CN114286334A - Multi-user authentication method and system for mobile communication scene and information processing terminal - Google Patents
Multi-user authentication method and system for mobile communication scene and information processing terminal Download PDFInfo
- Publication number
- CN114286334A CN114286334A CN202111641788.0A CN202111641788A CN114286334A CN 114286334 A CN114286334 A CN 114286334A CN 202111641788 A CN202111641788 A CN 202111641788A CN 114286334 A CN114286334 A CN 114286334A
- Authority
- CN
- China
- Prior art keywords
- group
- authentication
- ecn
- gnb
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention belongs to the technical field of network communication, and discloses a multi-user authentication method, a system and an information processing terminal in a mobile communication scene, wherein the method comprises the following steps: a key negotiation stage; an initial authentication stage; and switching the authentication phase. The invention designs a multi-user authentication scheme by using an aggregation message authentication code with a detection function and a broadcast encryption technology based on contribution based on MEC and SDN technologies, and aims to reduce the channel congestion probability, reduce the calculation overhead and communication overhead of switching authentication, reduce the switching authentication delay and improve the safety performance of group authentication. According to the invention, the network architecture integrating the SDN and the MEC server can monitor the network state in real time in advance according to the dynamic topology of the user to make a switching decision, a large amount of calculation overhead can be completed before switching authentication, and the switching authentication delay is effectively reduced. And the group messages are aggregated, so that the signaling interaction times can be effectively reduced, and the possibility of channel congestion is reduced.
Description
Technical Field
The invention belongs to the technical field of network communication, and particularly relates to a multi-user authentication method, a multi-user authentication system, a multi-user authentication medium, a multi-user authentication device and an information processing terminal in a mobile communication scene.
Background
At present, with the improvement of the technical standard of the internet of things industry and the continuous breakthrough of key technology, a large amount of real-time data must be generated by the connection of a large number of intelligent terminals and other network edge side devices. If such data processing analysis is handed over to cloud processing, the distance between the cloud and the device can result in high bandwidth consumption and processing delay, which is unacceptable for many delay-sensitive edge-side data. The MEC technology solves the problems to a certain extent by sinking the computing, storing and service capabilities to the edge of the network, and has important significance for realizing flow unloading, flexible and rapid service deployment, time delay reduction and the like.
Aiming at an ultra-dense base station coverage scene in a 5G network, 3GPP provides a Software Defined Network (SDN), which can avoid the additional cost of a control plane, and the programmability and centralized network management enable the SDN to collect all states in the network, monitor and predict the positions of users by using different positioning and data analysis technologies by means of a unified and real-time network topological graph, plan different paths for different network flows, and inform relevant access base stations in advance to ensure self-adaption and efficient clustering so as to achieve the purpose of fully utilizing links, and the method has great advantages in the dynamic group mobility management of the 5G network.
Currently, handover authentication has become a fundamental requirement for reliable and trusted communications between parties participating in a network scenario. With the rapid increase of mobile service data and the large-scale deployment of 5G base stations, the times of handover authentication are more frequent, so that the most important of the existing handover authentication scheme is to solve the problems of communication overhead and handover delay, and on the basis, provide high-quality network service for users to the greatest extent and ensure the continuity of the service.
Through the above analysis, the problems and defects of the prior art are as follows:
(1) the standardized authentication protocol 5G-AKA defined in the existing 5G network only supports a single user to independently perform an authentication process, usually requires several rounds of signaling interaction and a complex key management mechanism for handover, and cannot well handle a situation where a large number of devices request network services at the same time.
(2) Group-oriented authentication and key agreement schemes have been proposed to support multi-user access, however, these schemes still have some problems in terms of security and performance when implemented in practical communication scenarios, and most schemes do not consider inter-domain handover scenarios.
The difficulty in solving the above problems and defects is: the group key negotiation method based on the difficult problem of the n-BDHE has complete collusion resistance safety aiming at semi-adaptive attack, can ensure free key escrow, has backward and forward safety, and can ensure the safety of group member communication. In addition, the key negotiation method supports the negotiation of the session key with the designated member, and further enhances the communication security. The aggregation message authentication code constructed based on the biorthogonal code has the function of detecting the identity of a malicious member, can effectively help the group to debug and enhance the robustness of the group. The significance of solving the problems and the defects is as follows: according to the network architecture integrating the MEC and the SDN, disclosed by the invention, a large amount of calculation in mutual authentication can be completed in advance, the problem of authentication delay is reduced, the problem of complex signaling transmission during switching between domains in a domain is solved, and the communication overhead and the calculation overhead are reduced. The use of the aggregated message authentication code technique with detection enables a reduction in the number of signalling transmissions while supporting multi-user authentication.
Disclosure of Invention
The invention provides a multi-user authentication method, a multi-user authentication system and an information processing terminal for a mobile communication scene, and particularly relates to a multi-user authentication method, a multi-user authentication system, a multi-user authentication medium, a multi-user authentication device and an information processing terminal for a mobile communication scene based on MEC and SDN technologies.
The invention is realized in such a way that a multi-user authentication method for a mobile communication scene comprises the following steps:
step one, in the group key negotiation stage, each group member generates a decryption key according to the contribution and publicly calculates a group public key PKG;
And step two, adopting an aggregation message authentication code AMAD with a detection function to carry out mutual authentication. Encrypting the message by using the group public key and negotiating a session key to perform subsequent secure communication and service requests;
and step three, informing related base stations and groups in advance to perform switching authentication according to the switching paths monitored by the SDN.
Further, in the multi-user authentication method of the mobile communication scenario,
each ECN has a secret key K shared with the UDM/AUSF in advance; before ECNs access the network, requiring base stations gNB to establish security association with a core network; the UDM/AUSF has a main public and private key pair PKHN/SKHNAnd generates a public and private key pair PK for each gNBgNB/SKgNBThereafter, it is securely pre-distributed to each of the gnbs. The UDM/AUSF authenticates the gNB using an authentication mechanism based on Internet Key exchange protocol version 2- -IKEv2 or other simple authentication mechanisms based on public key cryptography.
Assuming a group size of n, SUCIG={SUCI1,SUCI2,...,SUCInIs an anonymous set of members of a group, each member ECN having been mutually authenticatediThe index of (i) is more than or equal to 1 and less than or equal to n; the system parameter is pi ═ lambda, gamma, n, g, h1,...,hn,F,f1,f2,f3) Wherein Andare multiplicative groups having the same prime order p,is an effective non-degenerate bilinear map; g isThe generation element of (a) is generated,is thatThe independent generator randomly selected in (1); h is a hash function; f is a MAC function; f. of1,f2,f3Are independent one-way key encryption functions and are completely independent of each other.
Further, the key agreement phase in the first step includes:
(1) group key negotiation: for 1. ltoreq. k. ltoreq.n, each ECNkAll randomly select xi,k∈G,And calculateAi,k=e(Xi,kG) to obtain ECNkIs PKk=((Rn,k,An,k),(Rn,k,An,k)...,(Rn,k,An,k) ); for i ≠ 0, 1.. n, and j ≠ 1.. n, where i ≠ j and j ≠ k, the calculation is performedLet dj,k=(σ0,j,k,...,σj-1,j,k,σj+1,j,k,...,σn,j,k) (ii) a After completion of the calculation, ECNKPublic sending within the group its own public key and key material to be distributed to the remaining n-1 members: (PK)k,d1,k,...,dk-1,k,dk+1,k,...,dn,k) And d isk,kIt is kept secret by itself.
(2) Group key derivation: the group key is calculated as follows:
(3) Decryption key derivation for each member: for i ≦ n 0 ≦ j ≦ n 1 ≦ j ≦ n, the remaining n-1 members ECNjThe decryption key of (a) is calculated as follows:
dj=(σ0,j,...,σj-1,j,σj+1,j,...,σn,j)
wherein the content of the first and second substances,
for the group, the key generation has homomorphism property, if the group members do not update, the group public key and the corresponding member decryption key are kept unchanged all the time; if a member joins or pushes out the group, the group public key and the decryption key only need to link or delete the key material contributed by the member, and the group does not need to be reestablished.
Further, the initial authentication phase in the second step includes:
the AMAD algorithm used at this stage consists of l with detection functionThe second order biorthogonal code is constructed, S is (n, k, d)min)=(2l,l+1,2l-1) And the syndrome of the biorthogonal code with the order l being more than or equal to 3 generates a matrix, S is the syndrome, and for each i is 1, 2i=(Si,1,Si,2,...,Si,n)∈{0,1}nIs the ith row of the matrix S; let Σ be the extended syndrome generator matrix of S, and ε be the extended syndrome. Defining a matrix X of order (l +1) X n, all the rows of which are defined by Xi=(Xi,1,Xi,2,Xi,3,...,Xi,n)=(Si,1,αSi,2,α2Si,3,...,αn-1Si,n) Wherein α is GF (2)h) The primitive element of (1); and let Γ be (2)l+11) × n order matrix whose rows consist of all codewords except the zero-out vector generated by matrix X. The specific authentication procedure is as follows, assuming that the group size is n:
(1)ECNi→ECNh:(mi||ti)
the index range of the group members is i ═ 1, 2.., n; ECNiSelecting a random number riAnd generates an authentication message mi=(SUCIi||PKi||ri) Wherein SUCIiIs an anonymous identity, PK, of each memberiIs an ECN generated during a group key agreement procedureiThe public key of (2); ECNiCalculating respective message authentication codes ti=F(Ki,mi) (ii) a Each member will be own (m)i||ti) To ECNhThis step may be performed off-line.
(2)ECNh→AMF1:(MG)
Upon receipt of messages from all group members, the ECNhGenerating an aggregated message authentication code T ═ (T) from the message1,T2) (ii) a Wherein, T1=(T1,1,T1,2,...,T1,l+1)=tST,t=(t1,t2,...,tn) (ii) a Order toFor each tiH last bit of (a), andcalculate T accordingly2=(T2,1,T2,2,...,T2,l+1)=t*XT;ECNhThe group public key and the necessary group authentication information MG=(m1||...||mn||T||PKG) Is sent to AMF1。
(4)AUSF/UDM→AMF1:(AG=(A1||...||An||rHN))
And after receiving the message, the AUSF/UDM verifies that: AUSF/UDM retrieves Each SUCIiCorresponding true identity SUPIiAnd analyzing whether the team member is in AMF1Within the range of (1); according to Ki、miUDM calculates each ECNiCorresponding tiAnd t ═ t (t)1,., tn); AUSF/UDM verification s ═ T-tSTIf s is 0, the group identity authentication is passed, otherwise, an index list corresponding to the malicious ECN is output; since the group public key PKGIs calculated publicly, so it is based on the received PKiVerifying the received PKGWhether generated by a legitimate group member.
After the verification is passed, the AUSF/UDM generates an authentication token of the AUSF/UDM: AUSF/UDM generates a new temporary identity for all group membersSelecting a random number rHNAnd calculating CKi=f2(Ki,rHN),IKi=f3(Ki,rHN), Wherein KDF stands for one-way key derivation function; AUSF/UDM generates n pieces of authentication informationAnd will finally authenticate token AG=(A1||...||An||rHN) Is sent to AMF1。
(5)AMF1→gNB1:(AUTHG=(AUTH1||...||AUTHn||PKG||rHN))
AMF1RetentionAnd for each ECNiComputingAnd authentication messagesFinally, the authentication token AUTH of the user is usedG=(AUTH1||...||AUTHn||PKG||rHN) Sending to access base station gNB1。
When AUTH is receivedGThen gNB1The group is considered to pass identity authentication; gNB1Specifying a set of members wanting to communicate using a group public keygNB1Random selectionCalculating ciphertext C ═ C1,C2):
gNB1The session key with the member is:
if the resource information of some group members does not want to be transmitted in the group in public, the base station shares different session keys with different members according to a calculation mode; the present invention assumes a gNB1To communicate with all group members and share the same session key;
C1=gt,C2=(R0)t
ξ=(A0)t
gNB1with its own private key SKgNBSigning the authentication information and sending to the ECNh:Wherein TS1Is gNB1A timestamp is generated to indicate the freshness of the message.
ECNhBroadcasting the message to the group after receiving the message; per member verification TS1The freshness and de-signature of the content verifies the integrity and correctness of the content(ii) a Using rHNCalculate respective CKi,IKi,By usingVerification of AUTHiThereby authenticating the gNB1、AMF1The identity of the AUSF/UDM is legitimate; so far, the initial authentication is completed, and each member uses its own decryption key diExtracting a session key ξ from the received ciphertext C:
ξ=e(σ0,i,C1)e(hi,C2)
ECNiand AMF1Reserving GUTIiAnd using the temporary identity in future intra-domain handovers; ECN if inter-domain handover occursiUpdating anonymous identities
Further, the handover authentication phase in step three includes:
(1) intra-domain handover: within the same AMF range, from the source base station gNB1Handover to target base station gNB2(ii) a MEC server notifies gNB upon reaching handoff authentication threshold1And group G performs handover authentication;
gNB1after receiving the notice of the MEC server, the target base station gNB is sent to in advance2And sending the authentication information of the group.
2)ECNh→gNB2:(M′G=(m′1||...||m′n||T′||PKG))
The members in the group select a new random number r 'in advance'iAnd calculates an authentication message m'i=(GUTIi||PKi||r′i) And t′i=F(ξ,m′i);ECNhAll (m ') were received'i||t′i) Post-calculation aggregation message authentication code T ═ T'1,T′2) Of which is T'1=t′ST,T′2=(t*)′XT;ECNhSending the relevant authentication information to the gNB2。
gNB2Validating GUTIiWhether it is legal; gNB2Calculating S ═ T '-T' STIf not, gNB2Exporting ECN of malicious memberjCorresponding index value j and refusing the group to continue accessing, otherwise gNB2Ciphertext C ═ C ' (C ') is calculated in the same manner as in the initial authentication '1,C′2) And session key ξ' ═ (a)0)tWhere t is randomly selected, different from the initial authentication; gNB2Computing signaturesAnd to ECNhSending
ECNhThis message is broadcast to the group, each group member verifying the timestamp TS2Validity of the signature and correctness of the signature; if the verification is successful, the mutual authentication is completed; ECNiUsing respective decryption keys diExtracting session key ξ' ═ e (σ ═ e)0,i,C′1)e(hi,C′2) And subsequent communication is conducted using the session key.
(2) Switching between domains: when the source base station and the target base station are not in the same AMF range, inter-domain switching occurs; at this time, the group G needs toAnd AMF2Target base station gNB in3Negotiate session keys and with AMF2And gNB3Performing mutual authentication; as with intra-domain handovers, when group G reaches the handover threshold, the SDN controller notifies group G and AMF1Executing switching authentication preparation work:
before group access, AMF1Forward AMF2A group message is sent.
AMF2And forwarding the received message to AUSF/UDM.
Upon receiving the handover request message, the AUSF/UDM pre-computes a new anonymous identity for the group membersAnd generates AMF2And ECNiA security key shared between themAMF2Store GUTIiAnd
at this stage, AMF2Selecting a random numberComputingAnd is each GUTIiGenerating authentication messages
5)ECNh→gNB3:(M″G=(m″1||...||m″n||T″||PKG))
Similar to the calculation process of intra-domain handover, each group member pre-selects a new random number r ″iCalculate m ″)i=(GUTI″i||PKi||r″i) And message authentication codeAnd will authenticate the respective message (m ″)i,t″i) To ECNh;ECNhAccordingly, the aggregation message authentication code T ″ (T ″) is generated1,T″2) Wherein T ″)1=t″ST,T″2=(t*)″XT;ECNhMixing M ″)G=(m″1||...||m″n||T″||PKG) Send to gNB3。
gNB3After receiving the message, calculating an aggregation message authentication code t ″ (t ″)1,...,t″n) If S is T '-T' STIf 0, gNB is certified3Successfully authenticating the group; gNB3Calculating a ciphertext C ″ (C ″) according to an initial authentication calculation mode1,C″2) And session key ξ "; gNB3Generating signaturesAnd return the necessary response messages to the ECNh。
ECNhBroadcasting the message to the group; each member computingUsing gNB3Of (2) a public keyDe-signing to confirm the correctness and validity of the message source; if the verification is passed, it indicates that the group has implemented the gNB pair3And AMF2The authentication of (1); each ECNiUsing its own decryption key diExtract session key ξ ″ -, e (σ)0,i,C″1)e(hi,C″2)。
Another objective of the present invention is to provide a multiple user authentication system using the multiple user authentication method in a mobile communication scenario, where the network architecture integrated by the SDN and the MEC is divided into three layers, which are respectively:
the control plane deploys an SDN global controller in a core layer for centralized control, and the MEC server serves as a local controller of the SDN and assists the control plane to collect user dynamic topology in the range and monitor the network state in real time to make decisions; a data plane, wherein each base station has a local database LDB, and the LDB stores user information (group information, user position, service requirement and transmission scheme) in related units and updates the user information periodically; forming a global database GDB from information collected by the LDBs, and enabling the SDN controller to design a network-level strategy and update a local application program module; and the user plane consists of different mobile users, data streams are separated and forwarded among the users, and the data streams consist of data packets indicating key characteristics of the users.
It is a further object of the invention to provide a computer device comprising a memory and a processor, the memory storing a computer program which, when executed by the processor, causes the processor to perform the steps of:
in the group key negotiation stage, each group member generates its own decryption key according to the contribution and publicly calculates the group public key PKG. And adopting an aggregation message authentication code AMAD with a detection function to carry out mutual authentication between the group and the base station, encrypting the message by using the group public key and negotiating a session key to carry out subsequent secure communication and service request. And informing relevant base stations and groups to perform switching authentication according to the switching paths monitored by the SDN.
It is another object of the present invention to provide a computer-readable storage medium storing a computer program which, when executed by a processor, causes the processor to perform the steps of:
in the group key negotiation stage, each group member generates its own decryption key according to the contribution and publicly calculates the group public key PKG. And adopting an aggregation message authentication code AMAD with a detection function to carry out mutual authentication between the group and the base station, encrypting the message by using the group public key and negotiating a session key to carry out subsequent secure communication and service request. And informing relevant base stations and groups to perform switching authentication according to the switching paths monitored by the SDN.
Another object of the present invention is to provide an information data processing terminal for implementing the multi-user authentication system.
By combining all the technical schemes, the invention has the advantages and positive effects that: the multi-user authentication method for the mobile communication scene is based on MEC and SDN technologies, and uses an aggregation message authentication code (AMAD) with a detection function and a key agreement technology based on contribution to design a multi-user authentication scheme suitable for switching between domains, and aims to reduce channel congestion probability, reduce calculation overhead and communication overhead of switching authentication, reduce switching authentication delay and improve safety performance of group authentication.
The invention uses the AMAD algorithm to carry out mutual authentication, which is different from other schemes, after the base station receives the authentication information of the group, if the authentication fails, the base station can detect the identity index corresponding to the malicious information while refusing access, and feed back the malicious identity list to the group, thereby effectively helping group debugging and improving the robustness of the group. The contribution-based key agreement stage does not need the participation of any trusted third party, and ensures the key escrow freedom and the forward and backward key confidentiality.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments of the present invention will be briefly described below, and it is obvious that the drawings described below are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a diagram of a multi-user authentication system model according to an embodiment of the present invention.
Fig. 2 is a flowchart of multi-user initial authentication according to an embodiment of the present invention.
Fig. 3 is a flowchart of multi-user intra-domain handover authentication according to an embodiment of the present invention.
Fig. 4 is a flowchart of multi-user inter-domain handover authentication according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The invention combines the advantages of the mobile edge computing technology (MEC) and the software defined network technology (SDN), realizes mutual authentication by applying the aggregation message authentication code technology with the detection function based on the biorthogonal code, realizes group key negotiation and updating by applying the difficult problem of n-BDHE, and designs a multi-user authentication scheme suitable for intra-domain switching and inter-domain switching scenes.
The technical solution of the present invention is further described below with reference to specific examples.
First, in the group key negotiation stage, each group member generates its own decryption key according to the contribution and publicly calculates the group public key PKG。
In the initial authentication stage, in order to establish a secure communication channel and perform mutual authentication between the group, the core network and the access base station, an aggregate message authentication code AMAD with a detection function is adopted to perform mutual authentication, and then a group public key is used to encrypt a message and a session key is negotiated to perform subsequent secure communication and service requests.
And finally, informing the relevant base stations and groups to perform switching authentication according to the switching paths monitored by the SDN, wherein the key negotiation process during the switching authentication is similar to that of the initial authentication.
One, group key negotiation
Assume that the group size is n. The key agreement procedure is as follows:
1. group key negotiation: for 1. ltoreq. k. ltoreq.n, each ECNkAll randomly select xi,k∈G,And calculateAi,k=e(Xi,kG) then gives the ECNkIs PKk=((Rn,k,An,k),(Rn,k,An,k)...,(Rn,k,An,k)). For i ≠ 0, 1.., n and j ≠ 1.. n, where i ≠ j and j ≠ k, the present invention calculatesLet dj,k=(σ0,j,k,...,σj-1,j,k,σj+1,j,k,...,σn,j,k). After the above calculation, ECNKPublic sending within the group its own public key and key material to be distributed to the remaining n-1 members: (PK)k,d1,k,...,dk-1,k,dk+1,k,...,dn,k) And d isk,kIt is kept secret by itself.
2. Group key derivation: the group key is calculated as follows:
3. Decryption key derivation for each member: for i ≦ n 0 ≦ j ≦ n 1 ≦ j ≦ n, the remaining n-1 members ECNjThe decryption key of (a) is calculated as follows:
dj=(σ0,j,...,σj-1,j,σj+1,j,...,σn,j)
wherein the content of the first and second substances,
for the group, the key generation is homomorphic in nature, and if the group members are not updated, the group public key and the corresponding member decryption key will remain unchanged at all times. If a member joins or pushes out the group, the group public key and the decryption key only need to link or delete the key material contributed by the member, and the group does not need to be reestablished.
II, initial authentication stage:
the AMAD algorithm used in this stage is constructed by l-order bi-orthogonal codes with detection function, and S is (n, k, d)min)=(2l,l+1,2l-1) And the syndrome of the biorthogonal code with the order l being more than or equal to 3 generates a matrix, S is the syndrome, and for each i is 1, 2i=(Si,1,Si,2,...,Si,n)∈{0,1}nIs the ith row of the matrix S; let Σ be the extended syndrome generator matrix of S, and ε be the extended syndrome. Then, the invention defines a matrix X of order (l +1) X n, all the rows of which are defined by Xi=(Xi,1,Xi,2,Xi,3,...,Xi,n)=(Si,1,αSi,2,α2Si,3,...,αn-1Si,n) Wherein α is GF (2)h) The primitive element of (1); and let r be (2)l+11) × n order matrix whose rows consist of all codewords except the zero-out vector generated by matrix X. The specific authentication procedure is as follows, assuming that the group size is n:
step 1: ECNi→ECNh:(mi||ti)
The index range of the group members is i 1, 2. Each member ECNiSelecting a random number riAnd generates an authentication message mi=(SUCIi||PKi||ri) Wherein SUCIiIs the anonymous identity, PK, of the memberiIs an ECN generated during a group key agreement procedureiThe public key of (2). Thereafter, ECNiRespectively calculating respective message authentication codes ti=F(Ki,mi) Where F is a MAC function. Finally, each member will be own (m)i||ti) Sending to security service gateway ECNhThis step may be performed off-line.
Step 2: ECNh→AMF1:(MG)
ECNhGenerating an aggregated message authentication code T ═ (T) from the received message1,T2). Wherein, T1=(T1,1,T1,2,...,T1,i+1)=tST,t=(t1,t2,...,tn) (ii) a Order toFor each tiH last bit of (a), andcalculate T accordingly2=(T2,1,T2,2,...,T2,l+1)=t*XT. Final ECNhThe group public key and the necessary group authentication information MG=(m1||...||mn||T||PKG) Is sent to AMF1。
And 4, step 4: AUSF/UDM → AMF1:(AG=(A1||...||An||rHN))
Each SUCI can be retrieved by the AUSF/UDMiCorresponding true identity SUPIiAnd analyzing whether the team member is in AMF1Within the range of (1). According to Ki、miThe UDM can calculate each ECNiCorresponding tiAnd t ═ t (t)1,...,tn). Subsequently, AUSF/UDM verifies s ═ T-tSTIf s is 0, the group identity authentication is passed, otherwise, an index list corresponding to the malicious ECN is output.
After the verification is passed, the AUSF/UDM generates a new temporary identity for all group membersAfter which it selects a random number rHNAnd calculating CKi=f2(Ki,rHN),IKi=f3(Ki,rHN),Finally, AUSF/UDM generates n pieces of authentication informationAnd will finally authenticate token AG=(A1||...||An||rHN) Is sent to AMF1。
And 5: AMF1→gNB1:(AUTHG=(AUTH1||...||AUTHn||PKG||rHN))
AMF1RetentionAnd for each ECNiComputingAnd authentication messagesFinally, the authentication token AUTH of the user is usedG=(AUTH1||...||AUTHn||PKG||rHN) Sending to access base station gNB1。
upon reception of AUTHG,gNB1The group is considered to be authenticated. At this time gNB1A set of members wanting to communicate can be specified using a group public keyThe present invention assumes a gNB1To communicate with all group members and share the same session key, whengNB1Random selectionCalculating ciphertext C ═ C1,C2) And session key ξ:
C1=gt,C2=(R0)t
ξ=(A0)t
finally, gNB1With its own private key SKgNBFor authenticationThe information is signed and sent to the ECNh:Wherein TS1Is gNB1A timestamp is generated to indicate the freshness of the message.
ECNhthe message is broadcast to the group upon receipt. Subsequently, the group member verifies the integrity and correctness of the signature; using rHNCalculate respective CKi,IKi,By usingVerification of AUTHiThereby authenticating the gNB1、AMF1The identity of AUSF/UDM is legitimate. So far, the initial authentication is completed, and each member can use the decryption key d thereofiExtracting a session key ξ from the received ciphertext C: xi ═ e (σ)0,i,C1)e(hi,C2). Finally, ECNiAnd AMF1Reserving GUTIiAnd use the temporary identity in future intra-domain handovers. ECN if inter-domain handover occursiWill update the anonymous identity
Thirdly, switching authentication stages:
(1) intra-domain handover: within the same AMF range, from the source base station gNB1Handover to target base station gNB2(ii) a MEC server notifies gNB upon reaching handoff authentication threshold1And group G performs handover authentication;
gNB1after receiving the notification of the MEC server, the target base station gNB is sent to in advance2And sending the authentication information of the group.
Step 2: ECNh→gNB2:(M′G=(m′1||...||m′n||T′||PKG))
The members in the group select a new random number r 'in advance'iAnd calculates an authentication message m'i=(GUTIi||PKi||r′i) And t'i=F(ξ,m′i)。ECNhAll (m ') were received'i||t′i) Post-calculation aggregation message authentication code T ═ T'1,T′2) Of which is T'1=t′ST,T′2=(t*)′XT. Final ECNhSending the relevant authentication information to the gNB2。
gNB2according to gNB1And ECNhTransmitted message authentication GUTIiWhether it is legal. gNB2Calculating S ═ T '-T' STIf not, gNB2Exporting ECN of malicious memberjCorresponding index value j and refusing the group to continue accessing, otherwise gNB2Ciphertext C ═ C ' (C ') is calculated in the same manner as in the initial authentication '1,C′2) And session key ξ' ═ (a)0)tWhere t is randomly selected, unlike the initial authentication. Finally, gNB2Computing signaturesAnd to ECNhSending
ECNhthe message is broadcast and verified for validity and correctness by the group members. If the verification is successful, the mutual authentication is completed. Finally, ECNiUsing respective decryption keys diExtracting session key ξ' ═ e (σ ═ e)0,i,C′1)e(hi,C′2) And subsequent communication is conducted using the session key.
(2) Switching between domains: when the source base station and the target base station are not in the same AMF range, inter-domain switching occurs; at this time, the group G should be associated with AMF2Target base station gNB in3Negotiate session keys and with AMF2And gNB3Performing mutual authentication; as with intra-domain handovers, when group G reaches the handover threshold, the SDN controller notifies group G and AMF1Executing switching authentication preparation work:
before group access, AMF1Forward AMF2A group message is sent.
AMF2and forwarding the received message to AUSF/UDM.
upon receiving the handover request message, the AUSF/UDM pre-computes a new anonymous identity for the group membersAnd generates AMF2And ECNi shared security keyFinally, AMF2Store GUTI1And
at this stage, AMF2Selecting a random numberComputingAnd is each GUTIiGenerating authentication messages
And 5: ECNh→gNB3:(M″G=(m″1||...||m″n||T″||PKG))
Similar to the calculation process for intra-domain handovers, each group member calculates m ″i=(GUTIi″||PKi||r″i) And message authentication codeAnd will authenticate the respective message (m ″)i,t″i) Sending to security service gateway ECNh. Then ECNhAccordingly, the aggregation message authentication code T ″ (T ″) is generated1,T″2) Wherein T ″)1=t″ST,T″2=(t*)″XT. Final ECNhMixing M ″)G=(m″1||...||m″n||T″||PKG) Send to gNB3。
gNB3after receiving the message, calculating an aggregation message authentication code t ″ (t ″)1,...,t″n) If S ═ T '-T' STIf 0, gNB is certified3The group is successfully authenticated. Subsequently, gNB3Calculating a ciphertext C ″ (C ″) according to an initial authentication calculation mode1,C″2) And session key ξ ". Finally, gNB3Generating signaturesAnd return the necessary response messages to the ECNh。
ECNhthis message is broadcast to the group. Each member computingUsing gNB3Of (2) a public keyThe signature is de-signed to confirm the correctness and legitimacy of the source of the message. If the verification passes, it indicates that the group has implemented the gNB pair3And AMF2The authentication of (1). Finally, each ECNiUsing its own decryption key diExtract session key ξ ″ -, e (σ)0,i,C″1)e(hi,C″2)。
The effect of the present invention will be described in detail below with reference to a safety analysis.
In the invention, the SDN or MEC server can make a decision by monitoring the network state in real time according to the dynamic topology of the user. ECNhThe authentication information of n group members is aggregated into 1 aggregation message authentication code to be sent to a receiving party, so that the communication overhead is greatly reduced, the signaling interaction times are reduced, and the possibility of channel congestion is reduced. And the MEC and SDN integrated network architecture can predict the switching path in advance, a large amount of calculation cost can be completed before switching authentication, and the method effectively reducesThe time delay of switching authentication in the domain and between the domains is reduced. And in the initial authentication and the switching authentication, the anonymous identity and the temporary identity which can be traced only by a core network are used, so that the anonymity and the traceability are ensured.
The invention uses the aggregation message authentication code with the detection function, the message compression rate is about 1 percent, and the detection probability of the malicious user is about 91 percent. Different from other schemes, after the base station receives the authentication message of the group, if the authentication fails, the base station can detect the identity index corresponding to the malicious message while rejecting access, and feed back the malicious identity list to the group, thereby effectively helping group debugging and improving group robustness. The algorithm for detecting the malicious identity in the invention is as follows:
the key negotiation stage of the invention is to generate the group key and the respective decryption key based on the key material contributed by each group member, without any trusted third party, thus ensuring the free key escrow. When the ciphertext is obtained, only the user with the legal decryption key can extract the session key from the ciphertext C, and the forward and backward key confidentiality is as follows:
in the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When used in whole or in part, can be implemented in a computer program product that includes one or more computer instructions. When loaded or executed on a computer, cause the flow or functions according to embodiments of the invention to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, the computer instructions may be transmitted from one website site, computer, server, or data center to another website site, computer, server, or data center via wire (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL), or wireless (e.g., infrared, wireless, microwave, etc.)). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that includes one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid state disk (ssd)), among others.
The above description is only for the purpose of illustrating the present invention and the appended claims are not to be construed as limiting the scope of the invention, which is intended to cover all modifications, equivalents and improvements that are within the spirit and scope of the invention as defined by the appended claims.
Claims (9)
1. A multi-user authentication method for a mobile communication scenario is characterized by comprising the following steps:
step one, selecting a safe mobile gateway as a group head in an established group, and transmitting authentication information of all group members to an access base station after the group head is aggregated; in the group key negotiation stage, each group member generates a respective decryption key according to the contribution and publicly calculates a group public key PKG;
Step two, the MEC server is deployed at the edge of a core network closer to a user side and is physically connected to a base station in the coverage range of the MEC server; when a large number of mobile users enter the range of a base station, the existing user grouping scheme can be adopted and a safe mobile gateway for external communication is selected from the group; and adopting an aggregation message authentication code AMAD with a detection function to carry out mutual authentication between the group and the base station, encrypting the message by using the group public key and negotiating a session key to carry out subsequent secure communication and service request.
And step three, informing relevant base stations and groups to perform switching authentication according to the switching paths monitored by the SDN.
2. The multi-user authentication method in a mobile communication scenario of claim 1, wherein in the multi-user authentication method in a mobile communication scenario, each ECN has a secret key K previously shared with UDM/AUSF; before ECNs access the network, requiring base stations gNB to establish security association with a core network; the UDM/AUSF has a main public and private key pair PKHN/SKHNAnd generates a public and private key pair PK for each gNBgNB/SKgNBThen, it is pre-distributed to each gNB for security; the UDM/AUSF adopts an identity authentication mechanism based on Internet key exchange protocol version 2-IKEv 2 or other simple identity authentication mechanisms based on public key cryptography to authenticate the gNB;
group size n, SUCIG={SUCI1,SUCI2,...,SUCInIs an anonymous set of members of a group, each member ECN having been mutually authenticatediThe index of (i) is more than or equal to 1 and less than or equal to n; the system parameter is pi ═ lambda, gamma, n, g, h1,…,hn,F,f1,f2,f3) Wherein Andare multiplicative groups having the same prime order p,is an effective non-degenerate bilinear map; g isThe generation element of (a) is generated,is thatThe independent generator randomly selected in (1); h is a hash function; f is a MAC function; f. of1,f2,f3Are independent one-way key encryption functions and are completely independent of each other.
3. The multi-user authentication method in a mobile communication scenario as claimed in claim 1, wherein the key agreement phase in the first step comprises:
(1) group key negotiation: for 1. ltoreq. k. ltoreq.n, each ECNkAll randomly select xi,k∈G,And calculateAi,k=e(Xi,kG) to obtain ECNkIs PKk=((Rn,k,An,k),(Rn,k,An,k)...,(Rn,k,An,k) ); for i ≠ 0, 1.. n, and j ≠ 1.. n, where i ≠ j and j ≠ k, the calculation is performedLet dj,k=(σ0,j,k,...,σj-1,j,k,σj+1,j,k,...,σn,j,k) (ii) a After completion of the calculation, ECNKPublic sending within the group its own public key and key material to be distributed to the remaining n-1 members: (PK)k,d1,k,...,dk-1,k,dk+1,k,...,dn,k) And d isk,kThen the information is stored secretly by the user;
(2) group key derivation: the group key is calculated as follows:
(3) Decryption key derivation for each member: for i ≦ n 0 ≦ j ≦ n 1 ≦ j ≦ n, the remaining n-1 members ECNjThe decryption key of (a) is calculated as follows:
dj=(σ0,i,...,σj-1,j,σj+1,j,...,σn,j)
wherein the content of the first and second substances,
for the group, the key generation has homomorphism property, if the group members do not update, the group public key and the corresponding member decryption key are kept unchanged all the time; if a member joins or pushes out of the group, the group public key and the decryption key only need to link or delete the key material contributed by the member, and the group does not need to be reestablished.
4. The multi-user authentication method in a mobile communication scenario as claimed in claim 1, wherein the initial authentication phase in step two comprises: the AMAD algorithm used is constructed from l-order biorthogonal codes with detection function, S is (n, k, d)min)=(2l,l+1,2l-1) And the syndrome generator matrix of the biorthogonal code with order l ≧ 3, s is the syndrome, for each1, 2, 1, let Si=(Si,1,Si,2,...,Si,n)∈{0,1}nIs the ith row of the matrix S; let sigma be the extended syndrome generating matrix of S, epsilon is the extended syndrome; defining a matrix X of order (l +1) X n, all the rows of the matrix being defined by Xi=(Xi,1,Xi,2,Xi,3,...,Xi,n)=(Si,1,αSi,2,α2Si,3,...,αn-1Si,n) Wherein α is GF (2)h) The primitive element of (1); and let r be (2)l+1-1) X n order matrix, whose rows consist of all codewords except the zero-out vector generated by matrix X; the specific authentication process is as follows, the group size is n:
(1)ECNi→ECNh:(mi||ti)
the index range of the group members is i ═ 1, 2.., n; each member ECNiSelecting a random number riAnd generates an authentication message mi=(SUCIi||PKi||ri) Wherein SUCIiIs an anonymous identity, PK, of the ith memberiIs an ECN generated during a group key agreement procedureiThe public key of (2); ECNiCalculating respective message authentication codes ti=F(Ki,mi) (ii) a Each member will be own (m)i||ti) Sending to security service gateway ECNhThis step can be performed off-line;
(2)ECNh→AMF1:(MG)
ECNhgenerating an aggregated message authentication code T ═ (T) from the received message1,T2) (ii) a Wherein, T1=(T1,1,T1,2,...,T1,l+1)=tST,t=(t1,t2,...,tn) (ii) a Order toFor each tiH last bit of (a), andcalculate T accordingly2=(T2,1,T2,2,...,T2,l+1)=t*XT;ECNhThe group public key and the necessary group authentication information MG=(m1||...||mn||T||PKG) Is sent to AMF1;
(4)AUSF/UDM→AMF1:(AG=(A1||...||An||rHN))
AUSF/UDM retrieval of each SUCIiCorresponding true identity SUPIiAnd analyzing whether the team member is in AMF1Within the range of (1); according to Ki、miUDM calculates each ECNiCorresponding tiAnd t ═ t (t)1,...,tn) (ii) a AUSF/UDM verification s ═ T-tSTIf s is 0, the group identity authentication is passed, otherwise, an index list corresponding to the malicious ECN is output;
after the verification is passed, the AUSF/UDM generates a new temporary identity for all group membersSelecting a random number rHNAnd calculating CKi=f2(Ki,rHN),IKi=f3(Ki,rHN),Wherein KDF stands for one-way key derivation function; AUSF/UDM generates n pieces of authentication informationAnd will finally authenticate token AG=(A1||...||An||rHN) Is sent to AMF1;
(5)AMF1→gNB1:(AUTHG=(AUTH1||...||AUTHn||PKG||rHN))
AMF1RetentionAnd for each ECNiComputingAnd authentication messagesFinally, the authentication token AUTH of the user is usedG=(AUTH1||...||AUTHn||PKG||rHN) Sending to access base station gNB1;
When AUTH is receivedGThen gNB1The group is considered to pass identity authentication; gNB1Specifying a set of members wanting to communicate using a group public keygNB1Random selectionCalculating ciphertext C ═ C1,C2) And session key ξ:
if the resource information of some group members does not want to be transmitted in the group in public, the base station shares different session keys with different members according to a calculation mode; suppose gNB1To communicate with all group members and share the same session key, i.e.The following calculations were performed:
C1=gt,C2=(R0)t
ξ=(A0)t
gNB1with its own private key SKgNBSigning the authentication information and sending to the ECNh:Wherein TS1Is gNB1A generated timestamp indicating the freshness of the message;
ECNhbroadcasting the message to the group; each member verifies the integrity and correctness of the signature, using rHNCalculate respective CKi,IKi,By usingVerification of AUTHiThereby authenticating the gNB1、AMF1The identity of the AUSF/UDM is legitimate; so far, the initial authentication is completed, and each member uses its ownDecryption key diExtracting a session key ξ from the received ciphertext C:
ξ=e(σ0,i,C1)e(hi,C2)
5. The multi-user authentication method in a mobile communication scenario as claimed in claim 1, wherein the handover authentication phase in step three comprises:
(1) intra-domain handover: within the same AMF range, from the source base station gNB1Handover to target base station gNB2(ii) a MEC server notifies gNB upon reaching handoff authentication threshold1And group G performs handover authentication;
gNB1after receiving the notice of the MEC server, the target base station gNB is sent to in advance2Sending authentication information of the group;
2)ECNh→gNB2:(M′G=(m′1||…||m′n||T′||PKG))
the members in the group select a new random number r 'in advance'iAnd calculates an authentication message m'i=(GUTIi||PKi||r′i) And t'i=F(ξ,m′i);ECNhAll (m ') were received'i||t′i) Post-calculation aggregation message authentication code T ═ T'1,T′2) Of which is T'1=t′ST,T′2=(t*)′XT;ECNhSending the relevant authentication information to the gNB2;
gNB2Validating GUTIiWhether it is legal; gNB2Calculating S ═ T '-T' ST0, if not equal, gNB2Feeding back a malicious identity list and refusing the group to continue accessing, otherwise, the gNB2Ciphertext C ═ C ' (C ') is calculated in the same manner as in the initial authentication '1,C′2) And session key ξ' ═ (a)0)tWhere t is randomly selected, different from the initial authentication; gNB2Computing signaturesAnd to ECNhSending
ECNhBroadcasting the message to the group and verifying by each member, if the verification is successful, finishing the mutual authentication; ECNiUsing respective decryption keys diExtracting session key ξ' ═ e (σ ═ e)0,i,C′1)e(hi,C′2) And performing subsequent communication by using the session key;
(2) switching between domains: when the source base station and the target base station are not in the same AMF range, inter-domain switching occurs; at this time, the group G should be associated with AMF2Target base station gNB in3Negotiate session keys and with AMF2And gNB3Performing mutual authentication; as with intra-domain handovers, when group G reaches the handover threshold, the SDN controller notifies group G and AMF1Executing switching authentication preparation work:
before group access, AMF1Forward AMF2Sending a group message;
AMF2forwarding the received message to the AUSF/UDM;
upon receiving the handover request message, the AUSF/UDM pre-computes a new anonymous identity for the group membersAnd generates AMF2And ECNiA security key shared between themAMF2Store GUTIiAnd
at this stage, AMF2Selecting a random numberComputingAnd is each GUTIiGenerating authentication messages
5)ECNh→gNB3:(M″G=(m″1||...||m″n||T″||PKG))
Similar to the calculation process for intra-domain handovers, each group member calculates m ″i=(GUTI″i||PKi||r″i) And message authentication codeAnd will authenticate the respective message (m ″)i,t″i) To ECNh;ECNhAccordingly, the aggregation message authentication code T ″ (T ″) is generated1,T″2) Wherein T ″)1=t″ST,T″2=(t*)″XT;ECNhMixing M ″)G=(m″1||...||m″n||T″||PKG) Send to gNB3;
gNB3After receiving the message, calculate t ″ (t ″)1,...,t″n) If S ═ T '-T' STIf 0, gNB is certified3Successfully authenticating the group; gNB3Calculating the ciphertext C ″ (C ″)1,C″2) And session key ξ "; generating signaturesAnd return the necessary response messages to the ECNh;
ECNhBroadcasting the message to the group for verification; if the verification passes, the group is indicated to have already realized the gNB pair3And AMF2The authentication of (1); each ECNiUsing its own decryption key diExtract session key ξ ═ e: (b:)σ0,i,C″1)e(hi,C″2)。
6. A multi-user authentication system for implementing the multi-user authentication method in a mobile communication scenario according to any one of claims 1 to 5, wherein the network architecture integrating the SDN and the MEC is divided into three layers, which are respectively:
the control plane deploys an SDN global controller in a core layer for centralized control, and the MEC server serves as a local controller of the SDN and assists the control plane to collect user dynamic topology in the range and monitor the network state in real time to make decisions; the data plane, each base station has a local database LDB, the LDB stores the user information in the relevant unit and updates regularly, the user information includes group information, user position, service requirement and transmission scheme; forming a global database GDB from information collected by the LDBs, and enabling the SDN controller to design a network-level strategy and update a local application program module; and the user plane consists of different mobile users, data streams are separated and forwarded among the users, and the data streams consist of data packets indicating key characteristics of the users.
7. A computer device, characterized in that the computer device comprises a memory and a processor, the memory storing a computer program which, when executed by the processor, causes the processor to carry out the steps of:
in the group key negotiation stage, each group member generates its own decryption key according to the contribution and publicly calculates the group public key PKG;
When a large number of mobile users enter the range of a base station, adopting an aggregation message authentication code AMAD with a detection function to carry out mutual authentication, encrypting a message by using a group public key and negotiating a session key to carry out subsequent security communication and service requests;
and informing relevant base stations and groups to perform switching authentication according to the switching paths monitored by the SDN.
8. A computer-readable storage medium storing a computer program which, when executed by a processor, causes the processor to perform the steps of:
in the group key negotiation stage, each group member generates its own decryption key according to the contribution and publicly calculates the group public key PKG;
When a large number of mobile users enter the range of a base station, adopting an aggregation message authentication code AMAD with a detection function to carry out mutual authentication, encrypting a message by using a group public key and negotiating a session key to carry out subsequent security communication and service requests;
and informing relevant base stations and groups to perform switching authentication according to the switching paths monitored by the SDN.
9. An information data processing terminal characterized by being configured to implement the multi-user authentication system according to claim 6.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111641788.0A CN114286334A (en) | 2021-12-29 | 2021-12-29 | Multi-user authentication method and system for mobile communication scene and information processing terminal |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111641788.0A CN114286334A (en) | 2021-12-29 | 2021-12-29 | Multi-user authentication method and system for mobile communication scene and information processing terminal |
Publications (1)
Publication Number | Publication Date |
---|---|
CN114286334A true CN114286334A (en) | 2022-04-05 |
Family
ID=80878064
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111641788.0A Pending CN114286334A (en) | 2021-12-29 | 2021-12-29 | Multi-user authentication method and system for mobile communication scene and information processing terminal |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114286334A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116170233A (en) * | 2023-04-23 | 2023-05-26 | 广州河东科技有限公司 | User terminal communication security authentication system of smart home |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20060033424A (en) * | 2004-10-15 | 2006-04-19 | 학교법인 성균관대학 | Method generating session key for group communication in mobile environment |
KR20100040777A (en) * | 2008-10-11 | 2010-04-21 | 오희국 | A group key based authentication protocol providing fast handoff in ieee 802.11 |
US20110002465A1 (en) * | 2007-12-18 | 2011-01-06 | Electronics And Telecommunications Research Institute | Integrated handover authenticating method for next generation network (ngn) with wireless access technologies and mobile ip based mobility control |
WO2011113227A1 (en) * | 2010-03-16 | 2011-09-22 | 西安西电捷通无线网络通信股份有限公司 | Method and system for multicast key negotiation adapted for cluster system |
CN104602236A (en) * | 2015-02-04 | 2015-05-06 | 西安电子科技大学 | Group-based anonymous switching authentication method during machine-type communication |
CN105959269A (en) * | 2016-04-25 | 2016-09-21 | 北京理工大学 | ID-based authenticated dynamic group key agreement method |
CN108513296A (en) * | 2018-02-23 | 2018-09-07 | 北京信息科技大学 | A kind of switching authentication method and system of MTC frameworks |
-
2021
- 2021-12-29 CN CN202111641788.0A patent/CN114286334A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20060033424A (en) * | 2004-10-15 | 2006-04-19 | 학교법인 성균관대학 | Method generating session key for group communication in mobile environment |
US20110002465A1 (en) * | 2007-12-18 | 2011-01-06 | Electronics And Telecommunications Research Institute | Integrated handover authenticating method for next generation network (ngn) with wireless access technologies and mobile ip based mobility control |
KR20100040777A (en) * | 2008-10-11 | 2010-04-21 | 오희국 | A group key based authentication protocol providing fast handoff in ieee 802.11 |
WO2011113227A1 (en) * | 2010-03-16 | 2011-09-22 | 西安西电捷通无线网络通信股份有限公司 | Method and system for multicast key negotiation adapted for cluster system |
CN104602236A (en) * | 2015-02-04 | 2015-05-06 | 西安电子科技大学 | Group-based anonymous switching authentication method during machine-type communication |
CN105959269A (en) * | 2016-04-25 | 2016-09-21 | 北京理工大学 | ID-based authenticated dynamic group key agreement method |
CN108513296A (en) * | 2018-02-23 | 2018-09-07 | 北京信息科技大学 | A kind of switching authentication method and system of MTC frameworks |
Non-Patent Citations (2)
Title |
---|
CHENGZHE LAI ET AL.: "A Novel Group-oriented Handover Authentication Scheme in MEC-Enabled 5G Networks", 《2021 IEEE/CIC INTERNATIONAL CONFERENCE ON COMMUNICATIONS IN CHINA (ICCC)》, pages 1 - 5 * |
SHIJIE ZHANG ET AL.: "A Group Signature and Authentication Scheme for Blockchain-Based Mobile-Edge Computing", 《IEEE INTERNET OF THINGS JOURNAL》 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116170233A (en) * | 2023-04-23 | 2023-05-26 | 广州河东科技有限公司 | User terminal communication security authentication system of smart home |
CN116170233B (en) * | 2023-04-23 | 2023-07-18 | 广州河东科技有限公司 | User terminal communication security authentication system of smart home |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110581763B (en) | Quantum key service block chain network system | |
Cao et al. | GBAAM: group‐based access authentication for MTC in LTE networks | |
CN112565230B (en) | Software-defined Internet of things network topology data transmission safety management method and system | |
US20230155816A1 (en) | Internet of things security with multi-party computation (mpc) | |
US8954727B2 (en) | Security control in a communication system | |
Kong et al. | Achieve secure handover session key management via mobile relay in LTE-advanced networks | |
CN109756877B (en) | Quantum-resistant rapid authentication and data transmission method for massive NB-IoT (NB-IoT) equipment | |
CN111447616B (en) | Group authentication and key agreement method for LTE-R mobile relay | |
WO2010124482A1 (en) | Method and system for implementing secure forking calling session in ip multi-media subsystem | |
Usman et al. | A distributed and anonymous data collection framework based on multilevel edge computing architecture | |
Faye et al. | A survey of access control schemes in wireless sensor networks | |
CN115514474A (en) | Industrial equipment trusted access method based on cloud-edge-end cooperation | |
CN114466318B (en) | Method, system and equipment for realizing multicast service effective authentication and key distribution protocol | |
CN114286334A (en) | Multi-user authentication method and system for mobile communication scene and information processing terminal | |
US20240072996A1 (en) | System and method for key establishment | |
Song et al. | Improvement of key exchange protocol to prevent man-in-the-middle attack in the satellite environment | |
CN110113344A (en) | A kind of marine multiple mobile platforms personal identification method based on distributed cryptographic | |
Perry et al. | Strong anonymity for mesh messaging | |
Boussaha et al. | Optimized in-network authentication against pollution attacks in software-defined-named data networking | |
Zhang et al. | Security-aware device-to-device communications underlaying cellular networks | |
Li et al. | Fast authentication for mobile clients in wireless mesh networks | |
Chen et al. | A secure network coding based on broadcast encryption in sdn | |
CN111030934B (en) | Multi-domain optical network security optical tree establishment system and method based on distributed PCE | |
Liu et al. | Security authentication based on generated address algorithm for software-defined optical communication network | |
Li | Efficient security protocols for fast handovers in wireless mesh networks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |