CN116017451A - IPv6 terminal identity authentication method utilizing 5G NR physical layer information - Google Patents
IPv6 terminal identity authentication method utilizing 5G NR physical layer information Download PDFInfo
- Publication number
- CN116017451A CN116017451A CN202211652394.XA CN202211652394A CN116017451A CN 116017451 A CN116017451 A CN 116017451A CN 202211652394 A CN202211652394 A CN 202211652394A CN 116017451 A CN116017451 A CN 116017451A
- Authority
- CN
- China
- Prior art keywords
- key
- identity authentication
- channel estimation
- received
- tag
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 36
- 238000004891 communication Methods 0.000 claims abstract description 35
- 238000012937 correction Methods 0.000 claims abstract description 31
- 101150060512 SPATA6 gene Proteins 0.000 claims abstract description 29
- 238000013139 quantization Methods 0.000 claims abstract description 19
- 230000009466 transformation Effects 0.000 claims abstract description 19
- 238000001514 detection method Methods 0.000 claims abstract description 15
- 238000012545 processing Methods 0.000 claims abstract description 14
- 230000008569 process Effects 0.000 claims abstract description 12
- 239000011159 matrix material Substances 0.000 claims abstract description 8
- 239000000523 sample Substances 0.000 claims description 21
- 230000005540 biological transmission Effects 0.000 claims description 13
- 239000013598 vector Substances 0.000 claims description 9
- 238000000354 decomposition reaction Methods 0.000 claims description 8
- 230000003321 amplification Effects 0.000 claims description 4
- 238000003199 nucleic acid amplification method Methods 0.000 claims description 4
- 230000008859 change Effects 0.000 claims description 3
- 238000010295 mobile communication Methods 0.000 claims description 3
- 238000006243 chemical reaction Methods 0.000 abstract 1
- 238000004422 calculation algorithm Methods 0.000 description 6
- 230000007246 mechanism Effects 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000018109 developmental process Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012549 training Methods 0.000 description 2
- 230000007423 decrease Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005562 fading Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses an IPv6 terminal identity authentication method utilizing 5GNR physical layer information, belonging to the field of wireless communication security. Firstly, constructing a mobile safety communication system model with an eavesdropper; then, the legal communication parties send detection signals to each other so as to perform channel estimation on the communication channel, and then perform decorrelation processing on the channel estimation matrix; the legal communication parties respectively carry out joint quantization on the phase and the amplitude of the channel estimation matrix which is subjected to the decorrelation processing; the legal communication parties generate a consistent secret key in a privacy coordination mode based on the BCH error correction code; the legal communication parties respectively carry out hash sequence transformation on the obtained consistent secret keys to obtain final secret keys; the legal sender generates an identity authentication tag through hash transformation according to the generated secret key and information source information to be transmitted, and sends the identity authentication tag and the information source information together; and the legal receiver compares the identity authentication label generated by hash conversion according to the received information source information and the generated secret key with the received identity authentication label to finish the authentication process. The invention effectively resists active attack, does not have the problem of incompatibility with the underlying network, solves the security leakage risk brought by key distribution management, and enhances the security of the system.
Description
Technical Field
The invention belongs to the field of wireless communication security, and particularly relates to an IPv6 terminal identity authentication method utilizing 5G NR physical layer information.
Background
In recent years, due to popularization of mobile devices and development of the internet of things, the address of IPv4 is exhausted, and the requirement of the internet of things for one address cannot be met, so that the IPv4 network is gradually evolving to the IPv6 network. Since mobile devices and internet of things terminals typically deploy common open spaces, these open spaces are typically accessed using wireless networks. However, due to the nature of the openness of wireless networks, there are tremendous security vulnerabilities in wireless communication systems. Most existing wireless communication systems ensure the legitimacy of an access user by authenticating a target through an identity authentication mechanism, so identity authentication is an important problem in wireless communication.
The present identity authentication method is divided into two schemes of passive authentication and active authentication. In the passive authentication scheme, the receiving and transmitting end authenticates according to the physical layer information of the received signal, such as radio frequency characteristics, channel characteristics and the like. Neither of the transmit and receive ends modifies the source signal. However, the passive authentication scheme has many problems in practical applications. First, the physical distance between the transceiver ends needs to be over half a wavelength to ensure that the channel characteristics are independent of each other. Secondly, the passive authentication scheme needs a safe training phase, and the safety of the training phase needs to be realized by an upper layer mechanism, so that the time delay is large. The active scheme uses a more complex authentication mechanism, does not need upper equipment to participate, and can solve part of problems existing in the passive scheme. The active authentication scheme comprises two stages of key generation and information transmission. The transmitting and receiving end first generates a shared key and a public key using a key generation algorithm. Then, the transmitting end uses the shared key and the information source information to generate a tag (tag) for identity authentication. The sending end modifies the information source information by using the generated tag and simultaneously transmits the modified information source information and the tag to the receiving end. The receiving end recovers the secret key according to the received information source information and the tag and compares the secret key with the own shared secret key, so as to determine whether the received information comes from the legal transmitting end or not, and the identity authentication is completed. At present, the existing active authentication scheme mostly adopts a traditional key generation algorithm to generate tags, such as a Rivest-Shamir-Adleman (RSA) encryption algorithm and the like. However, the conventional key generation algorithm requires a legal distributor to distribute the public key and the shared key for legal receiving and transmitting ends, and the calculation complexity of the key generation algorithm is high and the communication delay is additionally increased in the distribution process. Furthermore, if the shared key of the transceiving pair is successfully eavesdropped, the security of the active authentication scheme using the conventional key generation algorithm will be completely disabled.
