CN116017451A - IPv6 terminal identity authentication method utilizing 5G NR physical layer information - Google Patents

IPv6 terminal identity authentication method utilizing 5G NR physical layer information Download PDF

Info

Publication number
CN116017451A
CN116017451A CN202211652394.XA CN202211652394A CN116017451A CN 116017451 A CN116017451 A CN 116017451A CN 202211652394 A CN202211652394 A CN 202211652394A CN 116017451 A CN116017451 A CN 116017451A
Authority
CN
China
Prior art keywords
key
identity authentication
channel estimation
received
tag
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211652394.XA
Other languages
Chinese (zh)
Inventor
赵闪
季朗
王宇飞
艾璐
李颖
卜哲
靳文京
郑学欣
刘彦龙
黄晖
张煜
杨洋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xingtang Telecommunication Technology Co ltd
Beijing University of Posts and Telecommunications
China Academy of Information and Communications Technology CAICT
China United Network Communications Corp Ltd Zhejiang Branch
Original Assignee
Xingtang Telecommunication Technology Co ltd
Beijing University of Posts and Telecommunications
China Academy of Information and Communications Technology CAICT
China United Network Communications Corp Ltd Zhejiang Branch
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xingtang Telecommunication Technology Co ltd, Beijing University of Posts and Telecommunications, China Academy of Information and Communications Technology CAICT, China United Network Communications Corp Ltd Zhejiang Branch filed Critical Xingtang Telecommunication Technology Co ltd
Priority to CN202211652394.XA priority Critical patent/CN116017451A/en
Publication of CN116017451A publication Critical patent/CN116017451A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses an IPv6 terminal identity authentication method utilizing 5GNR physical layer information, belonging to the field of wireless communication security. Firstly, constructing a mobile safety communication system model with an eavesdropper; then, the legal communication parties send detection signals to each other so as to perform channel estimation on the communication channel, and then perform decorrelation processing on the channel estimation matrix; the legal communication parties respectively carry out joint quantization on the phase and the amplitude of the channel estimation matrix which is subjected to the decorrelation processing; the legal communication parties generate a consistent secret key in a privacy coordination mode based on the BCH error correction code; the legal communication parties respectively carry out hash sequence transformation on the obtained consistent secret keys to obtain final secret keys; the legal sender generates an identity authentication tag through hash transformation according to the generated secret key and information source information to be transmitted, and sends the identity authentication tag and the information source information together; and the legal receiver compares the identity authentication label generated by hash conversion according to the received information source information and the generated secret key with the received identity authentication label to finish the authentication process. The invention effectively resists active attack, does not have the problem of incompatibility with the underlying network, solves the security leakage risk brought by key distribution management, and enhances the security of the system.

Description

IPv6 terminal identity authentication method utilizing 5G NR physical layer information
Technical Field
The invention belongs to the field of wireless communication security, and particularly relates to an IPv6 terminal identity authentication method utilizing 5G NR physical layer information.
Background
In recent years, due to popularization of mobile devices and development of the internet of things, the address of IPv4 is exhausted, and the requirement of the internet of things for one address cannot be met, so that the IPv4 network is gradually evolving to the IPv6 network. Since mobile devices and internet of things terminals typically deploy common open spaces, these open spaces are typically accessed using wireless networks. However, due to the nature of the openness of wireless networks, there are tremendous security vulnerabilities in wireless communication systems. Most existing wireless communication systems ensure the legitimacy of an access user by authenticating a target through an identity authentication mechanism, so identity authentication is an important problem in wireless communication.
The present identity authentication method is divided into two schemes of passive authentication and active authentication. In the passive authentication scheme, the receiving and transmitting end authenticates according to the physical layer information of the received signal, such as radio frequency characteristics, channel characteristics and the like. Neither of the transmit and receive ends modifies the source signal. However, the passive authentication scheme has many problems in practical applications. First, the physical distance between the transceiver ends needs to be over half a wavelength to ensure that the channel characteristics are independent of each other. Secondly, the passive authentication scheme needs a safe training phase, and the safety of the training phase needs to be realized by an upper layer mechanism, so that the time delay is large. The active scheme uses a more complex authentication mechanism, does not need upper equipment to participate, and can solve part of problems existing in the passive scheme. The active authentication scheme comprises two stages of key generation and information transmission. The transmitting and receiving end first generates a shared key and a public key using a key generation algorithm. Then, the transmitting end uses the shared key and the information source information to generate a tag (tag) for identity authentication. The sending end modifies the information source information by using the generated tag and simultaneously transmits the modified information source information and the tag to the receiving end. The receiving end recovers the secret key according to the received information source information and the tag and compares the secret key with the own shared secret key, so as to determine whether the received information comes from the legal transmitting end or not, and the identity authentication is completed. At present, the existing active authentication scheme mostly adopts a traditional key generation algorithm to generate tags, such as a Rivest-Shamir-Adleman (RSA) encryption algorithm and the like. However, the conventional key generation algorithm requires a legal distributor to distribute the public key and the shared key for legal receiving and transmitting ends, and the calculation complexity of the key generation algorithm is high and the communication delay is additionally increased in the distribution process. Furthermore, if the shared key of the transceiving pair is successfully eavesdropped, the security of the active authentication scheme using the conventional key generation algorithm will be completely disabled.
In order to solve the problems, the invention researches an active identity authentication scheme based on physical layer information. Physical layer information, such as channel information, between the transception-paired ends is shared and unique to the transception-paired ends, does not require additional distribution procedures, and cannot be broken by any increase in computational power. Therefore, the invention uses the physical layer information between the receiving and transmitting terminals to generate the tag to complete the identity authentication, thereby solving the problems of high calculation complexity and insufficient safety in the active authentication scheme.
[1].N.Yang,L.Wang,G.Geraci,M.Elkashlan,J.Yuan and M.Di Renzo,"Safeguarding 5G wireless communication networks using physical layer security,"in IEEE Communications Magazine,vol.53,no.4,pp.20-27,April 2015.
[2].N.Xie,Z.Li and H.Tan,"A Survey of Physical-Layer Authentication in Wireless Communications,"in IEEE Communications Surveys&Tutorials,vol.23,no.1,pp.282-310,Firstquarter 2021.
[3].X.Wang,P.Hao and L.Hanzo,"Physical-layer authentication for wireless security enhancement:current challenges and future developments,"in IEEE Communications Magazine,vol.54,no.6,pp.152-158,June 2016.
[4].N.Xie,C.Chen and Z.Ming,"Security Model ofAuthentication at the Physical Layer and PerformanceAnalysis over Fading Channels,"in IEEE Transactions on Dependable and Secure Computing,vol.18,no.1,pp.253-268,1Jan.-Feb.2021.
[5].I.Ahmad,S.Shahabuddin,T.Kumar,J.Okwuibe,A.Gurtov and M.Ylianttila,"Security for 5G and Beyond,"in IEEE Communications Surveys&Tutorials,vol.21,no.4,pp.3682-3722,Fourthquarter 2019.
Disclosure of Invention
Aiming at the problems, the invention provides a method for actively authenticating by utilizing physical layer information, which generates an identity authentication tag by jointly using amplitude phase channel information. The method simultaneously transmits the information source information and the identity authentication tag at the transmitting end, and effectively considers the advantages of information theory safety in active authentication and no need of key distribution management in passive authentication.
The specific steps are as follows:
step one, constructing a mobile communication system model with an eavesdropper;
the system model includes an eavesdropper E and two having N T Root transmitting antenna, N R Legal communication parties A and B of the root receiving antenna, wherein the communication system is an orthogonal frequency division multiplexing (Orthogonal Frequency Division Multiplexing, OFDM) system and adopts a Time division duplexing (Time DivisionDuplex, TDD) mode;
