sign subprotocol is executed to complete signature and find
Figure DEST_PATH_IMAGE151
Recording of protocols
Figure 807543DEST_PATH_IMAGE097
Randomly select one
Figure 340155DEST_PATH_IMAGE022
For DAA certificate
Figure 945580DEST_PATH_IMAGE098
Is blinded to obtain
Figure 850344DEST_PATH_IMAGE099
Figure 515812DEST_PATH_IMAGE100
Figure 473404DEST_PATH_IMAGE096
For signature association detection in conjunction with TPM
Figure 148099DEST_PATH_IMAGE101
Value and about
Figure 373281DEST_PATH_IMAGE102
Zero knowledge proof of the secret value. Through the pro sub-protocol, the input parameters are:
Figure 209650DEST_PATH_IMAGE103
obtain an output
Figure 857801DEST_PATH_IMAGE104
Wherein if the signature does not need to provide correlation, the fourth parameter is set to
Figure 132924DEST_PATH_IMAGE105
. Host generates final
Figure 356488DEST_PATH_IMAGE152
. Finally calling Verify subprotocol to sign message
Figure DEST_PATH_IMAGE153
And verifying the validity, and inquiring a secret value list roughList of the breached platform by a verifier.
Figure 567021DEST_PATH_IMAGE107
If present, of
Figure 263319DEST_PATH_IMAGE154
If so, detecting the attack of the fake platform and giving up the authentication. The verifier verifies the validity of the cross-domain certificate and randomly selects two small indexes
Figure 545396DEST_PATH_IMAGE066
Verification of equation
Figure DEST_PATH_IMAGE155
If not, the authentication is abandoned. The verifier authenticates the signature through the VerSPKThe input parameters are:
Figure DEST_PATH_IMAGE157
if the output is 1, the authentication is passed, otherwise the authentication fails.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention.

Claims (6)

1. A cross-domain anonymous authentication method in an cyber-physical system is characterized by comprising the following steps:
s1, generating initialization parameters of the TPM module by calling the TPM command, including the private key
Figure DEST_PATH_IMAGE001
And public key
Figure DEST_PATH_IMAGE002
Wherein
Figure DEST_PATH_IMAGE003
Is a fixed generator and designs internal output parameters;
s2, selecting through Setup subprotocol
Figure DEST_PATH_IMAGE004
Figure DEST_PATH_IMAGE005
Figure DEST_PATH_IMAGE006
Elliptic curve finite cycle group with three prime orders and certificate issuing party
Figure DEST_PATH_IMAGE007
The private key of the certificate Issuer generates a public key pair of the certificate Issuer and hash functions required by each subprotocol;
s3 platform
Figure DEST_PATH_IMAGE008
Applying for an intra-domain certificate through a TA-Join subprotocol, and calling a secret value of a VerSPK protocol verification platform to generate a final visa certificate after the certificate passes verification;
s4 platform
Figure 463272DEST_PATH_IMAGE008
Passes after holding visa and certificate in the domain
Figure DEST_PATH_IMAGE009
Certificate issuing parties to trust domain B by the Join subprotocol
Figure 471417DEST_PATH_IMAGE009
Applying for a cross-domain certificate;
s5 platform
Figure DEST_PATH_IMAGE010
Holding cross-domain certificates
Figure DEST_PATH_IMAGE011
Then, generating a signature through the MD-Sign/Verify subprotocol, and sending the signature to a verifier
Figure DEST_PATH_IMAGE012
The process of verification is completed.
2. The cross-domain anonymous authentication method in an cyber-physical system according to claim 1, wherein the step S1 specifically includes the steps of:
s11, call
Figure DEST_PATH_IMAGE013
A command, if it is called for the first timeThe TPM generates a private key
Figure 148779DEST_PATH_IMAGE001
According to fixed parameters in the domain
Figure 856972DEST_PATH_IMAGE003
Computing TPM public keys
Figure 670076DEST_PATH_IMAGE002
The private key is saved, and then the public key is published;
s12, call
Figure DEST_PATH_IMAGE014
Command if
Figure DEST_PATH_IMAGE015
The TPM confirms whether an additional message is required
Figure DEST_PATH_IMAGE016
(ii) a Computing
Figure DEST_PATH_IMAGE017
Then c is output;
s13 calling
Figure DEST_PATH_IMAGE018
Command if
Figure DEST_PATH_IMAGE019
Is provided with
Figure DEST_PATH_IMAGE020
Otherwise set up
Figure DEST_PATH_IMAGE021
(ii) a If it is not
Figure 965185DEST_PATH_IMAGE019
And is and
Figure DEST_PATH_IMAGE022
randomly select one
Figure DEST_PATH_IMAGE023
Figure DEST_PATH_IMAGE024
Will be
Figure DEST_PATH_IMAGE025
Stored in TPM, otherwise
Figure DEST_PATH_IMAGE026
Figure 429927DEST_PATH_IMAGE024
(ii) a Is provided with
Figure DEST_PATH_IMAGE027
If, if
Figure DEST_PATH_IMAGE028
Is provided with
Figure DEST_PATH_IMAGE029
Figure DEST_PATH_IMAGE030
Otherwise
Figure DEST_PATH_IMAGE031
(ii) a Output of
Figure DEST_PATH_IMAGE032
At the same time
Figure DEST_PATH_IMAGE033
Self-increment by 1;
s14, call
Figure DEST_PATH_IMAGE034
A command to, among other things,
Figure DEST_PATH_IMAGE035
is the host random number; according to input
Figure DEST_PATH_IMAGE036
Finding out the corresponding record in the memory
Figure DEST_PATH_IMAGE037
If the record cannot be found, outputting error information; computing
Figure DEST_PATH_IMAGE038
And are and
Figure DEST_PATH_IMAGE039
then output
Figure DEST_PATH_IMAGE040
3. The cross-domain anonymous authentication method in an cyber-physical system according to claim 1, wherein the step S2 comprises the following steps:
s21, selection
Figure 46154DEST_PATH_IMAGE004
Figure 764580DEST_PATH_IMAGE005
Figure 311099DEST_PATH_IMAGE006
Three elliptic curve finite cyclic groups of prime q order, in which
Figure DEST_PATH_IMAGE041
And there is no slave
Figure 80997DEST_PATH_IMAGE005
To
Figure 13049DEST_PATH_IMAGE004
In the sense of effective isomorphism of (c),
Figure 918688DEST_PATH_IMAGE004
is generated as
Figure DEST_PATH_IMAGE042
Figure 857563DEST_PATH_IMAGE005
Is generated as
Figure DEST_PATH_IMAGE043
There is a bilinear map
Figure DEST_PATH_IMAGE044
Disclosure of parameters
Figure DEST_PATH_IMAGE045
S22, randomly generating private key of certificate Issuer
Figure DEST_PATH_IMAGE046
Computing corresponding public key pairs
Figure DEST_PATH_IMAGE047
Disclosure of parameters
Figure DEST_PATH_IMAGE048
S23, calling each TPM in domain
Figure 352523DEST_PATH_IMAGE013
A command to modify a TPM parameter; here the fixed parameters of the TPM
Figure DEST_PATH_IMAGE049
Disclosure of the invention
Figure DEST_PATH_IMAGE050
Of (2) a public key
Figure DEST_PATH_IMAGE051
Generating hash functions required for each sub-protocol
Figure DEST_PATH_IMAGE052
Figure DEST_PATH_IMAGE053
Disclosure of hash function
Figure DEST_PATH_IMAGE054
4. The cross-domain anonymous authentication method in an cyber-physical system according to claim 1, wherein the step S3 specifically includes the steps of:
s31 platform
Figure 917845DEST_PATH_IMAGE008
First to
Figure DEST_PATH_IMAGE055
Applying for certificate in domain
Figure DEST_PATH_IMAGE056
And send to
Figure DEST_PATH_IMAGE057
Then a platform
Figure 777741DEST_PATH_IMAGE008
Sending a TA-Join application to a trusted third party authority, randomly generating an integer n and transmitting the integer n to a host
Figure 282541DEST_PATH_IMAGE057
S32, host
Figure DEST_PATH_IMAGE058
Selecting
Figure DEST_PATH_IMAGE059
Then executing the Prove protocol, inputting the parameters
Figure DEST_PATH_IMAGE060
To obtain an output
Figure DEST_PATH_IMAGE061
Selectively generated using a hash function
Figure DEST_PATH_IMAGE062
To prevent static DH oracle attack from causing leakage of secret value tsk, wherein the hash functions in the pro protocol are all hash functions
Figure DEST_PATH_IMAGE063
And
Figure DEST_PATH_IMAGE064
is replaced, and
Figure DEST_PATH_IMAGE065
is a public key for tsk;
s33, host
Figure 423934DEST_PATH_IMAGE057
Calculating platform public key by using own private key hsk
Figure DEST_PATH_IMAGE066
Then will be
Figure DEST_PATH_IMAGE067
Information and domain certificates
Figure 943296DEST_PATH_IMAGE056
Blinded processing certificate
Figure DEST_PATH_IMAGE068
Sending the information to a trusted third party TA;
s34, selecting two small indexes randomly by the trusted third party TA
Figure DEST_PATH_IMAGE069
Verification of equation
Figure DEST_PATH_IMAGE070
Whether or not, wherein X and Y are
Figure 220431DEST_PATH_IMAGE055
The public key pair of (a) is,
Figure 697680DEST_PATH_IMAGE043
is a circular group in trust Domain A
Figure 929249DEST_PATH_IMAGE005
If the equation is verified, the trusted third party TA selects the secret value of the breached TPM in RogueList
Figure DEST_PATH_IMAGE071
Performing counterfeit detection, verification
Figure DEST_PATH_IMAGE072
S35, if the counterfeit detection is passed, the trusted third party TA calls the VerSPK protocol verification platform
Figure 549455DEST_PATH_IMAGE008
Proof of zero knowledge about secret values, input parameters
Figure DEST_PATH_IMAGE073
If the output result is 1, the trusted third party TA generation platform
Figure 889169DEST_PATH_IMAGE008
Final visa certificate
Figure DEST_PATH_IMAGE074
5. The cross-domain anonymous authentication method in cyber-physical system according to claim 1, wherein in said step S4, said step S4
Figure DEST_PATH_IMAGE075
The Join protocol comprises in particular:
is provided with
Figure 981278DEST_PATH_IMAGE009
The system discloses parameters of
Figure DEST_PATH_IMAGE076
Wherein
Figure DEST_PATH_IMAGE077
Is a cyclic group of order prime q,
Figure DEST_PATH_IMAGE078
is generated by
Figure DEST_PATH_IMAGE079
Figure DEST_PATH_IMAGE080
Is generated by
Figure DEST_PATH_IMAGE081
E is a bilinear map satisfy
Figure DEST_PATH_IMAGE082
Figure DEST_PATH_IMAGE083
Is a hash function such that
Figure DEST_PATH_IMAGE084
Figure DEST_PATH_IMAGE085
Is also a hash function such that
Figure DEST_PATH_IMAGE086
Figure DEST_PATH_IMAGE087
And
Figure DEST_PATH_IMAGE088
is that
Figure 293835DEST_PATH_IMAGE009
By a private key pair
Figure DEST_PATH_IMAGE089
Generating; wherein
Figure DEST_PATH_IMAGE090
Figure DEST_PATH_IMAGE091
(ii) a The parameter values here are similar to those in the system initialization step of step S2, the subscript B corresponding to a different trust domain B, where
Figure 237389DEST_PATH_IMAGE009
Is a private key pair of
Figure 826633DEST_PATH_IMAGE089
The step S4 specifically includes the steps of:
s41, certificate issuer
Figure 807969DEST_PATH_IMAGE009
Receiving platform
Figure 672020DEST_PATH_IMAGE008
After applying for the cross-domain certificate, randomly generating an integer n and transmitting the integer n to the host
Figure 407764DEST_PATH_IMAGE057
S42, host
Figure 902330DEST_PATH_IMAGE057
Selecting
Figure DEST_PATH_IMAGE092
Then executing the Prove protocol, inputting the parameters
Figure DEST_PATH_IMAGE093
To obtain an output
Figure DEST_PATH_IMAGE094
The hash function in the pro protocol here uses
Figure 153052DEST_PATH_IMAGE083
And
Figure 541832DEST_PATH_IMAGE085
and is and
Figure DEST_PATH_IMAGE095
is a public key for tsk;
s43, host
Figure 804187DEST_PATH_IMAGE057
Computing using its own private key hsk
Figure 984501DEST_PATH_IMAGE066
Then will be
Figure 410934DEST_PATH_IMAGE067
Blinded processing certificate for information and visa certificate
Figure DEST_PATH_IMAGE096
Sent to a certificate issuer
Figure 538159DEST_PATH_IMAGE009
S44 certificate issuing party with TA-Join
Figure 985846DEST_PATH_IMAGE009
Successively executing blind visa certificate validity detection and platform counterfeit detection, then calling VerSPK protocol and inputting parameters
Figure DEST_PATH_IMAGE097
Zero knowledge proof of the verification platform about secret values, if verified, the certificate issuer
Figure 540324DEST_PATH_IMAGE009
Is a platform
Figure 454053DEST_PATH_IMAGE008
Issuing cross-domain certificates
Figure DEST_PATH_IMAGE098
6. The cross-domain anonymous authentication method in an cyber-physical system according to claim 1, wherein the step S5 specifically includes the steps of:
s51, host
Figure DEST_PATH_IMAGE099
Find out
Figure 775182DEST_PATH_IMAGE009
Recording of the Join protocol
Figure DEST_PATH_IMAGE100
Randomly select one
Figure 15058DEST_PATH_IMAGE023
For DAA certificate
Figure DEST_PATH_IMAGE101
Is blinded to obtain
Figure DEST_PATH_IMAGE102
Figure DEST_PATH_IMAGE103
S52, host
Figure 583180DEST_PATH_IMAGE099
For signature association detection in conjunction with TPM
Figure DEST_PATH_IMAGE104
Value and about
Figure DEST_PATH_IMAGE105
Zero knowledge proof of secret values, by way of the pro sub-protocol, input parameters
Figure DEST_PATH_IMAGE106
To obtain an output
Figure DEST_PATH_IMAGE107
(ii) a Wherein if the signature does not need to provide correlation, the fourth parameter is set to
Figure DEST_PATH_IMAGE108
S53, host
Figure 614897DEST_PATH_IMAGE099
Generating a final signature
Figure DEST_PATH_IMAGE109
S54, the verifier inquires a secret value list RoughList of the breached platform;
Figure DEST_PATH_IMAGE110
if present, of
Figure DEST_PATH_IMAGE111
If so, detecting the attack of the counterfeit platform, and abandoning the authentication, otherwise, entering the step S55;
s55, the verifier verifies the validity of the cross-domain certificate and randomly selects two small indexes
Figure 414750DEST_PATH_IMAGE069
Verification of equation
Figure DEST_PATH_IMAGE112
If not, abandoning the authentication, otherwise, entering step S56;
s56, the verifier verifies the validity of the signature through VerSPK and inputs parameters
Figure DEST_PATH_IMAGE113
If the output is 1, the authentication is passed, otherwise the authentication is failed.
CN202010332579.7A 2020-04-24 2020-04-24 Cross-domain anonymous authentication method in information physical system Active CN111245869B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010332579.7A CN111245869B (en) 2020-04-24 2020-04-24 Cross-domain anonymous authentication method in information physical system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010332579.7A CN111245869B (en) 2020-04-24 2020-04-24 Cross-domain anonymous authentication method in information physical system

Publications (2)

Publication Number Publication Date
CN111245869A true CN111245869A (en) 2020-06-05
CN111245869B CN111245869B (en) 2020-09-04

Family

ID=70879049

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010332579.7A Active CN111245869B (en) 2020-04-24 2020-04-24 Cross-domain anonymous authentication method in information physical system

Country Status (1)

Country Link
CN (1) CN111245869B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111741008A (en) * 2020-07-08 2020-10-02 南京红阵网络安全技术研究院有限公司 Two-way anonymous authentication system and method based on mimicry defense principle

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120159155A1 (en) * 2008-09-29 2012-06-21 Intel Corporation Direct Anonymous Attestation Scheme with Outsourcing Capability
CN102638345A (en) * 2012-05-09 2012-08-15 四川师范大学 DAA (Data Access Arrangement) authentication method and system based on elliptical curve divergence logarithm intractability assumption
CN109005035A (en) * 2018-07-12 2018-12-14 同济大学 Verifying communication system and method are signed and issued in a kind of connection vehicle remote anonymity of net
CN109766716A (en) * 2018-12-26 2019-05-17 东南大学 A kind of anonymous bidirectional authentication method based on trust computing

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120159155A1 (en) * 2008-09-29 2012-06-21 Intel Corporation Direct Anonymous Attestation Scheme with Outsourcing Capability
CN102638345A (en) * 2012-05-09 2012-08-15 四川师范大学 DAA (Data Access Arrangement) authentication method and system based on elliptical curve divergence logarithm intractability assumption
CN109005035A (en) * 2018-07-12 2018-12-14 同济大学 Verifying communication system and method are signed and issued in a kind of connection vehicle remote anonymity of net
CN109766716A (en) * 2018-12-26 2019-05-17 东南大学 A kind of anonymous bidirectional authentication method based on trust computing

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
陈小峰、冯登国: "《一种多信任域内的直接匿名证明方案》", 《计算机学报》 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111741008A (en) * 2020-07-08 2020-10-02 南京红阵网络安全技术研究院有限公司 Two-way anonymous authentication system and method based on mimicry defense principle

Also Published As

Publication number Publication date
CN111245869B (en) 2020-09-04

Similar Documents

Publication Publication Date Title
CN113569294B (en) Zero knowledge proving method and device, electronic equipment and storage medium
EP2080142B1 (en) Attestation of computing platforms
US10326753B2 (en) Authentication via revocable signatures
KR101740956B1 (en) Method of secure public auditing using self-certified signature in cloud storage and system of the same
JP2022028632A (en) Device and method
CN105187405A (en) Reputation-based cloud computing identity management method
US20160149708A1 (en) Electronic signature system
CN111741008B (en) Two-way anonymous authentication system and method based on mimicry defense principle
CN109768866A (en) Block chain intelligence contract based on digital signature of elliptic curve can not be split endorsement method
CN116112187B (en) Remote proving method, device, equipment and readable storage medium
Alzuwaini et al. An Efficient Mechanism to Prevent the Phishing Attacks.
Hameed et al. A formally verified blockchain-based decentralised authentication scheme for the internet of things
Smyth et al. Formal analysis of privacy in Direct Anonymous Attestation schemes
Diaz et al. A formal methodology for integral security design and verification of network protocols
CN111245869B (en) Cross-domain anonymous authentication method in information physical system
CN112184245B (en) Transaction identity confirmation method and device for cross-region block chain
Fang et al. Blockchain‐based privacy‐preserving valet parking for self‐driving vehicles
Krzywiecki et al. Security of okamoto identification scheme: a defense against ephemeral key leakage and setup
KR101371054B1 (en) Method for digital signature and authenticating the same based on asymmetric-key generated by one-time_password and signature password
WO2019174404A1 (en) Digital group signature method, device and apparatus, and verification method, device and apparatus
US20220321354A1 (en) Using a zero-knowledge proof to prove knowledge that a website visitor is a legitimate human user
Liang et al. An efficient blockchain-based anonymous authentication and supervision system
Qingshui et al. Registration and login scheme of charity blood donation system based on blockchain zero-knowledge proof
Van Laer et al. Harden zero knowledge password proofs against offline dictionary attacks
Wang The prediction of serial number in OpenSSL’s X. 509 certificate

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
PE01 Entry into force of the registration of the contract for pledge of patent right
PE01 Entry into force of the registration of the contract for pledge of patent right

Denomination of invention: A cross domain anonymous authentication method in information physical system

Effective date of registration: 20210129

Granted publication date: 20200904

Pledgee: Bank of Jiangsu Co., Ltd. Nanjing Jiangbei new area sub branch

Pledgor: NANJING CHANGYANG TECHNOLOGY Co.,Ltd.

Registration number: Y2021980000866