CN114640453A - Authentication and key negotiation method suitable for wireless sensor - Google Patents

Abstract

The invention discloses a method for authentication and key negotiation applicable to a wireless sensor, which relates to the field of information security and adopts the technical scheme that: secretly presetting an offline sensor node, an online sensor node and an online user identity card; the method comprises the steps that a user inserts an identity card to input identity information for identity verification, login information of the user is forwarded to a gateway node stored by the identity card, and an execution scene is selected to perform authentication and key negotiation according to the gateway node position of the identity of a sensor node to be accessed by the user; a system administrator deploys new sensor nodes in a target area through off-line sensor node secret presetting, and introduces the new sensor nodes into a setting network model through on-line sensor node secret presetting. The invention can solve the problem of identity legality when a user accesses the sensor node, realizes mutual authentication and key negotiation among the user, the gateway and the node, and provides safety guarantee for data safety transmission in a wireless sensor environment.

Description

Authentication and key negotiation method suitable for wireless sensor

Technical Field

The present invention relates to the field of information security, and more particularly, to a method for authentication and key agreement suitable for a wireless sensor.

Background

Biohashing firstly determines a fingerprint central point by solving a fingerprint direction field, removes noise interference and reduces a fingerprint characteristic dimension by utilizing wavelet transformation, extracts invariant characteristics of translation, rotation and scaling of a processed image through Fourier-Mellin transformation, then projects a fingerprint characteristic vector into an orthogonal random matrix, and realizes hash operation on the fingerprint characteristic after threshold quantization.

A hash function is a value that maps an arbitrary length string of bits to a fixed length (e.g., 32 bytes). This value is a hash value, also known as a digest, hash, fingerprint. The hash function has security features such as: 1) unidirectional: given x, it is easy to solve for h (x); but knowing h (x), solving for x is computationally difficult, i.e., not solvable in polynomial time. (2) Impact resistance: given x and h (x), finding x '≠ x makes h (x') ═ h (x) infeasible. (3) Rapidity: the hash function is simple and fast to compute, i.e. given x, it is easy to compute h (x), e.g. linear time. (4) Avalanche effect: a change in one bit in the input will cause more than half of the bits in the output to change.

Exclusive-or encryption is often used in authentication protocols because of its ability to simply and quickly encrypt and decrypt. If a ═ b ≦ c, any two of the parameters are known, the third can be easily solved; if only one of the parameters is known, it is not possible to solve for the other two. Therefore, the exclusive-or encryption operation is widely used for a simple encryption operation to achieve private transmission of sensitive information. However, since the information of the sensor is transmitted in the public network and the battery of the sensor node is limited, the security and efficiency of the wireless sensor network are of great concern. User authentication is a security task for restricting access by equipping authorized users with passwords, tokens, or biometric techniques. Therefore, passwords and tokens are easily stolen and forgotten; even biometrics have some limitations.

Disclosure of Invention

In order to solve the defects in the prior art, the invention aims to provide a method suitable for authentication and key negotiation of a wireless sensor, which can solve the problem of identity legality of a user accessing a sensor node, realize bidirectional authentication and key negotiation among the user, a gateway and nodes, provide safety guarantee for data safety transmission in a wireless sensor environment, simultaneously have a wide application scene of the protocol, a plurality of gateway nodes exist, remote node deployment can be realized, and in a password change stage, an intelligent card changes stored identity registration information according to a new password of the user, so that the password leakage of the user is avoided.

The technical purpose of the invention is realized by the following technical scheme: a method for authentication and key agreement for a wireless sensor, comprising the steps of:

secret presetting stage: secretly presetting an offline sensor node, an online sensor node and an online user identity card;

a login negotiation stage: the method comprises the steps that a user inserts an identity card to input identity information for identity verification, login information of the user is forwarded to a gateway node stored by the identity card, and after time validity and login information validity are checked, an execution scene is selected to carry out authentication and key negotiation according to the gateway node position of the identity of a sensor node to be accessed by the user;

a dynamic node joining stage: when a new sensor node needs to be added into a target area, a system administrator deploys the new sensor node in the target area through off-line sensor node secret presetting, and the new sensor node is introduced into a setting network model through on-line sensor node secret presetting.

Further, the secret presetting process of the offline sensor node specifically includes:

s101: the system administrator is each sensor node S_jGenerating unique identity IDs_SjJ is more than or equal to 1 and less than or equal to m, and m is the number of sensor nodes;

s102: system administrator calculates secret values for each sensor node

1≤j≤m，S_ranIs a secret random number shared by the gateway nodes;

s103: sensor node preservation<ID_Sj，P_j>，1≤j≤m；

S104: the system administrator presets GNi a master key X^GNiAnd S shared by all gateways_ran。

Further, the secret presetting process of the online sensor node specifically includes:

s201: each sensor node sends registration information<ID_Sj，T_r，M_j>To the current gateway node GNi, verify the value M_j＝h(ID_Sj·P_j·T_r)，T_rIs the registration time;

s202: once GNi receives the message, it calculates

Authentication

If the authentication is passed through, the authentication is performed,GNi sending an acknowledgement message to S_jGNi storage<ID_Sj，T_r>，S_jStoring T_r。

Further, the secret presetting process of the online user identity card specifically comprises the following steps:

s301: user U_iInserting identity card IC_iSelect the identity ID_iPassword PW_iAnd a random number u, calculating an identity registration request DID_i＝h(ID_iU) and RPW_i＝h(PW_i·u·ID_i) Sending over a secure channel<DID_i，RPW_i>To GNi;

s302: GNi receives the identity registration request if DID_iUnregistered, GNi selects a random number TID_iCalculating identity registration information K_i＝h(DID_i·TID_i·X^GNi) And

K_ifor secret values between and GNi, GNi save<TID_i，DID_i>；

S303: GNi sending identity registration information over a secure channel<Y_i，TID_i，h(.)，ID_GNi>For U_i，U_iWill be provided with<Y_i，TID_i，h(.)，ID_GNi>Storing into IC_iH (.) is a hash function against collision;

S304：U_iinputting biological fingerprint B_iCalculating biological information

Verification value

IC_iPreservation of C_iAnd V_i。

Further, the login process of the user specifically includes:

s401: user U_iInsert identity card, input ID'_i、PW’_iAnd B'_i，IC_iComputing

Authentication

S402: after successful login, the identity card is based on the stored gateway identity ID_GNiWill U_iThe access requirement X is sent to GNi, and the GNi sends the identification ID of the corresponding sensor according to the access requirement X_SjIs sent to U_i；

S403：IC_iGenerating a random number r_iCalculating DID_i＝h(ID_i·u)、RPW_i＝h(PW_i·u·ID_i)、

And a login request

And D₂＝h(DID_i·r_i·TID_i·K_i·T₁·ID_Sj)，T₁Is the current timestamp;

S404：U_isending a login message M₁＝<TID_i，ID_Sj，D₁，D₂，T₁>To GNi.

Further, the process of selecting an execution scenario for authentication and key negotiation according to the gateway node location of the sensor node identity to be accessed by the user specifically comprises the following steps: the current GNi receives the login message, checks the requesting sensor node S_jWhether it is in the registered sensor list; if so, performing an authentication and key negotiation stage of scenario 1; otherwise, the authentication and key negotiation phase of scenario 2 is performed.

Further, the process of executing the authentication and key negotiation stage of scenario 1 specifically includes:

s501: current GNi at T₂Receives the login message M at any moment₁＝<TID_i，ID_Sj，D₁，D₂，T₁>GNi checking the validity of the time | T₂-T₁If the value of | is less than or equal to the value of delta T, the threshold value of the propagation delay of the delta T message is used, and if the test is not passed, the connection is terminated; GNi use TID_iRetrieving DID_iCalculating

Authentication

If the verification passes GNi confirms user U_iIdentity, otherwise the connection terminates;

S502：ID_Sjpresence in GNi, GNi generates a random number r_hComputing an authentication request

And D₆＝h(ID_Sj·r_i·DID_i·T_r·P_j·r_h·T₂) GNi sending message M₂＝<TID_i，D₃，D₄，D₅，D₆，T₂>To S_j；

S503：S_jAt T₃Time of day receiving M₂Checking the validity of the time | T₃-T₂If the verification is valid, calculating

If the verification is not established, the connection is terminated;

S504：S_jgenerating a random number r_jComputing an authentication request

And D₈＝h(P_j·r_j·T₂·r_h·TID_i·r_i·T₃·T_r) Sending a message M₃＝<D₇，D₈，T₃>To GNi;

s505: when GNi is at T₄Moment of receipt message M₃Checking the validity of the time | T₄-T₃If the verification is valid, calculating

Authentication

If the verification fails, the connection is terminated, otherwise an authentication request is computed

And D₁₁＝h(K_i·DID_i·r’_j·T₁·r_h·T₄·r_i) Sending a message M₄＝<D₉，D₁₀，D₁₁，T₄>To user U_i；

S506: when the user U_iAt T₅Moment of receipt message M₄Checking the validity of the time | T₅-T₄If the verification is valid, calculating

Authentication

If the verification is passed, the sensor node is true and reliable, otherwise, the connection is terminated;

s507: after the mutual authentication is successful, the session key is set as h (DID) in SK_i·r_i·r_j·ID_Sj) At U_iGNi and S_jAre established.

Further, the process of executing the authentication and key negotiation stage of the scenario 2 specifically includes:

s601: current GNi at T_HReceives the login message M at any moment₁＝<TID_i，ID_Sj，D₁，D₂，T₁>GNi checking the validity of the time | T_H-T₁< DELTA.T, | if the test passes, GNi use TID_iRetrieving DID_iCalculating K'_i＝h(DID_i·TID_i·X^GNi)，

Verification M₁Effectiveness of

If the verification passes GNi confirms user U_iIdentity, otherwise the connection terminates; ID (identity)_SjAbsence from GNi, GNi broadcasting a message<ID_Sj，TID_i，ID_GNi，L₁，T_H>To the remaining gateway node (GNj) where the value L is verified₁＝h(ID_Sj·TID_i·ID_GNi·S_ran·T_H)；

S602: GNj at T_FTime of day receipt message<ID_Sj，TID_i，ID_GNi，L₁，T_H>Checking the validity of the time | T_F-T_H| ≦ Δ T, if validated, and ID_SjPresent at GNj, then verify

If the verification passes, calculating a secret value K^F _i＝h(TID_i·X^GNj) Authentication request

And L₂＝h(TID_i·ID_GNi·K^F _i·ID_Sj·T_F) Sending a message M₅＝<A₁，ID_GNj，L₂，TID_i，T_F>To GNi;

s603: when GNi is at T_ugfTime of day message M₅Checking the validity of the time | T_ugf-T_FIf | ≦ Δ T, calculating

Authentication

If the verification passes GNi use TID_iRetrieving DID_iComputing an authentication request K_i＝h(DID_i·TID_i·X^GNi)，

And L₃＝h(K_i·K^F _i·ID_Sj·ID_GNj·T_ugf) Sending M₆＝<A₂，L₃，ID_GNj，T_ugf>To user U_i；

S604: when the user U_iAt T₂Time of day message M₄Checking the validity of the time | T₂-T_ugfIf | ≦ Δ T, calculating

Authentication

If the verification is passed, a random number r is generated_iComputing an authentication request

L₄＝h(TID_i·r_i·K^F _i·T₂·ID_Sj) Then U is_iSending a login message M₇＝<TID_i，ID_Sj，A₃，L₄，T₂>To GNj;

s605: GNj at T₃Time of day message M₇Checking the validity of the time | T₃-T₂Delta T is less than or equal to | and if the verification is valid, K is calculated^F _i＝h(TID_i·X^GNj)，

Authentication

If the verification passes, GNj generates a random number r_fComputing an authentication request

And L₅＝h(ID_Sj·r_i·TID_i·T_r·P_j·r_f·T₃) Sending a message M₈＝<TID_i，A₄，A₅，L₅，T₃>To S_j；

S606：S_jAt T₄Time of day message M₈Checking the validity of the time | T₄-T₃If the verification is valid, calculating

Authentication

If the verification passes, S_jGenerating a random number r_jComputing an authentication request

And L₆＝h(P_j·r_j·T₃·r_f·TID_i·r_i·T₄·T_r) Then sends M₉＝<A₆，L₆，T₄>To GNj;

S607：GNj is at T₅Time of day message M₉Checking the validity of the time | T₅-T₄If the verification is valid, calculating

Authentication

If the verification passes, computing an authentication request

And L₇＝h(K^F _i·TID_i·r_j·T₂·r_f·T₅·r_i) Sending M₁₀＝<A₇，A₈，L₇，T₅>Is sent to U_i；

S608: when the user U_iAt T₆Moment of receipt message M₁₀Checking the validity of the time | T₆-T₅If | ≦ Δ T, calculating

Authentication

If the verification is passed, the sensor node is true and reliable, otherwise, the connection is terminated;

s609: after the mutual authentication is successful, the session key is set as h (TID) in SK_i·r_i·r_j·r_f·ID_Sj) At U_iGNj and S_jIs established by using a session key, a user U_iCan access S_j。

Further, the method also comprises a password replacing stage: after the identity card is verified to be valid, a new password is required to be input, and the identity card replaces the original value with the new value through calculation.

Further, the specific process of the password replacing stage is as follows:

s701: user U_iInput ID_i、PW_iAnd B_i，IC_iComputing

Authentication

If the verification is valid, IC_iRequiring a new password to be input;

s702: when receiving new password PW_i ^new，IC_iCalculating RPW_i＝h(PW_i·u·ID_i) New identity information RPW_i ^new＝h(PW_i ^new·u·ID_i) And

new verification value

S703：IC_iUsing V_i ^new，Y_i ^newInstead of V_iAnd Y_i。

Compared with the prior art, the invention has the following beneficial effects:

1. the authentication and key negotiation method suitable for the wireless sensor can solve the problem of identity legality of a user accessing the sensor node, realizes bidirectional authentication and key negotiation among the user, the gateway and the node, provides safety guarantee for data safety transmission in a wireless sensor environment, and meanwhile, the protocol has wide application scenes, a plurality of gateway nodes exist, and remote node deployment can be realized.

2. The invention utilizes the biological hash to help eliminate the false acceptance rate without increasing the incidence rate of the false rejection rate; moreover, the bio-hash has a high degree of separation for the imposter, real and zero error rate population;

3. the invention also supports dynamic node addition and a user-friendly password change mechanism, and the intelligent card changes the stored identity registration information according to the new password of the user in the password change stage, thereby avoiding the password leakage of the user

Drawings

The accompanying drawings, which are included to provide a further understanding of the embodiments of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the principles of the invention. In the drawings:

FIG. 1 is a schematic diagram of a topology of a wireless sensor network according to an embodiment of the present invention;

FIG. 2 is a process for on-line user identity card secret provisioning in an embodiment of the present invention;

fig. 3 illustrates scenario 1 authentication and key agreement procedure in an embodiment of the present invention;

fig. 4 is a scenario 2 authentication and key agreement procedure in an embodiment of the present invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail below with reference to examples and accompanying drawings, and the exemplary embodiments and descriptions thereof are only used for explaining the present invention and are not meant to limit the present invention.

Example (b): a method for authentication and key negotiation applicable to a wireless sensor is disclosed, as shown in fig. 1, the method involves five roles of a user, a system administrator, an identity card, a gateway node and a sensor node, and symbols and meanings in a protocol are shown in table 1:

TABLE 1 symbolic description

The protocol comprises the following steps:

s1, secret presetting stage;

s2, a login negotiation stage;

s3, adding dynamic nodes;

s4, password replacing stage.

In step S1, the secret presetting phase is divided into three steps of off-line sensor node secret presetting, on-line sensor node secret presetting, and on-line user identity card secret presetting.

The secret presetting process of the off-line sensor node specifically comprises the following steps:

s101: the system administrator is each sensor node S_jGenerating unique identity IDs_SjJ is more than or equal to 1 and less than or equal to m, and m is the number of sensor nodes;

s102: system administrator calculates secret values for each sensor node

1≤j≤m，S_ranIs a secret random number shared by the gateway nodes;

s103: sensor node preservation<ID_Sj，P_j>，1≤j≤m；

S104: the system administrator presets GNi a master key X^GNiAnd S shared by all gateways_ran。

The secret presetting process of the online sensor node specifically comprises the following steps:

s201: each sensor node sends registration information<ID_Sj，T_r，M_j>To the current gateway node GNi, verify the value M_j＝h(ID_Sj·P_j·T_r)，T_rIs the registration time;

s202: once GNi receives the message, it calculates

Authentication

If the verification passes, GNi sends an acknowledgement message to S_jGNi storage<ID_Sj，T_r>，S_jStorage T_r。

As shown in fig. 2, the secret presetting process of the online user identity card specifically includes:

s301: user U_iInserting identity card IC_iSelect the identity ID_iPassword PW_iAnd a random number u, calculating the identity noteVolume request DID_i＝h(ID_iU) and RPW_i＝h(PW_i·u·ID_i) Sending over a secure channel<DID_i，RPW_i>To GNi;

s302: GNi receives the identity registration request if DID_iUnregistered, GNi selects a random number TID_iCalculating identity registration information K_i＝h(DID_i·TID_i·X^GNi) And

K_ifor secret values between and GNi, GNi save<TID_i，DID_i>；

S303: GNi sending identity registration information over a secure channel<Y_i，TID_i，h(.)，ID_GNi>For U_i，U_iWill be provided with<Y_i，TID_i，h(.)，ID_GNi>Storing into IC_iH (.) is a hash function against collision;

S304：U_iinputting biological fingerprint B_iCalculating biological information

Verification value

IC_iPreservation C_iAnd V_i。

In step S2, the login negotiation stage is divided into a login stage and an authentication and key negotiation stage. The user first uses the identity card IC_iA login session is initiated, the identity of the user is verified in the identity card, and once the user's validity is verified, the login message is forwarded to the current Gateway Node (GNi). GNi checking the validity of the time and the validity of the login message, if the ID is_SjPresent at GNi, the authentication and key agreement phase executes scenario 1, otherwise scenario 2 is executed.

The login process of the user specifically comprises the following steps:

s401: user U_iPlug-in identity cardIs ID 'input'_i、PW’_iAnd B'_i，IC_iComputing

Authentication

S402: after successful login, the identity card is based on the stored gateway identity ID_GNiWill U_iThe access requirement X is sent to GNi, and the GNi sends the identification ID of the corresponding sensor according to the access requirement X_SjIs sent to U_i；

S403：IC_iGenerating a random number r_iCalculating DID_i＝h(ID_i·u)、RPW_i＝h(PW_i·u·ID_i)、

And a login request

And D₂＝h(DID_i·r_i·TID_i·K_i·T₁·ID_Sj)，T₁Is the current timestamp;

S404：U_isending a login message M₁＝<TID_i，ID_Sj，D₁，D₂，T₁>To GNi.

As shown in fig. 3, the process of executing the authentication and key negotiation stage in scenario 1 specifically includes:

s501: current GNi at T₂Receives the login message M at any moment₁＝<TID_i，ID_Sj，D₁，D₂，T₁>GNi checking the validity of the time | T₂-T₁If the value of | is less than or equal to the value of delta T, the threshold value of the propagation delay of the delta T message is used, and if the test is not passed, the connection is terminated; GNi use TID_iRetrieving DID_iCalculating K'_i＝h(DID_i·TID_i·X^GNi)，

Authentication

If the verification passes GNi confirms user U_iIdentity, otherwise the connection terminates;

S502：ID_Sjpresence in GNi, GNi generates a random number r_hComputing an authentication request

And D₆＝h(ID_Sj·r_i·DID_i·T_r·P_j·r_h·T₂) GNi sending message M₂＝<TID_i，D₃，D₄，D₅，D₆，T₂>To S_j；

S503：S_jAt T₃Time of day receiving M₂Checking the validity of the time | T₃-T₂If the verification is valid, calculating

If the verification is not established, the connection is terminated;

S504：S_jgenerating a random number r_jComputing an authentication request

And D₈＝h(P_j·r_j·T₂·r_h·TID_i·r_i·T₃·T_r) Sending a message M₃＝<D₇，D₈，T₃>To GNi;

s505: when GNi is at T₄Time of day message M₃Checking the validity of the time | T₄-T₃If the verification is valid, calculating

Authentication

If the verification fails, the connection is terminated, otherwise an authentication request is computed

And D₁₁＝h(K_i·DID_i·r’_j·T₁·r_h·T₄·r_i) Sending a message M₄＝<D₉，D₁₀，D₁₁，T₄>To user U_i；

S506: when the user U_iAt T₅Moment of receipt message M₄Checking the validity of the time | T₅-T₄If the verification is valid, calculating

Authentication

If the verification is passed, the sensor node is true and reliable, otherwise, the connection is terminated;

s507: after the mutual authentication is successful, the session key is set as h (DID) at SK_i·r_i·r_j·ID_Sj) At U_iGNi and S_jAre established.

As shown in fig. 4, the process of executing the authentication and key negotiation stage in scenario 2 specifically includes:

s601: current GNi at T_HReceives the login message M at any moment₁＝<TID_i，ID_Sj，D₁，D₂，T₁>GNi checking the validity of the time | T_H-T₁< DELTA.T, | if the test passes, GNi use TID_iRetrieving DID_iCalculating K'_i＝h(DID_i·TID_i·X^GNi)，

Verification M₁Effectiveness of

If the verification passes GNi confirms user U_iIdentity, otherwise the connection terminates; ID_SjAbsence from GNi, GNi broadcasting a message<ID_Sj，TID_i，ID_GNi，L₁，T_H>To the remaining gateway node (GNj) where the value L is verified₁＝h(ID_Sj·TID_i·ID_GNi·S_ran·T_H)；

S602: GNj at T_FTime of day receipt message<ID_Sj，TID_i，ID_GNi，L₁，T_H>Checking the validity of the time | T_F-T_H| ≦ Δ T, if validated, and ID_SjPresent at GNj, then verify

If the verification is passed, calculating a secret value K^F _i＝h(TID_i·X^GNj) Authentication request

And L₂＝h(TID_i·ID_GNi·K^F _i·ID_Sj·T_F) Sending a message M₅＝<A₁，ID_GNj，L₂，TID_i，T_F>To GNi;

s603: when GNi is at T_ugfTime of day message M₅Checking the validity of the time | T_ugf-T_F| ≦ Δ T, if the test is passed, calculate

Authentication

If the authentication is passed GNi uses TID_iRetrieving DID_iComputing an authentication request K_i＝h(DID_i·TID_i·X^GNi)，

And L₃＝h(K_i·K^F _i·ID_Sj·ID_GNj·T_ugf) Sending M₆＝<A₂，L₃，ID_GNj，T_ugf>To user U_i；

S604: when the user U_iAt T₂Time of day message M₄Checking the validity of the time | T₂-T_ugfIf | ≦ Δ T, calculating

Authentication

If the verification is passed, a random number r is generated_iComputing an authentication request

L₄＝h(TID_i·r_i·K^F _i·T₂·ID_Sj) Then U is_iSending a login message M₇＝<TID_i，ID_Sj，A₃，L₄，T₂>To GNj;

s605: GNj at T₃Time of day message M₇Checking the validity of the time | T₃-T₂Delta T is less than or equal to | and if the verification is valid, K is calculated^F _i＝h(TID_i·X^GNj)，

Authentication

If the verification passes, GNj generates a random number r_fComputing an authentication request

And L₅＝h(ID_Sj·r_i·TID_i·T_r·P_j·r_f·T₃) Sending a message M₈＝<TID_i，A₄，A₅，L₅，T₃>To S_j；

S606：S_jAt T₄Time of day message M₈Checking the validity of the time | T₄-T₃If the verification is valid, calculating

Authentication

If the verification passes, S_jGenerating a random number r_jComputing an authentication request

Then sends M₉＝<A₆，L₆，T₄>To GNj;

s607: GNj at T₅Moment of receipt message M₉Checking the validity of the time | T₅-T₄If the verification is valid, calculating

Authentication

If the verification passes, calculating an authentication request

And L₇＝h(K^F _i·TID_i·r_j·T₂·r_f·T₅·r_i) Sending M₁₀＝<A₇，A₈，L₇，T₅>Is sent to U_i；

S608: when the user U_iAt T₆Time of day message M₁₀Checking the validity of the time | T₆-T₅| ≦ Δ T, if the test is passed, calculate

Authentication

If the verification is passed, the sensor node is true and reliable, otherwise, the connection is terminated;

s609: after the mutual authentication is successful, the session key is set as h (TID) in SK_i·r_i·r_j·r_f·ID_Sj) At U_iGNj and S_jIs established by using a session key, a user U_iCan access S_j。

In step S3, the specific content of the dynamic node joining stage is: when a new sensor node needs to be added into a target area, a system administrator deploys the new sensor node on the target area through an off-line sensor node secret presetting stage. And then, leading the new sensor node into a setting network model through an on-line sensor node secret presetting stage.

The password replacing stage of step S4 includes: after the identity card is verified to be valid, a new password is required to be input, the identity card replaces the original value with a new value through calculation, and the method specifically comprises the following steps:

S701：user U_iInput ID_i、PW_iAnd B_i，IC_iComputing

Authentication

If the verification is valid, IC_iRequiring a new password to be input;

s702: when receiving new password PW_i ^new，IC_iCalculating RPW_i＝h(PW_i·u·ID_i) New identity information RPW_i ^new＝h(PW_i ^new·u·ID_i) And

new verification value

S703：IC_iUsing V_i ^new，Y_i ^newInstead of V_iAnd Y_i。

The above-mentioned embodiments are intended to illustrate the objects, technical solutions and advantages of the present invention in further detail, and it should be understood that the above-mentioned embodiments are merely exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims (10)

1. A method for authentication and key negotiation of a wireless sensor is characterized by comprising the following steps:

secret presetting stage: secretly presetting an offline sensor node, an online sensor node and an online user identity card;

a login negotiation stage: the method comprises the steps that a user inserts an identity card to input identity information for identity verification, login information of the user is forwarded to a gateway node stored by the identity card, and after time validity and login information validity are checked, an execution scene is selected to carry out authentication and key negotiation according to the gateway node position of the identity of a sensor node to be accessed by the user;

a dynamic node joining stage: when a new sensor node needs to be added into a target area, a system administrator deploys the new sensor node in the target area through off-line sensor node secret presetting, and the new sensor node is introduced into a setting network model through on-line sensor node secret presetting.

2. The method according to claim 1, wherein the secret provisioning process of the offline sensor node specifically includes:

s101: the system administrator is each sensor node S_jGenerating unique identity IDs_SjJ is more than or equal to 1 and less than or equal to m, and m is the number of sensor nodes;

s102: system administrator calculates secret values for each sensor node

1≤j≤m，S_ranIs a secret random number shared by the gateway nodes;

s103: sensor node preservation<ID_Sj，P_j>，1≤j≤m；

S104: the system administrator presets GNi a master key X^GNiAnd S shared by all gateways_ran。

3. The method according to claim 1, wherein the secret provisioning process of the online sensor node specifically includes:

s201: each sensor node sends registration information<ID_Sj，T_r，M_j>To the current gateway node GNi, verify the value M_j＝h(ID_Sj·P_j·T_r)，T_rIs the registration time;

s202: once GNi receives the message, it calculates

Authentication

If the verification passes, GNi sends an acknowledgement message to S_jGNi storage<ID_Sj，T_r>，S_jStorage T_r。

4. The method of claim 1, wherein the secret provisioning process of the online user identity card specifically comprises:

s301: user U_iInserting identity card IC_iSelecting an identity ID_iPassword PW_iAnd a random number u, calculating an identity registration request DID_i＝h(ID_iU) and RPW_i＝h(PW_i·u·ID_i) Sending over a secure channel<DID_i，RPW_i>To GNi;

s302: GNi receives the identity registration request if DID_iUnregistered, GNi selects a random number TID_iCalculating identity registration information K_i＝h(DID_i·TID_i·X^GNi) And Y_i＝K_i⊕RPW_i，K_iFor secret values between and GNi, GNi save<TID_i，DID_i>；

S303: GNi sending identity registration information over a secure channel<Y_i，TID_i，h(.)，ID_GNi>For U_i，U_iWill be provided with<Y_i，TID_i，h(.)，ID_GNi>Storing into IC_iH (.) is a hash function against collision;

S304：U_iinputting biological fingerprint B_iCalculating biological information

Verification value

IC_iPreservation C_iAnd V_i。

5. The method according to claim 1, wherein the login procedure of the user specifically comprises:

s401: user U_iInsert identity card, input ID'_i、PW’_iAnd B'_i，IC_iComputing

Authentication

S402: after successful login, the identity card is based on the stored gateway identity ID_GNiWill U_iThe access requirement X is sent to GNi, and the GNi sends the identification ID of the corresponding sensor according to the access requirement X_SjIs sent to U_i；

S403：IC_iGenerating a random number r_iCalculating DID_i＝h(ID_i·u)、RPW_i＝h(PW_i·u·ID_i)、K_i＝Y_i⊕RPW_iAnd a login request

And D₂＝h(DID_i·r_i·TID_i·K_i·T₁·ID_Sj)，T₁Is the current timestamp;

S404：U_isending a login message M₁＝<TID_i，ID_Sj，D₁，D₂，T₁>To GNi.

6. The method according to claim 1, wherein the process of selecting the execution scenario for performing authentication and key negotiation according to the presence of the gateway node location in the sensor node identity to be accessed by the user specifically comprises: the current GNi receives the login message, checks the requesting sensor node S_jWhether it is in the registered sensor list; if so, performing an authentication and key negotiation stage of scenario 1; otherwise, the authentication and key negotiation phase of scenario 2 is performed.

7. The method according to claim 6, wherein the process of performing the authentication and key agreement phase in scenario 1 specifically comprises:

s501: current GNi at T₂Receives the login message M at any moment₁＝<TID_i，ID_Sj，D₁，D₂，T₁>GNi checking the validity of the time | T₂-T₁If the value of | is less than or equal to the value of delta T, the threshold value of the propagation delay of the delta T message is used, and if the test is not passed, the connection is terminated; GNi use TID_iRetrieving DID_iCalculating

Authentication

If the verification passes GNi confirms user U_iIdentity, otherwise the connection terminates;

S502：ID_Sjpresence in GNi, GNi generates a random number r_hComputing an authentication request

And D₆＝h(ID_Sj·r_i·DID_i·T_r·P_j·r_h·T₂) GNi sending message M₂＝<TID_i，D₃，D₄，D₅，D₆，T₂>To S_j；

S503：S_jAt T₃Time of day receiving M₂Checking the validity of the time | T₃-T₂If the verification is valid, calculating

If the verification is not established, the connection is terminated;

S504：S_jgenerating a random number r_jComputing an authentication request

And D₈＝h(P_j·r_j·T₂·r_h·TID_i·r_i·T₃·T_r) Sending a message M₃＝<D₇，D₈，T₃>To GNi;

s505: when GNi is at T₄Time of day message M₃Checking the validity of the time | T₄-T₃If the verification is valid, calculating

Authentication

If the verification fails, the connection is terminated, otherwise an authentication request is computed

And D₁₁＝h(K_i·DID_i·r’_j·T₁·r_h·T₄·r_i) Sending a message M₄＝<D₉，D₁₀，D₁₁，T₄>To user U_i；

S506: when the user U_iAt T₅Time of day message M₄Checking the validity of the time | T₅-T₄If the verification is valid, calculating

Authentication

If the verification is passed, the sensor node is true and reliable, otherwise, the connection is terminated;

s507: after the mutual authentication is successful, the session key is set as h (DID) at SK_i·r_i·r_j·ID_Sj) At U_iGNi and S_jAre established.

8. The method according to claim 6, wherein the process of performing the authentication and key agreement phase in scenario 2 specifically comprises:

s601: current GNi at T_HReceives the login message M at any moment₁＝<TID_i，ID_Sj，D₁，D₂，T₁>GNi checking the validity of the time | T_H-T₁< DELTA.T, | if the test passes, GNi use TID_iRetrieving DID_iCalculating K'_i＝h(DID_i·TID_i·X^GNi)，

Verification M₁Effectiveness of

If the authentication is passed GNi confirms user U_iIdentity, otherwise the connection terminates; ID_SjAbsence from GNi, GNi broadcasting a message<ID_Sj，TID_i，ID_GNi，L₁，T_H>To the remaining gateway node (GNj) where the value L is verified₁＝h(ID_Sj·TID_i·ID_GNi·S_ran·T_H)；

S602: GNj at T_FTime of day receipt message<ID_Sj，TID_i，ID_GNi，L₁，T_H>Checking the validity of the time | T_F-T_H| ≦ Δ T, if validated, and ID_SjPresent at GNj, then verify

If the verification passes, calculating a secret value K^F _i＝h(TID_i·X^GNj) Authentication request

Sending a message M₅＝<A₁，ID_GNj，L₂，TID_i，T_F>To GNi;

s603: when GNi is at T_ugfTime of day message M₅Checking the validity of the time | T_ugf-T_FIf | ≦ Δ T, calculating

Authentication

If the verification passes GNi use TID_iRetrieving DID_iComputing an authentication request K_i＝h(DID_i·TID_i·X^GNi)，

And L₃＝h(K_i·K^F _i·ID_Sj·ID_GNj·T_ugf) Sending M₆＝<A₂，L₃，ID_GNj，T_ugf>To user U_i；

S604: when the user U_iAt T₂Time of day message M₄Checking the validity of the time | T₂-T_ugfIf | ≦ Δ T, calculating

Authentication

If the verification is passed, a random number r is generated_iComputing an authentication request

Then U_iSending a login message M₇＝<TID_i，ID_Sj，A₃，L₄，T₂>To GNj;

s605: GNj at T₃Time of day message M₇Checking the validity of the time | T₃-T₂Delta T is less than or equal to | and if the verification is valid, K is calculated^F _i＝h(TID_i·X^GNj)，

Authentication

If the verification passes, GNj generates a random number r_fComputing an authentication request

And L₅＝h(ID_Sj·r_i·TID_i·T_r·P_j·r_f·T₃) Sending a message M₈＝<TID_i，A₄，A₅，L₅，T₃>To S_j；

S606：S_jAt T₄Time of day message M₈Checking the validity of the time | T₄-T₃If the verification is valid, calculating

Authentication

If the verification passes, S_jGenerating a random number r_jComputing an authentication request

And L₆＝h(P_j·r_j·T₃·r_f·TID_i·r_i·T₄·T_r) Then sends M₉＝<A₆，L₆，T₄>To GNj;

s607: GNj at T₅Moment of receipt message M₉Checking the validity of the time | T₅-T₄If the verification is valid, calculating

Authentication

If the verification passes, calculating an authentication request

And L₇＝h(K^F _i·TID_i·r_j·T₂·r_f·T₅·r_i) Sending M₁₀＝<A₇，A₈，L₇，T₅>Is sent to U_i；

S608: when the user U_iAt T₆Time of day message M₁₀Checking the validity of the time | T₆-T₅If | ≦ Δ T, calculating

Authentication

If the verification is passed, the sensor node is true and reliable, otherwise, the connection is terminated;

s609: after the mutual authentication is successful, the session key is set as h (TID) at SK_i·r_i·r_j·r_f·ID_Sj) At U_iGNj and S_jIs established by using a session key, a user U_iCan access S_j。

9. The method of claim 1, further comprising a password change stage of: after the identity card is verified to be valid, a new password is required to be input, and the identity card replaces the original value with the new value through calculation.

10. The method of claim 9, wherein the password change stage comprises the following specific steps:

s701: user U_iInput ID_i、PW_iAnd B_i，IC_iComputing

Authentication

If the verification is valid, IC_iRequiring a new password to be input;

s702: when receiving new password PW_i ^new，IC_iCalculating RPW_i＝h(PW_i·u·ID_i) New identity information RPW_i ^new＝h(PW_i ^new·u·ID_i) And

new verification value

S703：IC_iUsing V_i ^new，Y_i ^newInstead of V_iAnd Y_i。

Images