In order to solve the problems, the invention researches an active identity authentication scheme based on physical layer information. Physical layer information, such as channel information, between the transception-paired ends is shared and unique to the transception-paired ends, does not require additional distribution procedures, and cannot be broken by any increase in computational power. Therefore, the invention uses the physical layer information between the receiving and transmitting terminals to generate the tag to complete the identity authentication, thereby solving the problems of high calculation complexity and insufficient safety in the active authentication scheme.
[1].N.Yang,L.Wang,G.Geraci,M.Elkashlan,J.Yuan and M.Di Renzo,"Safeguarding 5G wireless communication networks using physical layer security,"in IEEE Communications Magazine,vol.53,no.4,pp.20-27,April 2015.
[2].N.Xie,Z.Li and H.Tan,"A Survey of Physical-Layer Authentication in Wireless Communications,"in IEEE Communications Surveys&Tutorials,vol.23,no.1,pp.282-310,Firstquarter 2021.
[3].X.Wang,P.Hao and L.Hanzo,"Physical-layer authentication for wireless security enhancement:current challenges and future developments,"in IEEE Communications Magazine,vol.54,no.6,pp.152-158,June 2016.
[4].N.Xie,C.Chen and Z.Ming,"Security Model ofAuthentication at the Physical Layer and PerformanceAnalysis over Fading Channels,"in IEEE Transactions on Dependable and Secure Computing,vol.18,no.1,pp.253-268,1Jan.-Feb.2021.
[5].I.Ahmad,S.Shahabuddin,T.Kumar,J.Okwuibe,A.Gurtov and M.Ylianttila,"Security for 5G and Beyond,"in IEEE Communications Surveys&Tutorials,vol.21,no.4,pp.3682-3722,Fourthquarter 2019.
Disclosure of Invention
Aiming at the problems, the invention provides a method for actively authenticating by utilizing physical layer information, which generates an identity authentication tag by jointly using amplitude phase channel information. The method simultaneously transmits the information source information and the identity authentication tag at the transmitting end, and effectively considers the advantages of information theory safety in active authentication and no need of key distribution management in passive authentication.
The specific steps are as follows:
step one, constructing a mobile communication system model with an eavesdropper;
the system model includes an eavesdropper E and two having N T Root transmitting antenna, N R Legal communication parties A and B of the root receiving antenna, wherein the communication system is an orthogonal frequency division multiplexing (Orthogonal Frequency Division Multiplexing, OFDM) system and adopts a Time division duplexing (Time DivisionDuplex, TDD) mode;
the working flow of the whole system is as follows: 1) A sends pilot signals to B, B receives the pilot signals sent by A and carries out channel estimation to the pilot signals to obtain a channel estimation result, B sends pilot signals to A, A receives the pilot signals sent by B and carries out channel estimation to the pilot signals to obtain a channel estimation result; 2) A and B respectively carry out space and frequency decorrelation processing on the respective channel estimation results, and A and B respectively quantize the amplitude and the phase of the channel estimation results after the respective decorrelation processing; 3) A carries out Bose-Chaudhuri-Hocquenghem (BCH) coding on the result after own quantization, sends an error correction code after BCH coding to B, B carries out BCH coding on the result after own quantization, uses the received error correction code of the A side to correct the own coding, and A carries out Hash transformation on the result after own quantization to obtain a final key; b, carrying out hash change on the result after error correction of the own party to obtain a final secret key; 4) A, generating an identity authentication tag by carrying out hash transformation on a message to be sent and a secret key held by the A, wherein the A simultaneously sends information source information and the identity authentication tag to the B, and the B generates the identity authentication tag according to the received information source information and the secret key held by the B; 5) And B, comparing the generated identity authentication tag with the received identity authentication tag to finish the authentication process.
Step two, the A and the B mutually send detection signals and respectively carry out channel estimation;
the method comprises the following specific steps:
step 201, A sends a probe signal P occupying M Resource Blocks (RBs) to B A Wherein the sounding signal is a demodulation reference signal (Demodulation Reference Signal, DMRS) of type 1 configured in a third generation partnership project (3rd Generation Partnership Project,3GPP) protocol;
wherein ,HA To detect signal P A Channel conditions experienced during transmission, whereinK represents the number of subcarriers occupied by the detection signal; n (N) A Zero mean, variance ∈>Is white gaussian noise;
step 203, B for the received probe signalAnd (3) carrying out Least Square (LS) channel estimation, wherein the specific estimation mode is as follows:
wherein ,for the channel estimate received by B with respect to when a transmits the probe, I.I 2 Squaring operation representing two norms;
Step 204, B sends detection signals P occupying M RBs to A B Wherein the probing signal is a DMRS of configuration type 1;
wherein ,HB To detect signal P B Channel conditions experienced during transmission, whereinK represents the number of subcarriers occupied by the detection signal; n (N) B Zero mean, variance ∈>White gaussian noise of (c), and N B And N A Is independent uncorrelated gaussian white noise;
step 206, A for the received probe signalLS channel estimation is carried out by the following specific estimation modes:
step three, the legal communication parties respectively carry out decorrelation processing on the estimated channel matrix, and respectively carry out joint quantization on the phase and the amplitude of the channel estimation matrix subjected to the decorrelation processing;
steps 301, a and B are directed to the respective channel estimation resultsAnd solving the spatial correlation among the antennas, wherein the method comprises the following specific operations:
wherein ,hA,::k ,h B,::k Representation ofChannel estimation result in case of a third dimensional determination of +.>Respectively represent h A,::k and hB,::k Is a conjugate transpose of (2);
steps 302, a and B are for R s,A ,R s,B Eigenvalue decomposition (Eigenvalue Decomposition, EVD) is performed as follows:
step 303, a and B perform spatial decorrelation on the channel estimation result by using the eigenvalue vectors obtained by the EVD in step 302, which specifically includes the following steps:
wherein K are h A,::k ,h B,::k Composition H 'in the order of k' A ,H′ B ;
Steps 304, a and B calculate frequency correlation for the result of the spatial decorrelation performed in step 303, and the specific operations are as follows:
wherein ,h′A,ij: and h′B,ij: Represents H' A and H′B Is a two-dimensional vector determined from the first two dimensions of (a), and />Represents h' A,ij: and h′B,ij: Is a conjugate transpose of (2);
steps 305, a and B are for R f,A ,R f,B The characteristic value decomposition is carried out, and the specific operation is as follows:
steps 306, a and B are performed on H 'using the eigenvalue vectors obtained by EVD in step 305, respectively' A ,H′ B A frequency decorrelation is performed such that,the specific operation is as follows:
wherein ,hA,ij: ,h B,ij: Composition H in the order of i, j A ,H B ;
Step 307, H obtained according to step three 306 A and HB To calculate the phase on each subcarrier, the specific operations are as follows:
step 308, for Pha obtained in step 307 A ,Pha B The 01 bit quantization is performed as follows:
if Pha A (k)∈(10,80),key A (k,:)=[0 0];
If Pha A (k)∈(110,170),key A (k,:)=[0 1];
If Pha A (k)∈(-80,-10),key A (k,:)=[1 0];
If Pha A (k)∈(-170,-110),key A (k,:)=[1 1];
If Pha B (k)∈(10,80),key B (k,:)=[0 0];
If Pha B (k)∈(110,170),key B (k,:)=[0 1];
If Pha B (k)∈(-80,-10),key B (k,:)=[1 0];
If Pha B (k)∈(-170,-110),key B (k,:)=[1 1];
Will key A ,key B Rearranging in line order to generate phase key information keyPha A ,keyPha B Wherein the key Pha A , Representing a binary field, m being the number of phases that fit into the range of the phase interval;
step 309, H obtained according to step three 306 A and HB Binary quantization is carried out on the real part of the key to obtain the key information key mag A And keyMag B The specific operation is as follows:
if real (H) A )>a, and real (H A )>mean+α,keyMag A [i]=1
If real (H) A )>a, and real (H A )<mean-α,keyMag A [i]=0
If real (H) B )>a, and real (H B )>mean+α,keyMag B [i]=1
If real (H) B )>a, and real (H B )<mean-α,keyMag B [i]=0
Where a=1, intended to remove too small a value, increase randomness, α represents a quantization threshold;
step 310, A and B splice together the phase key information and the amplitude key information, respectively, to generate an initial key keyInit A And keyInit B ;
keyInit A =[keyPha A ;keyMag A ]
keyInit B =[keyPha B ;keyMag B ]
Generating a final secret key by legal communication parties through a privacy coordination mode and privacy amplification based on a BCH error correction code;
step 401, A uses error correction code generated by BCH code, and sends error correction code bits to B;
step 402, B carries out error correction according to the code generated by the BCH code and by using the error correction code pair sent by the received A, and the error correction code is assumed not to be in error in the process of sending the error correction code;
step 403, repeating steps 401 and 402 until the keys of the two parties are consistent, and obtaining a consistent key K by A and B;
step 404, A and B respectively perform hash sequence transformation on the obtained consistent secret key to obtain a final secret key K fin ;
Generating and transmitting an identity authentication label by a legal sender A, and generating the identity authentication label by a legal receiver B;
step 501, a sends information source information x according to need A And key K fin Generating a transmitted identity authentication tag through hash transformation A ;
tag A =Hash(x A ,K fin )
Wherein, hash (·) is Hash transformation;
step 502, a sends a message msg composed of an identity authentication tag coded by a BCH and information source information;
msg=Bchenc(x A ,tag A )
wherein Bchenc (·) is a BCH code;
wherein Bchdec (·) is BCH coding,source information estimated for B, +.>An identity authentication tag of A estimated for B;
Step six, the receiver compares the received identity authentication label with the identity authentication label generated by the receiver one by one, and calculates the successful authentication rate and the false alarm probability;
step seven, a label is generated between legal communication parties through the step five to the step six by using a fixed key, the keys generated based on physical layer information used in the step five and the step six are replaced by the keys inherent to the two parties, and the successful authentication rate and the false alarm probability are calculated;
step eight, when a third party illegal user E exists, the third party illegal user E is accessed to a legal receiver B in a mode of trying to forge an identity authentication label;
step 801, E generates identity authentication tag using random guessed key E ;
Step 802, E has a certain background knowledge to the key held by B, E generates a key according to the background knowledge of the existing key 1 Using keys 1 Generating tag E1 ;
803, B, comparing the received identity authentication label with the identity authentication label generated by the user bit by bit, and calculating the successful authentication rate of E;
the invention has the advantages that:
1. an IPv6 terminal identity authentication method utilizing 5G NR physical layer information effectively resists active attack of illegal users;
2. an IPv6 terminal identity authentication method utilizing 5G NR physical layer information effectively solves the problem of physical layer incompatibility possibly existing in upper layer authentication;
3. an IPv6 terminal identity authentication method utilizing 5G NR physical layer information effectively solves the problem of distribution and management of keys in an active authentication scheme;
drawings
FIG. 1 is a typical physical layer security system model of the present invention;
FIG. 2 is a process flow of the security scheme of the present invention;
FIG. 3 is a flow chart of an IPv6 terminal identity authentication method utilizing 5GNR physical layer information;
FIG. 4 is a graph of false alarm probabilities of a legitimate sender under different authentication thresholds in the present invention;
FIG. 5 is a graph of probability of successful authentication of a third party under different authentication thresholds in the present invention;
FIG. 6 is a graph of the successful authentication rate of a third party with different key backdrop in the present invention;
Detailed Description
In order to make the understanding and implementation of the present invention more clear to those skilled in the art, a technical solution of an embodiment of the present invention will be described in detail below by way of specific embodiments with reference to the accompanying drawings.
The invention relates to an IPv6 terminal identity authentication method utilizing 5GNR physical layer information, wherein a communication scene model is shown in figure 1, a system realization block diagram is shown in figure 2, a user A and a user B mutually send detection signals to detect channels, and the characteristics of the channels between two communication parties are extracted from the detection signals; a and B respectively quantize channel characteristics; then privacy coordination is carried out on the quantized results by the two parties, so that the consistency of keys generated by the two parties is improved; a and B respectively carry out privacy amplification operation on the secret key, so that the security of the secret key generated by both parties is improved; a generates an identity authentication tag according to the generated secret key and the transmitted information source information through hash transformation, and transmits the identity authentication tag and the information source information to B; b, generating an authentication tag through hash transformation according to the received information source information and the generated secret key; and B, comparing the received label with the generated label.
As shown in fig. 3, the specific steps of the present invention are:
step one, constructing a mobile communication system model with an eavesdropper;
the system model includes an eavesdropper E and two having N T Root transmitting antenna, N R Legal communication parties A and B of the root receiving antenna, wherein the communication system is an orthogonal frequency division multiplexing (Orthogonal Frequency Division Multiplexing, OFDM) system and adopts a time division duplexing (Time Division Duplex, TDD) mode;
the working flow of the whole system is as follows: 1) A sends pilot signals to B, B receives the pilot signals sent by A and carries out channel estimation to the pilot signals to obtain a channel estimation result, B sends pilot signals to A, A receives the pilot signals sent by B and carries out channel estimation to the pilot signals to obtain a channel estimation result; 2) A and B respectively carry out space and frequency decorrelation processing on the respective channel estimation results, and A and B respectively quantize the amplitude and the phase of the channel estimation results after the respective decorrelation processing; 3) A carries out BCH coding on the quantized result of the own party, sends an error correction code after BCH coding to B, B carries out BCH coding on the quantized result of the own party, uses the received error correction code of the own party to correct the own code, and A carries out Hash transformation on the quantized result of the own party to obtain a final secret key; b, carrying out hash change on the result after error correction of the own party to obtain a final secret key; 4) A, generating an identity authentication tag by carrying out hash transformation on a message to be sent and a secret key held by the A, wherein the A simultaneously sends information source information and the identity authentication tag to the B, and the B generates the identity authentication tag according to the received information source information and the secret key held by the B; 5) And B, comparing the generated identity authentication tag with the received identity authentication tag to finish the authentication process.
Step two, the A and the B mutually send detection signals and respectively carry out channel estimation;
the method comprises the following specific steps:
step 201, a sends a probe signal P occupying M RBs to B A The detection signal is configured as DMRS of type 1 in 3GPP protocol;
wherein ,HA To detect signal P A Channel conditions experienced during transmission, whereinK represents the number of subcarriers occupied by the detection signal; n (N) A Zero mean, variance ∈>Is white gaussian noise;
step 203, B for the received probe signalLS channel estimation is carried out by the following specific estimation modes:
wherein ,for the channel estimate received by B with respect to when a transmits the probe, I.I 2 Square operation representing two norms;
step 204, B sends detection signals P occupying M RBs to A B Wherein the probing signal is a DMRS of configuration type 1;
wherein ,HB To detect signal P B Channel conditions experienced during transmission, whereinK represents the number of subcarriers occupied by the detection signal; n (N) B Zero mean, variance ∈>White gaussian noise of (c), and N B And N A Is independent uncorrelated gaussian white noise;
step 206, A for the received probe signalLS channel estimation is carried out by the following specific estimation modes:
step three, the legal communication parties respectively carry out decorrelation processing on the estimated channel matrix, and respectively carry out joint quantization on the phase and the amplitude of the channel estimation matrix subjected to the decorrelation processing;
steps 301, a and B are directed to the respective channel estimation resultsAnd solving the spatial correlation among the antennas, wherein the method comprises the following specific operations:
wherein ,hA,::k ,h B,::k Representation ofChannel estimation result in case of a third dimensional determination of +.>Respectively represent h A,::k and hB,::k Is a conjugate transpose of (2);
steps 302, a and B are for R s,A ,R s,B The characteristic value decomposition is carried out, and the specific operation is as follows:
step 303, a and B perform spatial decorrelation on the channel estimation result by using the eigenvalue vectors obtained by the EVD in step 302, which specifically includes the following steps:
wherein K are h A,::k ,h B,::k Composition H 'in the order of k' A ,H′ B ;
Steps 304, a and B calculate frequency correlation for the result of the spatial decorrelation performed in step 303, and the specific operations are as follows:
wherein ,h′A,ij: and h′B,ij: Represents H' A and H′B Is a two-dimensional vector determined from the first two dimensions of (a),represents h' A,ij: and h′B,ij: Is a conjugate transpose of (2);
steps 305, a and B are for R f,A ,R f,B The characteristic value decomposition is carried out, and the specific operation is as follows:
steps 306, a and B are performed on H 'using the eigenvalue vectors obtained by EVD in step 305, respectively' A ,H′ B Frequency decorrelation is performed, and the specific operation is as follows:
wherein ,hA,ij: ,h B,ij: Composition H in the order of i, j A ,H B ;
Step 307, H obtained according to step three 306 A and HB To calculate the phase on each subcarrier, the specific operations are as follows:
step 308, for Pha obtained in step 307 A ,Pha B The 01 bit quantization is performed as follows:
if Pha A (k)∈(10,80),key A (k,:)=[0 0];
If Pha A (k)∈(110,170),key A (k,:)=[0 1];
If Pha A (k)∈(-80,-10),key A (k,:)=[1 0];
If Pha A (k)∈(-170,-110),key A (k,:)=[1 1];
If Pha B (k)∈(10,80),key B (k,:)=[0 0];
If Pha B (k)∈(110,170),key B (k,:)=[0 1];
If Pha B (k)∈(-80,-10),key B (k,:)=[1 0];
If Pha B (k)∈(-170,-110),key B (k,:)=[1 1];
Will key A ,key B Rearranging in line order to generate phase key information keyPha A ,keyPha B Wherein the key Pha A , Representing a binary field, m being the number of phases that fit into the range of the phase interval;
step 309, H obtained according to step three 306 A and HB Binary quantization is carried out on the real part of the key to obtain the key information key mag A And keyMag B The specific operation is as follows:
if real (H) A )>a, and real (H A )>mean+α,keyMag A [i]=1
If real (H) A )>a, and real (H A )<mean-α,keyMag A [i]=0
If real (H) B )>a, and real (H B )>mean+α,keyMag B [i]=1
If real (H) B )>a, and real (H B )<mean-α,keyMag B [i]=0
Where a=1, intended to remove too small a value, increase randomness, α represents a quantization threshold;
step 310, A and B splice together the phase key information and the amplitude key information, respectively, to generate an initial key keyInit A And keyInit B ;
keyInit A =[keyPha A ;keyMag A ]
keyInit B =[keyPha B ;keyMag B ]
Generating a final secret key by legal communication parties through a privacy coordination mode and privacy amplification based on a BCH error correction code;
step 401, A uses error correction code generated by BCH code, and sends error correction code bits to B;
step 402, B carries out error correction according to the code generated by the BCH code and by using the error correction code pair sent by the received A, and the error correction code is assumed not to be in error in the process of sending the error correction code;
step 403, repeating steps 401 and 402 until the keys of the two parties are consistent, and obtaining a consistent key K by A and B;
step 404, A and B respectively perform hash sequence transformation on the obtained consistent secret key to obtain a final secret key K fin ;
Generating and transmitting an identity authentication label by a legal sender A, and generating the identity authentication label by a legal receiver B;
step 501, a sends information source information x according to need A And key K fin Generating a transmitted identity authentication tag through hash transformation A ;
tag A =Hash(x A ,K fin )
Wherein, hash (·) is Hash transformation;
step 502, a sends a message msg composed of an identity authentication tag coded by a BCH and information source information;
msg=Bchenc(x A ,tag A )
wherein Bchenc (·) is a BCH code;
wherein Bchdec (·) is BCH coding,source information estimated for B, +.>An identity authentication tag of A estimated for B;
Step six, the receiver compares the received identity authentication label with the identity authentication label generated by the receiver one by one, and calculates the successful authentication rate and the false alarm probability;
step seven, a label is generated between legal communication parties through the step five to the step six by using a fixed key, the keys generated based on physical layer information used in the step five and the step six are replaced by the keys inherent to the two parties, and the successful authentication rate and the false alarm probability are calculated;
step eight, when a third party illegal user E exists, the third party illegal user E is accessed to a legal receiver B in a mode of trying to forge an identity authentication label;
step 801, E generates identity authentication tag using random guessed key E ;
Step 802, E has a certain background knowledge to the key held by B, E generates a key according to the background knowledge of the existing key 1 Using keys 1 Generating tag E1 ;
803, B, comparing the received identity authentication label with the identity authentication label generated by the user bit by bit, and calculating the successful authentication rate of E;
the invention uses a Tap Delay Line (TDL) channel simulation model defined in 3GPP protocol, and FIG. 4 shows the false alarm probability caused by legal user side under different authentication thresholds under different signal to noise ratio conditions. As can be seen from fig. 4, the false alarm probability decreases with increasing channel signal-to-noise ratio. Under the condition of poor signal-to-noise ratio of a channel, a legal user cannot pass authentication successfully, and the identity authentication labels held by the two legal users are large in difference due to the fact that the information source information received by the receiving party has more errors. When the authentication threshold is gradually increased, the false alarm probability caused by legal users is lower.
As shown in fig. 5, the third party generates the tag by randomly guessing the key between legal users, it can be seen from the figure that the lower the authentication threshold is, the fewer illegal users can pass authentication, and when the authentication threshold is 0.375, the third party can hardly pass authentication at all. However, in the conventional manner of performing physical layer active authentication by using a fixed key, the used key may be illegally stolen by a third party, thereby helping the third party complete the identity authentication process. As shown in fig. 6, at authentication threshold 0.375, some third parties may have passed the authentication process when they grasp that the key context exceeds 0.6. The method uses physical layer information to generate the secret key, adopts a one-time pad mode, avoids the leakage of the secret key and avoids a third party from accessing the network.
In summary, by implementing the authentication process of the tag generated by using the key generated by the physical layer information in the embodiment of the present invention, active attack can be resisted, upper layer intervention is not required in the existing authentication mode, and the problem of incompatibility of media between different networks is avoided; compared with the existing physical layer generated tag authentication method, the method and the device for generating the identity authentication tag by using the physical layer information generate the key required by generating the identity authentication tag, effectively avoid security leakage risks caused by key distribution and management operation in the existing method, and provide higher security performance.
While the foregoing is directed to the preferred embodiments of the present invention, it will be appreciated by those skilled in the art that changes and modifications may be made without departing from the principles of the invention, such changes and modifications are also intended to be within the scope of the invention.
Claims (1)
1. An IPv6 terminal identity authentication method utilizing 5GNR physical layer information comprises the following specific implementation steps:
step one, constructing a mobile communication system model with an eavesdropper;
the system model includes an eavesdropper E and two having N T Root transmitting antenna, N R Legal communication parties A and B of the root receiving antenna, wherein the communication system is an orthogonal frequency division multiplexing (Orthogonal Frequency Division Multiplexing, OFDM) system and adopts a time division duplexing (Time Division Duplex, TDD) mode;
the working flow of the whole system is as follows: 1) A sends pilot signals to B, B receives the pilot signals sent by A and carries out channel estimation to the pilot signals to obtain a channel estimation result, B sends pilot signals to A, A receives the pilot signals sent by B and carries out channel estimation to the pilot signals to obtain a channel estimation result; 2) A and B respectively carry out space and frequency decorrelation processing on the respective channel estimation results, and A and B respectively quantize the amplitude and the phase of the channel estimation results after the respective decorrelation processing; 3) A carries out Bose-Chaudhuri-Hocquenghem (BCH) coding on the result after own quantization, sends an error correction code after BCH coding to B, B carries out BCH coding on the result after own quantization, uses the received error correction code of the A side to correct the own coding, and A carries out Hash transformation on the result after own quantization to obtain a final key; b, carrying out hash change on the result after error correction of the own party to obtain a final secret key; 4) A, generating an identity authentication tag by carrying out hash transformation on a message to be sent and a secret key held by the A, wherein the A simultaneously sends information source information and the identity authentication tag to the B, and the B generates the identity authentication tag according to the received information source information and the secret key held by the B; 5) And B, comparing the generated identity authentication tag with the received identity authentication tag to finish the authentication process.
Step two, the A and the B mutually send detection signals and respectively carry out channel estimation;
the method comprises the following specific steps:
step 201, A sends a probe signal P occupying M Resource Blocks (RBs) to B A Wherein the sounding signal is a demodulation reference signal (Demodulation Reference Signal, DMRS) of type 1 configured in a third generation partnership project (3rd Generation Partnership Project,3GPP) protocol;
wherein ,HA To detect signal P A Channel conditions experienced during transmission, whereinK represents the number of subcarriers occupied by the detection signal; n (N) A Zero mean, variance ∈>Is white gaussian noise;
step 203, B for the received probe signalAnd (3) carrying out Least Square (LS) channel estimation, wherein the specific estimation mode is as follows:
wherein ,for the channel estimate received by B with respect to when a transmits the probe, I.I 2 Square operation representing two norms;
step 204, direction B to ATransmitting a sounding signal P occupying M RBs B Wherein the probing signal is a DMRS of configuration type 1;
wherein ,HB To detect signal P B Channel conditions experienced during transmission, whereinK represents the number of subcarriers occupied by the detection signal; n (N) B Zero mean, variance ∈>White gaussian noise of (c), and N B And N A Is independent uncorrelated gaussian white noise;
step 206, A for the received probe signalLS channel estimation is carried out by the following specific estimation modes:
step three, the legal communication parties respectively carry out decorrelation processing on the estimated channel matrix, and respectively carry out joint quantization on the phase and the amplitude of the channel estimation matrix subjected to the decorrelation processing;
steps 301, a and B are for respective channel estimationResultsAnd solving the spatial correlation among the antennas, wherein the method comprises the following specific operations:
wherein ,hA,::k ,h B,::k Representation ofChannel estimation result in case of a third dimensional determination of +.>Respectively represent h A,::k and hB,::k Is a conjugate transpose of (2);
steps 302, a and B are for R s,A ,R s,B Eigenvalue decomposition (Eigenvalue Decomposition, EVD) is performed as follows:
step 303, a and B perform spatial decorrelation on the channel estimation result by using the eigenvalue vectors obtained by the EVD in step 302, which specifically includes the following steps:
wherein K are h A,::k ,h B,::k Composition H 'in the order of k' A ,H′ B ;
Steps 304, a and B calculate frequency correlation for the result of the spatial decorrelation performed in step 303, and the specific operations are as follows:
wherein ,h′A,ij: and h′B,ij: Represents H' A and H′B Is a two-dimensional vector determined from the first two dimensions of (a), and />Represents h' A,ij: and h′B,ij: Is a conjugate transpose of (2);
steps 305, a and B are for R f,A ,R f,B The characteristic value decomposition is carried out, and the specific operation is as follows:
steps 306, a and B are performed on H 'using the eigenvalue vectors obtained by EVD in step 305, respectively' A ,H′ B Frequency decorrelation is performed, and the specific operation is as follows:
wherein ,hA,ij: ,h B,ij: Composition H in the order of i, j A ,H B ;
Step 307, H obtained according to step three 306 A and HB To calculate the phase on each subcarrier, the specific operations are as follows:
step 308, for Pha obtained in step 307 A ,Pha B The 01 bit quantization is performed as follows:
if Pha A (k)∈(10,80),key A (k,:)=[0 0];
If Pha A (k)∈(110,170),key A (k,:)=[0 1];
If Pha A (k)∈(-80,-10),key A (k,:)=[1 0];
If Pha A (k)∈(-170,-110),key A (k,:)=[1 1];
If Pha B (k)∈(10,80),key B (k,:)=[0 0];
If Pha B (k)∈(110,170),key B (k,:)=[0 1];
If Pha B (k)∈(-80,-10),key B (k,:)=[1 0];
If Pha B (k)∈(-170,-110),key B (k,:)=[1 1];
Will key A ,key B Rearranging in line order to generate phase key information keyPha A ,keyPha B Wherein the key Pha A , Representing a binary field, m being the number of phases that fit into the range of the phase interval;
step 309, H obtained according to step three 306 A and HB Binary quantization is carried out on the real part of the key to obtain the key information key mag A And keyMag B The specific operation is as follows:
if real (H) A )>a, and real (H A )>mean+α,keyMag A [i]=1
If real (H) A )>a, and real (H A )<mean-α,keyMag A [i]=0
If real (H) B )>a, and real (H B )>mean+α,keyMag B [i]=1
If real (H) B )>a, and real (H B )<mean-α,keyMag B [i]=0
Where a=1, intended to remove too small a value, increase randomness, α represents a quantization threshold;
step 310, A and B splice together the phase key information and the amplitude key information, respectively, to generate an initial key keyInit A And keyInit B ;
keyInit A =[keyPha A ;keyMag A ]
keyInit B =[keyPha B ;keyMag B ]
Generating a final secret key by legal communication parties through a privacy coordination mode and privacy amplification based on a BCH error correction code;
step 401, A uses error correction code generated by BCH code, and sends error correction code bits to B;
step 402, B carries out error correction according to the code generated by the BCH code and by using the error correction code pair sent by the received A, and the error correction code is assumed not to be in error in the process of sending the error correction code;
step 403, repeating steps 401 and 402 until the keys of the two parties are consistent, and obtaining a consistent key K by A and B;
step 404, A and B respectively perform hash sequence transformation on the obtained consistent secret key to obtain a final secret key K fin ;
Generating and transmitting an identity authentication label by a legal sender A, and generating the identity authentication label by a legal receiver B;
step 501, a sends information source information x according to need A And key K fin Generating a transmitted identity authentication tag through hash transformation A ;
tag A =Hash(x A ,K fin )
Wherein, hash (·) is Hash transformation;
step 502, a sends a message msg composed of an identity authentication tag coded by a BCH and information source information;
msg=Bchenc(x A ,tag A )
wherein Bchenc (·) is a BCH code;
wherein Bchdec (. Cndot.) is BThe CH is decoded and the data is decoded,source information estimated for B, +.>An identity authentication tag of A estimated for B;
Step six, the receiver compares the received identity authentication label with the identity authentication label generated by the receiver one by one, and calculates the successful authentication rate and the false alarm probability;
step seven, a label is generated between legal communication parties through the step five to the step six by using a fixed key, the keys generated based on physical layer information used in the step five and the step six are replaced by the keys inherent to the two parties, and the successful authentication rate and the false alarm probability are calculated;
step eight, when the third party user E exists, the third party user E accesses the legal receiver B in a mode of trying to forge the identity authentication label;
step 801, E generates identity authentication tag using random guessed key E ;
Step 802, E has a certain background knowledge to the key held by B, E generates a key according to the background knowledge of the existing key 1 Using keys 1 Generating tag E1 ;
Step 803, B performs a bit-by-bit comparison between the received identity authentication tag and the identity authentication tag generated by itself, and calculates the successful authentication rate of E.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211652394.XA CN116017451A (en) | 2022-12-21 | 2022-12-21 | IPv6 terminal identity authentication method utilizing 5G NR physical layer information |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211652394.XA CN116017451A (en) | 2022-12-21 | 2022-12-21 | IPv6 terminal identity authentication method utilizing 5G NR physical layer information |
Publications (1)
Publication Number | Publication Date |
---|---|
CN116017451A true CN116017451A (en) | 2023-04-25 |
Family
ID=86026069
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202211652394.XA Pending CN116017451A (en) | 2022-12-21 | 2022-12-21 | IPv6 terminal identity authentication method utilizing 5G NR physical layer information |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN116017451A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116996133A (en) * | 2023-09-27 | 2023-11-03 | 国网江苏省电力有限公司常州供电分公司 | Identity authentication and eavesdropping positioning method for power line carrier communication equipment |
-
2022
- 2022-12-21 CN CN202211652394.XA patent/CN116017451A/en active Pending
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116996133A (en) * | 2023-09-27 | 2023-11-03 | 国网江苏省电力有限公司常州供电分公司 | Identity authentication and eavesdropping positioning method for power line carrier communication equipment |
CN116996133B (en) * | 2023-09-27 | 2023-12-05 | 国网江苏省电力有限公司常州供电分公司 | Identity authentication and eavesdropping positioning method for power line carrier communication equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP4734344B2 (en) | Method and system for deriving encryption key using joint randomness (JRNSO) not shared with others | |
CN111669730B (en) | Physical layer key generation method and updating method for one-to-one proximity communication | |
CN111132153B (en) | Endogenous safety communication method based on wireless channel characteristics | |
CN109600222B (en) | Key generation method based on channel characteristics | |
CN110830396B (en) | Physical layer key-based IMSI privacy protection method and device | |
CN111065096B (en) | Physical layer encryption transmission system and method for wireless communication | |
CN110336657B (en) | Optical OFDM dynamic key generation method based on channel characteristics | |
US10735963B1 (en) | Wireless communication method for secure side-channel signaling and authentication at the physical layer | |
CN106230552B (en) | The information transferring method of artificial scrambling and LDPC safe coding is combined in satellite-ground link | |
CN116017451A (en) | IPv6 terminal identity authentication method utilizing 5G NR physical layer information | |
CN113572602A (en) | System and method for enhancing key generation rate by using intelligent reflecting surface | |
CN109417469B (en) | MIMO system secure pairing method | |
Huang et al. | Experimental study of secret key generation in underwater acoustic channels | |
Sun et al. | A high bit-rate shared key generator with time-frequency features of wireless channels | |
Fang et al. | Towards phy-aided authentication via weighted fractional fourier transform | |
Yang et al. | AKA-PLA: enhanced AKA based on physical layer authentication | |
Liu et al. | Uniquely-Factorable Constellation Pair Based Physical Layer Authentication for Cooperative Communications | |
Kumar et al. | Secret key generation schemes for physical layer security | |
Xu et al. | Physical Layer Authentication in Spatial Modulation | |
CN114640442B (en) | Physical layer identity authentication method based on channel key and tag signal | |
CN112564918B (en) | Lightweight active cross-layer authentication method in smart grid | |
Altun et al. | Authenticated data transmission using analog function computation | |
CN111314055B (en) | Method and device for key agreement and information transmission integration based on Y-00 | |
CN114374511B (en) | Fast key generation method based on OFDM communication system | |
Kim et al. | Dynamic key update strategy in physical-layer challenge-response authentication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |