CN115277157B - An efficient authentication key exchange method based on out-of-band channel - Google Patents

An efficient authentication key exchange method based on out-of-band channel Download PDF

Info

Publication number
CN115277157B
CN115277157B CN202210869100.2A CN202210869100A CN115277157B CN 115277157 B CN115277157 B CN 115277157B CN 202210869100 A CN202210869100 A CN 202210869100A CN 115277157 B CN115277157 B CN 115277157B
Authority
CN
China
Prior art keywords
key
initiator
responder
mac
code function
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210869100.2A
Other languages
Chinese (zh)
Other versions
CN115277157A (en
Inventor
黄鑫
尹昊天
邢斌
赵渊
武晓华
彭跃余
赵梁斌
黄佳佳
孙晓欣
李建爽
柴晟
张笛
拉纳·阿布巴卡尔
王唯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tieta Energy Co ltd Shanxi Branch
Taiyuan University of Technology
Original Assignee
Tieta Energy Co ltd Shanxi Branch
Taiyuan University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tieta Energy Co ltd Shanxi Branch, Taiyuan University of Technology filed Critical Tieta Energy Co ltd Shanxi Branch
Priority to CN202210869100.2A priority Critical patent/CN115277157B/en
Publication of CN115277157A publication Critical patent/CN115277157A/en
Application granted granted Critical
Publication of CN115277157B publication Critical patent/CN115277157B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention provides a high-efficiency authentication key exchange method based on an out-of-band channel, belonging to the technical field of high-efficiency authentication key exchange; the technical problems to be solved are as follows: an improvement of an efficient authentication key exchange method based on an out-of-band channel is provided; the technical scheme adopted for solving the technical problems is as follows: the method comprises the following key exchange steps: defining public parameters shared by an initiating terminal and a responding terminal of authentication key exchange by using an algorithm protocol, pre-calculating public and private key pairs of the initiating terminal and the responding terminal, setting an initiating terminal algorithm, mainly generating random numbers by the initiating terminal, transmitting processing data to the responding terminal by using a common channel, and receiving the processing data transmitted by the common channel; then setting a response end algorithm, wherein the response end mainly receives processing data sent by a common channel, generates random numbers, uses a message authentication code function and uses key input to generate data output; the invention is applied to authentication key exchange.

Description

一种基于带外信道的高效认证密钥交换方法An efficient authentication key exchange method based on out-of-band channel

技术领域Technical field

本发明提供一种基于带外信道的高效认证密钥交换方法,属于高效认证密钥交换技术领域。The invention provides an efficient authentication key exchange method based on an out-of-band channel, which belongs to the technical field of efficient authentication key exchange.

背景技术Background technique

认证密钥交换协议在很多设备交互场景中是必不可少的,目前使用的椭圆曲线Diffie-Hellman(ECDH)方案是当今比较流行的方式,但基于ECDH方案的计算量较大,这会导致很多资源受限的设备在运行协议时花费的时间较长;而在物联网场景中,很多交互设备的计算能力是不平等的,比如一些传感器节点和强大的服务器之间的通信,但采用的现行ECDH方案标准协议(比如IEEE802.15.6里的display authenticated association)里忽略了这一点,他们所提供的方案并不能高效率实现非平衡算力设备之间的密钥协商;此外在一些非平衡的优化算法中,将一端的计算量转移到了另一端上,将给后者带来额外的计算量;基于此,有必要改进和优化现有的认证密钥交换协议,使其能够应用于广泛存在的计算力非平衡场景并进行高效认证,且不会额外增加设备的计算量。Authentication key exchange protocols are essential in many device interaction scenarios. The currently used Elliptic Curve Diffie-Hellman (ECDH) scheme is a popular method today, but the ECDH-based scheme requires a large amount of calculation, which will lead to many Devices with limited resources take a long time to run the protocol; in the Internet of Things scenario, the computing power of many interactive devices is unequal, such as communication between some sensor nodes and powerful servers, but the current This point is ignored in the ECDH solution standard protocol (such as the display authenticated association in IEEE802.15.6). The solution they provide cannot efficiently achieve key negotiation between unbalanced computing power devices; in addition, some unbalanced optimizations In the algorithm, the calculation amount of one end is transferred to the other end, which will bring additional calculation amount to the latter; based on this, it is necessary to improve and optimize the existing authentication key exchange protocol so that it can be applied to widely existing Compute unbalanced scenarios and perform efficient authentication without additional computing workload on the device.

发明内容Contents of the invention

本发明为了克服现有技术中存在的不足,所要解决的技术问题为:提供一种基于带外信道的高效认证密钥交换方法的改进。In order to overcome the shortcomings in the existing technology, the technical problem to be solved by the present invention is to provide an improvement of an efficient authentication key exchange method based on an out-of-band channel.

为了解决上述技术问题,本发明采用的技术方案为:一种基于带外信道的高效认证密钥交换方法,包括如下密钥交换步骤:In order to solve the above technical problems, the technical solution adopted by the present invention is: an efficient authentication key exchange method based on out-of-band channels, including the following key exchange steps:

步骤一:使用算法协议对认证密钥交换的发起端、响应端共享的公共参数定义为:Step 1: Use the algorithm protocol to define the public parameters shared by the initiator and responder of the authentication key exchange as:

式中:k是安全参数,是产生私钥的域,E是选定的椭圆曲线,G是该曲线的基点;In the formula: k is the safety parameter, is the domain where the private key is generated, E is the selected elliptic curve, and G is the base point of the curve;

在进行信息交换前,发起端和响应端预先计算自己的公私钥对:Before exchanging information, the initiator and responder pre-calculate their own public and private key pairs:

计算发起端IDA的公私钥对为:私钥公钥PKA=SKA×G;Calculate the public and private key pair of the initiator ID A as: private key Public key PK A =SK A ×G;

计算响应端IDB的公私钥对为:私钥公钥PKB=SKB×G;Calculate the public and private key pair of the responder IDB as: private key Public key PK B =SK B ×G;

步骤二:设置发起端算法为:Step 2: Set the initiator algorithm as:

步骤A01:发起端产生随机数 Step A01: The initiator generates random numbers

步骤A02:发起端计算UA=rA+SKAStep A02: The initiator calculates U A =r A +SK A ;

步骤A03:发起端使用普通信道把IDA,PKA发送给响应端;Step A03: The initiating end uses the ordinary channel to send ID A and PK A to the responding end;

步骤A04:发起端收到由普通信道发来的IDB,CB,PKBStep A04: The initiator receives ID B , CB , PK B sent through the ordinary channel;

步骤A05:发起端使用普通信道把IDA,UA发送给响应端;Step A05: The initiating end sends ID A and U A to the responding end using the ordinary channel;

步骤A06:发起端收到由普通信道发来的lDB,rBStep A06: The initiator receives lD B and r B sent through the ordinary channel;

步骤A07:发起端使用消息认证码函数,使用密钥rB,将PKA,PKB作为输入,产生的输出记为C′BStep A07: The initiator uses the message authentication code function, uses the key r B , takes PK A and PK B as input, and the generated output is recorded as C′ B ;

步骤A08:发起端比较CB和C′B是否相等,若不相等,则停止协议,若相等,则继续执行步骤A09;Step A08: The initiator compares C B and C′ B to see if they are equal. If they are not equal, stop the protocol. If they are equal, continue to step A09;

步骤A09:发起端使用短消息认证码函数,使用密钥其中/>为异或操作,将PKA,PKB作为输入,产生的输出为DAStep A09: The initiator uses the short message authentication code function and uses the key Among them/> It is an XOR operation, taking PK A and PK B as inputs, and the output generated is D A ;

步骤A10:发起端把DA转化为6位十进制数字,并将该6位十进制数字显示在屏幕上,让用户进行比对:若DA=DB,则继续执行步骤A11,若DA≠DB,则停止协议;Step A10: The initiator converts D A into a 6-digit decimal number, and displays the 6-digit decimal number on the screen for the user to compare: If D A = D B , continue to step A11, if D A ≠ D B , then stop the agreement;

步骤A11:发起端计算TA=rA×PKBStep A11: The initiator calculates T A =r A ×PK B ;

步骤A12:发起端使用消息认证码函数,使用密钥rB,将TA作为输入,产生的输出为KAStep A12: The initiator uses the message authentication code function, uses the key r B , takes T A as input, and the generated output is K A ;

步骤A13:发起端使用消息认证码函数,使用密钥KA,将UA,rB,IDA,IDB作为输入,产生的输出为macAStep A13: The initiator uses the message authentication code function, uses the key KA , takes U A , r B , ID A , ID B as input, and the generated output is mac A ;

步骤A14:发起端使用普通信道把IDA,macA发送给响应端;Step A14: The initiator sends ID A and mac A to the responder using a normal channel;

步骤A15:发起端收到由普通信道发来的IDB,macBStep A15: The initiator receives ID B , mac B sent through the ordinary channel;

步骤A16:发起端使用消息认证码函数,使用密钥KA,将rB,UA,IDB,IDA作为输入,产生的输出为mac2;发起端验证mac2和macB是否相等,若不相等,则停止协议,若相等,则继续执行步骤A17;Step A16: The initiator uses the message authentication code function, uses the key K A and takes r B , U A , ID B , ID A as input, and the output generated is mac 2 ; the initiator verifies whether mac 2 and mac B are equal, If they are not equal, stop the protocol; if they are equal, continue to step A17;

步骤A17:发起端使用消息认证码函数,使用密钥KA,将TA,UA,rB,IDA,IDB作为输入,产生的输出为本次会话的会话密钥LKAStep A17: The initiator uses the message authentication code function, uses the key KA , takes TA , U A , r B , ID A , ID B as input, and the generated output is the session key LK A of this session;

步骤三:设置响应端算法为:Step 3: Set the responder algorithm as:

步骤B01:响应端收到由普通信道发来的IDA,PKAStep B01: The responding end receives ID A and PK A sent through the ordinary channel;

步骤B02:响应端产生随机数 Step B02: The responding end generates random numbers

步骤B03:响应端使用消息认证码函数,使用密钥rB,将PKA,PKB作为输入,产生的输出记为CBStep B03: The responder uses the message authentication code function, uses the key r B , takes PK A and PK B as input, and the generated output is recorded as C B ;

步骤B04:响应端使用普通信道把IDB,CB发送给发起端;Step B04: The responding end sends ID B and C B to the initiating end using ordinary channels;

步骤B05:响应端收到由普通信道发来的IDA,UAStep B05: The responding end receives ID A , U A sent through the ordinary channel;

步骤B06:响应端使用普通信道把IDB,rB发送给发起端;Step B06: The responding end sends ID B and r B to the initiating end using the ordinary channel;

步骤B07:响应端使用短消息认证码函数,使用密钥其中/>为异或操作,将PKA,PKB作为输入,产生的输出为DBBStep B07: The responder uses the short message authentication code function and uses the key Among them/> It is an XOR operation, taking PK A and PK B as inputs, and the output generated is DB B ;

步骤B08:响应端把DB转化为6位十进制数字,并将该6位十进制数字显示在屏幕上,让用户进行比对:若DB=DA,则继续执行步骤B09,若DB≠DA,则停止协议;Step B08: The responder converts D B into a 6-digit decimal number, and displays the 6-digit decimal number on the screen for the user to compare: If D B = D A , continue to step B09, if D B ≠ D A , then stop the agreement;

步骤B09:响应端计算TB=SKB×(UA×G-PKA);Step B09: The responder calculates T B =SK B ×( UA ×G-PK A );

步骤B10:响应端使用消息认证码函数,使用密钥rB,将TB作为输入,产生的输出为KBStep B10: The responder uses the message authentication code function, uses the key r B , takes T B as input, and the generated output is K B ;

步骤B11:响应端收到由普通信道发来的IDA,macAStep B11: The responder receives ID A , mac A sent through the ordinary channel;

步骤B12:响应端使用消息认证码函数,使用密钥KB,将UA,rB,IDA,IDB作为输入,产生的输出为mac1Step B12: The responder uses the message authentication code function, uses the key K B , takes U A , r B , ID A , ID B as input, and the generated output is mac 1 ;

步骤B13:响应端验证mac1和macA是否相等,若不相等,则停止协议,若相等,则继续执行步骤B14;Step B13: The responder verifies whether mac 1 and mac A are equal. If they are not equal, stop the protocol. If they are equal, continue to step B14;

步骤B14:响应端使用消息验证码函数,使用密钥KB,将rB,UA,IDB,IDA作为输入,产生的输出为macBStep B14: The responder uses the message verification code function, uses the key K B , takes r B , U A , ID B , ID A as input, and the generated output is mac B ;

步骤B15:响应端使用普通信道把IDB,macB发送给发起端;Step B15: The responding end uses the ordinary channel to send ID B and mac B to the initiating end;

步骤B16:响应端使用消息认证码函数,使用密钥KB,将TA,UA,rB,IDA,IDB作为输入,产生的输出为本次会话的会话密钥LKBStep B16: The responder uses the message authentication code function, uses the key K B , takes T A , U A , r B , ID A , and ID B as inputs, and the generated output is the session key LK B of this session.

本发明相对于现有技术具备的有益效果为:本发明提供的基于带外信道的高效认证密钥交换协议采用转移计算量的方法,可以让强设备端(响应端)代替弱设备端(发起端)计算标量乘法(即椭圆曲线中的一种耗时算法),从而实现协议的高效运行,有效减少整体运算时间,基于该交换协议优化的算法步骤相较于标准协议(即IEEE802.15.6 displayauthenticated association)在减少弱设备端计算量的同时并没有增加强设备端的计算负荷,有效降低了强设备端(比如服务器)在进行多线程交互时,由于额外负荷而导致效率低下或宕机的可能性。The beneficial effects of the present invention compared with the existing technology are: the efficient authentication key exchange protocol based on the out-of-band channel provided by the present invention adopts the method of transferring the calculation amount, so that the strong device end (response end) can replace the weak device end (initiator). terminal) to calculate scalar multiplication (i.e., a time-consuming algorithm in elliptic curves), thereby achieving efficient operation of the protocol and effectively reducing the overall computing time. The algorithm steps optimized based on this exchange protocol are compared with the standard protocol (i.e., IEEE802.15.6 display authenticated Association) reduces the computing load of the weak device side without increasing the computing load of the strong device side, effectively reducing the possibility of low efficiency or downtime due to extra load when the strong device side (such as a server) performs multi-thread interaction. .

附图说明Description of the drawings

下面结合附图对本发明做进一步说明:The present invention will be further described below in conjunction with the accompanying drawings:

图1为本发明高效认证密钥交换协议实现的流程图;Figure 1 is a flow chart of the implementation of the efficient authentication key exchange protocol of the present invention;

具体实施方式Detailed ways

如图1所示,本发明具体提供一种基于带外信道的高效认证密钥交换方法,首先使用算法协议对认证密钥交换的发起端、响应端共享的公共参数进行定义,然后依次设置通讯的发起端和响应端算法,用于实现认证密钥的交换。As shown in Figure 1, the present invention specifically provides an efficient authentication key exchange method based on out-of-band channels. First, an algorithm protocol is used to define the public parameters shared by the initiator and responder of the authentication key exchange, and then the communication is set up in sequence. The initiator and responder algorithms are used to implement the exchange of authentication keys.

首先定义本发明密钥交换方法中使用的各参数含义:First, define the meaning of each parameter used in the key exchange method of the present invention:

k是安全参数,是产生私钥的域,E是选定的椭圆曲线,G是该曲线的基点;k is a security parameter, is the domain where the private key is generated, E is the selected elliptic curve, and G is the base point of the curve;

IDA为发起端,SKA为发起端的私钥,PKA为发起端的公钥;ID A is the initiator, SK A is the private key of the initiator, and PK A is the public key of the initiator;

IDB为响应端,SKB为响应端的私钥,PKB为响应端的公钥;ID B is the responder, SK B is the private key of the responder, and PK B is the public key of the responder;

rA为随机数,rB为随机数;r A is a random number, rB is a random number;

UA为密钥;U A is the key;

CB为响应端计算的承诺值;C′B为发起端计算的承诺值,要与响应端的作比较;C B is the commitment value calculated by the responder; C′ B is the commitment value calculated by the initiator, which should be compared with that of the responder;

DA为发起端计算的消息摘要码;DB为响应端计算的消息摘要码;D A is the message digest code calculated by the initiator; D B is the message digest code calculated by the responder;

TA为计算密钥KA时输入的一个参数;KA为密钥;TB为计算密钥KB时输入的一个参数;KB为密钥;T A is a parameter input when calculating the key K A ; K A is the key; T B is a parameter input when calculating the key K B ; K B is the key;

macA为发起端计算的自身消息校验码;macB为响应端计算的自身消息校验码;mac2为发起端为了验证响应端身份计算的消息校验码;mac1为响应端为了验证发起端身份计算的消息校验码;mac A is the own message check code calculated by the initiator; mac B is the own message check code calculated by the responder; mac 2 is the message check code calculated by the initiator to verify the identity of the responder; mac 1 is the response code calculated by the responder for verification Message verification code for initiator identity calculation;

LKA为会话密钥;LKB为会话密钥;LK A is the session key; LK B is the session key;

本发明针对发起端的算法步骤主要有:The algorithm steps of the present invention for the initiating end mainly include:

步骤A01:发起端产生随机数 Step A01: The initiator generates random numbers

步骤A02:发起端计算:UA=rA+SKAStep A02: The initiator calculates: U A =r A +SK A ;

步骤A03:发起端使用普通信道把IDA,PKA发送给响应端;Step A03: The initiating end uses the ordinary channel to send ID A and PK A to the responding end;

步骤A04:发起端收到由普通信道发来的IDB,CB,PKBStep A04: The initiator receives ID B , CB , PK B sent through the ordinary channel;

步骤A05:发起端使用普通信道把IDA,UA发送给响应端;Step A05: The initiating end sends ID A and U A to the responding end using the ordinary channel;

步骤A06:发起端收到由普通信道发来的IDB,rBStep A06: The initiator receives ID B , r B sent through the ordinary channel;

步骤A07:发起端使用消息认证码函数,使用密钥rB,将PKA,PKB作为输入,产生的输出记为C′BStep A07: The initiator uses the message authentication code function, uses the key r B , takes PK A and PK B as input, and the generated output is recorded as C′ B ;

步骤A08:发起端比较CB和C′B是否相等,若不相等,则停止协议;若相等,则继续执行步骤A09;Step A08: The initiator compares C B and C′ B to see if they are equal. If they are not equal, stop the protocol; if they are equal, continue to step A09;

步骤A09:发起端使用短消息认证码函数,使用密钥(其中/>为异或操作),将PKA,PKB作为输入,产生的输出为DAStep A09: The initiator uses the short message authentication code function and uses the key (Which/> (XOR operation), taking PK A and PK B as inputs, and the output generated is D A ;

步骤A10:发起端把DA转化为6位十进制数字,并把这个6位十进制数字显示在屏幕上,让用户进行比对;若DA=DB,则继续执行步骤A11;若DA≠DB,则停止协议;Step A10: The initiator converts D A into a 6-digit decimal number, and displays the 6-digit decimal number on the screen for the user to compare; if D A = D B , continue to step A11; if D A ≠ D B , then stop the agreement;

步骤A11:发起端计算:TA=rA×PKBStep A11: The initiator calculates: T A =r A ×PK B ;

步骤A12:发起端使用消息认证码函数,使用密钥rB,将TA作为输入,产生的输出为KAStep A12: The initiator uses the message authentication code function, uses the key r B , takes T A as input, and the generated output is K A ;

步骤A13:发起端使用消息认证码函数,使用密钥KA,将UA,rB,IDA,IDB作为输入,产生的输出为macAStep A13: The initiator uses the message authentication code function, uses the key KA , takes U A , r B , ID A , ID B as input, and the generated output is mac A ;

步骤A14:发起端使用普通信道把IDA,macA发送给响应端;Step A14: The initiator sends ID A and mac A to the responder using a normal channel;

步骤A15:发起端收到由普通信道发来的IDB,macBStep A15: The initiator receives ID B , mac B sent through the ordinary channel;

步骤A16:发起端使用消息认证码函数,使用密钥KA,将rB,UA,IDB,IDA作为输入,产生的输出为mac2;发起端验证mac2和macB是否相等,若不相等,则停止协议,若相等,则继续执行步骤A17;Step A16: The initiator uses the message authentication code function, uses the key K A and takes r B , U A , ID B , ID A as input, and the output generated is mac 2 ; the initiator verifies whether mac 2 and mac B are equal, If they are not equal, stop the protocol; if they are equal, continue to step A17;

步骤A17:发起端使用消息认证码函数,使用密钥KA,将TA,UA,rB,IDA,IDB作为输入,产生的输出为本次会话的会话密钥LKAStep A17: The initiator uses the message authentication code function, uses the key KA , takes TA , U A , r B , ID A , ID B as input, and the generated output is the session key LK A of this session;

本发明针对响应端的算法步骤主要有:The algorithm steps of the present invention for the response end mainly include:

步骤B01:响应端收到由普通信道发来的IDA,PKAStep B01: The responding end receives ID A and PK A sent through the ordinary channel;

步骤B02:响应端产生随机数 Step B02: The responding end generates random numbers

步骤B03:响应端使用消息认证码函数,使用密钥rB,将PKA,PKB作为输入,产生的输出记为CBStep B03: The responder uses the message authentication code function, uses the key r B , takes PK A and PK B as input, and the generated output is recorded as C B ;

步骤B04:响应端使用普通信道把IDB,CB发送给发起端;Step B04: The responding end sends ID B and C B to the initiating end using ordinary channels;

步骤B05:响应端收到由普通信道发来的IDA,UAStep B05: The responding end receives ID A , U A sent through the ordinary channel;

步骤B06:响应端使用普通信道把IDB,rB发送给发起端;Step B06: The responding end sends ID B and r B to the initiating end using the ordinary channel;

步骤B07:响应端使用短消息认证码函数,使用密钥将PKA,PKBB作为输入,产生的输出为DBStep B07: The responder uses the short message authentication code function and uses the key Taking PK A and PKB B as input, the generated output is D B ;

步骤B08:响应端把DB转化为6位十进制数字,并把这个6位十进制数字显示在屏幕上,让用户进行比对;若DB=DA,则继续执行步骤B08;若DB≠DA,则停止协议;Step B08: The responder converts D B into a 6-digit decimal number, and displays the 6-digit decimal number on the screen for the user to compare; if D B = D A , continue to step B08; if D B ≠ D A , then stop the agreement;

步骤B09:响应端计算:TB=SKB×(UA×G-PKA);Step B09: Response side calculation: T B =SK B ×(U A ×G-PK A );

步骤B10:响应端使用消息认证码函数,使用密钥rB,将TB作为输入,产生的输出为KBStep B10: The responder uses the message authentication code function, uses the key r B , takes T B as input, and the generated output is K B ;

步骤B11:响应端收到由普通信道发来的IDA,macAStep B11: The responder receives ID A , mac A sent through the ordinary channel;

步骤B12:响应端使用消息认证码函数,使用密钥KB,将UA,rB,IDA,IDB作为输入,产生的输出为mac1Step B12: The responder uses the message authentication code function, uses the key K B , takes U A , r B , ID A , ID B as input, and the generated output is mac 1 ;

步骤B13:响应端验证mac1和macA是否相等,若不相等,则停止协议,若相等,则继续执行步骤B14;Step B13: The responder verifies whether mac 1 and mac A are equal. If they are not equal, stop the protocol. If they are equal, continue to step B14;

步骤B14:响应端使用消息验证码函数,使用密钥KB,将rB,UA,IDB,IDA作为输入,产生的输出为macBStep B14: The responder uses the message verification code function, uses the key K B , takes r B , U A , ID B , ID A as input, and the generated output is mac B ;

步骤B15:响应端使用普通信道把IDB,macB发送给发起端;Step B15: The responding end uses the ordinary channel to send ID B and mac B to the initiating end;

步骤B16:响应端使用消息认证码函数,使用密钥KB,将TA,UA,rB,IDA,IDB作为输入,产生的输出为本次会话的会话密钥LKBStep B16: The responder uses the message authentication code function, uses the key K B , takes T A , U A , r B , ID A , and ID B as inputs, and the generated output is the session key LK B of this session.

上述协议方法中使用到的消息认证码函数,可以使用哈希消息认证码HMAC,也可以使用国密体系SM3密码杂凑算法来代替。The message authentication code function used in the above protocol method can be replaced by the hash message authentication code HMAC or the national secret system SM3 cryptographic hash algorithm.

最后应说明的是:以上各实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述各实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分或者全部技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的范围。Finally, it should be noted that the above embodiments are only used to illustrate the technical solution of the present invention, but not to limit it. Although the present invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: The technical solutions described in the foregoing embodiments can still be modified, or some or all of the technical features can be equivalently replaced; and these modifications or substitutions do not deviate from the essence of the corresponding technical solutions from the technical solutions of the embodiments of the present invention. scope.

Claims (1)

1.一种基于带外信道的高效认证密钥交换方法,其特征在于:包括如下密钥交换步骤:1. An efficient authentication key exchange method based on out-of-band channels, characterized by: including the following key exchange steps: 步骤一:使用算法协议对认证密钥交换的发起端、响应端共享的公共参数定义为:Step 1: Use the algorithm protocol to define the public parameters shared by the initiator and responder of the authentication key exchange as: 式中:k是安全参数,是产生私钥的域,E是选定的椭圆曲线,G是该曲线的基点;In the formula: k is the safety parameter, is the domain where the private key is generated, E is the selected elliptic curve, and G is the base point of the curve; 在进行信息交换前,发起端和响应端预先计算自己的公私钥对:Before exchanging information, the initiator and responder pre-calculate their own public and private key pairs: 计算发起端IDA的公私钥对为:私钥公钥PKA=SKA×G;Calculate the public and private key pair of the initiator ID A as: private key Public key PK A =SK A ×G; 计算响应端IDB的公私钥对为:私钥公钥PKB=SKB×G;Calculate the public and private key pair of responder ID B as: private key Public key PK B =SK B ×G; 步骤二:设置发起端算法为:Step 2: Set the initiator algorithm as: 步骤A01:发起端产生随机数 Step A01: The initiator generates random numbers 步骤A02:发起端计算UA=rA+SKAStep A02: The initiator calculates U A =r A +SK A ; 步骤A03:发起端使用普通信道把IDA,PKA发送给响应端;Step A03: The initiating end uses the ordinary channel to send ID A and PK A to the responding end; 步骤A04:发起端收到由普通信道发来的IDB,CB,PKBStep A04: The initiator receives ID B , CB , PK B sent through the ordinary channel; 步骤A05:发起端使用普通信道把IDA,UA发送给响应端;Step A05: The initiating end sends ID A and U A to the responding end using the ordinary channel; 步骤A06:发起端收到由普通信道发来的IDB,RBStep A06: The initiator receives ID B and RB sent through the ordinary channel; 步骤A07:发起端使用消息认证码函数,使用密钥rB,将PKA,PKB作为输入,产生的输出记为C′BStep A07: The initiator uses the message authentication code function, uses the key r B , takes PK A and PK B as input, and the generated output is recorded as C′ B ; 步骤A08:发起端比较CB和C′B是否相等,若不相等,则停止协议,若相等,则继续执行步骤A09;Step A08: The initiator compares C B and C′ B to see if they are equal. If they are not equal, stop the protocol. If they are equal, continue to step A09; 步骤A09:发起端使用短消息认证码函数,使用密钥其中/>为异或操作,将PKA,PKB作为输入,产生的输出为DAStep A09: The initiator uses the short message authentication code function and uses the key Among them/> It is an XOR operation, taking PK A and PK B as inputs, and the output generated is D A ; 步骤A10:发起端把DA转化为6位十进制数字,并将该6位十进制数字显示在屏幕上,让用户进行比对:若DA=DB,则继续执行步骤A11,若DA≠DB,则停止协议;Step A10: The initiator converts D A into a 6-digit decimal number, and displays the 6-digit decimal number on the screen for the user to compare: If D A = D B , continue to step A11, if D A ≠ D B , then stop the agreement; 步骤A11:发起端计算TA=rA×PKBStep A11: The initiator calculates T A =r A ×PK B ; 步骤A12:发起端使用消息认证码函数,使用密钥rB,将TA作为输入,产生的输出为KAStep A12: The initiator uses the message authentication code function, uses the key r B , takes T A as input, and the generated output is K A ; 步骤A13:发起端使用消息认证码函数,使用密钥KA,将UA,rB,IDA,IDB作为输入,产生的输出为maxAStep A13: The initiator uses the message authentication code function, uses the key KA , takes U A , r B , ID A , ID B as input, and the generated output is max A ; 步骤A14:发起端使用普通信道把IDA,macA发送给响应端;Step A14: The initiator sends ID A and mac A to the responder using a normal channel; 步骤A15:发起端收到由普通信道发来的IDB,macBStep A15: The initiator receives ID B , mac B sent through the ordinary channel; 步骤A16:发起端使用消息认证码函数,使用密钥KA,将rB,UA,IDB,IDA作为输入,产生的输出为mac2;发起端验证mac2和macB是否相等,若不相等,则停止协议,若相等,则继续执行步骤A17;Step A16: The initiator uses the message authentication code function, uses the key K A and takes r B , U A , ID B , ID A as input, and the output generated is mac 2 ; the initiator verifies whether mac 2 and mac B are equal, If they are not equal, stop the protocol; if they are equal, continue to step A17; 步骤A17:发起端使用消息认证码函数,使用密钥KA,将TA,UA,rB,IDA,IDB作为输入,产生的输出为本次会话的会话密钥LKAStep A17: The initiator uses the message authentication code function, uses the key KA , takes TA , U A , r B , ID A , ID B as input, and the generated output is the session key LK A of this session; 步骤三:设置响应端算法为:Step 3: Set the responder algorithm as: 步骤B01:响应端收到由普通信道发来的IDA,PKAStep B01: The responding end receives ID A and PK A sent through the ordinary channel; 步骤B02:响应端产生随机数 Step B02: The responding end generates random numbers 步骤B03:响应端使用消息认证码函数,使用密钥rB,将PKA,PKB作为输入,产生的输出记为CBStep B03: The responder uses the message authentication code function, uses the key r B , takes PK A and PK B as input, and the generated output is recorded as C B ; 步骤B04:响应端使用普通信道把IDB,CB发送给发起端;Step B04: The responding end sends ID B and C B to the initiating end using ordinary channels; 步骤B05:响应端收到由普通信道发来的IDA,UAStep B05: The responding end receives ID A , U A sent through the ordinary channel; 步骤B06:响应端使用普通信道把IDB,rB发送给发起端;Step B06: The responding end sends ID B and r B to the initiating end using the ordinary channel; 步骤B07:响应端使用短消息认证码函数,使用密钥其中/>为异或操作,将PKA,PKB作为输入,产生的输出为DBStep B07: The responder uses the short message authentication code function and uses the key Among them/> It is an XOR operation, taking PK A and PK B as inputs, and the output generated is D B ; 步骤B08:响应端把DB转化为6位十进制数字,并将该6位十进制数字显示在屏幕上,让用户进行比对:若DB=DA,则继续执行步骤B09,若DB≠DA,则停止协议;Step B08: The responder converts D B into a 6-digit decimal number, and displays the 6-digit decimal number on the screen for the user to compare: If D B = D A , continue to step B09, if D B ≠ D A , then stop the agreement; 步骤B09:响应端计算TB=SKB×(UA×G-PKA);Step B09: The responder calculates T B =SK B ×( UA ×G-PK A ); 步骤B10:响应端使用消息认证码函数,使用密钥rB,将TB作为输入,产生的输出为KBStep B10: The responder uses the message authentication code function, uses the key r B , takes T B as input, and the generated output is K B ; 步骤B11:响应端收到由普通信道发来的IDA,macAStep B11: The responder receives ID A , mac A sent through the ordinary channel; 步骤B12:响应端使用消息认证码函数,使用密钥KB,将UA,rB,IDA,IDB作为输入,产生的输出为mac1Step B12: The responder uses the message authentication code function, uses the key K B , takes U A , r B , ID A , ID B as input, and the generated output is mac 1 ; 步骤B13:响应端验证mac1和macA是否相等,若不相等,则停止协议,若相等,则继续执行步骤B14;Step B13: The responder verifies whether mac 1 and mac A are equal. If they are not equal, stop the protocol. If they are equal, continue to step B14; 步骤B14:响应端使用消息验证码函数,使用密钥KB,将rB,UA,IDB,IDA作为输入,产生的输出为macBStep B14: The responder uses the message verification code function, uses the key K B , takes r B , U A , ID B , ID A as input, and the generated output is mac B ; 步骤B15:响应端使用普通信道把IDB,macB发送给发起端;Step B15: The responding end uses the ordinary channel to send ID B and mac B to the initiating end; 步骤B16:响应端使用消息认证码函数,使用密钥KB,将TA,UA,rB,IDA,IDB作为输入,产生的输出为本次会话的会话密钥LKBStep B16: The responder uses the message authentication code function, uses the key K B , takes T A , U A , r B , ID A , and ID B as inputs, and the generated output is the session key LK B of this session.
CN202210869100.2A 2022-07-22 2022-07-22 An efficient authentication key exchange method based on out-of-band channel Active CN115277157B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210869100.2A CN115277157B (en) 2022-07-22 2022-07-22 An efficient authentication key exchange method based on out-of-band channel

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210869100.2A CN115277157B (en) 2022-07-22 2022-07-22 An efficient authentication key exchange method based on out-of-band channel

Publications (2)

Publication Number Publication Date
CN115277157A CN115277157A (en) 2022-11-01
CN115277157B true CN115277157B (en) 2023-11-14

Family

ID=83769339

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210869100.2A Active CN115277157B (en) 2022-07-22 2022-07-22 An efficient authentication key exchange method based on out-of-band channel

Country Status (1)

Country Link
CN (1) CN115277157B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107294703A (en) * 2016-03-30 2017-10-24 南京皓都臻信网络科技有限公司 A kind of mobile Internet instant messaging safe encryption method
CN112087428A (en) * 2020-08-06 2020-12-15 如般量子科技有限公司 Anti-quantum computing identity authentication system and method based on digital certificate
CN112242994A (en) * 2020-09-07 2021-01-19 西安电子科技大学 Method for checking position between entities and digital content protection system
CN112601223A (en) * 2020-12-04 2021-04-02 太原理工大学 Asymmetric authentication method for calculated amount of Bluetooth equipment
CN113572607A (en) * 2021-08-11 2021-10-29 太原理工大学 A Secure Communication Method Using Unbalanced SM2 Key Exchange Algorithm

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106330815A (en) * 2015-06-17 2017-01-11 中兴通讯股份有限公司 Internet key exchange (IKE) negotiation control method, device and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107294703A (en) * 2016-03-30 2017-10-24 南京皓都臻信网络科技有限公司 A kind of mobile Internet instant messaging safe encryption method
CN112087428A (en) * 2020-08-06 2020-12-15 如般量子科技有限公司 Anti-quantum computing identity authentication system and method based on digital certificate
CN112242994A (en) * 2020-09-07 2021-01-19 西安电子科技大学 Method for checking position between entities and digital content protection system
CN112601223A (en) * 2020-12-04 2021-04-02 太原理工大学 Asymmetric authentication method for calculated amount of Bluetooth equipment
CN113572607A (en) * 2021-08-11 2021-10-29 太原理工大学 A Secure Communication Method Using Unbalanced SM2 Key Exchange Algorithm

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
网络会议系统中密钥交换实现方案;吕良;肖丽萍;;微处理机(第05期);全文 *

Also Published As

Publication number Publication date
CN115277157A (en) 2022-11-01

Similar Documents

Publication Publication Date Title
CN107342859B (en) Anonymous authentication method and application thereof
US8331568B2 (en) Efficient distribution of computation in key agreement
CN111682938B (en) Three-party authenticatable key agreement method facing centralized mobile positioning system
CN109818744B (en) Shared secret key generation method and device, computer equipment and storage medium
CN103200000B (en) Shared key method for building up under a kind of quantum computation environment
US8422670B2 (en) Password authentication method
Chen et al. Efficient certificateless online/offline signcryption scheme for edge IoT devices
CN113572607B (en) Secure communication method adopting unbalanced SM2 key exchange algorithm
CN107171788B (en) Identity-based online and offline aggregated signature method with constant signature length
CN104821942B (en) Face identification method and system
JP7183242B2 (en) LATTICE-BASED ENCRYPTION KEY GENERATION METHOD AND ELECTRONIC SIGNATURE METHOD
WO2013180413A1 (en) Apparatus and method for generating secret key for id-based cryptosystem, and recording medium on which program for executing said method in computer is recorded
CN113242129B (en) End-to-end data confidentiality and integrity protection method based on lattice encryption
WO2023174038A9 (en) Data transmission method and related device
CN113094722B (en) Three-party password authentication key exchange method
CN109040041B (en) Data layer encryption device and related electronic device, storage medium
CN115277157B (en) An efficient authentication key exchange method based on out-of-band channel
CN104618098B (en) Cryptography building method and system that a kind of set member's relation judges
CN106850584A (en) Anonymous authentication method facing client/server network
WO2020042023A1 (en) Instant messaging data encryption method and apparatus
CN108599923A (en) The implementation method of data efficient safe transmission between cloud computing server
CN107070869B (en) Anonymous authentication method based on secure hardware
CN112906715A (en) Safety image feature extraction and classification method based on deep neural network
CN117394995A (en) Certificateless key agreement method, system, equipment and medium
CN110636040B (en) Information flow authentication system and method based on block chain communication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant