CN112218295A - 5G security key management method - Google Patents
5G security key management method Download PDFInfo
- Publication number
- CN112218295A CN112218295A CN202011073521.1A CN202011073521A CN112218295A CN 112218295 A CN112218295 A CN 112218295A CN 202011073521 A CN202011073521 A CN 202011073521A CN 112218295 A CN112218295 A CN 112218295A
- Authority
- CN
- China
- Prior art keywords
- key
- network
- node
- polynomial
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title description 13
- 239000011159 matrix material Substances 0.000 claims abstract description 49
- 238000004891 communication Methods 0.000 claims abstract description 48
- 238000000034 method Methods 0.000 claims abstract description 24
- 239000000284 extract Substances 0.000 claims description 6
- 238000004364 calculation method Methods 0.000 claims description 3
- 238000009795 derivation Methods 0.000 claims description 3
- 238000012546 transfer Methods 0.000 claims description 2
- 230000010354 integration Effects 0.000 abstract description 2
- 238000010295 mobile communication Methods 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a method for managing a 5G security key, which comprises the following steps: key initialization, key establishment, key distribution and key agreement. The invention can be compatible with mobile communication networks, D2D and other networks, meets the characteristics of 5G multi-network integration, constructs a public asymmetric matrix and a secret symmetric matrix by the server, constructs a symmetric matrix as a basic matrix for establishing shared keys between network communication nodes through the two matrices, adopts a distributed negotiation key management mode, utilizes the original authentication process of the communication network, and reduces the network overhead brought by redundant authentication process. In the key negotiation process, each node only needs to establish a key with a communication node, so that the key establishment times and unnecessary storage and communication expenses are effectively reduced, and the network delay caused by the key negotiation is reduced.
Description
Technical Field
The invention relates to the technical field of 5G security, in particular to a 5G security key management method.
Background
In the 5G heterogeneous network, various networks are included, and various access modes included in a certain network are also included, for example, the internet of things is that devices are directly connected to the network, the network is connected through a gateway, and D2D (Device to Device) communication and Relay between the devices are provided. Different network architectures bring differing security requirements.
When one or more nodes in the network are attacked, an attacker can obtain the related security information stored in the captured node, and the attacker can forge the network key to communicate with the rest nodes in the network, so the security performance of key management refers to the capture resistance of the network. The network needs to design a set of reasonable key management mechanism, so that excessive confidential information carried by a single node is avoided, attackers can obtain the security information from the single node, and the difficulty of cracking the network security mechanism is increased, thereby ensuring that the network is safe even if part of the nodes are captured, and providing the capture resistance of the network.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provides a method for managing 5G security keys.
The purpose of the invention is realized by the following technical scheme:
a method of 5G secure key management, comprising the steps of:
key initialization: in a network with n network nodes, a server constructs a public asymmetric matrix G and a secret symmetric matrix D, establishes a basic matrix A according to the two matrixes, and sends the basic matrix A to each node in the network;
and (3) key establishment: after receiving the matrix A, the nodes in the network store the communication nodes in the network in the rows and columns of the matrix K; and derives therefrom communication keys Kij and Kji;
key distribution: establishing an encryption channel by taking the eNB as a transit to complete the distribution of the secret key;
and (3) key agreement: and carrying out key negotiation by taking the eNB as a transfer.
Further, the matrix G in the key initialization is (δ +1) rows and n columns, the matrix D is (δ +1) rows and (δ +1) columns, and the calculation process of the matrix a is as follows:
A=(G·D)T
where (G.D) T is the transpose of (G.D).
Further, the matrix K in the key establishment is calculated from the matrix a and the matrix G:
K=A·G
by derivation, it can be derived that the matrix K is a symmetric matrix, and therefore Kij is Kji.
Further, the key establishment comprises the following steps:
s101, respectively storing a communication node i and a communication node j in a network in information of an ith row and a jth row of a matrix K;
s102, respectively exchanging respective row and column information by the node i and the node j;
s103, after the information of the node j is obtained by the node i, the jth column information is extracted from the ith row information stored by the node i and is used as a communication key Kij; similarly, the node j extracts the information in the ith column from the jth row information stored in the node j as the communication key Kji.
Further, the key distribution comprises the following steps:
s201, generating a group of random number sequences and a random number at an MME node, and correspondingly generating a ternary symmetric polynomial by using the sequence as a coefficient for generating a communication key between network nodes; the random number is used for ensuring the safe communication between the network dead areas;
s202, an eNB node enters a network to obtain polynomial information and random numbers distributed by an MME, network polynomial information used by UE nodes in the range of the network of the eNB node is established according to the polynomial information, and the polynomial is used as a basic polynomial in the range of the eNB node;
s203, the eNB node generates four groups of random number sequences, and each number sequence correspondingly generates a ternary symmetric polynomial so as to form a polynomial key ring; and distribute the polynomial information to the UE node within the range of the own network according to a certain sequence, the polynomial being used for generating the communication key between the network communication nodes;
s204, the UE node enters the network to obtain a group of basic polynomial and two groups of private polynomial information distributed by the eNB node.
Further, the key distribution needs to ensure that the network has correctly generated the basic information required for key agreement and each node in the network obtains the information that each needs to maintain at the initial stage.
Further, the private polynomial information will be prioritized over the base polynomial.
Further, the key agreement includes the following sub-steps:
s301, after the eNB enters the network, generating a polynomial between the eNB and a polynomial between the eNB and the UE;
s302, after receiving an attachment request of the UE, the eNB sends the information of the UE to an MME for authentication; after the authentication is successful, the eNB calculates a communication key between the UE and the eNB according to the polynomial of the eNB and simultaneously returns the ID information and the polynomial of the eNB to the UE;
and S303, after receiving the information returned by the eNB, the UE extracts polynomial information and the information ID of the eNB from the information, and calculates and obtains the own polynomial and the communication key between the UE and the eNB.
Further, in the key agreement, only if the two communication parties cannot perform key agreement through the private polynomial information, the node may use the basic polynomial to perform key agreement.
The invention has the beneficial effects that: the invention can be compatible with mobile communication networks, D2D and other networks, and meets the characteristic of 5G multi-network integration; in the key distribution node, the original authentication process of the communication network is utilized, and the network overhead caused by redundant authentication processes is reduced; in the key negotiation process, each node only needs to establish a key with a communication node, so that the key establishment times and unnecessary storage and communication expenses are effectively reduced, and the network delay caused by the key negotiation is reduced.
Drawings
FIG. 1 is a flow chart of the method of the present invention.
Fig. 2 is a schematic diagram of the principle of the present invention.
Fig. 3 is a schematic diagram of a key agreement process according to the present invention.
Detailed Description
In order to more clearly understand the technical features, objects, and effects of the present invention, embodiments of the present invention will now be described with reference to the accompanying drawings.
In this embodiment, as shown in fig. 1 to 3, a method for 5G secure key management includes the following steps:
s1, key initialization;
s2, establishing a key;
s3, key distribution;
s4, key agreement.
The step S1 includes the following sub-steps:
s101, in a network key initialization stage with N nodes, a server generates a matrix G with (delta +1) rows and N columns as a public matrix and informs all nodes in a network;
s102, the server generates a secret symmetric matrix D with (delta +1) rows and (delta +1) columns, and a calculation matrix A is (G.D)TWherein (G. D)TIs a transposed matrix of (G.D);
s103, the server sends the matrix A to each node in the network.
The step S2 includes the following sub-steps:
s201, calculating to obtain the matrix K ═ a · G, and according to the definition of the symmetric matrix, the transpose of the symmetric matrix is equal to the symmetric matrix itself, so that the derivation formula K ═ a · G ═ (G · D) can be obtainedT·G=GT·DT·G=GT·D·T=GT·(G·D)T=(A·G)T=KTAnd thus K is also a symmetric matrix;
s202, respectively storing information of an ith row and a jth row of a matrix K at a communication node i and a node j in a network;
s203, at the beginning of communication establishment, the node i and the node j exchange respective row and column information respectively;
s204, after the information of the node j is obtained by the node i, the jth column information is extracted from the ith row information stored by the node i and is used as a communication key Kij(ii) a Similarly, the node j extracts the information of the ith row from the matrix information of the node j as the communication key KjiFrom the definition of the symmetric matrix, Kij=Kji。
The step S3 includes the following sub-steps:
s301, in the initial stage of key distribution, firstly, it needs to be ensured that the network has correctly generated the basic information required by key agreement and each node in the network has obtained the information required to be maintained;
s302, a group of random number sequences are generated at MME nodes, and the number sequences are used as coefficients to correspondingly generate a ternary symmetric polynomial for generating a communication key between network nodes; generating a random number at an MME node for ensuring the safe passing between network non-passing areas;
s303, the eNB node obtains polynomial information and random numbers distributed by the MME after entering the network;
s304, the eNB node establishes network polynomial information used by the UE node within the own network range according to the polynomial information, and takes the polynomial as a basic polynomial within the own range;
s305, the eNB node further generates four groups of random number sequences, and each number sequence correspondingly generates a ternary symmetric polynomial so as to form a polynomial key ring; and distribute the polynomial information to the UE node within the range of the own network according to a certain sequence, the polynomial being used for generating the communication key between the network communication nodes;
s306, after the UE node enters the network, the UE node obtains a group of basic polynomials and two groups of private polynomial information distributed by the eNB node, the priority of the private polynomial information is higher than that of the basic polynomials, and if and only if the two communication parties can not perform key agreement through the private polynomial information, the node can use the basic polynomials to perform key agreement.
The step S4 includes the following sub-steps:
s401, when an eNB enters a network, the eNB generates a polynomial between the eNB and also generates a polynomial between UE and the eNB;
s402, after the eNB receives the attachment request of the UE, the information of the UE is sent to the MME for authentication. After the authentication is successful, the eNB calculates a communication key between the UE and the eNB according to the polynomial of the eNB, and the eNB returns the ID information and the polynomial of the eNB to the UE;
and S403, after receiving the eNB return information, the UE extracts polynomial information and the information ID of the eNB from the eNB and calculates to obtain own polynomial and a communication key between the UE and the eNB.
In this embodiment, a protocol of key agreement without certificate authentication is designed, which is used for key agreement before D2D communication, and includes the following steps:
1) the user A encrypts the data and then sends the data to the user B, and the user B decrypts the data and encrypts the data by using the own secret key again;
2) sending the encrypted data to a user A, decrypting the data by the user A, and if the decrypted data is consistent with the initial data, successfully verifying the identity of the user A, B;
3) otherwise, the authentication fails, A, B the communication is terminated.
In the embodiment, a model of user activity and system trust is introduced, the D2D communication users are classified according to the system trust, the base station preferentially transmits the files to the users with higher trust when transmitting the files, and then the users with high trust are sequentially transmitted to the users with low trust.
The invention provides a thought for the safety of the network between the equipment and the network under the 5g environment by adopting a novel key management safety mechanism. In the distributed negotiation group key management mode, the network has no central node, the network nodes in the group have equal status, and the establishment process of the network including the generation, distribution and follow-up of the key is completed by all members. The distributed negotiation group key management mode solves the problem of single point failure of a centralized key management mode, avoids the condition that the whole network is unavailable due to the problem of a single node, adopts the distributed negotiation group key management mode, does not cause overlarge network delay even if the communication amount of the nodes of two communication parties is large and the storage requirement is high, and is light-weight and low-overhead key management.
The foregoing shows and describes the general principles and broad features of the present invention and advantages thereof. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, which are described in the specification and illustrated only to illustrate the principle of the present invention, but that various changes and modifications may be made therein without departing from the spirit and scope of the present invention, which fall within the scope of the invention as claimed. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (9)
1. A method for 5G security key management, comprising the steps of:
key initialization: in a network with n network nodes, a server constructs a public asymmetric matrix G and a secret symmetric matrix D, establishes a basic matrix A according to the two matrixes, and sends the basic matrix A to each node in the network;
and (3) key establishment: after receiving the matrix A, the nodes in the network store the communication nodes in the network in the rows and columns of the matrix K; and deriving therefrom a communication key KijAnd Kji;
Key distribution: establishing an encryption channel by taking the eNB as a transit to complete the distribution of the secret key;
and (3) key agreement: and carrying out key negotiation by taking the eNB as a transfer.
2. The method of claim 1, wherein the matrix G in the key initialization is (δ +1) rows and n columns, the matrix D is (δ +1) rows and (δ +1) columns, and the calculation process of the matrix a is as follows:
A=(G·D)T
wherein (G. D)TIs a transposed matrix of (G.D).
3. A method for 5G security key management according to claims 1 and 2, wherein the matrix K in the key establishment is calculated from matrix a and matrix G:
K=A·G
by derivation, it can be derived that the matrix K is a symmetric matrix, so Kij=Kji。
4. The method of 5G security key management according to claim 1, wherein said key establishment comprises the steps of:
s101, respectively storing a communication node i and a communication node j in a network in information of an ith row and a jth row of a matrix K;
s102, respectively exchanging respective row and column information by the node i and the node j;
s103, after the information of the node j is obtained by the node i, the jth column information is extracted from the ith row information stored by the node i and is used as a communication key Kij(ii) a Similarly, the node j extracts the information of the ith column from the jth row information stored by the node j as the communication key Kji。
5. A method of 5G security key management according to claim 1, wherein said key distribution comprises the steps of:
s201, generating a group of random number sequences and a random number at an MME node, and correspondingly generating a ternary symmetric polynomial by using the sequence as a coefficient for generating a communication key between network nodes; the random number is used for ensuring the safe communication between the network dead areas;
s202, an eNB node enters a network to obtain polynomial information and random numbers distributed by an MME, network polynomial information used by UE nodes in the range of the network of the eNB node is established according to the polynomial information, and the polynomial is used as a basic polynomial in the range of the eNB node;
s203, the eNB node generates four groups of random number sequences, and each number sequence correspondingly generates a ternary symmetric polynomial so as to form a polynomial key ring; and distribute the polynomial information to the UE node within the range of the own network according to a certain sequence, the polynomial being used for generating the communication key between the network communication nodes;
s204, the UE node enters the network to obtain a group of basic polynomial and two groups of private polynomial information distributed by the eNB node.
6. A method for 5G security key management according to claim 5, wherein the key distribution is performed in an initial stage, which is required to ensure that the network has correctly generated the basic information required for key agreement and that each node in the network obtains the information that each needs to maintain.
7. A method for 5G security key management according to claim 5, wherein the private polynomial information is prioritized over the base polynomial.
8. A method for 5G secure key management according to claim 5, wherein the key agreement comprises the sub-steps of:
s301, after the eNB enters the network, generating a polynomial between the eNB and a polynomial between the eNB and the UE;
s302, after receiving an attachment request of the UE, the eNB sends the information of the UE to an MME for authentication; after the authentication is successful, the eNB calculates a communication key between the UE and the eNB according to the polynomial of the eNB and simultaneously returns the ID information and the polynomial of the eNB to the UE;
and S303, after receiving the information returned by the eNB, the UE extracts polynomial information and the information ID of the eNB from the information, and calculates and obtains the own polynomial and the communication key between the UE and the eNB.
9. A method for 5G security key management according to claims 5 and 8, wherein the key agreement is performed by the node using the basic polynomial only if the two communicating parties cannot perform key agreement through the private polynomial information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011073521.1A CN112218295A (en) | 2020-10-09 | 2020-10-09 | 5G security key management method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011073521.1A CN112218295A (en) | 2020-10-09 | 2020-10-09 | 5G security key management method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112218295A true CN112218295A (en) | 2021-01-12 |
Family
ID=74054301
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011073521.1A Pending CN112218295A (en) | 2020-10-09 | 2020-10-09 | 5G security key management method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112218295A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101394271A (en) * | 2008-10-28 | 2009-03-25 | 上海电力学院 | Method for simultaneously establishing pair cipher key and group cipher key in sensor network |
| CN102131195A (en) * | 2011-04-25 | 2011-07-20 | 上海电机学院 | Wireless sensor network key distribution and management protocol based on multiple hash chains |
| CN103929298A (en) * | 2014-04-24 | 2014-07-16 | 东南大学 | Wireless sensor network secret key predistribution method |
| CN106131829A (en) * | 2016-07-18 | 2016-11-16 | 黑龙江大学 | Modified model method for distributing key in a kind of large-scale layer-stepping wireless sensor network |
| CN107295508A (en) * | 2017-07-27 | 2017-10-24 | 武汉虹信通信技术有限责任公司 | A kind of LTE network entity authentication and key updating method |
| CN108462579A (en) * | 2018-05-23 | 2018-08-28 | 东南大学 | A kind of method for distributing key based on cipher key matrix |
-
2020
- 2020-10-09 CN CN202011073521.1A patent/CN112218295A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101394271A (en) * | 2008-10-28 | 2009-03-25 | 上海电力学院 | Method for simultaneously establishing pair cipher key and group cipher key in sensor network |
| CN102131195A (en) * | 2011-04-25 | 2011-07-20 | 上海电机学院 | Wireless sensor network key distribution and management protocol based on multiple hash chains |
| CN103929298A (en) * | 2014-04-24 | 2014-07-16 | 东南大学 | Wireless sensor network secret key predistribution method |
| CN106131829A (en) * | 2016-07-18 | 2016-11-16 | 黑龙江大学 | Modified model method for distributing key in a kind of large-scale layer-stepping wireless sensor network |
| CN107295508A (en) * | 2017-07-27 | 2017-10-24 | 武汉虹信通信技术有限责任公司 | A kind of LTE network entity authentication and key updating method |
| CN108462579A (en) * | 2018-05-23 | 2018-08-28 | 东南大学 | A kind of method for distributing key based on cipher key matrix |
Non-Patent Citations (3)
| Title |
|---|
| PROBIDITA ROYCHOUDHURY ET AL.: ""Hierarchical Group Based Mutual Authentication and Key Agreement for Machine Type Communication in LTE and Future 5G Networks"", 《SECURITY AND COMMUNICATION NETWORKS》 * |
| 张记等: "安全的无线传感器网络密钥预分配方案", 《计算机应用》 * |
| 范志英等: "基于对称多项式的无线传感器网络密钥管理方案", 《通信技术》 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2017185999A1 (en) | Method, apparatus and system for encryption key distribution and authentication | |
| EP3432532B1 (en) | Key distribution and authentication method, apparatus and system | |
| US8953791B2 (en) | Key derivative function for network communications | |
| US11121862B2 (en) | System and method for wireless network access protection and security architecture | |
| CN103534975A (en) | Discovery of security associations for key management relying on public keys | |
| KR20120105507A (en) | Method and system for establishing secure connection between user terminals | |
| CN108847928B (en) | Communication system and communication method for realizing information encryption and decryption transmission based on group type quantum key card | |
| WO2010124482A1 (en) | Method and system for implementing secure forking calling session in ip multi-media subsystem | |
| WO2013120225A1 (en) | Method and system for group based service bootstrap in m2m environment | |
| CN111787533A (en) | Encryption method, slice management method, terminal and access and mobility management entity | |
| CN108964895B (en) | User-to-User identity authentication system and method based on group key pool and improved Kerberos | |
| CN109995739A (en) | A kind of information transferring method, client, server and storage medium | |
| AU2022207206A1 (en) | System and method for key establishment | |
| KR100892616B1 (en) | Method For Joining New Device In Wireless Sensor Network | |
| US20170359178A1 (en) | Network communication method having function of recovering terminal session | |
| US9860220B2 (en) | Methods and devices having a key distributor function for improving the speed and quality of a handover | |
| WO2024041498A1 (en) | Secret communication processing method, first terminal, and storage medium | |
| CN106332074A (en) | Multi-party communication authentication method and system | |
| CN112218295A (en) | 5G security key management method | |
| Li et al. | Robust and scalable data access control in D2D communications | |
| CN114286334B (en) | Multi-user authentication method, system and information processing terminal for mobile communication scene | |
| CN112615721B (en) | Access authentication and authority management control flow method of spatial information network based on block chain | |
| Khumalo et al. | Services and applications security in IoT enabled networks | |
| KR102154657B1 (en) | Data transmission method of wireless communication system using block chain | |
| CN109067705B (en) | Improved Kerberos identity authentication system and method based on group communication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210112 |