CN115314189A - Communication method and system - Google Patents

Communication method and system Download PDF

Info

Publication number
CN115314189A
CN115314189A CN202210707201.XA CN202210707201A CN115314189A CN 115314189 A CN115314189 A CN 115314189A CN 202210707201 A CN202210707201 A CN 202210707201A CN 115314189 A CN115314189 A CN 115314189A
Authority
CN
China
Prior art keywords
key
quantum
communication
shared
quantum security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210707201.XA
Other languages
Chinese (zh)
Inventor
冯凯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alibaba China Co Ltd
Original Assignee
Alibaba China Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba China Co Ltd filed Critical Alibaba China Co Ltd
Priority to CN202210707201.XA priority Critical patent/CN115314189A/en
Publication of CN115314189A publication Critical patent/CN115314189A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • Algebra (AREA)
  • Electromagnetism (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Power Engineering (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present disclosure relates to a communication method and system. First, a quantum security key is obtained. Then, a pre-shared key is obtained based on the quantum secure key. Next, the pre-shared key is imported into a secure transport layer protocol. In this way, a master key may be generated based on a pre-shared key and/or authentication may be performed based on the pre-shared key in a secure transport layer protocol. Therefore, the pre-shared secret key is generated based on the quantum secure secret key in an out-of-band mode, and is led into the secure transport layer protocol, so that the pre-shared secret key has the capability of resisting quantum attack when used for secret key exchange and identity authentication.

Description

Communication method and system
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to a communication method and system that combine a quantum security technology with a remote access technology.
Background
The SSL VPN is one of 22 products in a commercial cipher product catalog published by a commercial cipher detection center of the State cipher administration, and is modified to conform to national standard specifications on the basis of a transport layer security protocol TLS1.1 in combination with actual application requirements and practical experience of China. The national secret SSL VPN has the characteristics that a national secret algorithm is integrated, and a double-certificate mode is also used, namely a signature certificate and an encryption certificate.
The quantum security technology is an emerging technical field, and is mainly used for dealing with threats possibly formed by the existing cryptology systems of future quantum computers, including asymmetric encryption algorithms such as Diffie-Hellman, RSA and ECC. The most practical technical solutions in quantum security technology are mainly divided into Quantum Key Distribution (QKD) and post-quantum cryptography (PQC).
The underlying cryptographic algorithms (such as signature and key exchange algorithms including RSA, ECC, SM2, ECDHE, etc.) of the SSL VPN are still based on discrete logarithm or mathematical principles such as large number decomposition, and do not have the capability of resisting quantum computer attacks.
Therefore, a solution capable of combining quantum security technology with remote access technology (such as cryptographic SSL VPN) is needed to make remote access capable of resisting quantum computer attack.
Disclosure of Invention
One technical problem to be solved by the present disclosure is to provide a solution capable of combining quantum security technology with remote access technology (such as a cryptographic SSL VPN).
According to a first aspect of the present disclosure, there is provided a communication method comprising: obtaining a quantum security key; obtaining a pre-shared key based on the quantum secure key; leading the pre-shared key into a secure transport layer protocol; and in the secure transport layer protocol, generating a master key based on the pre-shared key and/or performing authentication based on the pre-shared key.
Optionally, the quantum security key is obtained by an application participating in the communication, and the pre-shared key is obtained based on the quantum security key.
Optionally, the step of obtaining the pre-shared key based on the quantum secure key includes: and carrying out key derivation processing on the quantum secure key to obtain a pre-shared key.
Optionally, the key derivation process comprises processing the quantum security key using a key derivation function based on a hash operation message authentication code.
Optionally, the quantum security key is provided for the two communication parties through a quantum security key service.
Optionally, the step of obtaining the quantum security key includes: acquiring a plurality of quantum security keys and key identifications corresponding to the quantum security keys; caching the obtained multiple quantum security keys and key identifications corresponding to the multiple quantum security keys; and performing key synchronization between the two communication parties by using the key identification whenever a new quantum security key is needed, so that the two communication parties use the same group of quantum security keys.
Optionally, the step of generating the master key based on the pre-shared key comprises: and obtaining a premaster secret key based on the premaster secret key and the private information, and obtaining a master secret key based on the premaster secret key.
Optionally, the private information comprises: a public key and a temporary public key obtained from an encryption certificate of a communication counterpart and an encryption private key and a temporary private key of the own; or a random number from the communication partner and a random number generated by the present party.
Optionally, the step of deriving the master key based on the premaster secret comprises: obtaining a master key by using a key derivation algorithm based on a pre-master key, a random number from a communication opposite side and a random number generated by the self; or based on the pre-master key, the random number from the communication counterpart and the random number generated by the self, and the pre-shared key, the master key is obtained by using a key derivation algorithm.
According to a second aspect of the present disclosure, there is provided a communication system comprising a first communication party and a second communication party, the first communication party and/or the second communication party being configured to generate a master key required for the first communication party and the second communication party to communicate and/or to authenticate by the method of the first aspect.
According to a third aspect of the present disclosure, there is provided a computing device comprising: a processor; and a memory having executable code stored thereon, which when executed by the processor, causes the processor to perform the method as described in the first aspect above.
According to a fourth aspect of the present disclosure, there is provided a computer program product comprising executable code which, when executed by a processor of an electronic device, causes the processor to perform the method according to the first aspect as described above.
According to a fifth aspect of the present disclosure, there is provided a non-transitory machine-readable storage medium having stored thereon executable code which, when executed by a processor of an electronic device, causes the processor to perform the method as described in the first aspect above.
Therefore, the pre-shared secret key is generated based on the quantum secure secret key in an out-of-band mode, and is led into the secure transport layer protocol, so that the pre-shared secret key has the capability of resisting quantum attack when used for secret key exchange and identity authentication.
Drawings
The above and other objects, features and advantages of the present disclosure will become more apparent by describing in greater detail exemplary embodiments thereof with reference to the attached drawings, in which like reference numerals generally represent like parts throughout.
Fig. 1 shows a schematic flow chart of a communication method according to an embodiment of the present disclosure.
Figure 2 shows a key exchange flow diagram according to one embodiment of the present disclosure.
FIG. 3 shows a schematic structural diagram of a computing device according to one embodiment of the present disclosure.
Detailed Description
Preferred embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While the preferred embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
The present disclosure proposes a communication scheme that combines quantum security technology with remote access technology.
The disclosure is described below taking the remote access technology as the national security SSL VPN as an example. It should be noted that the remote access technology may also refer to other remote access technologies supporting the TLS protocol.
Although the TLS1.1 protocol is adopted in the current national security socket layer (SSL VPN), the TLS protocol gradually introduces the characteristics of session recovery, 0-RTT, and the like in the process of continuous update, and these characteristics further improve the performance of the TLS protocol, and an important mechanism for implementing these characteristics is PSK (Pre-Shared Key).
Considering that the national secret SSL VPN needs to be further evolved in the future, and needs to be upgraded to higher-version protocols (such as TLS1.2 and TLS 1.3), and support for PSK is indispensable, the present disclosure proposes a way to combine quantum security key and PSK, so as to comply with the future development direction of the national secret SSL VPN while providing quantum security capability for the TLS protocol in two parts of key exchange and identity authentication.
Fig. 1 shows a schematic flow chart of a communication method according to an embodiment of the present disclosure.
The method shown in fig. 1 may be performed by two communicating parties (e.g., two-end applications participating in a communication).
That is, both parties of communication can perform steps S110 to S140 shown in the drawing.
The two communicating parties can be interconnected based on a remote access technology (such as SSL VPN). SSL VPN is a VPN remote access technology based on SSL protocol as a security base. SSL (Secure Sockets Layer), and its successor Transport Layer Security (TLS) are Security protocols that provide Security and data integrity for network communications. TLS and SSL encrypt the network connection between the transport layer and the application layer.
Referring to fig. 1, in step S110, a quantum security key is acquired.
Quantum secure keys refer to keys generated based on quantum secure techniques (QKD systems or PQC algorithms).
QKD system, also Quantum Key Distribution (Quantum Key Distribution) system. The quantum key distribution system is composed of a sub-key distribution device and a quantum key management device, and the quantum key distribution system utilizes quantum mechanical characteristics, so that two communication parties can generate and share a pair of random and safe keys.
The PQC algorithm, which may also be referred to as Post-Quantum Cryptography (Post-Quantum Cryptography) algorithm or Quantum-Safe Cryptography (Quantum-Safe Cryptography) algorithm, is an encryption algorithm that is specifically used to defend Quantum computers. The asymmetric encryption algorithm comprises various schemes such as lattice-based, coding-based, multivariable-based, hash-based and super-singular elliptic curve isogenies.
The quantum security key may be provided by a quantum security key service. One quantum security key service can be deployed on each communication party, and the communication parties can obtain quantum security keys by using the corresponding quantum security key services.
The two quantum security key services positioned between the two communication parties can generate the same quantum security key through key negotiation and/or key synchronization information, and the generated quantum security key can be stored in the security chip. The quantum security key service may output the quantum security key to the outside through an interface (e.g., RESTful API, or other interface forms).
One of the two communication parties can obtain the quantum security key from the quantum security key service of the own party, and simultaneously can obtain the key identification corresponding to the quantum security key, and sends the key identification to the other one of the two communication parties, so that the other party can obtain the quantum security key which is the same as the quantum security key obtained by the initiator from the quantum security key service of the own party based on the key identification. Therefore, key synchronization is carried out between the two communication parties by using the key identification, so that the two communication parties can use the same set of quantum security keys.
As an example, either one of the two communication parties may obtain a plurality of quantum security keys and key identifications corresponding thereto, and cache the obtained plurality of quantum security keys and key identifications corresponding thereto. Each time a new quantum security key is needed (e.g., handshake, session recovery between two communicating parties for the first time), key synchronization can be performed between the two communicating parties using the key identification, so that the two communicating parties use the same set of quantum security keys. The operation of performing key synchronization may be initiated by any one of the two communication parties, that is, any one of the two communication parties may send the key identifier to the other party according to the key identifier of the quantum security key used, so that the other party obtains and uses the same quantum security key as the sender of the key identifier based on the received key identifier.
In step S120, a pre-shared key is obtained based on the quantum secure key.
The pre-shared key refers to a key pre-shared by both communication parties in an out-of-band manner.
The out-of-band scheme is a scheme in which both parties share a pre-shared key without going through a TLS connection.
In other words, the two communicating parties do not negotiate the generation of the pre-shared key in the protocol, but generate the same pre-shared key in the same manner based on the same quantum security key.
In order to improve the security of the pre-shared key, the two communication parties can perform key derivation processing on the quantum secure key, wherein the key derivation processing cannot be reversely cracked or is difficult to reversely crack, and the pre-shared key is obtained.
The key derivation process may include processing the quantum security key using a key derivation function.
The key derivation function may be a PRF function or an HKDF function. The PRF function may be used when the protocol used by both of the communicating parties is TLS1.1 or TLS1.2, and the HKDF function may be used when the protocol used by both of the communicating parties is TLS 1.3.
The PRF function is a pseudo-random function that produces an output of arbitrary length by taking confidential information, a seed, and an identity tag as inputs to the function.
The HKDF Function (HMAC-based Key Derivation Function) is a Key Derivation Function based on a Hash-based Message Authentication Code (HMAC), and derives one or more cryptographically secure keys from an input shorter original Key material in an 'extract-then-extended' manner, which can be used as a quantum secure Key.
Then, in step S130, the pre-shared key is imported into the secure transport layer protocol.
The pre-shared secret key can be respectively led into the safety transmission layer protocols at two ends of communication by two communication parties.
The secure transport layer protocol may be referred to as TLS protocol.
The current national secret standard SSL VPN is based on TLS1.1 protocol, and the TLS1.1 protocol does not support PSK mechanism. Therefore, when both communication parties use the SSL VPN communication based on the national security standard of the TLS1.1 protocol, the PSK mechanism needs to be supported in accordance with the existing specifications. For example, the mechanism for TLS _ PSK may be implemented according to the specifications RFC4279, RFC5489, etc., as well as supporting the ECDHE _ PSK cipher suite. When the SSL VPN is upgraded to a protocol of a higher version (such as a version above TLS 1.2), the support of a PSK mechanism does not need to be added according to the existing specification.
The TLS protocol calls a callback function of the PSK again during the first handshake or session recovery, and at this time, a communication participant (e.g., an application) may obtain a new quantum security key and a new key identifier again, and generate a new pre-shared key based on the new quantum security key, so the pre-shared key may also be referred to as a dynamic pre-shared key, that is, a dynamic PSK.
The dynamic PSK based on the quantum security key accords with the development direction of SSL VPN. And dynamic PSK is realized based on out-of-band quantum complete key, compared with static PSK, high entropy value and forward security are provided, and security and performance of SSL VPN can be improved.
In step S140, in the secure transport layer protocol, a master key is generated based on the pre-shared key and/or authentication is performed based on the pre-shared key.
The pre-shared secret key introduced into the secure transport layer protocol can be used for secret key exchange and identity authentication.
When the pre-shared key is used for key exchange, a master key may be generated based on the pre-shared key. For example, the premaster secret may be obtained first based on the premaster secret and the private information (for example, the premaster secret may be obtained by concatenating the premaster secret and the private information), and then the master secret may be obtained based on the premaster secret. The premaster secret is used to generate a master secret. The master key is used to generate the session key. The session key refers to a key used by two communicating parties to encrypt and/or decrypt session data during a session. The specific content of the private information is related to the specifically selected algorithm suite. For example, if the selected algorithm suite is ECDHE-SM4-SM3, the private information may include a public key and a temporary public key derived from the communication partner's encrypted certificate and the party's encrypted private key and temporary private key. For another example, if the selected algorithm suite is ECC-SM4-SM3, the secret information may include a random number from the communication partner and a random number generated by the party.
In deriving the master key based on the premaster secret, the master key may be derived using a key derivation algorithm (e.g., a PRF function) based on the premaster secret and a random number from the correspondent and a self-generated random number.
The pre-shared key may also participate in the calculation of the master key. That is, the master key may be obtained by a key derivation algorithm based on the premaster secret, the random number from the communication partner and the random number generated by the self, and the preshared secret. The pre-shared key may be used as one of the parameters of the key derivation algorithm to participate in the calculation, or may be directly mixed with the calculation result based on the key derivation algorithm (e.g., xor processing), and the mixed result (e.g., xor processing) may be used as the master key.
If the key exchange algorithm adopts the RSA algorithm, the ECC algorithm, or the IBC algorithm, one communication party (e.g., the client) needs to encrypt the pre-master key generated by the communication party, and send the encrypted pre-master key to another party (e.g., the server), and the other party decrypts the encrypted pre-master key, and then the two parties can calculate the master key according to the master key generation method.
When encrypting the premaster secret key, the premaster secret key can be encrypted by using a public key (also called a public key certificate) in a digital certificate of the other party, and after receiving the encrypted premaster secret key, the other party can decrypt the encrypted premaster secret key by using a private key to obtain the plaintext premaster secret key.
When the premaster secret key is encrypted, the premaster secret key can be firstly encrypted by using the premaster secret key, and then the encrypted result is secondarily encrypted by using the public key in the digital certificate of the other party. After the other party receives the encrypted premaster secret key, the private key is required to be used for carrying out primary decryption on the twice encrypted premaster secret key, and then the premaster secret key is used for carrying out secondary decryption on a primary decryption result, so that the plaintext premaster secret key can be obtained.
The TLS1.1 (RFC 4346) specification does not refer to support for PSK, but other standards such as RFC4279 and RFC5489 propose a specification for applying PSK to the TLS protocol for ECC and ECDHE algorithms for authentication, and in the newer TLS version 1.3 protocol, the PSK features are further extended, and can be used for authentication, combination with a key exchange algorithm, encryption of early data, session multiplexing, and other features.
When the pre-shared key is used for identity authentication, for example, in the process of executing an algorithm such as RSA, ECDHE, or the like, identity authentication (or identity verification) may be performed based on the pre-shared key.
The pre-shared key is used for specific implementation of identity authentication, which can be referred to in the existing specifications, such as RFC4279, RFC5489, and the like. RFC4279, RFC5489, etc. Fan Shixian TLS _ PSK, and supporting the ECDHE _ PSK cipher suite. The pre-shared key may be used for identity authentication according to existing specifications. Thus, while the existing specifications also involve the use of pre-shared keys for identity authentication, it is disclosed that pre-shared keys are dynamically generated based on quantum secure keys, such that the security of identity authentication can be further enhanced over the existing specifications.
It is contemplated that multiple pre-shared keys may be maintained in the secure transport layer protocol of both communicating parties, and that the pre-shared keys of the present disclosure are generated based on quantum secure keys. In order to ensure that the two communication parties use the same pre-shared key for key exchange and/or identity authentication, the two communication parties can transmit key identifications of quantum security keys on a protocol layer so as to ensure that the pre-shared keys selected by the two communication parties are the same.
The present disclosure is further described below using a key exchange scenario as an example.
Fig. 2 shows a key exchange flow diagram according to one embodiment of the present disclosure.
As shown in fig. 2, the scenario of the present embodiment is between two branches a and B. One or more applications may be deployed in each of the two branches a and B. Two applications located in different branches may be interconnected through SSL VPN. The SSL VPN may refer to a national security SSL VPN conforming to a national standard specification.
A quantum secure key service may be deployed in each of branch a and branch B. The quantum secure key service may consist of a quantum key distribution system. The quantum secure key service may also be a service that mixes a quantum key distribution system and a post-quantum cryptography algorithm. The two quantum security key services can negotiate quantum security keys based on different protocols and store the quantum security keys in the security chip. The quantum security key service can output the quantum security key externally through RESTful API or other interface forms. Quantum secure key services are not an area of focus of the present disclosure, and reference may be made to the prior art with respect to quantum secure key services.
The key exchange flow is as follows.
(1) The quantum security key service completes the generation of the quantum security key through key negotiation and key synchronization information between every two quantum security key services.
(2) Two applications located in different branches may maintain a "key cache and synchronization module" respectively.
And the key cache and synchronization module is used for realizing a communication function with the quantum security key service. And the application of the branch A end sends the quantum security key request message through the key cache and synchronization module according to the interface provided by the quantum security key service. If the quantum secure key service can support the interfacing of multiple applications, the message may also contain an identification of the application (app _ id), and other parameters required by the interface, such as an IP address of a device where the quantum secure key service is located, and a uid, token, or other parameters for identity authentication.
(3) The quantum security key service returns the corresponding quantum security key and key ID to the application in branch a.
The quantum security key and the key ID may be characterized by (qskey, qskey _ ID). Wherein qskey represents a quantum security key, and qskey _ ID represents a key ID of the quantum security key.
(4) The application in branch a needs to send the key ID to the application in branch B through the key ID synchronization message after requesting the quantum security key each time.
(5) A key cache and synchronization module in an application in branch office B may specify a key ID, vector sub-security key service request quantum security key.
(6) The quantum security key service returns the corresponding quantum security key and the key ID to the application.
(7) Applications at two ends of the branch A, B may import the acquired quantum security key and the key ID into the TLS protocol through an interface by calling a corresponding mechanism (such as a callback function) provided by the TLS protocol and used for importing the PSK from the outside.
The key cache and synchronization module can cache multiple quantum security keys and key identifications thereof. When the application calls the PSK callback function each time, a group of new quantum security keys and key identifications thereof can be acquired from the cache in sequence.
Before importing, the two-end application can perform corresponding key derivation processing on the quantum secure key according to the need, for example, by using an HKDF function, taking the static PSK set by the two-end application as a salt parameter, taking the quantum secure key as a IKM parameter and bringing the key into the HKDF function, and taking the obtained derived key as the PSK. This ensures that the PSK further meets specific requirements in terms of key length and security strength.
The national secret TLS VPN is based on a TLS1.1 protocol, does not support a PSK mechanism, and needs to realize a TLS _ PSK mechanism and support an ECDHE _ PSK cipher suite according to specifications of rfc4279, rfc5489 and the like. The TLS protocol should call the callback function of the PSK again during the first handshake or session recovery, and at this time, the application side should acquire a new quantum security key and a new key ID and use the new quantum security key and the new key ID to generate the PSK, so the PSK may also be referred to as dynamic PSK (dynamic PSK).
(8) Multiple pre-shared keys may be maintained in the TLS protocol at both ends. In order to ensure that the two end protocols use the same pre-shared key, the TLS protocol used as the client (e.g., branch a end) needs to send the key ID of the quantum security key corresponding to the used pre-shared key to the TLS protocol of the server (e.g., branch B end) through the PSK Identity field in the ClientKeyExchange message. The TLS protocol of the server side can select a correct quantum security key to be used as the dynamic PSK according to the received PSK Identity. The server B-side may also provide "PSK identity hit" in the ServerKeyExchange message. If the hit is not provided, the ServerKeyExchange message may be ignored.
(9) The TLS protocol at both ends may generate a pre-master key (pre _ master _ key) based on the same pre-shared key, and further generate a master key (master _ key) based on the generated pre-master key, which may be used to generate a session key.
1) Pre-master key generation flow
The pre-master key may be calculated by concatenating the dynamic PSK derived from the quantum secure key with the other _ secret (corresponding to the private information mentioned above).
The contents of the other _ secret differ according to the chosen suite of algorithms. If it is ECDHE-SM4-SM3, the other _ secret can be composed of 4 materials, namely, the public key and the temporary public key in the encrypted certificate of the other party, and the own encrypted private key and the temporary private key. In case of ECC-SM4-SM3, the other _ secret can consist of 2 materials, client _ random and server _ random.
2) Master key generation flow
The pre-master key will participate in the calculation of the master key, which is the same way for both ECDHE-SM4-SM3 and ECC-SM4-SM3 algorithm suites.
An alternative is to add dynamic PSK also to the calculation of the master key, e.g. as one of the parameters of the PRF, or to xor with the master key directly.
Another alternative is that when the key exchange algorithm adopts the RSA algorithm, the ECC algorithm, or the IBC algorithm, the premaster secret key of the client needs to be encrypted by the public key in the server encryption certificate, and then transmitted to the server, and the server decrypts the premaster secret key by using its own encryption private key to obtain the plaintext premaster secret key, and then calculates the master secret key based on the premaster secret key. The dynamic PSK may also be used to enhance the security when the pre-master key is transmitted, for example, by adopting a dual encryption method, the dynamic PSK is used as the key first to encrypt the pre-master key first, and then the public key in the server-side encryption certificate is used to encrypt the pre-master key second. The server side firstly uses the own encryption private key for the first decryption and then uses the dynamic PSK for the second decryption, so that the premaster secret key of the plaintext can be obtained.
The key exchange process in the scheme of combining quantum security technology and cryptographic SSL VPN in this disclosure is described in detail with reference to fig. 2.
The existing scheme combining quantum security technology and national security SSL VPN mainly comprises two schemes.
One is to concentrate the PQC algorithm in the TLS protocol and mix the PQC algorithm with the ECDHE algorithm in the protocol. This way of integrating quantum security technology in TLS protocol is more computationally expensive and the public key is usually larger, which reduces the performance of the device and increases the delay of the protocol.
The other method is to introduce the quantum key generated by the QKD algorithm into the TLS protocol and perform exclusive OR processing on the quantum key and the shared key generated based on the ECDHE. The exclusive-or operation is reversible and therefore not very secure in this way.
The existing schemes only consider how to provide quantum security capability for the key exchange part, but do not consider how to provide quantum security capability for the identity authentication part.
Moreover, although the current cryptographic SSL VPN adopts the TLS1.1 protocol that does not support PSK, the TLS (secure transport layer protocol) protocol gradually introduces the characteristics of session recovery and 0-RTT during the process of continuous update, which further improve the performance of the TLS protocol, and an important mechanism for implementing these characteristics is PSK.
Therefore, it is an object of the present disclosure to add support for PSK features on top of the national SSL VPN, and to be used for identity authentication and key exchange. And secondly, generating dynamic PSK based on the quantum security key, and using a key derivative function in the process of using the dynamic PSK to generate a premaster key, thereby providing a key with high entropy and quantum security characteristic for a TLS protocol, and further providing quantum attack resisting capability for both key exchange and identity authentication of the national security SSL VPN.
Compared with the existing way of integrating quantum security technology in a protocol, the method provides another way, the quantum security key is executed outside the national Security Socket Layer (SSL) VPN device, and the negotiation of the quantum security key can adopt a PQC algorithm or a QKD technology or a mixture of the two technologies. After being generated, the quantum security key is dynamically introduced into an SSL/TLS protocol in a PSK mode by taking an out-of-band symmetric key as the PSK, and then a key derivation function is used for participating in the calculation of the main key, so that the problem that an encryption certificate based on an ECDHE algorithm or an SM2 algorithm does not resist quantum attack is solved. Meanwhile, identity authentication is carried out based on dynamic PSK, and the problem that quantum attack cannot be resisted when identity authentication is carried out on a signature certificate based on SM2 algorithm can be solved.
Because the national secret SSL VPN is based on the TLS1.1 version at present and does not support the PSK characteristic, in order to support the PSK characteristic based on the TLS1.1 version, the PSK characteristic needs to be added to the TLS1.1 version according to standard specification documents such as RFC4279 and RFC 5489. Secondly, in the future, the national security SSL VPN also needs to be upgraded to a TLS protocol of an updated version, with the fact that PSK plays more and more important roles in TLS1.2 and TLS1.3 versions, quantum security and the TLS protocol are combined based on the PSK, and the security and performance can be improved. For example, dynamic PSK provides a higher entropy value than static PSK, greatly improves security, solves the problem of the forward security that static PSK does not have, and can simultaneously exhibit high performance and high security under the characteristics of PSK-only and 0-RTT of TLS 1.3.
In summary, the TLS1.1 protocol of the national security SSL VPN disclosed in the present disclosure adds the characteristic of external PSK according to the existing specification, and the application may import the quantum security key into the TLS1.1 protocol as dynamic PSK by using an out-of-band key import method. The secure key with the out-of-band quantum realizes dynamic PSK, and provides high entropy and forward security compared with static PSK. The generation of dynamic PSK, and the mixing with premaster or master keys, are based on key derivation, which is more secure than xor. The dynamic PSK based on quantum security is combined with the TLS protocol, the development direction of the TLS protocol is met, and the dynamic PSK can simultaneously improve the security and performance of the TLS protocol.
The present disclosure may have at least the following advantages over the prior art.
1. When the quantum security key is mixed with the ECDHE algorithm, since the exclusive-or operation is reversible and the PRF (used in TLS1.1 or TLS 1.2) or HKDF function (used in TLS 1.3) is irreversible, the pre-shared key obtained based on the key derivation function of PRF or HKDF can provide higher security compared to the exclusive-or calculation.
2. The dynamic PSK is obtained in an out-of-band key mode, performance problems caused by the fact that a PQC algorithm is integrated in a protocol to negotiate quantum security keys are avoided, and the method is suitable for the situations that hardware performance is limited and is more suitable for data center scenes.
3. At present, the national secret SSL VPN still adopts the TLS1.1 protocol, and in the subsequent TLS1.2 and 1.3 versions, PSK application is further developed, which plays an important role in improving the performance of the TLS protocol. Considering that the national secret SSL VPN needs further evolution in the future, the protocol needs to be upgraded to a higher version, and the support for PSK is indispensable. On the basis of a TLS1.1 protocol, the method realizes a mechanism of TLS _ PSK according to specifications of RFC4279, RFC5489 and the like, and supports an ECDHE _ PSK cipher suite. On one hand, the method follows the future development direction of the national secret SSL VPN. And secondly, the quantum security key and the PSK are combined, so that the static PSK realizes the dynamic characteristic, the PSK has forward security, and the problems that the PSK has low entropy value and does not have forward security in a TLS protocol are solved. On the other hand, quantum security capability is provided for the TLS protocol in two parts of key exchange and identity authentication. Moreover, the quantum security key is integrated in the TLS protocol in a PSK mode, and the existing specification is slightly changed.
The present disclosure also provides a communication system. The communication system may include a first party and a second party. The first communication party and the second communication party can communicate by using a remote access technology based on a TLS protocol, such as a national Security Socket Layer (SSL) Virtual Private Network (VPN) communication. The first communication party and/or the second communication party may perform the communication method described above with reference to fig. 1 and fig. 2, generate a master key required for the first communication party and the second communication party to communicate, and/or perform authentication, so as to perform key exchange and/or identity authentication, so that both the key exchange and the identity authentication have the capability of resisting quantum computer attacks.
Fig. 3 shows a schematic structural diagram of a computing device that can be used to implement the above communication method according to an embodiment of the present disclosure.
Referring to fig. 3, computing device 300 includes memory 310 and processor 320.
Processor 320 may be a multi-core processor or may include multiple processors. In some embodiments, processor 320 may include a general-purpose host processor and one or more special coprocessors such as a Graphics Processor (GPU), a Digital Signal Processor (DSP), or the like. In some embodiments, processor 320 may be implemented using custom circuitry, such as an Application Specific Integrated Circuit (ASIC) or a Field Programmable Gate Array (FPGA).
The memory 310 may include various types of storage units, such as system memory, read Only Memory (ROM), and permanent storage. Wherein the ROM may store static data or instructions for the processor 320 or other modules of the computer. The persistent storage device may be a read-write storage device. The persistent storage may be a non-volatile storage device that does not lose stored instructions and data even after the computer is powered off. In some embodiments, the persistent storage device employs a mass storage device (e.g., magnetic or optical disk, flash memory) as the persistent storage device. In other embodiments, the permanent storage may be a removable storage device (e.g., floppy disk, optical drive). The system memory may be a read-write memory device or a volatile read-write memory device, such as a dynamic random access memory. The system memory may store instructions and data that some or all of the processors require at runtime. Further, the memory 310 may comprise any combination of computer-readable storage media, including various types of semiconductor memory chips (DRAM, SRAM, SDRAM, flash memory, programmable read-only memory), magnetic and/or optical disks, may also be employed. In some embodiments, memory 310 may include a removable storage device that is readable and/or writable, such as a Compact Disc (CD), a digital versatile disc read only memory (e.g., DVD-ROM, dual layer DVD-ROM), a Blu-ray disc read only memory, an ultra-dense optical disc, flash memory cards (e.g., SD, min SD, micro-SD, etc.), a magnetic floppy disk, and the like. Computer-readable storage media do not contain carrier waves or transitory electronic signals transmitted by wireless or wired means.
The memory 310 has stored thereon executable code that, when processed by the processor 320, causes the processor 320 to perform the communication methods described above.
The communication method and system according to the present disclosure have been described in detail above with reference to the accompanying drawings.
Furthermore, the method according to the present disclosure may also be implemented as a computer program or computer program product comprising computer program code instructions for performing the above-mentioned steps defined in the above-mentioned method of the present disclosure.
Alternatively, the present disclosure may also be embodied as a non-transitory machine-readable storage medium (or computer-readable storage medium, or machine-readable storage medium) having stored thereon executable code (or a computer program, or computer instruction code) which, when executed by a processor of an electronic device (or computing device, server, etc.), causes the processor to perform the various steps of the above-described method according to the present disclosure.
Those of skill would further appreciate that the various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the disclosure herein may be implemented as electronic hardware, computer software, or combinations of both.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems and methods according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Having described embodiments of the present disclosure, the foregoing description is intended to be exemplary, not exhaustive, and not limited to the disclosed embodiments. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments. The terminology used herein is chosen in order to best explain the principles of the embodiments, the practical application, or improvements made to the technology in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein.

Claims (13)

1. A method of communication, comprising:
obtaining a quantum security key;
obtaining a pre-shared key based on the quantum secure key;
leading the pre-shared secret key into a secure transport layer protocol; and
in the secure transport layer protocol, a master key is generated based on the pre-shared key and/or authentication is performed based on the pre-shared key.
2. The method of claim 1, wherein,
and obtaining a quantum security key by the application participating in the communication, and obtaining a pre-shared key based on the quantum security key.
3. The method of claim 1, wherein deriving a pre-shared key based on the quantum security key comprises:
and carrying out key derivation processing on the quantum secure key to obtain the pre-shared key.
4. The method of claim 3, wherein,
the key derivation processing includes processing the quantum secure key using a key derivation function based on a hash operation message authentication code.
5. The method of claim 1, wherein,
the quantum secure key is provided for both communication parties through quantum secure key service.
6. The method of claim 1, wherein the step of obtaining a quantum security key comprises:
acquiring a plurality of quantum security keys and key identifications corresponding to the quantum security keys;
caching the obtained multiple quantum security keys and key identifications corresponding to the quantum security keys; and
and performing key synchronization between the two communication parties by using the key identification whenever a new quantum security key is needed, so that the two communication parties use the same group of quantum security keys.
7. The method of claim 1, wherein generating a master key based on the pre-shared key comprises:
and obtaining a pre-master key based on the pre-shared key and the private information, and obtaining a master key based on the pre-master key.
8. The method of claim 7, wherein the private information comprises:
a public key and a temporary public key obtained from an encryption certificate of a communication counterpart and an encryption private key and a temporary private key of the own; or alternatively
A random number from the communication partner and a random number generated by the present party.
9. The method of claim 7, wherein deriving a master key based on the premaster secret comprises:
obtaining a master key by using a key derivation algorithm based on the premaster key, a random number from a communication opposite side and a random number generated by the party; or
And obtaining a master key by using a key derivation algorithm based on the pre-master key, a random number from a communication opposite side, a random number generated by the side and the pre-shared key.
10. A communication system comprising a first party and a second party,
the first communication party and/or the second communication party generate a master key required for the first communication party and the second communication party to communicate and/or authenticate by the method according to any one of claims 1 to 9.
11. A computing device, comprising:
a processor; and
a memory having executable code stored thereon, which when executed by the processor, causes the processor to perform the method of any of claims 1 to 9.
12. A computer program product comprising executable code which, when executed by a processor of an electronic device, causes the processor to perform the method of any of claims 1 to 9.
13. A non-transitory machine-readable storage medium having stored thereon executable code, which when executed by a processor of an electronic device, causes the processor to perform the method of any of claims 1-9.
CN202210707201.XA 2022-06-21 2022-06-21 Communication method and system Pending CN115314189A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210707201.XA CN115314189A (en) 2022-06-21 2022-06-21 Communication method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210707201.XA CN115314189A (en) 2022-06-21 2022-06-21 Communication method and system

Publications (1)

Publication Number Publication Date
CN115314189A true CN115314189A (en) 2022-11-08

Family

ID=83854959

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210707201.XA Pending CN115314189A (en) 2022-06-21 2022-06-21 Communication method and system

Country Status (1)

Country Link
CN (1) CN115314189A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116582265A (en) * 2023-07-12 2023-08-11 北京信安世纪科技股份有限公司 Key negotiation method and key negotiation system
WO2024119847A1 (en) * 2022-12-06 2024-06-13 上海哔哩哔哩科技有限公司 Communication establishment method and system

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024119847A1 (en) * 2022-12-06 2024-06-13 上海哔哩哔哩科技有限公司 Communication establishment method and system
CN116582265A (en) * 2023-07-12 2023-08-11 北京信安世纪科技股份有限公司 Key negotiation method and key negotiation system
CN116582265B (en) * 2023-07-12 2023-10-20 北京信安世纪科技股份有限公司 Key negotiation method and key negotiation system

Similar Documents

Publication Publication Date Title
JP7119040B2 (en) Data transmission method, device and system
US11108565B2 (en) Secure communications providing forward secrecy
US11601407B2 (en) Fast oblivious transfers
US10785019B2 (en) Data transmission method and apparatus
US11985239B2 (en) Forward secrecy in transport layer security (TLS) using ephemeral keys
TWI748853B (en) Secure multiparty loss resistant storage and transfer of cryptographic keys for blockchain based systems in conjunction with a wallet management system
CN107005413B (en) Efficient initiation of secure connections and related services
US6125185A (en) System and method for encryption key generation
US8429408B2 (en) Masking the output of random number generators in key generation protocols
US20170244687A1 (en) Techniques for confidential delivery of random data over a network
CN111404950B (en) Information sharing method and device based on block chain network and related equipment
TWI807125B (en) Computer implemented system and method for distributing shares of digitally signed data
US20200195446A1 (en) System and method for ensuring forward & backward secrecy using physically unclonable functions
CN115314189A (en) Communication method and system
US10291600B2 (en) Synchronizing secure session keys
TWI807103B (en) Computer implemented system and method for sharing a common secret
EP3576340B1 (en) Modular key exchange for key agreement and optional authentication
JP2020532177A (en) Computer-implemented systems and methods for advanced data security, high-speed encryption, and transmission
WO2023231817A1 (en) Data processing method and apparatus, and computer device and storage medium
TW202232913A (en) Generating shared keys
Hazra et al. A hybrid cryptosystem of image and text files using blowfish and Diffie-Hellman techniques
WO2020042023A1 (en) Instant messaging data encryption method and apparatus
CN111756537B (en) Two-party cooperative decryption method, system and storage medium based on SM2 standard
CN116668011A (en) Protection, use and decryption method and system for cooperative key of cooperative key system
US20220385453A1 (en) Secure file transfer

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination