CN111245869A - Cross-domain anonymous authentication method in information physical system - Google Patents
Cross-domain anonymous authentication method in information physical system Download PDFInfo
- Publication number
- CN111245869A CN111245869A CN202010332579.7A CN202010332579A CN111245869A CN 111245869 A CN111245869 A CN 111245869A CN 202010332579 A CN202010332579 A CN 202010332579A CN 111245869 A CN111245869 A CN 111245869A
- Authority
- CN
- China
- Prior art keywords
- domain
- certificate
- platform
- cross
- parameters
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
- H04L63/0421—Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0877—Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/12—Details relating to cryptographic hardware or logic circuitry
- H04L2209/127—Trusted platform modules [TPM]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a cross-domain anonymous authentication method in an information physical system, which is used for authenticating the legal identity of access equipment based on the anonymous authentication method in the application field of the information physical system. The method comprises 5 steps of designing internal output parameters of a terminal trusted computing module, initializing a system, issuing an intra-domain certificate application, issuing a cross-domain certificate application and authenticating a cross-domain signature. The method removes redundant calculation amount, and simultaneously improves the operation efficiency of the authentication protocol by adopting a batch certification technology on the premise of not influencing the safety. Meanwhile, the method realizes cross-domain authentication among multiple application fields of the information physical system, repairs the security hole that the platform can hold multiple secret values in the existing elliptic curve scheme, and improves the efficiency.
Description
Technical Field
The invention relates to the field of Internet of things and information security in industrial application, in particular to a cross-domain anonymous authentication method in an information physical system.
Background
Recently, the development and deployment scale of software and hardware of cyber-physical systems are rapidly increasing, and they have overall influence on people's lives, such as automatic allocation of power grids, petroleum and natural gas, automatic application of transportation systems, medical equipment and household appliances, and the like, which are very important to our daily lives. It is therefore imperative to fix their potential vulnerability threats and protect these devices from all types of attacks. In fact, in the industrial level internet of things environment, attacks and protections against system security always exist in opposition.
The cyber-physical system architecture is made up of a number of different components. The hardware components comprise sensors, actuators and embedded systems, the software components comprise various software products for control and monitoring, and the lack of security protection of any link in the integration process of the components and the components can cause the information physical system to be attacked. The complexity of the cyber-physical systems network and the heterogeneity of the cyber-physical system components present challenges to the security and privacy protection of the cyber-physical systems. Especially with complex network and physical interaction processes, threats and vulnerabilities become difficult to assess and new set of security issues arise, making it difficult to identify, track and check attacks on multiple cyber-physical system components.
Therefore, for an information physical system communication network based on embedded terminal equipment, establishing a trusted security framework is a very important development direction, and on the premise of ensuring the trustworthiness of the terminal equipment, anonymous security authentication between the information physical system terminal equipment and equipment, and between the equipment and a server needs to be emphasized to ensure the trustworthiness of the network. A trusted Computing group tcg (trusted Computing group) has proposed a platform authentication protocol PrivacyCA based on a trusted third party, but the process of each authentication of the protocol requires the participation of the third party, which affects the execution efficiency of the protocol and has huge overhead.
Disclosure of Invention
In an information physical system, in order to deal with security threats brought by intelligent equipment and an internet of things cloud system, the most effective measure is to ensure that terminal equipment accessed to a communication network of the information physical system is safe and credible.
To achieve the above-stated object of the invention, a cross-domain anonymous authentication method in an cyber-physical system includes the steps of:
s1, generating initialization parameters of the TPM module by calling the TPM command, including the private keyAnd public keyWhereinIs a fixed generator and designs internal output parameters;
s2, selecting through Setup subprotocol,,Elliptic curve finite cycle group with three prime orders and certificate issuing partyThe private key of the certificate Issuer generates a public key pair of the certificate Issuer and hash functions required by each subprotocol;
s3 platformApplying for the certificate in the domain through the TA-Join subprotocol, and calling the VerSPK after the certificate passes the verificationThe protocol verifies the secret value of the platform to generate a final visa certificate;
s4 platformPasses after holding visa and certificate in the domainCertificate issuing parties to trust domain B by the Join subprotocolApplying for a cross-domain certificate;
s5 platformHolding cross-domain certificatesThen, generating a signature through the MD-Sign/Verify subprotocol, and sending the signature to a verifierThe process of verification is completed.
Preferably, the step S1 specifically includes the following steps:
s11, callCommand, if the command is called for the first time, TPM generates a private keyAccording to fixed parameters in the domainComputing TPM public keysThe private key is saved, and then the public key is published;
s12, callCommand ifThe TPM confirms whether an additional message is required(ii) a ComputingThen c is output;
s13 callingCommand ifIs provided withOtherwise set up(ii) a If it is notAnd is andrandomly select one,Will beStored in TPM, otherwise,(ii) a Is provided withIf, ifIs provided with,Otherwise(ii) a Output ofAt the same timeSelf-increment by 1;
s14, callA command to, among other things,is the host random number; according to inputFinding out the corresponding record in the memoryIf the record cannot be found, outputting error information; computingAnd are andthen output。
Preferably, the step S2 includes the following specific steps:
s21, selection,,Three elliptic curve finite cyclic groups of prime q order, in whichAnd there is no slaveToIn the sense of effective isomorphism of (c),is generated as,Is generated asThere is a bilinear mapDisclosure of parameters;
S22, randomly generating private key of certificate IssuerComputing corresponding public key pairsDisclosure of parameters;
S23, calling each TPM in domainA command to modify a TPM parameter; here the fixed parameters of the TPMDisclosure of the inventionOf (2) a public keyGenerating hash functions required for each sub-protocol,Disclosure of hash function。
Preferably, the step S3 specifically includes the steps of:
s31 platformFirst toApplying for certificate in domainAnd send toThen a platformSending a TA-Join application to a Trusted Authority (TA), randomly generating an integer n and transmitting the integer n to a host;
S32, hostSelectingThen executing the Prove protocol, inputting the parametersTo obtain an outputWhere the selection is generated using a hash functionThe reason for this is to prevent the leakage of the secret value tsk caused by the attack of the static DH predictor, and it is noted that the hash functions in the pro protocol here are all the hash functionsAndin the alternative,and isIs a public key for tsk;
s33, hostCalculating platform public key by using own private key hskThen will beInformation and domain certificatesBlinded processing certificateSending the information to a trusted third party TA;
s34, selecting two small indexes randomly by the trusted third party TAVerification of equationWhether or not, wherein X and Y areThe public key pair of (a) is,is a circular group in trust Domain AIf the equation is verified, the trusted third party TA selects the secret value of the breached TPM in RogueListPerforming counterfeit detection, verification;
S35, if the counterfeit detection is passed, the trusted third party TA calls the VerSPK protocol verification platformProof of zero knowledge about secret values, input parametersIf the output result is 1, the trusted third party TA generation platformFinal visa certificate。
is provided withThe system discloses parameters ofWhereinIs a cyclic group of order prime q,is generated by,Is generated byE is a bilinear map satisfy,Is a hash function such that,Is also a hash function such that,Andis thatBy a private key pairGenerating; wherein,(ii) a The parameter values here are similar to those in the system initialization step of step S2, the subscript B corresponding to a different trust domain B, whereIs a private key pair of;
The step S4 specifically includes the steps of:
s41, certificate issuerReceiving platformAfter applying for the cross-domain certificate, randomly generating an integer n and transmitting the integer n to the host;
S42, hostSelectingThen executing the Prove protocol, inputting the parametersTo obtain an outputThe hash function in the pro protocol here usesAndand is andis a public key for tsk;
s43, hostComputing using its own private key hskThen will beBlinded processing certificate for information and visa certificateSent to a certificate issuer;
S44 certificate issuing party with TA-JoinSuccessively executing blind visa certificate validity detection and platform counterfeit detection, then calling VerSPK protocol and inputting parametersZero knowledge proof of the verification platform about secret values, if verified, the certificate issuerIs a platformIssuing cross-domain certificates。
Preferably, the step S5 specifically includes the following steps:
s51, hostFind outRecording of the Join protocolRandomly select oneFor DAA certificateIs blinded to obtain:;
S52, hostFor signature association detection in conjunction with TPMValue and aboutZero knowledge proof of secret values, by way of the pro sub-protocol, input parametersTo obtain an output(ii) a Wherein if the signature does not need to provide correlation, the fourth parameter is set to;
S54, the verifier inquires a secret value list RoughList of the breached platform;if present, ofIf so, detecting the attack of the counterfeit platform, and abandoning the authentication, otherwise, entering the step S55;
s55, the verifier verifies the validity of the cross-domain certificate and randomly selects two small indexesVerification of equationIf not, abandoning the authentication, otherwise, entering step S56;
s56, the verifier verifies the validity of the signature through VerSPK and inputs parametersIf the output is 1, the authentication is passed, otherwise the authentication is failed.
The cross-domain anonymous authentication method in the information physical system provided by the invention realizes lightweight optimization of protocol efficiency, obviously improves the efficiency on the premise of keeping the security of single-domain authentication, meets the actual requirements of the cross-domain network of the information physical system, and is suitable for information physical system terminal equipment with smaller computing and storing performance.
Drawings
FIG. 1 is a flow chart of a cross-domain anonymous authentication method in an cyber-physical system according to the present invention;
fig. 2 is a working framework diagram of the cross-domain anonymous authentication method in the cyber-physical system according to the present invention.
Detailed Description
In order to make the objects and advantages of the present invention more apparent, the following description is given with reference to the accompanying drawings.
The symbols used in the following examples of the cross-domain anonymous authentication method of the present invention and their definitions are shown in table 1 below:
TABLE 1 symbols and definitions
Symbol | Definition of |
Description of C \ Program Files (x86) \ gwssi \ CPC client \ cases \ inventions \ fc3517d0-6338-4b7f-b503-b643e88879f1\ new \100002\ dest _ path _ image222.jpg | Private key held by TPM |
Description of C \ Program Files (x86) \ gwssi \ CPC client \ cases \ inventions \ fc3517d0-6338-4b7f-b503-b643e88879f1\ new \100002\ dest _ path _ image224 jpg | Public key of TPM whereinDescription of C \ Program Files (x86) \ gwssi \ CPC client \ cases \ inventions \ fc3517d0-6338-4b7f-b503-b643e88879f1\ new \100002\ dest _ path _ image226.jpg\ |
Description of C \ Program Files (x86) \ gwssi \ CPC client \ cases \ inventions \ fc3517d0-6338-4b7f-b503-b643e88879f1\ new \100002\ dest _ path _ image228.jpg | All TPM fixed generators |
Description of C \ Program Files (x86) \ gwssi \ CPC client \ cases \ inventions \ fc3517d0-6338-4b7f-b503-b643e88879f1\ new \100002\ dest _ path _ image230.jpg\ | Description of C \ Program Files (x86) \ gwssi \ CPC client \ cases \ inventions \ fc3517d0-6338-4b7f-b503-b643e88879f1\ new \100002\ dest _ path _ image232.jpgThe base name of (1), ifDescription of C \ Program Files (x86) \ gwssi \ CPC client \ cases \ inventions \ fc3517d0-6338-4b7f-b503-b643e88879f1\ new \100002\ dest _ path _ image234.jpg ,Description of C \ Program Files (x86) \ gwssi \ CPC client \ cases \ inventions \ fc3517d0-6338-4b7f-b503-b643e88879f1\ new \100002\ dest _ path _ image236.jpgOtherwiseDescription of C \ Program Files (x86) \ gwssi \ CPC client \ cases \ inventions \ fc3517d0-6338-4b7f-b503-b643e88879f1\ new \100002\ dest _ path _ image238.jpg |
Description of C \ Program Files (x86) \ gwssi \ CPC client \ cases \ inventions \ fc3517d0-6338-4b7f-b503-b643e88879f1\ new \100002\ dest _ path _ image240.jpg | Base name of j, ifDescription of C \ Program Files (x86) \ gwssi \ CPC client \ cases \ inventions \ fc3517d0-6338-4b7f-b503-b643e88879f1\ new \100002\ dest _ path _ image242.jpg ,Description of C \ Program Files (x86) \ gwssi \ CPC client \ cases \ inventions \ fc3517d0-6338-4b7f-b503-b643e88879f1\ new \100002\ dest _ path _ image244.jpgOtherwiseDescription of C \ Program Files (x86) \ gwssi \ CPC client \ cases \ inventions \ fc3517d0-6338-4b7f-b503-b643e88879f1\ new \100002\ dest _ path _ image246 jpg |
Description of C \ Program Files (x86) \ gwssi \ CPC client \ cases \ inventions \ fc3517d0-6338-4b7f-b503-b643e88879f1\ new \100002\ dest _ path _ image248 jpg | Host wants additional message |
Description of C \ Program Files (x86) \ gwssi \ CPC client \ cases \ inventions \ fc3517d0-6338-4b7f-b503-b643e88879f1\ new \100002\ dest _ path _ image250.jpg | TPM wants attached messages |
Description of C \ Program Files (x86) \ gwssi \ CPC client \ cases \ inventions \ fc3517d0-6338-4b7f-b503-b643e88879f1\ new \100002\ dest _ path _ image252.jpg | Containing information about the TPM key tsk or platform key gsk |
Description of C \ Program Files (x86) \ gwssi \ CPC client \ cases \ inventions \ fc3517d0-6338-4b7f-b503-b643e88879f1\ new \100002\ dest _ path _ image254 jpg | Special characters of basic names |
The invention discloses a cross-domain anonymous authentication method in an information physical system, which comprises the following steps as shown in figure 1: designing internal output parameters of a terminal trusted computing module, initializing a system, applying and issuing an intra-domain certificate, applying and issuing a cross-domain certificate, and authenticating a cross-domain signature, wherein the method specifically comprises the following 5 steps:
s1, generating initialization parameters of the TPM module by calling the TPM command, including the private keyAnd public keyWhereinIs a fixed generator and designs internal output parameters
In step S1, specifically, the following steps are performed:
s11, callCommand, if the command is called for the first time, TPM generates a private keyAccording to fixed parameters in the domainComputing TPM public keysThe private key is saved, and then the public key is published;
s12, callCommand ifThe TPM confirms whether an additional message is required(ii) a ComputingThen c is output;
s13 callingCommand ifIs provided withOtherwise set up(ii) a If it is notAnd is andrandomly select one,Will beStored in TPM, otherwise,(ii) a Is provided withIf, ifIs provided with,Otherwise(ii) a Output ofAt the same timeSelf-increment by 1;
s14, callOn the basis of input of commandsFinding out the corresponding record in the memoryIf the record cannot be found, outputting error information; computingAnd are andthen output。
S2, selecting through Setup subprotocol,,Elliptic curve finite cycle group with three prime orders and certificate issuing partyThe public key pair of the certificate Issuer and the hash function needed by each subprotocol
In step S2, specifically, the following steps are performed:
s21, selection,,Three elliptic curve finite cyclic groups of prime q order, in whichAnd there is no slaveToIn the sense of effective isomorphism of (c),is generated as,Is generated asThere is a bilinear mapDisclosure of parameters;
S22, randomly generating private key of certificate IssuerComputing corresponding public key pairsDisclosure of parameters;
S23, calling domainOf each TPMA command to modify a TPM parameter; here the fixed parameters of the TPMDisclosure of the inventionOf (2) a public keyGenerating hash functions required for each sub-protocol,Disclosure of hash function。
S3 platformApplying for the certificate in the domain through the TA-Join subprotocol, calling the secret value of a VerSPK protocol verification platform after the certificate passes verification, and generating the final visa certificate
In step S3, specifically, the following steps are performed:
s31 platformFirst toApplying for certificate in domainAnd send toThen a platformSending a TA-Join application to a trusted third party authority, randomly generating an integer n and transmitting the integer n to a host;
S32, hostSelectingThen executing the Prove protocol, inputting the parametersTo obtain an outputWhere the selection is generated using a hash functionThe reason for this is also to prevent the leakage of the secret value tsk due to the attack of the static DH predictor, and it is noted that the hash functions in the pro protocol here are all the hash functionsAndis replaced, andis a public key for tsk;
s33, hostCalculating platform public key by using own private key hskThen will beInformation and domain certificatesBlinded processing certificateSending the information to a trusted third party TA;
s34, selecting two small indexes randomly by the trusted third party TAVerification of equationWhether or not, wherein X and Y areThe public key pair of (a) is,is a circular group in trust Domain AIf the equation is verified, the trusted third party TA selects the secret value of the breached TPM in RogueListPerforming counterfeit detection, verification;
S35, if the counterfeit detection is passed, the trusted third party TA calls the VerSPK protocol verification platformProof of zero knowledge about secret values, input parametersIf the output result is 1, the trusted third party TA generation platformFinal visa certificate。
S4 platformPasses after holding visa and certificate in the domainCertificate issuing parties to trust domain B by the Join subprotocolApplication for cross-domain certificates
is provided withThe system discloses parameters ofWhereinIs a cyclic group of order prime q,is generated by,Is generated byE is a bilinear map satisfy,Is a hash function such that,Is also a hash function such that,Andis thatBy a private key pairGenerating; wherein,(ii) a The parameter values here are similar to those in the system initialization step of step S2, the subscript B corresponding to a different trust domain B, whereIs a private key pair of。
On this basis, step S4 specifically includes the steps of:
s41, certificate issuerReceiving platformAfter applying for the cross-domain certificate, randomly generating an integer n and transmitting the integer n to the host;
S42, hostSelectingThen executing the Prove protocol, inputting the parametersTo obtain an outputThe hash function in the pro protocol here usesAndand is andis a public key for tsk;
s43, hostComputing using its own private key hskThen will beBlinded processing certificate for information and visa certificateSent to a certificate issuer;
S44 certificate issuing party with TA-JoinSuccessively executing blind visa certificate validity detection and platform counterfeit detection, then calling VerSPK protocol and inputting parametersZero knowledge proof of the verification platform about secret values, if verified, the certificate issuerIs a platformIssuing cross-domain certificates。
S5 platformHolding cross-domain certificatesAfter that, the air conditioner is started to work,generating a signature by MD-Sign/Verify subprotocolProcedure for completing authentication
In step S5, specifically, the following steps are performed:
s51, hostFind outRecording of the Join protocolRandomly select oneFor DAA certificateIs blinded to obtain:;
S52, hostFor signature association detection in conjunction with TPMValue and aboutZero knowledge proof of secret values, by way of the pro sub-protocol, input parametersTo obtain the outputGo out(ii) a Wherein if the signature does not need to provide correlation, the fourth parameter is set to;
S54, the verifier inquires a secret value list RoughList of the breached platform;if present, ofIf so, detecting the attack of the counterfeit platform, and abandoning the authentication, otherwise, entering the step S55;
s55, the verifier verifies the validity of the cross-domain certificate and randomly selects two small indexesVerification of equationIf not, abandoning the authentication, otherwise, entering step S56;
s56, the verifier verifies the validity of the signature through VerSPK and inputs parametersIf the output is 1, the authentication is passed, otherwise the authentication is failed.
In the embodiment of the invention, the step of designing the internal output parameters of the terminal trusted computing module is used for removing the computing redundancy and improving the efficiency; the system initialization is used for initializing some public parameters related to the protocol; the step of issuing an intra-domain certificate application is used for registering to a trusted third party TA to acquire an intra-domain public key certificate; the cross-domain certificate application issuing step is used for registering to a trusted third party of another trust domain to acquire a cross-domain public key certificate; the cross-domain signature authentication step is mainly that cross-domain anonymous authentication is completed by an MD-Sign/Verify subprotocol.
As shown in fig. 2, the proposed cross-domain anonymous authentication method in an cyber-physical system first performs trusted authentication on a platform a, including:
1. at the very beginning, a trusted computing environment is established on an intelligent device platform A, a safe TPM chip needs to be embedded, and integrity verification of a system module and application software is completed through trusted chain transmission;
2. calling TPM interface to redesign internal interface output parameter
First call upCommand, if the command is called for the first time, TPM generates a private key. According to fixed parameters in the domainComputing TPM public keysThe private key is saved, and then the public key is published; followed by a callCommand ifThe TPM confirms whether an additional message is required. ComputingThen c is output; invokingCommand ifIs provided withOtherwise set up(ii) a If it is notAnd is andrandomly select one,Will beStored in TPM, otherwise,(ii) a Is provided withIf, ifIs provided with,Otherwise(ii) a Output ofAt the same timeSelf-increment by 1; last callOn the basis of input of commandsFinding out the corresponding record in the memoryIf the record cannot be found, outputting error information; computingAnd are andthen output;
3. Initializing parameters by Setup protocol on platform A
Selecting,,Three elliptic curve finite cyclic groups of prime q order, in whichAnd there is no slaveToIn the sense of effective isomorphism of (c),is generated as,Is generated asThere is a bilinear mapDisclosure of parameters. Randomly generating an Issuer private keyComputing corresponding public key pairsTo improve the security of the protocol, it is necessary to ensureDisclosure of parameters(ii) a Invoking each TPM in a domainCommand, here fixed parameters of TPMDisclosure of the inventionOf (2) a public keyGenerating hash functions required for each sub-protocol,Disclosure of hash function;
4. After initialization is complete, the platformFirst toApplying for certificate in domainAnd send to. Then platformApply for certificate in domain to trusted third party authority TA, TA receiving platformThe TA-Join application of (1) randomly generating an integer n to be transmitted to。SelectingThen executing the Prove protocol, inputting the parametersTo obtain an output. Where the selection is generated using a hash functionThe reason for this is to prevent the static DH dialator attack from causing leakage of the secret value tsk. It is noted that the hash functions in the pro protocol are all hash functionsAndis replaced, andand is the public key for tsk.Computing using its own private key hskThen will beInformation and domainsInternal certificateBlinded processing certificateAnd sending the data to the trusted third party TA. TA random selection of two Small indicesVerification of equationWhether or not, wherein X and Y areThe public key pair of (a) is,is a circular group in trust Domain AThe generator of (1). If the certificate is verified, the TA selects the secret value of the broken TPM in the RogueListPerforming counterfeit detection, verificationIf the counterfeit detection is passed, the TA calls a VerSPK protocol verification platformZero knowledge proof of the secret value. Inputting parametersIf the output result is 1, TA is generatedFinal visa certificate。
5、Execute-Join protocol towardsApplication for cross-domain certificatesThe platform needs to prove that it holds a visa certificate. Is provided withThe system disclosure parameters are:
whereinIs a private key pair of. Execute-the Join protocol,receiving platformAfter applying for the cross-domain certificate, an integer n is randomly generated and transmitted to。SelectingThen executing the Prove protocol, inputting the parametersTo obtain an output. Hashing function usage in the pro protocol hereAnd. And isAnd is the public key for tsk.Computing using its own private key hskThen will beBlinded processing certificate for information and visa certificateIs sent to. As with the TA-Join procedure,successively executing blind visa certificate validity detection and platform counterfeit detection, then calling VerSPK protocol and inputting parametersZero knowledge proof of the verification platform about the secret value. If the authentication is passed, the authentication is verified,is composed ofIssuing cross-domain certificates;
6. Performing a final cross-domain anonymous authentication stage
Firstly, the MD-Sign subprotocol is executed to complete signature and findRecording of protocolsRandomly select oneFor DAA certificateIs blinded to obtain:。For signature association detection in conjunction with TPMValue and aboutZero knowledge proof of the secret value. Through the pro sub-protocol, the input parameters are:
obtain an outputWherein if the signature does not need to provide correlation, the fourth parameter is set to. Host generates final. Finally calling Verify subprotocol to sign messageAnd verifying the validity, and inquiring a secret value list roughList of the breached platform by a verifier.If present, ofIf so, detecting the attack of the fake platform and giving up the authentication. The verifier verifies the validity of the cross-domain certificate and randomly selects two small indexesVerification of equationIf not, the authentication is abandoned. The verifier authenticates the signature through the VerSPKThe input parameters are:
if the output is 1, the authentication is passed, otherwise the authentication fails.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention.
Claims (6)
1. A cross-domain anonymous authentication method in an cyber-physical system is characterized by comprising the following steps:
s1, generating initialization parameters of the TPM module by calling the TPM command, including the private keyAnd public keyWhereinIs a fixed generator and designs internal output parameters;
s2, selecting through Setup subprotocol,,Elliptic curve finite cycle group with three prime orders and certificate issuing partyThe private key of the certificate Issuer generates a public key pair of the certificate Issuer and hash functions required by each subprotocol;
s3 platformApplying for an intra-domain certificate through a TA-Join subprotocol, and calling a secret value of a VerSPK protocol verification platform to generate a final visa certificate after the certificate passes verification;
s4 platformPasses after holding visa and certificate in the domainCertificate issuing parties to trust domain B by the Join subprotocolApplying for a cross-domain certificate;
2. The cross-domain anonymous authentication method in an cyber-physical system according to claim 1, wherein the step S1 specifically includes the steps of:
s11, callA command, if it is called for the first timeThe TPM generates a private keyAccording to fixed parameters in the domainComputing TPM public keysThe private key is saved, and then the public key is published;
s12, callCommand ifThe TPM confirms whether an additional message is required(ii) a ComputingThen c is output;
s13 callingCommand ifIs provided withOtherwise set up(ii) a If it is notAnd is andrandomly select one,Will beStored in TPM, otherwise,(ii) a Is provided withIf, ifIs provided with,Otherwise(ii) a Output ofAt the same timeSelf-increment by 1;
3. The cross-domain anonymous authentication method in an cyber-physical system according to claim 1, wherein the step S2 comprises the following steps:
s21, selection,,Three elliptic curve finite cyclic groups of prime q order, in whichAnd there is no slaveToIn the sense of effective isomorphism of (c),is generated as,Is generated asThere is a bilinear mapDisclosure of parameters;
S22, randomly generating private key of certificate IssuerComputing corresponding public key pairsDisclosure of parameters;
4. The cross-domain anonymous authentication method in an cyber-physical system according to claim 1, wherein the step S3 specifically includes the steps of:
s31 platformFirst toApplying for certificate in domainAnd send toThen a platformSending a TA-Join application to a trusted third party authority, randomly generating an integer n and transmitting the integer n to a host;
S32, hostSelectingThen executing the Prove protocol, inputting the parametersTo obtain an outputSelectively generated using a hash functionTo prevent static DH oracle attack from causing leakage of secret value tsk, wherein the hash functions in the pro protocol are all hash functionsAndis replaced, andis a public key for tsk;
s33, hostCalculating platform public key by using own private key hskThen will beInformation and domain certificatesBlinded processing certificateSending the information to a trusted third party TA;
s34, selecting two small indexes randomly by the trusted third party TAVerification of equationWhether or not, wherein X and Y areThe public key pair of (a) is,is a circular group in trust Domain AIf the equation is verified, the trusted third party TA selects the secret value of the breached TPM in RogueListPerforming counterfeit detection, verification;
5. The cross-domain anonymous authentication method in cyber-physical system according to claim 1, wherein in said step S4, said step S4The Join protocol comprises in particular:
is provided withThe system discloses parameters ofWhereinIs a cyclic group of order prime q,is generated by,Is generated byE is a bilinear map satisfy,Is a hash function such that,Is also a hash function such that,Andis thatBy a private key pairGenerating; wherein,(ii) a The parameter values here are similar to those in the system initialization step of step S2, the subscript B corresponding to a different trust domain B, whereIs a private key pair of;
The step S4 specifically includes the steps of:
s41, certificate issuerReceiving platformAfter applying for the cross-domain certificate, randomly generating an integer n and transmitting the integer n to the host;
S42, hostSelectingThen executing the Prove protocol, inputting the parametersTo obtain an outputThe hash function in the pro protocol here usesAndand is andis a public key for tsk;
s43, hostComputing using its own private key hskThen will beBlinded processing certificate for information and visa certificateSent to a certificate issuer;
S44 certificate issuing party with TA-JoinSuccessively executing blind visa certificate validity detection and platform counterfeit detection, then calling VerSPK protocol and inputting parametersZero knowledge proof of the verification platform about secret values, if verified, the certificate issuerIs a platformIssuing cross-domain certificates。
6. The cross-domain anonymous authentication method in an cyber-physical system according to claim 1, wherein the step S5 specifically includes the steps of:
s51, hostFind outRecording of the Join protocolRandomly select oneFor DAA certificateIs blinded to obtain:;
S52, hostFor signature association detection in conjunction with TPMValue and aboutZero knowledge proof of secret values, by way of the pro sub-protocol, input parametersTo obtain an output(ii) a Wherein if the signature does not need to provide correlation, the fourth parameter is set to;
S54, the verifier inquires a secret value list RoughList of the breached platform;if present, ofIf so, detecting the attack of the counterfeit platform, and abandoning the authentication, otherwise, entering the step S55;
s55, the verifier verifies the validity of the cross-domain certificate and randomly selects two small indexesVerification of equationIf not, abandoning the authentication, otherwise, entering step S56;
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010332579.7A CN111245869B (en) | 2020-04-24 | 2020-04-24 | Cross-domain anonymous authentication method in information physical system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010332579.7A CN111245869B (en) | 2020-04-24 | 2020-04-24 | Cross-domain anonymous authentication method in information physical system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111245869A true CN111245869A (en) | 2020-06-05 |
CN111245869B CN111245869B (en) | 2020-09-04 |
Family
ID=70879049
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010332579.7A Active CN111245869B (en) | 2020-04-24 | 2020-04-24 | Cross-domain anonymous authentication method in information physical system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111245869B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111741008A (en) * | 2020-07-08 | 2020-10-02 | 南京红阵网络安全技术研究院有限公司 | Two-way anonymous authentication system and method based on mimicry defense principle |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120159155A1 (en) * | 2008-09-29 | 2012-06-21 | Intel Corporation | Direct Anonymous Attestation Scheme with Outsourcing Capability |
CN102638345A (en) * | 2012-05-09 | 2012-08-15 | 四川师范大学 | DAA (Data Access Arrangement) authentication method and system based on elliptical curve divergence logarithm intractability assumption |
CN109005035A (en) * | 2018-07-12 | 2018-12-14 | 同济大学 | Verifying communication system and method are signed and issued in a kind of connection vehicle remote anonymity of net |
CN109766716A (en) * | 2018-12-26 | 2019-05-17 | 东南大学 | A kind of anonymous bidirectional authentication method based on trust computing |
-
2020
- 2020-04-24 CN CN202010332579.7A patent/CN111245869B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120159155A1 (en) * | 2008-09-29 | 2012-06-21 | Intel Corporation | Direct Anonymous Attestation Scheme with Outsourcing Capability |
CN102638345A (en) * | 2012-05-09 | 2012-08-15 | 四川师范大学 | DAA (Data Access Arrangement) authentication method and system based on elliptical curve divergence logarithm intractability assumption |
CN109005035A (en) * | 2018-07-12 | 2018-12-14 | 同济大学 | Verifying communication system and method are signed and issued in a kind of connection vehicle remote anonymity of net |
CN109766716A (en) * | 2018-12-26 | 2019-05-17 | 东南大学 | A kind of anonymous bidirectional authentication method based on trust computing |
Non-Patent Citations (1)
Title |
---|
陈小峰、冯登国: "《一种多信任域内的直接匿名证明方案》", 《计算机学报》 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111741008A (en) * | 2020-07-08 | 2020-10-02 | 南京红阵网络安全技术研究院有限公司 | Two-way anonymous authentication system and method based on mimicry defense principle |
Also Published As
Publication number | Publication date |
---|---|
CN111245869B (en) | 2020-09-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN113569294B (en) | Zero knowledge proving method and device, electronic equipment and storage medium | |
EP2080142B1 (en) | Attestation of computing platforms | |
US10326753B2 (en) | Authentication via revocable signatures | |
KR101740956B1 (en) | Method of secure public auditing using self-certified signature in cloud storage and system of the same | |
JP2022028632A (en) | Device and method | |
CN105187405A (en) | Reputation-based cloud computing identity management method | |
US20160149708A1 (en) | Electronic signature system | |
CN111741008B (en) | Two-way anonymous authentication system and method based on mimicry defense principle | |
CN109768866A (en) | Block chain intelligence contract based on digital signature of elliptic curve can not be split endorsement method | |
CN116112187B (en) | Remote proving method, device, equipment and readable storage medium | |
Alzuwaini et al. | An Efficient Mechanism to Prevent the Phishing Attacks. | |
Hameed et al. | A formally verified blockchain-based decentralised authentication scheme for the internet of things | |
Smyth et al. | Formal analysis of privacy in Direct Anonymous Attestation schemes | |
Diaz et al. | A formal methodology for integral security design and verification of network protocols | |
CN111245869B (en) | Cross-domain anonymous authentication method in information physical system | |
CN112184245B (en) | Transaction identity confirmation method and device for cross-region block chain | |
Fang et al. | Blockchain‐based privacy‐preserving valet parking for self‐driving vehicles | |
Krzywiecki et al. | Security of okamoto identification scheme: a defense against ephemeral key leakage and setup | |
KR101371054B1 (en) | Method for digital signature and authenticating the same based on asymmetric-key generated by one-time_password and signature password | |
WO2019174404A1 (en) | Digital group signature method, device and apparatus, and verification method, device and apparatus | |
US20220321354A1 (en) | Using a zero-knowledge proof to prove knowledge that a website visitor is a legitimate human user | |
Liang et al. | An efficient blockchain-based anonymous authentication and supervision system | |
Qingshui et al. | Registration and login scheme of charity blood donation system based on blockchain zero-knowledge proof | |
Van Laer et al. | Harden zero knowledge password proofs against offline dictionary attacks | |
Wang | The prediction of serial number in OpenSSL’s X. 509 certificate |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: A cross domain anonymous authentication method in information physical system Effective date of registration: 20210129 Granted publication date: 20200904 Pledgee: Bank of Jiangsu Co., Ltd. Nanjing Jiangbei new area sub branch Pledgor: NANJING CHANGYANG TECHNOLOGY Co.,Ltd. Registration number: Y2021980000866 |