the working flow of the whole system is as follows: 1) A sends pilot signals to B, B receives the pilot signals sent by A and carries out channel estimation to the pilot signals to obtain a channel estimation result, B sends pilot signals to A, A receives the pilot signals sent by B and carries out channel estimation to the pilot signals to obtain a channel estimation result; 2) A and B respectively carry out space and frequency decorrelation processing on the respective channel estimation results, and A and B respectively quantize the amplitude and the phase of the channel estimation results after the respective decorrelation processing; 3) A carries out Bose-Chaudhuri-Hocquenghem (BCH) coding on the result after own quantization, sends an error correction code after BCH coding to B, B carries out BCH coding on the result after own quantization, uses the received error correction code of the A side to correct the own coding, and A carries out Hash transformation on the result after own quantization to obtain a final key; b, carrying out hash change on the result after error correction of the own party to obtain a final secret key; 4) A, generating an identity authentication tag by carrying out hash transformation on a message to be sent and a secret key held by the A, wherein the A simultaneously sends information source information and the identity authentication tag to the B, and the B generates the identity authentication tag according to the received information source information and the secret key held by the B; 5) And B, comparing the generated identity authentication tag with the received identity authentication tag to finish the authentication process.
Step two, the A and the B mutually send detection signals and respectively carry out channel estimation;
the method comprises the following specific steps:
step 201, A sends a probe signal P occupying M Resource Blocks (RBs) to B A Wherein the sounding signal is a demodulation reference signal (Demodulation Reference Signal, DMRS) of type 1 configured in a third generation partnership project (3rd Generation Partnership Project,3GPP) protocol;
step 202, B receives corresponding probe signals on the RB of the A transmission
Figure BDA0004011125590000031
Figure BDA0004011125590000032
/>
wherein ,HA To detect signal P A Channel conditions experienced during transmission, wherein
Figure BDA0004011125590000033
K represents the number of subcarriers occupied by the detection signal; n (N) A Zero mean, variance ∈>
Figure BDA0004011125590000034
Is white gaussian noise;
step 203, B for the received probe signal
Figure BDA0004011125590000035
And (3) carrying out Least Square (LS) channel estimation, wherein the specific estimation mode is as follows:
Figure BDA0004011125590000036
wherein ,
Figure BDA0004011125590000037
for the channel estimate received by B with respect to when a transmits the probe, I.I 2 Squaring operation representing two norms;
Step 204, B sends detection signals P occupying M RBs to A B Wherein the probing signal is a DMRS of configuration type 1;
step 205, B receives the corresponding probe signal on the RB of the A transmission
Figure BDA0004011125590000038
Figure BDA0004011125590000039
wherein ,HB To detect signal P B Channel conditions experienced during transmission, wherein
Figure BDA0004011125590000041
K represents the number of subcarriers occupied by the detection signal; n (N) B Zero mean, variance ∈>
Figure BDA0004011125590000042
White gaussian noise of (c), and N B And N A Is independent uncorrelated gaussian white noise;
step 206, A for the received probe signal
Figure BDA0004011125590000043
LS channel estimation is carried out by the following specific estimation modes:
Figure BDA0004011125590000044
wherein ,
Figure BDA0004011125590000045
channel estimation for a received with respect to B when transmitting the probe signal;
step three, the legal communication parties respectively carry out decorrelation processing on the estimated channel matrix, and respectively carry out joint quantization on the phase and the amplitude of the channel estimation matrix subjected to the decorrelation processing;
steps 301, a and B are directed to the respective channel estimation results
Figure BDA0004011125590000046
And solving the spatial correlation among the antennas, wherein the method comprises the following specific operations:
Figure BDA0004011125590000047
Figure BDA0004011125590000048
wherein ,hA,::k ,h B,::k Representation of
Figure BDA0004011125590000049
Channel estimation result in case of a third dimensional determination of +.>
Figure BDA00040111255900000410
Respectively represent h A,::k and hB,::k Is a conjugate transpose of (2);
steps 302, a and B are for R s,A ,R s,B Eigenvalue decomposition (Eigenvalue Decomposition, EVD) is performed as follows:
Figure BDA00040111255900000411
Figure BDA00040111255900000412
step 303, a and B perform spatial decorrelation on the channel estimation result by using the eigenvalue vectors obtained by the EVD in step 302, which specifically includes the following steps:
Figure BDA00040111255900000413
Figure BDA00040111255900000414
wherein K are h A,::k ,h B,::k Composition H 'in the order of k' A ,H′ B
Steps 304, a and B calculate frequency correlation for the result of the spatial decorrelation performed in step 303, and the specific operations are as follows:
Figure BDA0004011125590000051
Figure BDA0004011125590000052
wherein ,h′A,ij: and h′B,ij: Represents H' A and H′B Is a two-dimensional vector determined from the first two dimensions of (a),
Figure BDA0004011125590000053
and />
Figure BDA0004011125590000054
Represents h' A,ij: and h′B,ij: Is a conjugate transpose of (2);
steps 305, a and B are for R f,A ,R f,B The characteristic value decomposition is carried out, and the specific operation is as follows:
Figure BDA0004011125590000055
Figure BDA0004011125590000056
steps 306, a and B are performed on H 'using the eigenvalue vectors obtained by EVD in step 305, respectively' A ,H′ B A frequency decorrelation is performed such that,the specific operation is as follows:
Figure BDA0004011125590000057
Figure BDA0004011125590000058
wherein ,hA,ij: ,h B,ij: Composition H in the order of i, j A ,H B
Step 307, H obtained according to step three 306 A and HB To calculate the phase on each subcarrier, the specific operations are as follows:
Figure BDA0004011125590000059
Figure BDA00040111255900000510
wherein ,
Figure BDA00040111255900000511
representing estimated channel phases of a and B, respectively;
step 308, for Pha obtained in step 307 A ,Pha B The 01 bit quantization is performed as follows:
if Pha A (k)∈(10,80),key A (k,:)=[0 0];
If Pha A (k)∈(110,170),key A (k,:)=[0 1];
If Pha A (k)∈(-80,-10),key A (k,:)=[1 0];
If Pha A (k)∈(-170,-110),key A (k,:)=[1 1];
If Pha B (k)∈(10,80),key B (k,:)=[0 0];
If Pha B (k)∈(110,170),key B (k,:)=[0 1];
If Pha B (k)∈(-80,-10),key B (k,:)=[1 0];
If Pha B (k)∈(-170,-110),key B (k,:)=[1 1];
Will key A ,key B Rearranging in line order to generate phase key information keyPha A ,keyPha B Wherein the key Pha A
Figure BDA0004011125590000061
Figure BDA0004011125590000062
Representing a binary field, m being the number of phases that fit into the range of the phase interval;
step 309, H obtained according to step three 306 A and HB Binary quantization is carried out on the real part of the key to obtain the key information key mag A And keyMag B The specific operation is as follows:
Figure BDA0004011125590000063
if real (H) A )>a, and real (H A )>mean+α,keyMag A [i]=1
If real (H) A )>a, and real (H A )<mean-α,keyMag A [i]=0
Figure BDA0004011125590000064
If real (H) B )>a, and real (H B )>mean+α,keyMag B [i]=1
If real (H) B )>a, and real (H B )<mean-α,keyMag B [i]=0
Where a=1, intended to remove too small a value, increase randomness, α represents a quantization threshold;
step 310, A and B splice together the phase key information and the amplitude key information, respectively, to generate an initial key keyInit A And keyInit B
keyInit A =[keyPha A ;keyMag A ]
keyInit B =[keyPha B ;keyMag B ]
Generating a final secret key by legal communication parties through a privacy coordination mode and privacy amplification based on a BCH error correction code;
step 401, A uses error correction code generated by BCH code, and sends error correction code bits to B;
step 402, B carries out error correction according to the code generated by the BCH code and by using the error correction code pair sent by the received A, and the error correction code is assumed not to be in error in the process of sending the error correction code;
step 403, repeating steps 401 and 402 until the keys of the two parties are consistent, and obtaining a consistent key K by A and B;
step 404, A and B respectively perform hash sequence transformation on the obtained consistent secret key to obtain a final secret key K fin
Generating and transmitting an identity authentication label by a legal sender A, and generating the identity authentication label by a legal receiver B;
step 501, a sends information source information x according to need A And key K fin Generating a transmitted identity authentication tag through hash transformation A
tag A =Hash(x A ,K fin )
Wherein, hash (·) is Hash transformation;
step 502, a sends a message msg composed of an identity authentication tag coded by a BCH and information source information;
msg=Bchenc(x A ,tag A )
wherein Bchenc (·) is a BCH code;
step 503, B vs. received
Figure BDA0004011125590000071
Performing BCH decoding;
Figure BDA0004011125590000072
wherein Bchdec (·) is BCH coding,
Figure BDA0004011125590000073
source information estimated for B, +.>
Figure BDA0004011125590000074
An identity authentication tag of A estimated for B;
step 504, B according to the received
Figure BDA0004011125590000075
And key K fin Generating an identity tag B
Figure BDA0004011125590000076
Step six, the receiver compares the received identity authentication label with the identity authentication label generated by the receiver one by one, and calculates the successful authentication rate and the false alarm probability;
step seven, a label is generated between legal communication parties through the step five to the step six by using a fixed key, the keys generated based on physical layer information used in the step five and the step six are replaced by the keys inherent to the two parties, and the successful authentication rate and the false alarm probability are calculated;
step eight, when a third party illegal user E exists, the third party illegal user E is accessed to a legal receiver B in a mode of trying to forge an identity authentication label;
step 801, E generates identity authentication tag using random guessed key E
Step 802, E has a certain background knowledge to the key held by B, E generates a key according to the background knowledge of the existing key 1 Using keys 1 Generating tag E1
803, B, comparing the received identity authentication label with the identity authentication label generated by the user bit by bit, and calculating the successful authentication rate of E;
the invention has the advantages that:
1. an IPv6 terminal identity authentication method utilizing 5G NR physical layer information effectively resists active attack of illegal users;
2. an IPv6 terminal identity authentication method utilizing 5G NR physical layer information effectively solves the problem of physical layer incompatibility possibly existing in upper layer authentication;
3. an IPv6 terminal identity authentication method utilizing 5G NR physical layer information effectively solves the problem of distribution and management of keys in an active authentication scheme;
drawings
FIG. 1 is a typical physical layer security system model of the present invention;
FIG. 2 is a process flow of the security scheme of the present invention;
FIG. 3 is a flow chart of an IPv6 terminal identity authentication method utilizing 5GNR physical layer information;
FIG. 4 is a graph of false alarm probabilities of a legitimate sender under different authentication thresholds in the present invention;
FIG. 5 is a graph of probability of successful authentication of a third party under different authentication thresholds in the present invention;
FIG. 6 is a graph of the successful authentication rate of a third party with different key backdrop in the present invention;
Detailed Description
In order to make the understanding and implementation of the present invention more clear to those skilled in the art, a technical solution of an embodiment of the present invention will be described in detail below by way of specific embodiments with reference to the accompanying drawings.
The invention relates to an IPv6 terminal identity authentication method utilizing 5GNR physical layer information, wherein a communication scene model is shown in figure 1, a system realization block diagram is shown in figure 2, a user A and a user B mutually send detection signals to detect channels, and the characteristics of the channels between two communication parties are extracted from the detection signals; a and B respectively quantize channel characteristics; then privacy coordination is carried out on the quantized results by the two parties, so that the consistency of keys generated by the two parties is improved; a and B respectively carry out privacy amplification operation on the secret key, so that the security of the secret key generated by both parties is improved; a generates an identity authentication tag according to the generated secret key and the transmitted information source information through hash transformation, and transmits the identity authentication tag and the information source information to B; b, generating an authentication tag through hash transformation according to the received information source information and the generated secret key; and B, comparing the received label with the generated label.
As shown in fig. 3, the specific steps of the present invention are:
step one, constructing a mobile communication system model with an eavesdropper;
the system model includes an eavesdropper E and two having N T Root transmitting antenna, N R Legal communication parties A and B of the root receiving antenna, wherein the communication system is an orthogonal frequency division multiplexing (Orthogonal Frequency Division Multiplexing, OFDM) system and adopts a time division duplexing (Time Division Duplex, TDD) mode;
the working flow of the whole system is as follows: 1) A sends pilot signals to B, B receives the pilot signals sent by A and carries out channel estimation to the pilot signals to obtain a channel estimation result, B sends pilot signals to A, A receives the pilot signals sent by B and carries out channel estimation to the pilot signals to obtain a channel estimation result; 2) A and B respectively carry out space and frequency decorrelation processing on the respective channel estimation results, and A and B respectively quantize the amplitude and the phase of the channel estimation results after the respective decorrelation processing; 3) A carries out BCH coding on the quantized result of the own party, sends an error correction code after BCH coding to B, B carries out BCH coding on the quantized result of the own party, uses the received error correction code of the own party to correct the own code, and A carries out Hash transformation on the quantized result of the own party to obtain a final secret key; b, carrying out hash change on the result after error correction of the own party to obtain a final secret key; 4) A, generating an identity authentication tag by carrying out hash transformation on a message to be sent and a secret key held by the A, wherein the A simultaneously sends information source information and the identity authentication tag to the B, and the B generates the identity authentication tag according to the received information source information and the secret key held by the B; 5) And B, comparing the generated identity authentication tag with the received identity authentication tag to finish the authentication process.
Step two, the A and the B mutually send detection signals and respectively carry out channel estimation;
the method comprises the following specific steps:
step 201, a sends a probe signal P occupying M RBs to B A The detection signal is configured as DMRS of type 1 in 3GPP protocol;
step 202, B receives corresponding probe signals on the RB of the A transmission
Figure BDA0004011125590000091
Figure BDA0004011125590000092
wherein ,HA To detect signal P A Channel conditions experienced during transmission, wherein
Figure BDA0004011125590000093
K represents the number of subcarriers occupied by the detection signal; n (N) A Zero mean, variance ∈>
Figure BDA0004011125590000094
Is white gaussian noise;
step 203, B for the received probe signal
Figure BDA0004011125590000095
LS channel estimation is carried out by the following specific estimation modes:
Figure BDA0004011125590000096
wherein ,
Figure BDA0004011125590000097
for the channel estimate received by B with respect to when a transmits the probe, I.I 2 Square operation representing two norms;
step 204, B sends detection signals P occupying M RBs to A B Wherein the probing signal is a DMRS of configuration type 1;
step 205, B receives the corresponding probe signal on the RB of the A transmission
Figure BDA0004011125590000098
Figure BDA0004011125590000099
wherein ,HB To detect signal P B Channel conditions experienced during transmission, wherein
Figure BDA00040111255900000910
K represents the number of subcarriers occupied by the detection signal; n (N) B Zero mean, variance ∈>
Figure BDA00040111255900000911
White gaussian noise of (c), and N B And N A Is independent uncorrelated gaussian white noise;
step 206, A for the received probe signal
Figure BDA00040111255900000912
LS channel estimation is carried out by the following specific estimation modes:
Figure BDA00040111255900000913
wherein ,
Figure BDA0004011125590000101
channel estimation for a received with respect to B when transmitting the probe signal;
step three, the legal communication parties respectively carry out decorrelation processing on the estimated channel matrix, and respectively carry out joint quantization on the phase and the amplitude of the channel estimation matrix subjected to the decorrelation processing;
steps 301, a and B are directed to the respective channel estimation results
Figure BDA0004011125590000102
And solving the spatial correlation among the antennas, wherein the method comprises the following specific operations:
Figure BDA0004011125590000103
Figure BDA0004011125590000104
wherein ,hA,::k ,h B,::k Representation of
Figure BDA0004011125590000105
Channel estimation result in case of a third dimensional determination of +.>
Figure BDA0004011125590000106
Respectively represent h A,::k and hB,::k Is a conjugate transpose of (2);
steps 302, a and B are for R s,A ,R s,B The characteristic value decomposition is carried out, and the specific operation is as follows:
Figure BDA0004011125590000107
Figure BDA0004011125590000108
step 303, a and B perform spatial decorrelation on the channel estimation result by using the eigenvalue vectors obtained by the EVD in step 302, which specifically includes the following steps:
Figure BDA0004011125590000109
Figure BDA00040111255900001010
wherein K are h A,::k ,h B,::k Composition H 'in the order of k' A ,H′ B
Steps 304, a and B calculate frequency correlation for the result of the spatial decorrelation performed in step 303, and the specific operations are as follows:
Figure BDA00040111255900001011
Figure BDA00040111255900001012
wherein ,h′A,ij: and h′B,ij: Represents H' A and H′B Is a two-dimensional vector determined from the first two dimensions of (a),
Figure BDA00040111255900001013
represents h' A,ij: and h′B,ij: Is a conjugate transpose of (2);
steps 305, a and B are for R f,A ,R f,B The characteristic value decomposition is carried out, and the specific operation is as follows:
Figure BDA0004011125590000111
/>
Figure BDA0004011125590000112
steps 306, a and B are performed on H 'using the eigenvalue vectors obtained by EVD in step 305, respectively' A ,H′ B Frequency decorrelation is performed, and the specific operation is as follows:
Figure BDA0004011125590000113
Figure BDA0004011125590000114
wherein ,hA,ij: ,h B,ij: Composition H in the order of i, j A ,H B
Step 307, H obtained according to step three 306 A and HB To calculate the phase on each subcarrier, the specific operations are as follows:
Figure BDA0004011125590000115
Figure BDA0004011125590000116
wherein ,
Figure BDA0004011125590000117
representing estimated channel phases of a and B, respectively;
step 308, for Pha obtained in step 307 A ,Pha B The 01 bit quantization is performed as follows:
if Pha A (k)∈(10,80),key A (k,:)=[0 0];
If Pha A (k)∈(110,170),key A (k,:)=[0 1];
If Pha A (k)∈(-80,-10),key A (k,:)=[1 0];
If Pha A (k)∈(-170,-110),key A (k,:)=[1 1];
If Pha B (k)∈(10,80),key B (k,:)=[0 0];
If Pha B (k)∈(110,170),key B (k,:)=[0 1];
If Pha B (k)∈(-80,-10),key B (k,:)=[1 0];
If Pha B (k)∈(-170,-110),key B (k,:)=[1 1];
Will key A ,key B Rearranging in line order to generate phase key information keyPha A ,keyPha B Wherein the key Pha A
Figure BDA0004011125590000118
Figure BDA0004011125590000119
Representing a binary field, m being the number of phases that fit into the range of the phase interval;
step 309, H obtained according to step three 306 A and HB Binary quantization is carried out on the real part of the key to obtain the key information key mag A And keyMag B The specific operation is as follows:
Figure BDA0004011125590000121
if real (H) A )>a, and real (H A )>mean+α,keyMag A [i]=1
If real (H) A )>a, and real (H A )<mean-α,keyMag A [i]=0
Figure BDA0004011125590000122
If real (H) B )>a, and real (H B )>mean+α,keyMag B [i]=1
If real (H) B )>a, and real (H B )<mean-α,keyMag B [i]=0
Where a=1, intended to remove too small a value, increase randomness, α represents a quantization threshold;
step 310, A and B splice together the phase key information and the amplitude key information, respectively, to generate an initial key keyInit A And keyInit B
keyInit A =[keyPha A ;keyMag A ]
keyInit B =[keyPha B ;keyMag B ]
Generating a final secret key by legal communication parties through a privacy coordination mode and privacy amplification based on a BCH error correction code;
step 401, A uses error correction code generated by BCH code, and sends error correction code bits to B;
step 402, B carries out error correction according to the code generated by the BCH code and by using the error correction code pair sent by the received A, and the error correction code is assumed not to be in error in the process of sending the error correction code;
step 403, repeating steps 401 and 402 until the keys of the two parties are consistent, and obtaining a consistent key K by A and B;
step 404, A and B respectively perform hash sequence transformation on the obtained consistent secret key to obtain a final secret key K fin
Generating and transmitting an identity authentication label by a legal sender A, and generating the identity authentication label by a legal receiver B;
step 501, a sends information source information x according to need A And key K fin Generating a transmitted identity authentication tag through hash transformation A
tag A =Hash(x A ,K fin )
Wherein, hash (·) is Hash transformation;
step 502, a sends a message msg composed of an identity authentication tag coded by a BCH and information source information;
msg=Bchenc(x A ,tag A )
wherein Bchenc (·) is a BCH code;
step 503, B vs. received
Figure BDA0004011125590000123
Performing BCH decoding;
Figure BDA0004011125590000124
wherein Bchdec (·) is BCH coding,
Figure BDA0004011125590000131
source information estimated for B, +.>
Figure BDA0004011125590000132
An identity authentication tag of A estimated for B;
step 504, B according to the received
Figure BDA0004011125590000133
And key K fin Generating an identity tag B
Figure BDA0004011125590000134
Step six, the receiver compares the received identity authentication label with the identity authentication label generated by the receiver one by one, and calculates the successful authentication rate and the false alarm probability;
step seven, a label is generated between legal communication parties through the step five to the step six by using a fixed key, the keys generated based on physical layer information used in the step five and the step six are replaced by the keys inherent to the two parties, and the successful authentication rate and the false alarm probability are calculated;
step eight, when a third party illegal user E exists, the third party illegal user E is accessed to a legal receiver B in a mode of trying to forge an identity authentication label;
step 801, E generates identity authentication tag using random guessed key E
Step 802, E has a certain background knowledge to the key held by B, E generates a key according to the background knowledge of the existing key 1 Using keys 1 Generating tag E1
803, B, comparing the received identity authentication label with the identity authentication label generated by the user bit by bit, and calculating the successful authentication rate of E;
the invention uses a Tap Delay Line (TDL) channel simulation model defined in 3GPP protocol, and FIG. 4 shows the false alarm probability caused by legal user side under different authentication thresholds under different signal to noise ratio conditions. As can be seen from fig. 4, the false alarm probability decreases with increasing channel signal-to-noise ratio. Under the condition of poor signal-to-noise ratio of a channel, a legal user cannot pass authentication successfully, and the identity authentication labels held by the two legal users are large in difference due to the fact that the information source information received by the receiving party has more errors. When the authentication threshold is gradually increased, the false alarm probability caused by legal users is lower.
As shown in fig. 5, the third party generates the tag by randomly guessing the key between legal users, it can be seen from the figure that the lower the authentication threshold is, the fewer illegal users can pass authentication, and when the authentication threshold is 0.375, the third party can hardly pass authentication at all. However, in the conventional manner of performing physical layer active authentication by using a fixed key, the used key may be illegally stolen by a third party, thereby helping the third party complete the identity authentication process. As shown in fig. 6, at authentication threshold 0.375, some third parties may have passed the authentication process when they grasp that the key context exceeds 0.6. The method uses physical layer information to generate the secret key, adopts a one-time pad mode, avoids the leakage of the secret key and avoids a third party from accessing the network.
In summary, by implementing the authentication process of the tag generated by using the key generated by the physical layer information in the embodiment of the present invention, active attack can be resisted, upper layer intervention is not required in the existing authentication mode, and the problem of incompatibility of media between different networks is avoided; compared with the existing physical layer generated tag authentication method, the method and the device for generating the identity authentication tag by using the physical layer information generate the key required by generating the identity authentication tag, effectively avoid security leakage risks caused by key distribution and management operation in the existing method, and provide higher security performance.
While the foregoing is directed to the preferred embodiments of the present invention, it will be appreciated by those skilled in the art that changes and modifications may be made without departing from the principles of the invention, such changes and modifications are also intended to be within the scope of the invention.

Claims (1)

1. An IPv6 terminal identity authentication method utilizing 5GNR physical layer information comprises the following specific implementation steps:
step one, constructing a mobile communication system model with an eavesdropper;
the system model includes an eavesdropper E and two having N T Root transmitting antenna, N R Legal communication parties A and B of the root receiving antenna, wherein the communication system is an orthogonal frequency division multiplexing (Orthogonal Frequency Division Multiplexing, OFDM) system and adopts a time division duplexing (Time Division Duplex, TDD) mode;
the working flow of the whole system is as follows: 1) A sends pilot signals to B, B receives the pilot signals sent by A and carries out channel estimation to the pilot signals to obtain a channel estimation result, B sends pilot signals to A, A receives the pilot signals sent by B and carries out channel estimation to the pilot signals to obtain a channel estimation result; 2) A and B respectively carry out space and frequency decorrelation processing on the respective channel estimation results, and A and B respectively quantize the amplitude and the phase of the channel estimation results after the respective decorrelation processing; 3) A carries out Bose-Chaudhuri-Hocquenghem (BCH) coding on the result after own quantization, sends an error correction code after BCH coding to B, B carries out BCH coding on the result after own quantization, uses the received error correction code of the A side to correct the own coding, and A carries out Hash transformation on the result after own quantization to obtain a final key; b, carrying out hash change on the result after error correction of the own party to obtain a final secret key; 4) A, generating an identity authentication tag by carrying out hash transformation on a message to be sent and a secret key held by the A, wherein the A simultaneously sends information source information and the identity authentication tag to the B, and the B generates the identity authentication tag according to the received information source information and the secret key held by the B; 5) And B, comparing the generated identity authentication tag with the received identity authentication tag to finish the authentication process.
Step two, the A and the B mutually send detection signals and respectively carry out channel estimation;
the method comprises the following specific steps:
step 201, A sends a probe signal P occupying M Resource Blocks (RBs) to B A Wherein the sounding signal is a demodulation reference signal (Demodulation Reference Signal, DMRS) of type 1 configured in a third generation partnership project (3rd Generation Partnership Project,3GPP) protocol;
step 202, B receives corresponding probe signals on the RB of the A transmission
Figure QLYQS_1
Figure QLYQS_2
wherein ,HA To detect signal P A Channel conditions experienced during transmission, wherein
Figure QLYQS_3
K represents the number of subcarriers occupied by the detection signal; n (N) A Zero mean, variance ∈>
Figure QLYQS_4
Is white gaussian noise;
step 203, B for the received probe signal
Figure QLYQS_5
And (3) carrying out Least Square (LS) channel estimation, wherein the specific estimation mode is as follows:
Figure QLYQS_6
wherein ,
Figure QLYQS_7
for the channel estimate received by B with respect to when a transmits the probe, I.I 2 Square operation representing two norms;
step 204, direction B to ATransmitting a sounding signal P occupying M RBs B Wherein the probing signal is a DMRS of configuration type 1;
step 205, B receives the corresponding probe signal on the RB of the A transmission
Figure QLYQS_8
Figure QLYQS_9
wherein ,HB To detect signal P B Channel conditions experienced during transmission, wherein
Figure QLYQS_10
K represents the number of subcarriers occupied by the detection signal; n (N) B Zero mean, variance ∈>
Figure QLYQS_11
White gaussian noise of (c), and N B And N A Is independent uncorrelated gaussian white noise;
step 206, A for the received probe signal
Figure QLYQS_12
LS channel estimation is carried out by the following specific estimation modes:
Figure QLYQS_13
wherein ,
Figure QLYQS_14
channel estimation for a received with respect to B when transmitting the probe signal;
step three, the legal communication parties respectively carry out decorrelation processing on the estimated channel matrix, and respectively carry out joint quantization on the phase and the amplitude of the channel estimation matrix subjected to the decorrelation processing;
steps 301, a and B are for respective channel estimationResults
Figure QLYQS_15
And solving the spatial correlation among the antennas, wherein the method comprises the following specific operations:
Figure QLYQS_16
wherein ,hA,::k ,h B,::k Representation of
Figure QLYQS_17
Channel estimation result in case of a third dimensional determination of +.>
Figure QLYQS_18
Respectively represent h A,::k and hB,::k Is a conjugate transpose of (2);
steps 302, a and B are for R s,A ,R s,B Eigenvalue decomposition (Eigenvalue Decomposition, EVD) is performed as follows:
Figure QLYQS_19
Figure QLYQS_20
step 303, a and B perform spatial decorrelation on the channel estimation result by using the eigenvalue vectors obtained by the EVD in step 302, which specifically includes the following steps:
Figure QLYQS_21
Figure QLYQS_22
wherein K are h A,::k ,h B,::k Composition H 'in the order of k' A ,H′ B
Steps 304, a and B calculate frequency correlation for the result of the spatial decorrelation performed in step 303, and the specific operations are as follows:
Figure QLYQS_23
Figure QLYQS_24
wherein ,h′A,ij: and h′B,ij: Represents H' A and H′B Is a two-dimensional vector determined from the first two dimensions of (a),
Figure QLYQS_25
and />
Figure QLYQS_26
Represents h' A,ij: and h′B,ij: Is a conjugate transpose of (2);
steps 305, a and B are for R f,A ,R f,B The characteristic value decomposition is carried out, and the specific operation is as follows:
Figure QLYQS_27
Figure QLYQS_28
steps 306, a and B are performed on H 'using the eigenvalue vectors obtained by EVD in step 305, respectively' A ,H′ B Frequency decorrelation is performed, and the specific operation is as follows:
Figure QLYQS_29
Figure QLYQS_30
wherein ,hA,ij: ,h B,ij: Composition H in the order of i, j A ,H B
Step 307, H obtained according to step three 306 A and HB To calculate the phase on each subcarrier, the specific operations are as follows:
Figure QLYQS_31
Figure QLYQS_32
wherein ,
Figure QLYQS_33
representing estimated channel phases of a and B, respectively;
step 308, for Pha obtained in step 307 A ,Pha B The 01 bit quantization is performed as follows:
if Pha A (k)∈(10,80),key A (k,:)=[0 0];
If Pha A (k)∈(110,170),key A (k,:)=[0 1];
If Pha A (k)∈(-80,-10),key A (k,:)=[1 0];
If Pha A (k)∈(-170,-110),key A (k,:)=[1 1];
If Pha B (k)∈(10,80),key B (k,:)=[0 0];
If Pha B (k)∈(110,170),key B (k,:)=[0 1];
If Pha B (k)∈(-80,-10),key B (k,:)=[1 0];
If Pha B (k)∈(-170,-110),key B (k,:)=[1 1];
Will key A ,key B Rearranging in line order to generate phase key information keyPha A ,keyPha B Wherein the key Pha A
Figure QLYQS_34
Figure QLYQS_35
Representing a binary field, m being the number of phases that fit into the range of the phase interval;
step 309, H obtained according to step three 306 A and HB Binary quantization is carried out on the real part of the key to obtain the key information key mag A And keyMag B The specific operation is as follows:
Figure QLYQS_36
if real (H) A )>a, and real (H A )>mean+α,keyMag A [i]=1
If real (H) A )>a, and real (H A )<mean-α,keyMag A [i]=0
Figure QLYQS_37
If real (H) B )>a, and real (H B )>mean+α,keyMag B [i]=1
If real (H) B )>a, and real (H B )<mean-α,keyMag B [i]=0
Where a=1, intended to remove too small a value, increase randomness, α represents a quantization threshold;
step 310, A and B splice together the phase key information and the amplitude key information, respectively, to generate an initial key keyInit A And keyInit B
keyInit A =[keyPha A ;keyMag A ]
keyInit B =[keyPha B ;keyMag B ]
Generating a final secret key by legal communication parties through a privacy coordination mode and privacy amplification based on a BCH error correction code;
step 401, A uses error correction code generated by BCH code, and sends error correction code bits to B;
step 402, B carries out error correction according to the code generated by the BCH code and by using the error correction code pair sent by the received A, and the error correction code is assumed not to be in error in the process of sending the error correction code;
step 403, repeating steps 401 and 402 until the keys of the two parties are consistent, and obtaining a consistent key K by A and B;
step 404, A and B respectively perform hash sequence transformation on the obtained consistent secret key to obtain a final secret key K fin
Generating and transmitting an identity authentication label by a legal sender A, and generating the identity authentication label by a legal receiver B;
step 501, a sends information source information x according to need A And key K fin Generating a transmitted identity authentication tag through hash transformation A
tag A =Hash(x A ,K fin )
Wherein, hash (·) is Hash transformation;
step 502, a sends a message msg composed of an identity authentication tag coded by a BCH and information source information;
msg=Bchenc(x A ,tag A )
wherein Bchenc (·) is a BCH code;
step 503, B vs. received
Figure QLYQS_38
Performing BCH decoding;
Figure QLYQS_39
wherein Bchdec (. Cndot.) is BThe CH is decoded and the data is decoded,
Figure QLYQS_40
source information estimated for B, +.>
Figure QLYQS_41
An identity authentication tag of A estimated for B;
step 504, B according to the received
Figure QLYQS_42
And key K fin Generating an identity tag B
Figure QLYQS_43
Step six, the receiver compares the received identity authentication label with the identity authentication label generated by the receiver one by one, and calculates the successful authentication rate and the false alarm probability;
step seven, a label is generated between legal communication parties through the step five to the step six by using a fixed key, the keys generated based on physical layer information used in the step five and the step six are replaced by the keys inherent to the two parties, and the successful authentication rate and the false alarm probability are calculated;
step eight, when the third party user E exists, the third party user E accesses the legal receiver B in a mode of trying to forge the identity authentication label;
step 801, E generates identity authentication tag using random guessed key E
Step 802, E has a certain background knowledge to the key held by B, E generates a key according to the background knowledge of the existing key 1 Using keys 1 Generating tag E1
Step 803, B performs a bit-by-bit comparison between the received identity authentication tag and the identity authentication tag generated by itself, and calculates the successful authentication rate of E.
CN202211652394.XA 2022-12-21 2022-12-21 IPv6 terminal identity authentication method utilizing 5G NR physical layer information Pending CN116017451A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211652394.XA CN116017451A (en) 2022-12-21 2022-12-21 IPv6 terminal identity authentication method utilizing 5G NR physical layer information

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211652394.XA CN116017451A (en) 2022-12-21 2022-12-21 IPv6 terminal identity authentication method utilizing 5G NR physical layer information

Publications (1)

Publication Number Publication Date
CN116017451A true CN116017451A (en) 2023-04-25

Family

ID=86026069

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211652394.XA Pending CN116017451A (en) 2022-12-21 2022-12-21 IPv6 terminal identity authentication method utilizing 5G NR physical layer information

Country Status (1)

Country Link
CN (1) CN116017451A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116996133A (en) * 2023-09-27 2023-11-03 国网江苏省电力有限公司常州供电分公司 Identity authentication and eavesdropping positioning method for power line carrier communication equipment

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116996133A (en) * 2023-09-27 2023-11-03 国网江苏省电力有限公司常州供电分公司 Identity authentication and eavesdropping positioning method for power line carrier communication equipment
CN116996133B (en) * 2023-09-27 2023-12-05 国网江苏省电力有限公司常州供电分公司 Identity authentication and eavesdropping positioning method for power line carrier communication equipment

Similar Documents

Publication Publication Date Title
JP4734344B2 (en) Method and system for deriving encryption key using joint randomness (JRNSO) not shared with others
CN111669730B (en) Physical layer key generation method and updating method for one-to-one proximity communication
CN111132153B (en) Endogenous safety communication method based on wireless channel characteristics
CN109600222B (en) Key generation method based on channel characteristics
CN110830396B (en) Physical layer key-based IMSI privacy protection method and device
CN111065096B (en) Physical layer encryption transmission system and method for wireless communication
CN110336657B (en) Optical OFDM dynamic key generation method based on channel characteristics
US10735963B1 (en) Wireless communication method for secure side-channel signaling and authentication at the physical layer
CN106230552B (en) The information transferring method of artificial scrambling and LDPC safe coding is combined in satellite-ground link
CN116017451A (en) IPv6 terminal identity authentication method utilizing 5G NR physical layer information
CN113572602A (en) System and method for enhancing key generation rate by using intelligent reflecting surface
CN109417469B (en) MIMO system secure pairing method
Huang et al. Experimental study of secret key generation in underwater acoustic channels
Sun et al. A high bit-rate shared key generator with time-frequency features of wireless channels
Fang et al. Towards phy-aided authentication via weighted fractional fourier transform
Yang et al. AKA-PLA: enhanced AKA based on physical layer authentication
Liu et al. Uniquely-Factorable Constellation Pair Based Physical Layer Authentication for Cooperative Communications
Kumar et al. Secret key generation schemes for physical layer security
Xu et al. Physical Layer Authentication in Spatial Modulation
CN114640442B (en) Physical layer identity authentication method based on channel key and tag signal
CN112564918B (en) Lightweight active cross-layer authentication method in smart grid
Altun et al. Authenticated data transmission using analog function computation
CN111314055B (en) Method and device for key agreement and information transmission integration based on Y-00
CN114374511B (en) Fast key generation method based on OFDM communication system
Kim et al. Dynamic key update strategy in physical-layer challenge-response authentication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination