CN114286334A - Multi-user authentication method and system for mobile communication scene and information processing terminal - Google Patents

Abstract

The invention belongs to the technical field of network communication, and discloses a multi-user authentication method, a system and an information processing terminal in a mobile communication scene, wherein the method comprises the following steps: a key negotiation stage; an initial authentication stage; and switching the authentication phase. The invention designs a multi-user authentication scheme by using an aggregation message authentication code with a detection function and a broadcast encryption technology based on contribution based on MEC and SDN technologies, and aims to reduce the channel congestion probability, reduce the calculation overhead and communication overhead of switching authentication, reduce the switching authentication delay and improve the safety performance of group authentication. According to the invention, the network architecture integrating the SDN and the MEC server can monitor the network state in real time in advance according to the dynamic topology of the user to make a switching decision, a large amount of calculation overhead can be completed before switching authentication, and the switching authentication delay is effectively reduced. And the group messages are aggregated, so that the signaling interaction times can be effectively reduced, and the possibility of channel congestion is reduced.

Description

Multi-user authentication method and system for mobile communication scene and information processing terminal

Technical Field

The invention belongs to the technical field of network communication, and particularly relates to a multi-user authentication method, a multi-user authentication system, a multi-user authentication medium, a multi-user authentication device and an information processing terminal in a mobile communication scene.

Background

At present, with the improvement of the technical standard of the internet of things industry and the continuous breakthrough of key technology, a large amount of real-time data must be generated by the connection of a large number of intelligent terminals and other network edge side devices. If such data processing analysis is handed over to cloud processing, the distance between the cloud and the device can result in high bandwidth consumption and processing delay, which is unacceptable for many delay-sensitive edge-side data. The MEC technology solves the problems to a certain extent by sinking the computing, storing and service capabilities to the edge of the network, and has important significance for realizing flow unloading, flexible and rapid service deployment, time delay reduction and the like.

Aiming at an ultra-dense base station coverage scene in a 5G network, 3GPP provides a Software Defined Network (SDN), which can avoid the additional cost of a control plane, and the programmability and centralized network management enable the SDN to collect all states in the network, monitor and predict the positions of users by using different positioning and data analysis technologies by means of a unified and real-time network topological graph, plan different paths for different network flows, and inform relevant access base stations in advance to ensure self-adaption and efficient clustering so as to achieve the purpose of fully utilizing links, and the method has great advantages in the dynamic group mobility management of the 5G network.

Currently, handover authentication has become a fundamental requirement for reliable and trusted communications between parties participating in a network scenario. With the rapid increase of mobile service data and the large-scale deployment of 5G base stations, the times of handover authentication are more frequent, so that the most important of the existing handover authentication scheme is to solve the problems of communication overhead and handover delay, and on the basis, provide high-quality network service for users to the greatest extent and ensure the continuity of the service.

Through the above analysis, the problems and defects of the prior art are as follows:

(1) the standardized authentication protocol 5G-AKA defined in the existing 5G network only supports a single user to independently perform an authentication process, usually requires several rounds of signaling interaction and a complex key management mechanism for handover, and cannot well handle a situation where a large number of devices request network services at the same time.

(2) Group-oriented authentication and key agreement schemes have been proposed to support multi-user access, however, these schemes still have some problems in terms of security and performance when implemented in practical communication scenarios, and most schemes do not consider inter-domain handover scenarios.

The difficulty in solving the above problems and defects is: the group key negotiation method based on the difficult problem of the n-BDHE has complete collusion resistance safety aiming at semi-adaptive attack, can ensure free key escrow, has backward and forward safety, and can ensure the safety of group member communication. In addition, the key negotiation method supports the negotiation of the session key with the designated member, and further enhances the communication security. The aggregation message authentication code constructed based on the biorthogonal code has the function of detecting the identity of a malicious member, can effectively help the group to debug and enhance the robustness of the group. The significance of solving the problems and the defects is as follows: according to the network architecture integrating the MEC and the SDN, disclosed by the invention, a large amount of calculation in mutual authentication can be completed in advance, the problem of authentication delay is reduced, the problem of complex signaling transmission during switching between domains in a domain is solved, and the communication overhead and the calculation overhead are reduced. The use of the aggregated message authentication code technique with detection enables a reduction in the number of signalling transmissions while supporting multi-user authentication.

Disclosure of Invention

The invention provides a multi-user authentication method, a multi-user authentication system and an information processing terminal for a mobile communication scene, and particularly relates to a multi-user authentication method, a multi-user authentication system, a multi-user authentication medium, a multi-user authentication device and an information processing terminal for a mobile communication scene based on MEC and SDN technologies.

The invention is realized in such a way that a multi-user authentication method for a mobile communication scene comprises the following steps:

step one, in the group key negotiation stage, each group member generates a decryption key according to the contribution and publicly calculates a group public key PK_G；

And step two, adopting an aggregation message authentication code AMAD with a detection function to carry out mutual authentication. Encrypting the message by using the group public key and negotiating a session key to perform subsequent secure communication and service requests;

and step three, informing related base stations and groups in advance to perform switching authentication according to the switching paths monitored by the SDN.

Further, in the multi-user authentication method of the mobile communication scenario,

each ECN has a secret key K shared with the UDM/AUSF in advance; before ECNs access the network, requiring base stations gNB to establish security association with a core network; the UDM/AUSF has a main public and private key pair PK_HN/SK_HNAnd generates a public and private key pair PK for each gNB_gNB/SK_gNBThereafter, it is securely pre-distributed to each of the gnbs. The UDM/AUSF authenticates the gNB using an authentication mechanism based on Internet Key exchange protocol version 2- -IKEv2 or other simple authentication mechanisms based on public key cryptography.

Assuming a group size of n, SUCI_G＝{SUCI₁，SUCI₂，...，SUCI_nIs an anonymous set of members of a group, each member ECN having been mutually authenticated_iThe index of (i) is more than or equal to 1 and less than or equal to n; the system parameter is pi ═ lambda, gamma, n, g, h₁，...，h_n，F，f₁，f₂，f₃) Wherein

And

are multiplicative groups having the same prime order p,

is an effective non-degenerate bilinear map; g is

The generation element of (a) is generated,

is that

The independent generator randomly selected in (1); h is a hash function; f is a MAC function; f. of₁，f₂，f₃Are independent one-way key encryption functions and are completely independent of each other.

Further, the key agreement phase in the first step includes:

(1) group key negotiation: for 1. ltoreq. k. ltoreq.n, each ECN_kAll randomly select x_i，k∈G，

And calculate

A_i，k＝e(X_i，kG) to obtain ECN_kIs PK_k＝((R_n，k，A_n，k)，(R_n,k，A_n，k)...，(R_n，k，A_n，k) ); for i ≠ 0, 1.. n, and j ≠ 1.. n, where i ≠ j and j ≠ k, the calculation is performed

Let d_j，k＝(σ_0，j，k，...，σ_j-1，j，k，σ_j+1，j，k，...，σ_n，j，k) (ii) a After completion of the calculation, ECN_KPublic sending within the group its own public key and key material to be distributed to the remaining n-1 members: (PK)_k，d_1，k，...，d_k-1，k，d_k+1，k，...，d_n，k) And d is_k，kIt is kept secret by itself.

(2) Group key derivation: the group key is calculated as follows:

here, the

Is an efficient operation in the public key space Φ, and for i 0, 1

(3) Decryption key derivation for each member: for i ≦ n 0 ≦ j ≦ n 1 ≦ j ≦ n, the remaining n-1 members ECN_jThe decryption key of (a) is calculated as follows:

d_j＝(σ_0，j，...，σ_j-1，j，σ_j+1，j，...，σ_n，j)

wherein the content of the first and second substances,

for the group, the key generation has homomorphism property, if the group members do not update, the group public key and the corresponding member decryption key are kept unchanged all the time; if a member joins or pushes out the group, the group public key and the decryption key only need to link or delete the key material contributed by the member, and the group does not need to be reestablished.

Further, the initial authentication phase in the second step includes:

the AMAD algorithm used at this stage consists of l with detection functionThe second order biorthogonal code is constructed, S is (n, k, d)_min)＝(2^l，l+1，2^l-1) And the syndrome of the biorthogonal code with the order l being more than or equal to 3 generates a matrix, S is the syndrome, and for each i is 1, 2_i＝(S_i，1，S_i，2，...，S_i，n)∈{0，1}ⁿIs the ith row of the matrix S; let Σ be the extended syndrome generator matrix of S, and ε be the extended syndrome. Defining a matrix X of order (l +1) X n, all the rows of which are defined by X_i＝(X_i，1，X_i，2，X_i，3，...，X_i，n)＝(S_i，1，αS_i，2，α²S_i，3，...，α^n-1S_i，n) Wherein α is GF (2)^h) The primitive element of (1); and let Γ be (2)^l+11) × n order matrix whose rows consist of all codewords except the zero-out vector generated by matrix X. The specific authentication procedure is as follows, assuming that the group size is n:

(1)ECN_i→ECN_h：(m_i||t_i)

the index range of the group members is i ═ 1, 2.., n; ECN_iSelecting a random number r_iAnd generates an authentication message m_i＝(SUCI_i||PK_i||r_i) Wherein SUCI_iIs an anonymous identity, PK, of each member_iIs an ECN generated during a group key agreement procedure_iThe public key of (2); ECN_iCalculating respective message authentication codes t_i＝F(K_i，m_i) (ii) a Each member will be own (m)_i||t_i) To ECN_hThis step may be performed off-line.

(2)ECN_h→AMF₁：(M_G)

Upon receipt of messages from all group members, the ECN_hGenerating an aggregated message authentication code T ═ (T) from the message₁，T₂) (ii) a Wherein, T₁＝(T_1，1，T_1，2，...，T_1，l+1)＝tS^T，t＝(t₁，t₂，...，t_n) (ii) a Order to

For each t_iH last bit of (a), and

calculate T accordingly₂＝(T_2，1，T_2，2，...，T_2，l+1)＝t^*X^T；ECN_hThe group public key and the necessary group authentication information M_G＝(m₁||...||m_n||T||PK_G) Is sent to AMF₁。

(3)

AMF₁Retention M_GAnd will transmit the message

And forwarding to AUSF/UDM.

(4)AUSF/UDM→AMF₁：(A_G＝(A₁||...||A_n||r_HN))

And after receiving the message, the AUSF/UDM verifies that: AUSF/UDM retrieves Each SUCI_iCorresponding true identity SUPI_iAnd analyzing whether the team member is in AMF₁Within the range of (1); according to K_i、m_iUDM calculates each ECN_iCorresponding t_iAnd t ═ t (t)₁,., tn); AUSF/UDM verification s ═ T-tS^TIf s is 0, the group identity authentication is passed, otherwise, an index list corresponding to the malicious ECN is output; since the group public key PK_GIs calculated publicly, so it is based on the received PK_iVerifying the received PK_GWhether generated by a legitimate group member.

After the verification is passed, the AUSF/UDM generates an authentication token of the AUSF/UDM: AUSF/UDM generates a new temporary identity for all group members

Selecting a random number r_HNAnd calculating CK_i＝f₂(K_i，r_HN)，IK_i＝f₃(K_i，r_HN)，

Wherein KDF stands for one-way key derivation function; AUSF/UDM generates n pieces of authentication information

And will finally authenticate token A_G＝(A₁||...||A_n||r_HN) Is sent to AMF₁。

(5)AMF₁→gNB₁：(AUTH_G＝(AUTH₁||...||AUTH_n||PK_G||r_HN))

AMF₁Retention

And for each ECN_iComputing

And authentication messages

Finally, the authentication token AUTH of the user is used_G＝(AUTH₁||...||AUTH_n||PK_G||r_HN) Sending to access base station gNB₁。

(6)

When AUTH is received_GThen gNB₁The group is considered to pass identity authentication; gNB₁Specifying a set of members wanting to communicate using a group public key

gNB₁Random selection

Calculating ciphertext C ═ C₁，C₂)：

gNB₁The session key with the member is:

if the resource information of some group members does not want to be transmitted in the group in public, the base station shares different session keys with different members according to a calculation mode; the present invention assumes a gNB₁To communicate with all group members and share the same session key;

the following calculations were performed:

C₁＝g^t，C₂＝(R₀)^t

ξ＝(A₀)^t

gNB₁with its own private key SK_gNBSigning the authentication information and sending to the ECN_h：

Wherein TS₁Is gNB₁A timestamp is generated to indicate the freshness of the message.

(7)

ECN_hBroadcasting the message to the group after receiving the message; per member verification TS₁The freshness and de-signature of the content verifies the integrity and correctness of the content(ii) a Using r_HNCalculate respective CK_i，IK_i，

By using

Verification of AUTH_iThereby authenticating the gNB₁、AMF₁The identity of the AUSF/UDM is legitimate; so far, the initial authentication is completed, and each member uses its own decryption key d_iExtracting a session key ξ from the received ciphertext C:

ξ＝e(σ_0，i，C₁)e(h_i，C₂)

ECN_iand AMF₁Reserving GUTI_iAnd using the temporary identity in future intra-domain handovers; ECN if inter-domain handover occurs_iUpdating anonymous identities

Further, the handover authentication phase in step three includes:

(1) intra-domain handover: within the same AMF range, from the source base station gNB₁Handover to target base station gNB₂(ii) a MEC server notifies gNB upon reaching handoff authentication threshold₁And group G performs handover authentication;

1)

gNB₁after receiving the notice of the MEC server, the target base station gNB is sent to in advance₂And sending the authentication information of the group.

2)ECN_h→gNB₂：(M′_G＝(m′₁||...||m′_n||T′||PK_G))

The members in the group select a new random number r 'in advance'_iAnd calculates an authentication message m'_i＝(GUTI_i||PK_i||r′_i) And t′_i＝F(ξ，m′_i)；ECN_hAll (m ') were received'_i||t′_i) Post-calculation aggregation message authentication code T ═ T'₁，T′₂) Of which is T'₁＝t′S^T，T′₂＝(t^*)′X^T；ECN_hSending the relevant authentication information to the gNB₂。

3)

gNB₂Validating GUTI_iWhether it is legal; gNB₂Calculating S ═ T '-T' S^TIf not, gNB₂Exporting ECN of malicious member_jCorresponding index value j and refusing the group to continue accessing, otherwise gNB₂Ciphertext C ═ C ' (C ') is calculated in the same manner as in the initial authentication '₁，C′₂) And session key ξ' ═ (a)₀)^tWhere t is randomly selected, different from the initial authentication; gNB₂Computing signatures

And to ECN_hSending

4)

ECN_hThis message is broadcast to the group, each group member verifying the timestamp TS₂Validity of the signature and correctness of the signature; if the verification is successful, the mutual authentication is completed; ECN_iUsing respective decryption keys d_iExtracting session key ξ' ═ e (σ ═ e)_0，i，C′₁)e(h_i，C′₂) And subsequent communication is conducted using the session key.

(2) Switching between domains: when the source base station and the target base station are not in the same AMF range, inter-domain switching occurs; at this time, the group G needs toAnd AMF₂Target base station gNB in₃Negotiate session keys and with AMF₂And gNB₃Performing mutual authentication; as with intra-domain handovers, when group G reaches the handover threshold, the SDN controller notifies group G and AMF₁Executing switching authentication preparation work:

1)

before group access, AMF₁Forward AMF₂A group message is sent.

2)

AMF₂And forwarding the received message to AUSF/UDM.

3)

Upon receiving the handover request message, the AUSF/UDM pre-computes a new anonymous identity for the group members

And generates AMF₂And ECN_iA security key shared between them

AMF₂Store GUTI_iAnd

4)

at this stage, AMF₂Selecting a random number

Computing

And is each GUTI_iGenerating authentication messages

5)ECN_h→gNB₃：(M″_G＝(m″₁||...||m″_n||T″||PK_G))

Similar to the calculation process of intra-domain handover, each group member pre-selects a new random number r ″_iCalculate m ″)_i＝(GUTI″_i||PK_i||r″_i) And message authentication code

And will authenticate the respective message (m ″)_i，t″_i) To ECN_h；ECN_hAccordingly, the aggregation message authentication code T ″ (T ″) is generated₁，T″₂) Wherein T ″)₁＝t″S^T，T″₂＝(t^*)″X^T；ECN_hMixing M ″)_G＝(m″₁||...||m″_n||T″||PK_G) Send to gNB₃。

6)

gNB₃After receiving the message, calculating an aggregation message authentication code t ″ (t ″)₁，...，t″_n) If S is T '-T' S^TIf 0, gNB is certified₃Successfully authenticating the group; gNB₃Calculating a ciphertext C ″ (C ″) according to an initial authentication calculation mode₁，C″₂) And session key ξ "; gNB₃Generating signatures

And return the necessary response messages to the ECN_h。

7)

ECN_hBroadcasting the message to the group; each member computing

Using gNB₃Of (2) a public key

De-signing to confirm the correctness and validity of the message source; if the verification is passed, it indicates that the group has implemented the gNB pair₃And AMF₂The authentication of (1); each ECN_iUsing its own decryption key d_iExtract session key ξ ″ -, e (σ)_0，i，C″₁)e(h_i，C″₂)。

Another objective of the present invention is to provide a multiple user authentication system using the multiple user authentication method in a mobile communication scenario, where the network architecture integrated by the SDN and the MEC is divided into three layers, which are respectively:

the control plane deploys an SDN global controller in a core layer for centralized control, and the MEC server serves as a local controller of the SDN and assists the control plane to collect user dynamic topology in the range and monitor the network state in real time to make decisions; a data plane, wherein each base station has a local database LDB, and the LDB stores user information (group information, user position, service requirement and transmission scheme) in related units and updates the user information periodically; forming a global database GDB from information collected by the LDBs, and enabling the SDN controller to design a network-level strategy and update a local application program module; and the user plane consists of different mobile users, data streams are separated and forwarded among the users, and the data streams consist of data packets indicating key characteristics of the users.

It is a further object of the invention to provide a computer device comprising a memory and a processor, the memory storing a computer program which, when executed by the processor, causes the processor to perform the steps of:

in the group key negotiation stage, each group member generates its own decryption key according to the contribution and publicly calculates the group public key PK_G. And adopting an aggregation message authentication code AMAD with a detection function to carry out mutual authentication between the group and the base station, encrypting the message by using the group public key and negotiating a session key to carry out subsequent secure communication and service request. And informing relevant base stations and groups to perform switching authentication according to the switching paths monitored by the SDN.

It is another object of the present invention to provide a computer-readable storage medium storing a computer program which, when executed by a processor, causes the processor to perform the steps of:

in the group key negotiation stage, each group member generates its own decryption key according to the contribution and publicly calculates the group public key PK_G. And adopting an aggregation message authentication code AMAD with a detection function to carry out mutual authentication between the group and the base station, encrypting the message by using the group public key and negotiating a session key to carry out subsequent secure communication and service request. And informing relevant base stations and groups to perform switching authentication according to the switching paths monitored by the SDN.

Another object of the present invention is to provide an information data processing terminal for implementing the multi-user authentication system.

By combining all the technical schemes, the invention has the advantages and positive effects that: the multi-user authentication method for the mobile communication scene is based on MEC and SDN technologies, and uses an aggregation message authentication code (AMAD) with a detection function and a key agreement technology based on contribution to design a multi-user authentication scheme suitable for switching between domains, and aims to reduce channel congestion probability, reduce calculation overhead and communication overhead of switching authentication, reduce switching authentication delay and improve safety performance of group authentication.

The invention uses the AMAD algorithm to carry out mutual authentication, which is different from other schemes, after the base station receives the authentication information of the group, if the authentication fails, the base station can detect the identity index corresponding to the malicious information while refusing access, and feed back the malicious identity list to the group, thereby effectively helping group debugging and improving the robustness of the group. The contribution-based key agreement stage does not need the participation of any trusted third party, and ensures the key escrow freedom and the forward and backward key confidentiality.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments of the present invention will be briefly described below, and it is obvious that the drawings described below are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.

Fig. 1 is a diagram of a multi-user authentication system model according to an embodiment of the present invention.

Fig. 2 is a flowchart of multi-user initial authentication according to an embodiment of the present invention.

Fig. 3 is a flowchart of multi-user intra-domain handover authentication according to an embodiment of the present invention.

Fig. 4 is a flowchart of multi-user inter-domain handover authentication according to an embodiment of the present invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.

The invention combines the advantages of the mobile edge computing technology (MEC) and the software defined network technology (SDN), realizes mutual authentication by applying the aggregation message authentication code technology with the detection function based on the biorthogonal code, realizes group key negotiation and updating by applying the difficult problem of n-BDHE, and designs a multi-user authentication scheme suitable for intra-domain switching and inter-domain switching scenes.

The technical solution of the present invention is further described below with reference to specific examples.

First, in the group key negotiation stage, each group member generates its own decryption key according to the contribution and publicly calculates the group public key PK_G。

In the initial authentication stage, in order to establish a secure communication channel and perform mutual authentication between the group, the core network and the access base station, an aggregate message authentication code AMAD with a detection function is adopted to perform mutual authentication, and then a group public key is used to encrypt a message and a session key is negotiated to perform subsequent secure communication and service requests.

And finally, informing the relevant base stations and groups to perform switching authentication according to the switching paths monitored by the SDN, wherein the key negotiation process during the switching authentication is similar to that of the initial authentication.

One, group key negotiation

Assume that the group size is n. The key agreement procedure is as follows:

1. group key negotiation: for 1. ltoreq. k. ltoreq.n, each ECN_kAll randomly select x_i，k∈G，

And calculate

A_i，k＝e(X_i，kG) then gives the ECN_kIs PK_k＝((R_n，k，A_n，k)，(R_n，k，A_n，k)...，(R_n，k，A_n，k)). For i ≠ 0, 1.., n and j ≠ 1.. n, where i ≠ j and j ≠ k, the present invention calculates

Let d_j，k＝(σ_0，j，k，...，σ_j-1，j，k，σ_j+1，j，k，...，σ_n，j，k). After the above calculation, ECN_KPublic sending within the group its own public key and key material to be distributed to the remaining n-1 members: (PK)_k，d_1，k，...，d_k-1，k，d_k+1，k，...，d_n，k) And d is_k，kIt is kept secret by itself.

2. Group key derivation: the group key is calculated as follows:

here, the

Is an efficient operation in the public key space Φ, and for i 0, 1

3. Decryption key derivation for each member: for i ≦ n 0 ≦ j ≦ n 1 ≦ j ≦ n, the remaining n-1 members ECN_jThe decryption key of (a) is calculated as follows:

d_j＝(σ_0，j，...，σ_j-1，j，σ_j+1，j，...，σ_n，j)

wherein the content of the first and second substances,

for the group, the key generation is homomorphic in nature, and if the group members are not updated, the group public key and the corresponding member decryption key will remain unchanged at all times. If a member joins or pushes out the group, the group public key and the decryption key only need to link or delete the key material contributed by the member, and the group does not need to be reestablished.

II, initial authentication stage:

the AMAD algorithm used in this stage is constructed by l-order bi-orthogonal codes with detection function, and S is (n, k, d)_min)＝(2^l，l+1，2^l-1) And the syndrome of the biorthogonal code with the order l being more than or equal to 3 generates a matrix, S is the syndrome, and for each i is 1, 2_i＝(S_i，1，S_i，2，...，S_i，n)∈{0，1}ⁿIs the ith row of the matrix S; let Σ be the extended syndrome generator matrix of S, and ε be the extended syndrome. Then, the invention defines a matrix X of order (l +1) X n, all the rows of which are defined by X_i＝(X_i，1，X_i，2，X_i，3，...，X_i，n)＝(S_i，1，αS_i，2，α²S_i，3，...，α^n-1S_i，n) Wherein α is GF (2)^h) The primitive element of (1); and let r be (2)^l+11) × n order matrix whose rows consist of all codewords except the zero-out vector generated by matrix X. The specific authentication procedure is as follows, assuming that the group size is n:

step 1: ECN_i→ECN_h：(m_i||t_i)

The index range of the group members is i 1, 2. Each member ECN_iSelecting a random number r_iAnd generates an authentication message m_i＝(SUCI_i||PK_i||r_i) Wherein SUCI_iIs the anonymous identity, PK, of the member_iIs an ECN generated during a group key agreement procedure_iThe public key of (2). Thereafter, ECN_iRespectively calculating respective message authentication codes t_i＝F(K_i，m_i) Where F is a MAC function. Finally, each member will be own (m)_i||t_i) Sending to security service gateway ECN_hThis step may be performed off-line.

Step 2: ECN_h→AMF₁：(M_G)

ECN_hGenerating an aggregated message authentication code T ═ (T) from the received message₁，T₂). Wherein, T₁＝(T_1，1，T_1，2，...，T_1，i+1)＝tS^T，t＝(t₁，t₂，...，t_n) (ii) a Order to

For each t_iH last bit of (a), and

calculate T accordingly₂＝(T_2，1，T_2，2，...，T_2，l+1)＝t^*X^T. Final ECN_hThe group public key and the necessary group authentication information M_G＝(m₁||...||m_n||T||PK_G) Is sent to AMF₁。

And step 3:

AMF₁retention M_GAnd will transmit the message

And forwarding to AUSF/UDM.

And 4, step 4: AUSF/UDM → AMF₁：(A_G＝(A₁||...||A_n||r_HN))

Each SUCI can be retrieved by the AUSF/UDM_iCorresponding true identity SUPI_iAnd analyzing whether the team member is in AMF₁Within the range of (1). According to K_i、m_iThe UDM can calculate each ECN_iCorresponding t_iAnd t ═ t (t)₁，...，t_n). Subsequently, AUSF/UDM verifies s ═ T-tS^TIf s is 0, the group identity authentication is passed, otherwise, an index list corresponding to the malicious ECN is output.

After the verification is passed, the AUSF/UDM generates a new temporary identity for all group members

After which it selects a random number r_HNAnd calculating CK_i＝f₂(K_i，r_HN)，IK_i＝f₃(K_i，r_HN)，

Finally, AUSF/UDM generates n pieces of authentication information

And will finally authenticate token A_G＝(A₁||...||A_n||r_HN) Is sent to AMF₁。

And 5: AMF₁→gNB₁：(AUTH_G＝(AUTH₁||...||AUTH_n||PK_G||r_HN))

AMF₁Retention

And for each ECN_iComputing

And authentication messages

Finally, the authentication token AUTH of the user is used_G＝(AUTH₁||...||AUTH_n||PK_G||r_HN) Sending to access base station gNB₁。

Step 6:

upon reception of AUTH_G，gNB₁The group is considered to be authenticated. At this time gNB₁A set of members wanting to communicate can be specified using a group public key

The present invention assumes a gNB₁To communicate with all group members and share the same session key, when

gNB₁Random selection

Calculating ciphertext C ═ C₁，C₂) And session key ξ:

C₁＝g^t，C₂＝(R₀)^t

ξ＝(A₀)^t

finally, gNB₁With its own private key SK_gNBFor authenticationThe information is signed and sent to the ECN_h：

Wherein TS₁Is gNB₁A timestamp is generated to indicate the freshness of the message.

And 7:

ECN_hthe message is broadcast to the group upon receipt. Subsequently, the group member verifies the integrity and correctness of the signature; using r_HNCalculate respective CK_i，IK_i，

By using

Verification of AUTH_iThereby authenticating the gNB₁、AMF₁The identity of AUSF/UDM is legitimate. So far, the initial authentication is completed, and each member can use the decryption key d thereof_iExtracting a session key ξ from the received ciphertext C: xi ═ e (σ)_0，i，C₁)e(h_i，C₂). Finally, ECN_iAnd AMF₁Reserving GUTI_iAnd use the temporary identity in future intra-domain handovers. ECN if inter-domain handover occurs_iWill update the anonymous identity

Thirdly, switching authentication stages:

(1) intra-domain handover: within the same AMF range, from the source base station gNB₁Handover to target base station gNB₂(ii) a MEC server notifies gNB upon reaching handoff authentication threshold₁And group G performs handover authentication;

step 1:

gNB₁after receiving the notification of the MEC server, the target base station gNB is sent to in advance₂And sending the authentication information of the group.

Step 2: ECN_h→gNB₂：(M′_G＝(m′₁||...||m′_n||T′||PK_G))

The members in the group select a new random number r 'in advance'_iAnd calculates an authentication message m'_i＝(GUTI_i||PK_i||r′_i) And t'_i＝F(ξ，m′_i)。ECN_hAll (m ') were received'_i||t′_i) Post-calculation aggregation message authentication code T ═ T'₁，T′₂) Of which is T'₁＝t′S^T，T′₂＝(t^*)′X^T. Final ECN_hSending the relevant authentication information to the gNB₂。

And step 3:

gNB₂according to gNB₁And ECN_hTransmitted message authentication GUTI_iWhether it is legal. gNB₂Calculating S ═ T '-T' S^TIf not, gNB₂Exporting ECN of malicious member_jCorresponding index value j and refusing the group to continue accessing, otherwise gNB₂Ciphertext C ═ C ' (C ') is calculated in the same manner as in the initial authentication '₁，C′₂) And session key ξ' ═ (a)₀)^tWhere t is randomly selected, unlike the initial authentication. Finally, gNB₂Computing signatures

And to ECN_hSending

And 4, step 4:

ECN_hthe message is broadcast and verified for validity and correctness by the group members. If the verification is successful, the mutual authentication is completed. Finally, ECN_iUsing respective decryption keys d_iExtracting session key ξ' ═ e (σ ═ e)_0，i，C′₁)e(h_i，C′₂) And subsequent communication is conducted using the session key.

(2) Switching between domains: when the source base station and the target base station are not in the same AMF range, inter-domain switching occurs; at this time, the group G should be associated with AMF₂Target base station gNB in₃Negotiate session keys and with AMF₂And gNB₃Performing mutual authentication; as with intra-domain handovers, when group G reaches the handover threshold, the SDN controller notifies group G and AMF₁Executing switching authentication preparation work:

step 1:

before group access, AMF₁Forward AMF₂A group message is sent.

Step 2:

AMF₂and forwarding the received message to AUSF/UDM.

And step 3:

upon receiving the handover request message, the AUSF/UDM pre-computes a new anonymous identity for the group members

And generates AMF₂And EC_Ni shared security key

Finally, AMF₂Store GUTI₁And

and 4, step 4:

at this stage, AMF₂Selecting a random number

Computing

And is each GUTI_iGenerating authentication messages

And 5: ECN_h→gNB₃：(M″_G＝(m″₁||...||m″_n||T″||PK_G))

Similar to the calculation process for intra-domain handovers, each group member calculates m ″_i＝(GUTI_i″||PK_i||r″_i) And message authentication code

And will authenticate the respective message (m ″)_i，t″_i) Sending to security service gateway ECN_h. Then ECN_hAccordingly, the aggregation message authentication code T ″ (T ″) is generated₁，T″₂) Wherein T ″)₁＝t″S^T，T″₂＝(t^*)″X^T. Final ECN_hMixing M ″)_G＝(m″₁||...||m″_n||T″||PK_G) Send to gNB₃。

Step 6:

gNB₃after receiving the message, calculating an aggregation message authentication code t ″ (t ″)₁，...，t″_n) If S ═ T '-T' S^TIf 0, gNB is certified₃The group is successfully authenticated. Subsequently, gNB₃Calculating a ciphertext C ″ (C ″) according to an initial authentication calculation mode₁，C″₂) And session key ξ ". Finally, gNB₃Generating signatures

And return the necessary response messages to the ECN_h。

And 7:

ECN_hthis message is broadcast to the group. Each member computing

Using gNB₃Of (2) a public key

The signature is de-signed to confirm the correctness and legitimacy of the source of the message. If the verification passes, it indicates that the group has implemented the gNB pair₃And AMF₂The authentication of (1). Finally, each ECN_iUsing its own decryption key d_iExtract session key ξ ″ -, e (σ)_0，i，C″₁)e(h_i，C″₂)。

The effect of the present invention will be described in detail below with reference to a safety analysis.

In the invention, the SDN or MEC server can make a decision by monitoring the network state in real time according to the dynamic topology of the user. ECN_hThe authentication information of n group members is aggregated into 1 aggregation message authentication code to be sent to a receiving party, so that the communication overhead is greatly reduced, the signaling interaction times are reduced, and the possibility of channel congestion is reduced. And the MEC and SDN integrated network architecture can predict the switching path in advance, a large amount of calculation cost can be completed before switching authentication, and the method effectively reducesThe time delay of switching authentication in the domain and between the domains is reduced. And in the initial authentication and the switching authentication, the anonymous identity and the temporary identity which can be traced only by a core network are used, so that the anonymity and the traceability are ensured.

The invention uses the aggregation message authentication code with the detection function, the message compression rate is about 1 percent, and the detection probability of the malicious user is about 91 percent. Different from other schemes, after the base station receives the authentication message of the group, if the authentication fails, the base station can detect the identity index corresponding to the malicious message while rejecting access, and feed back the malicious identity list to the group, thereby effectively helping group debugging and improving group robustness. The algorithm for detecting the malicious identity in the invention is as follows:

the key negotiation stage of the invention is to generate the group key and the respective decryption key based on the key material contributed by each group member, without any trusted third party, thus ensuring the free key escrow. When the ciphertext is obtained, only the user with the legal decryption key can extract the session key from the ciphertext C, and the forward and backward key confidentiality is as follows:

in the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When used in whole or in part, can be implemented in a computer program product that includes one or more computer instructions. When loaded or executed on a computer, cause the flow or functions according to embodiments of the invention to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, the computer instructions may be transmitted from one website site, computer, server, or data center to another website site, computer, server, or data center via wire (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL), or wireless (e.g., infrared, wireless, microwave, etc.)). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that includes one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid state disk (ssd)), among others.

The above description is only for the purpose of illustrating the present invention and the appended claims are not to be construed as limiting the scope of the invention, which is intended to cover all modifications, equivalents and improvements that are within the spirit and scope of the invention as defined by the appended claims.

Claims (9)

1. A multi-user authentication method for a mobile communication scenario is characterized by comprising the following steps:

step one, selecting a safe mobile gateway as a group head in an established group, and transmitting authentication information of all group members to an access base station after the group head is aggregated; in the group key negotiation stage, each group member generates a respective decryption key according to the contribution and publicly calculates a group public key PK_G；

Step two, the MEC server is deployed at the edge of a core network closer to a user side and is physically connected to a base station in the coverage range of the MEC server; when a large number of mobile users enter the range of a base station, the existing user grouping scheme can be adopted and a safe mobile gateway for external communication is selected from the group; and adopting an aggregation message authentication code AMAD with a detection function to carry out mutual authentication between the group and the base station, encrypting the message by using the group public key and negotiating a session key to carry out subsequent secure communication and service request.

And step three, informing relevant base stations and groups to perform switching authentication according to the switching paths monitored by the SDN.

2. The multi-user authentication method in a mobile communication scenario of claim 1, wherein in the multi-user authentication method in a mobile communication scenario, each ECN has a secret key K previously shared with UDM/AUSF; before ECNs access the network, requiring base stations gNB to establish security association with a core network; the UDM/AUSF has a main public and private key pair PK_HN/SK_HNAnd generates a public and private key pair PK for each gNB_gNB/SK_gNBThen, it is pre-distributed to each gNB for security; the UDM/AUSF adopts an identity authentication mechanism based on Internet key exchange protocol version 2-IKEv 2 or other simple identity authentication mechanisms based on public key cryptography to authenticate the gNB;

group size n, SUCI_G＝{SUCI₁，SUCI₂，...，SUCI_nIs an anonymous set of members of a group, each member ECN having been mutually authenticated_iThe index of (i) is more than or equal to 1 and less than or equal to n; the system parameter is pi ═ lambda, gamma, n, g, h₁，…，h_n，F，f₁，f₂，f₃) Wherein

And

are multiplicative groups having the same prime order p,

is an effective non-degenerate bilinear map; g is

The generation element of (a) is generated,

is that

The independent generator randomly selected in (1); h is a hash function; f is a MAC function; f. of₁，f₂，f₃Are independent one-way key encryption functions and are completely independent of each other.

3. The multi-user authentication method in a mobile communication scenario as claimed in claim 1, wherein the key agreement phase in the first step comprises:

(1) group key negotiation: for 1. ltoreq. k. ltoreq.n, each ECN_kAll randomly select x_i，k∈G，

And calculate

A_i，k＝e(X_i，kG) to obtain ECN_kIs PK_k＝((R_n，k，A_n，k)，(R_n，k，A_n，k)...，(R_n，k，A_n，k) ); for i ≠ 0, 1.. n, and j ≠ 1.. n, where i ≠ j and j ≠ k, the calculation is performed

Let d_j，k＝(σ_0，j，k，...，σ_j-1，j，k，σ_j+1，j，k，...，σ_n，j，k) (ii) a After completion of the calculation, ECN_KPublic sending within the group its own public key and key material to be distributed to the remaining n-1 members: (PK)_k，d_1，k，...，d_k-1，k，d_k+1，k，...，d_n，k) And d is_k，kThen the information is stored secretly by the user;

(2) group key derivation: the group key is calculated as follows:

here, the

Φ × Φ → Φ is an efficient operation in the public key space Φ, and for i 0, 1

(3) Decryption key derivation for each member: for i ≦ n 0 ≦ j ≦ n 1 ≦ j ≦ n, the remaining n-1 members ECN_jThe decryption key of (a) is calculated as follows:

d_j＝(σ_0，i，...，σ_j-1，j，σ_j+1，j，...，σ_n，j)

wherein the content of the first and second substances,

for the group, the key generation has homomorphism property, if the group members do not update, the group public key and the corresponding member decryption key are kept unchanged all the time; if a member joins or pushes out of the group, the group public key and the decryption key only need to link or delete the key material contributed by the member, and the group does not need to be reestablished.

4. The multi-user authentication method in a mobile communication scenario as claimed in claim 1, wherein the initial authentication phase in step two comprises: the AMAD algorithm used is constructed from l-order biorthogonal codes with detection function, S is (n, k, d)_min)＝(2^l，l+1，2^l-1) And the syndrome generator matrix of the biorthogonal code with order l ≧ 3, s is the syndrome, for each1, 2, 1, let S_i＝(S_i，1，S_i，2，...，S_i，n)∈{0，1}ⁿIs the ith row of the matrix S; let sigma be the extended syndrome generating matrix of S, epsilon is the extended syndrome; defining a matrix X of order (l +1) X n, all the rows of the matrix being defined by X_i＝(X_i，1，X_i，2，X_i，3，...，X_i，n)＝(S_i，1，αS_i，2，α²S_i，3，...，α^n-1S_i，n) Wherein α is GF (2)^h) The primitive element of (1); and let r be (2)^l+1-1) X n order matrix, whose rows consist of all codewords except the zero-out vector generated by matrix X; the specific authentication process is as follows, the group size is n:

(1)ECN_i→ECN_h：(m_i||t_i)

the index range of the group members is i ═ 1, 2.., n; each member ECN_iSelecting a random number r_iAnd generates an authentication message m_i＝(SUCI_i||PK_i||r_i) Wherein SUCI_iIs an anonymous identity, PK, of the ith member_iIs an ECN generated during a group key agreement procedure_iThe public key of (2); ECN_iCalculating respective message authentication codes t_i＝F(K_i，m_i) (ii) a Each member will be own (m)_i||t_i) Sending to security service gateway ECN_hThis step can be performed off-line;

(2)ECN_h→AMF₁：(M_G)

ECN_hgenerating an aggregated message authentication code T ═ (T) from the received message₁，T₂) (ii) a Wherein, T₁＝(T_1，1，T_1，2，...，T_1，l+1)＝tS^T，t＝(t₁，t₂，...，t_n) (ii) a Order to

For each t_iH last bit of (a), and

calculate T accordingly₂＝(T_2，1，T_2，2，...，T_2，l+1)＝t^*X^T；ECN_hThe group public key and the necessary group authentication information M_G＝(m₁||...||m_n||T||PK_G) Is sent to AMF₁；

(3)

AMF₁Retention M_GAnd will transmit the message

Forwarding to AUSF/UDM;

(4)AUSF/UDM→AMF₁：(A_G＝(A₁||...||A_n||r_HN))

AUSF/UDM retrieval of each SUCI_iCorresponding true identity SUPI_iAnd analyzing whether the team member is in AMF₁Within the range of (1); according to K_i、m_iUDM calculates each ECN_iCorresponding t_iAnd t ═ t (t)₁，...，t_n) (ii) a AUSF/UDM verification s ═ T-tS^TIf s is 0, the group identity authentication is passed, otherwise, an index list corresponding to the malicious ECN is output;

after the verification is passed, the AUSF/UDM generates a new temporary identity for all group members

Selecting a random number r_HNAnd calculating CK_i＝f₂(K_i，r_HN)，IK_i＝f₃(K_i，r_HN)，

Wherein KDF stands for one-way key derivation function; AUSF/UDM generates n pieces of authentication information

And will finally authenticate token A_G＝(A₁||...||A_n||r_HN) Is sent to AMF₁；

(5)AMF₁→gNB₁：(AUTH_G＝(AUTH₁||...||AUTH_n||PK_G||r_HN))

AMF₁Retention

And for each ECN_iComputing

And authentication messages

Finally, the authentication token AUTH of the user is used_G＝(AUTH₁||...||AUTH_n||PK_G||r_HN) Sending to access base station gNB₁；

(6)

When AUTH is received_GThen gNB₁The group is considered to pass identity authentication; gNB₁Specifying a set of members wanting to communicate using a group public key

gNB₁Random selection

Calculating ciphertext C ═ C₁，C₂) And session key ξ:

C₁＝g^t，

if the resource information of some group members does not want to be transmitted in the group in public, the base station shares different session keys with different members according to a calculation mode; suppose gNB₁To communicate with all group members and share the same session key, i.e.

The following calculations were performed:

C₁＝g^t，C₂＝(R₀)^t

ξ＝(A₀)^t

gNB₁with its own private key SK_gNBSigning the authentication information and sending to the ECN_h：

Wherein TS₁Is gNB₁A generated timestamp indicating the freshness of the message;

(7)

ECN_hbroadcasting the message to the group; each member verifies the integrity and correctness of the signature, using r_HNCalculate respective CK_i，IK_i，

By using

Verification of AUTH_iThereby authenticating the gNB₁、AMF₁The identity of the AUSF/UDM is legitimate; so far, the initial authentication is completed, and each member uses its ownDecryption key d_iExtracting a session key ξ from the received ciphertext C:

ξ＝e(σ_0，i，C₁)e(h_i，C₂)

ECN_iand AMF₁Reserving GUTI_iAnd using the temporary identity in future intra-domain handovers; ECN if inter-domain handover occurs_iUpdating anonymous identities

5. The multi-user authentication method in a mobile communication scenario as claimed in claim 1, wherein the handover authentication phase in step three comprises:

(1) intra-domain handover: within the same AMF range, from the source base station gNB₁Handover to target base station gNB₂(ii) a MEC server notifies gNB upon reaching handoff authentication threshold₁And group G performs handover authentication;

1)

gNB₁after receiving the notice of the MEC server, the target base station gNB is sent to in advance₂Sending authentication information of the group;

2)ECN_h→gNB₂：(M′_G＝(m′₁||…||m′_n||T′||PK_G))

the members in the group select a new random number r 'in advance'_iAnd calculates an authentication message m'_i＝(GUTI_i||PK_i||r′_i) And t'_i＝F(ξ，m′_i)；ECN_hAll (m ') were received'_i||t′_i) Post-calculation aggregation message authentication code T ═ T'₁，T′₂) Of which is T'₁＝t′S^T，T′₂＝(t^*)′X^T；ECN_hSending the relevant authentication information to the gNB₂；

3)

gNB₂Validating GUTI_iWhether it is legal; gNB₂Calculating S ═ T '-T' S^T0, if not equal, gNB₂Feeding back a malicious identity list and refusing the group to continue accessing, otherwise, the gNB₂Ciphertext C ═ C ' (C ') is calculated in the same manner as in the initial authentication '₁，C′₂) And session key ξ' ═ (a)₀)^tWhere t is randomly selected, different from the initial authentication; gNB₂Computing signatures

And to ECN_hSending

4)

ECN_hBroadcasting the message to the group and verifying by each member, if the verification is successful, finishing the mutual authentication; ECN_iUsing respective decryption keys d_iExtracting session key ξ' ═ e (σ ═ e)_0，i，C′₁)e(h_i，C′₂) And performing subsequent communication by using the session key;

(2) switching between domains: when the source base station and the target base station are not in the same AMF range, inter-domain switching occurs; at this time, the group G should be associated with AMF₂Target base station gNB in₃Negotiate session keys and with AMF₂And gNB₃Performing mutual authentication; as with intra-domain handovers, when group G reaches the handover threshold, the SDN controller notifies group G and AMF₁Executing switching authentication preparation work:

1)

before group access, AMF₁Forward AMF₂Sending a group message;

2)

AMF₂forwarding the received message to the AUSF/UDM;

3)

upon receiving the handover request message, the AUSF/UDM pre-computes a new anonymous identity for the group members

And generates AMF₂And ECN_iA security key shared between them

AMF₂Store GUTI_iAnd

4)

at this stage, AMF₂Selecting a random number

Computing

And is each GUTI_iGenerating authentication messages

5)ECN_h→gNB₃：(M″_G＝(m″₁||...||m″_n||T″||PK_G))

Similar to the calculation process for intra-domain handovers, each group member calculates m ″_i＝(GUTI″_i||PK_i||r″_i) And message authentication code

And will authenticate the respective message (m ″)_i，t″_i) To ECN_h；ECN_hAccordingly, the aggregation message authentication code T ″ (T ″) is generated₁，T″₂) Wherein T ″)₁＝t″S^T，T″₂＝(t^*)″X^T；ECN_hMixing M ″)_G＝(m″₁||...||m″_n||T″||PK_G) Send to gNB₃；

6)

gNB₃After receiving the message, calculate t ″ (t ″)₁，...，t″_n) If S ═ T '-T' S^TIf 0, gNB is certified₃Successfully authenticating the group; gNB₃Calculating the ciphertext C ″ (C ″)₁，C″₂) And session key ξ "; generating signatures

And return the necessary response messages to the ECN_h；

7)

ECN_hBroadcasting the message to the group for verification; if the verification passes, the group is indicated to have already realized the gNB pair₃And AMF₂The authentication of (1); each ECN_iUsing its own decryption key d_iExtract session key ξ ═ e: (b:)σ_0，i，C″₁)e(h_i，C″₂)。

6. A multi-user authentication system for implementing the multi-user authentication method in a mobile communication scenario according to any one of claims 1 to 5, wherein the network architecture integrating the SDN and the MEC is divided into three layers, which are respectively:

the control plane deploys an SDN global controller in a core layer for centralized control, and the MEC server serves as a local controller of the SDN and assists the control plane to collect user dynamic topology in the range and monitor the network state in real time to make decisions; the data plane, each base station has a local database LDB, the LDB stores the user information in the relevant unit and updates regularly, the user information includes group information, user position, service requirement and transmission scheme; forming a global database GDB from information collected by the LDBs, and enabling the SDN controller to design a network-level strategy and update a local application program module; and the user plane consists of different mobile users, data streams are separated and forwarded among the users, and the data streams consist of data packets indicating key characteristics of the users.

7. A computer device, characterized in that the computer device comprises a memory and a processor, the memory storing a computer program which, when executed by the processor, causes the processor to carry out the steps of:

in the group key negotiation stage, each group member generates its own decryption key according to the contribution and publicly calculates the group public key PK_G；

When a large number of mobile users enter the range of a base station, adopting an aggregation message authentication code AMAD with a detection function to carry out mutual authentication, encrypting a message by using a group public key and negotiating a session key to carry out subsequent security communication and service requests;

and informing relevant base stations and groups to perform switching authentication according to the switching paths monitored by the SDN.

8. A computer-readable storage medium storing a computer program which, when executed by a processor, causes the processor to perform the steps of:

in the group key negotiation stage, each group member generates its own decryption key according to the contribution and publicly calculates the group public key PK_G；

When a large number of mobile users enter the range of a base station, adopting an aggregation message authentication code AMAD with a detection function to carry out mutual authentication, encrypting a message by using a group public key and negotiating a session key to carry out subsequent security communication and service requests;

and informing relevant base stations and groups to perform switching authentication according to the switching paths monitored by the SDN.

9. An information data processing terminal characterized by being configured to implement the multi-user authentication system according to claim 6.

Images