CN116208345A - Group authentication method based on secret sharing and related equipment - Google Patents

Group authentication method based on secret sharing and related equipment Download PDF

Info

Publication number
CN116208345A
CN116208345A CN202310484839.6A CN202310484839A CN116208345A CN 116208345 A CN116208345 A CN 116208345A CN 202310484839 A CN202310484839 A CN 202310484839A CN 116208345 A CN116208345 A CN 116208345A
Authority
CN
China
Prior art keywords
internet
things
group
identity information
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202310484839.6A
Other languages
Chinese (zh)
Other versions
CN116208345B (en
Inventor
徐国爱
廖清
王晨宇
徐国胜
袁江涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Posts and Telecommunications
Shenzhen Graduate School Harbin Institute of Technology
Original Assignee
Beijing University of Posts and Telecommunications
Shenzhen Graduate School Harbin Institute of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Posts and Telecommunications, Shenzhen Graduate School Harbin Institute of Technology filed Critical Beijing University of Posts and Telecommunications
Priority to CN202310484839.6A priority Critical patent/CN116208345B/en
Publication of CN116208345A publication Critical patent/CN116208345A/en
Application granted granted Critical
Publication of CN116208345B publication Critical patent/CN116208345B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/16Arrangements for providing special services to substations
    • H04L12/18Arrangements for providing special services to substations for broadcast or conference, e.g. multicast
    • H04L12/185Arrangements for providing special services to substations for broadcast or conference, e.g. multicast with management of multicast group membership
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Collating Specific Patterns (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application provides a group authentication method based on secret sharing and related equipment. The method comprises the following steps: respectively sending identity authentication requests to other Internet of things devices in the Internet of things device group; receiving identity information sent by the other Internet of things equipment respectively aiming at the identity authentication request; the identity information is generated by the Internet of things equipment according to the subkey; the subkey is distributed by a group management device based on the secret; and verifying the identity information, and determining that all the internet of things devices in the internet of things device group pass group authentication in response to the identity information meeting a verification condition. According to the scheme, the legality of the nodes of the plurality of Internet of things can be verified at the same time without authentication one by one, so that the communication traffic can be obviously reduced, the calculation efficiency is improved, the cost overhead is saved, the method is more suitable for Internet of things scenes with massive authentication requests, and the problem of node resource limitation can be effectively solved.

Description

Group authentication method based on secret sharing and related equipment
Technical Field
The present disclosure relates to the field of information security technologies, and in particular, to a group authentication method and related devices based on secret sharing.
Background
In the era of the internet of things, the internet of things became a part of life of the public, but most of internet of things devices are limited by physical volumes, and have the characteristics of small memory and low power consumption. Authentication of identity authenticity of devices in the internet of things is a great challenge faced by the internet of things which is vigorously developed, however, for a one-to-one authentication scheme between nodes in the related technology, the authentication scheme cannot be suitable for the internet of things scene with limited resources due to large communication overhead and complex calculation.
Disclosure of Invention
In view of the foregoing, it is an object of the present application to provide a group authentication method and related device based on secret sharing, so as to solve or partially solve the above-mentioned problems.
The first aspect of the application provides a group authentication method based on secret sharing, which is realized through Internet of things equipment, wherein the Internet of things equipment belongs to an Internet of things equipment group, and the Internet of things equipment group comprises group management equipment and a plurality of Internet of things equipment;
the method comprises the following steps:
respectively sending identity authentication requests to other Internet of things devices in the Internet of things device group;
receiving identity information sent by the other Internet of things equipment respectively aiming at the identity authentication request; the identity information is generated by the Internet of things equipment according to the subkey; the subkey is distributed by the group management device based on the secret;
and verifying the identity information, and determining that all the internet of things devices in the internet of things device group pass group authentication in response to the identity information meeting a verification condition.
Optionally, the method further comprises generating identity information by: and in response to determining that the identity authentication request is received, updating the subkey to obtain identity information.
Optionally, the determining that all the internet of things devices in the internet of things device group pass the group authentication in response to the identity information meeting the verification condition includes:
responding to the recovery verification information according to the identity information of the user and the identity information corresponding to the other Internet of things equipment, and determining that all Internet of things equipment in the Internet of things equipment group are legal group members and pass group authentication; wherein the authentication information characterizes a result of the secret encrypted by discrete logarithms.
Optionally, the updating the subkey to obtain identity information includes:
obtaining a corresponding identity according to the identity authentication request;
calculating to obtain a target parameter by using the subkey according to the identity;
and obtaining identity information according to the target parameters.
Optionally, the obtaining the identity information according to the target parameter includes:
calculating the Lagrange coefficient of the subkey according to the Lagrange interpolation theorem;
and obtaining identity information according to the Lagrangian coefficient and the target parameter.
Optionally, the method further comprises:
responding to the fact that verification information cannot be restored according to the identity information of the internet of things equipment and the identity information corresponding to the other internet of things equipment, and determining that at least one internet of things equipment in the internet of things equipment group is an illegal group member and fails to pass group authentication;
and for every two Internet of things devices in the Internet of things device group, carrying out interactive verification by sequentially utilizing corresponding identity information encrypted by the symmetric key generated in advance, and finding out illegal Internet of things devices.
In a second aspect of the present application, there is provided a group authentication method implemented by a group management device and based on secret sharing, including:
generating a sub-key corresponding to each Internet of things device in the group based on the secret;
and distributing the sub-secret key to the corresponding Internet of things equipment.
Optionally, the generating, based on the secret, a subkey corresponding to each internet of things device in the group includes:
generating a symmetric matrix based on the secret and a preset threshold value;
generating a symmetrical binary polynomial according to the symmetrical matrix;
and calculating the symmetrical binary polynomial according to the identity of each Internet of things device in the group to generate a corresponding subkey.
Optionally, the distributing the subkey to the corresponding internet of things device includes:
and sending the subkey to the Internet of things equipment through a secret channel corresponding to each Internet of things equipment in the group.
In a third aspect of the present application, there is provided a group authentication system based on secret sharing, including: group management equipment and a plurality of internet of things devices;
wherein, thing networking device includes:
a transmission module configured to: respectively sending identity authentication requests to other Internet of things devices in the Internet of things device group;
a receiving module configured to: receiving identity information sent by the other Internet of things equipment respectively aiming at the identity authentication request; the identity information is generated by the Internet of things equipment according to the subkey; the subkey is distributed by the group management device based on a secret;
a determination module configured to: verifying the identity information, and determining that all the internet of things devices in the internet of things device group pass group authentication in response to the identity information meeting a verification condition;
the group management device includes:
a generation module configured to: generating a sub-key corresponding to each Internet of things device in the group based on the secret;
a distribution module configured to: and distributing the sub-secret key to the corresponding Internet of things equipment.
As can be seen from the above description, the group authentication method and the related device based on secret sharing provided by the present application implement group authentication by receiving identity information generated by a group of internet of things devices based on subkeys distributed by a group management device, and determining whether the identity information meets a verification condition. The method and the device can verify the legality of the nodes of the plurality of Internet of things at one time without authentication one by one, can obviously reduce the communication quantity, improve the calculation efficiency, save the cost, are more suitable for the Internet of things scene of massive authentication requests, and can effectively solve the problem of node resource limitation.
Drawings
In order to more clearly illustrate the technical solutions of the present application or related art, the drawings that are required to be used in the description of the embodiments or related art will be briefly described below, and it is apparent that the drawings in the following description are only embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort to those of ordinary skill in the art.
Fig. 1 is a schematic flow chart of a group authentication method based on secret sharing according to an embodiment of the present application;
fig. 2 is a flow chart of another group authentication method based on secret sharing according to an embodiment of the present application;
fig. 3 is a flowchart of another group authentication method based on secret sharing according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a group authentication system based on secret sharing according to an embodiment of the present application.
Detailed Description
For the purposes of making the objects, technical solutions and advantages of the present application more apparent, the following detailed description of the embodiments of the present application is given with reference to the accompanying drawings.
It should be noted that unless otherwise defined, technical or scientific terms used in the embodiments of the present application should be given the ordinary meaning as understood by one of ordinary skill in the art to which the present application belongs. The terms "first," "second," and the like, as used in embodiments of the present application, do not denote any order, quantity, or importance, but rather are used to distinguish one element from another. The word "comprising" or "comprises", and the like, means that elements or items preceding the word are included in the element or item listed after the word and equivalents thereof, but does not exclude other elements or items. The terms "connected" or "connected," and the like, are not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. "upper", "lower", "left", "right", etc. are used merely to indicate relative positional relationships, which may also be changed when the absolute position of the object to be described is changed.
In the era of the internet of things, the internet of things became a part of life of the public, but most of internet of things devices are limited by physical volumes, and have the characteristics of small memory and low power consumption. Authentication of identity authenticity of devices in the internet of things is a great challenge faced by the internet of things which is vigorously developed, however, for a one-to-one authentication scheme between nodes in the related technology, the authentication scheme cannot be suitable for the internet of things scene with limited resources due to large communication overhead and complex calculation.
In the internet of things, devices are heterogeneous, they have different capabilities in terms of storage, energy consumption, computation and communication, and most of them are limited by physical volume, i.e. there is limited memory, computing power and energy supply in these devices. Therefore, in the internet of things scenario with limited resources, the one-to-one authentication method (i.e., one verifier verifies the validity of one prover at a time) in the related art does not consider the problem of limited resources of the connected device, and cannot meet the authentication requirement of the device.
In view of this, the embodiment of the application provides a group authentication method based on secret sharing and related devices, which are used for receiving identity information generated by a group of internet of things devices based on subkeys distributed by group management devices, and implementing group authentication by judging whether the identity information meets verification conditions. The method and the device can verify the legality of the nodes of the plurality of Internet of things at one time without authentication one by one, can obviously reduce the communication quantity, improve the calculation efficiency, save the cost, are more suitable for the Internet of things scene of massive authentication requests, and can effectively solve the problem of node resource limitation.
It should be noted that, in the embodiment of the present application, the group of devices of the internet of things includes one group management device and a plurality of (n) group membersU i ∈UWherein 1 is≤i≤n. In particular, the group management device may be a trusted center and its computing power is powerful with respect to group members, such as a network infrastructure like servers, gateways, etc.; the group members may be internet of things devices such as smart meters, smart homes, smart wear, and the like.
In this embodiment of the present application, for an internet of things device group, the device group may be established according to a coverage area or a function of an internet of things node. For example, a medical sensor carried by a human body can be used as an internet of things device group, a car in the same area under an internet of things scene can be used as an internet of things device group, and intelligent home equipment in one room can be used as an internet of things device group.
Fig. 1 shows a flow diagram of a secret sharing-based group authentication method 100 according to an embodiment of the present application. As shown in fig. 1, the method 100 may include the following steps.
Step S101, the group management device generates a sub-key corresponding to each Internet of things device in the group based on the secret, and distributes the sub-key to the corresponding Internet of things device.
In this embodiment, before the group management device generates the sub-keys corresponding to the devices of the internet of things, it needs to determine whether the devices of the internet of things are legal group members. It should be appreciated that all group members in a group need to register with the group administrator, i.e., the internet of things device that has registered with the group management device is a legitimate group member. Further, the group management device may delete an illegal member (i.e., an internet of things device that is not registered) from the group.
Optionally, the group management device may add other devices of the internet of things to the group and determine the devices as new group members according to the actual application requirements. For example, an internet of things device group formed by medical sensors carried by a human body can be added with sensors according to the needs of patients so that group members dynamically change.
In this embodiment, after the group member is confirmed, the group management device generates a symmetric matrix based on the secret and a preset threshold value, and generates a symmetric binary polynomial according to the symmetric matrix; and then calculating the symmetrical binary polynomials according to the identity of each Internet of things device in the group, thereby generating corresponding subkeys.
Wherein, for the internet of things equipment in the groupU i Corresponding identityx i Is disclosed for the group management device and each of the internet of things devices in the group. That is to say,x i corresponding toU i And (2) andx i is published publicly, 1 therein≤i≤n
In specific implementation, the group management device sets the threshold value astAnd selecting a large prime numberq. Wherein for a threshold valuetThe relation is satisfied:t≤n≤t(t+1)/2 and is 2t>2。
In specific implementation, the group management device issues verification information in a public waySgWherein, the method comprises the steps of, wherein,Sa secret is represented and,gis a group pipeProcessing device selected elliptic curveE(Fq) Cyclic grouping onG=<g>WhereingIs a finite groupGAnd the order of the group isq. It will be appreciated that the verification informationSgEquivalent to secretSIs a discrete logarithm encryption result of (a). That is, the following two conditions need to be satisfied in the group: for any arbitrarya∈ZqAnd%g,ag) Calculated outaIs difficult, namely, discrete logarithm difficulty problem (DLP); for any arbitrarya,b∈ZqAnd%g,ag,bg) Calculated outabgIs difficult, i.e., calculates the Diffie-Hellman difficulty problem (CDHP).
Further, in some embodiments, the group management device generates onetRow and columntSymmetrical matrix of columnsAIt will be appreciated that the number of the nodes,A T =A
symmetric matrixACan be expressed as follows:
Figure SMS_1
wherein for any one ofi,j∈{0,1,……,t−1}, all haveb i,j Zq,ZqRepresenting a finite field, Z representing a natural number,qrepresenting the size of the finite field.
Optionally, a symmetric matrixAIn (a)
Figure SMS_2
Is a secret valueSOrder->
Figure SMS_3
. Thus, based on the secretSGenerated symmetric matrixASo that the following will be secretSDivided into n parts of information, each part of information being called a subkey, having at leasttThe secret is recovered when the sub-key is usedSIs provided. Since the present embodiment is implemented by constructing a symmetric matrixAWhile hiding secretsSAnd only the discrete logarithm encryption result (i.e., authentication information) of the secret needs to be recovered, the secret can be protectedSThereby making secretSCan be reused for multiple group verification and ensures confidentiality and security.
Second, the group management device may be based on a symmetric matrixAGenerating a symmetrical binary polynomial:
Figure SMS_4
and then, the group management equipment calculates the symmetrical binary polynomial according to the identity of each Internet of things equipment in the group, so as to generate a corresponding subkey.
Specifically, the subkey may be calculated by the following formula:
Figure SMS_5
wherein, the liquid crystal display device comprises a liquid crystal display device,x i corresponding toU i And is also provided withx i Is publically issued, and 1≤i≤n. That is to say,x i corresponding toU i Numerical values of (2)iEquivalent to:
Figure SMS_6
in this way, the group management device may further distribute the generated subkey to the corresponding internet of things device. It should be noted that, the sending process of the subkey is sent in a secret manner, and the subkey can be sent to the internet of things device through a secret channel corresponding to each internet of things device, so as to ensure the transmission security of the subkey.
Step S102, the Internet of things equipment sends identity authentication requests to other Internet of things equipment in the Internet of things equipment group respectively.
In this embodiment, when there is an application requirement such as a data transmission requirement (e.g., reading and transmitting data such as humidity and temperature in a smart home) or a control requirement (e.g., controlling opening and closing of a smart home), before data transmission is performed between terminal devices, or before a control instruction is sent to a corresponding terminal device, identity authentication needs to be performed on all the internet of things devices in the internet of things device group. And after passing the authentication, the subsequent operation can be performed, so that the confidentiality and privacy of the data and the correct execution of the control instruction are ensured.
Therefore, when the internet of things equipment has related requirements, identity authentication requests are respectively sent to other internet of things equipment. It can be understood that, correspondingly, the internet of things device also receives the identity authentication requests sent by other internet of things devices.
In this way, the group authentication method of the embodiment does not need to send all the identity authentication requests to the group management device, but performs authentication among the internet of things devices in the group, so that the load of the group management device can be reduced. Compared with the identity authentication scheme in the related art, the method is more suitable for the scene of the Internet of things with mass connection devices and limited resources.
Step S103, the equipment of the Internet of things receives identity information respectively sent by the other equipment of the Internet of things aiming at the identity authentication request; the identity information is generated by the Internet of things equipment according to the subkey.
It will be appreciated that since the sub-keys are issued asynchronously with respect to each other when the group management device distributes the sub-keys, an attacker can collect valid information from other members who issued the sub-keys first and masquerade as members in the group by using these sub-keys, thereby passing authentication. However, with the group authentication scheme in the related art, the counterfeit attack is not considered, and security cannot be ensured.
Thus, in this embodiment, the secret key is updated to resist counterfeit attacks, so as to provide security. Specifically, for the internet of things equipment, in response to determining that an identity authentication request is received, updating a sub-key of the internet of things equipment to obtain identity information; and then the identity information is sent to the Internet of things equipment corresponding to the identity authentication request. Thus, the internet of things device sending the identity authentication request can finally receive the identity information sent by other devices.
In the related art, for the update of the sub-key, the distributor of the sub-key (i.e., the group management device) is required to be always on line, that is, the group management device should send the data required to be updated to the participant (corresponding internet of things device). Therefore, the cost required to implement the update is excessive. Moreover, since an attacker can break through the group management device and thus the entire group, the security of the related art is also low.
In addition, for the update of the subkeys in the related art, messages need to be interactively changed between the respective internet of things devices to update their subkeys. That is, mutual assistance between the child key holders is required to update the child keys. This results in a high overhead in terms of communication.
Therefore, in order to reduce the traffic and save the cost, the update of the subkey in this embodiment does not need to assist the subkey holders, and does not need to keep the distributor of the subkey online.
In specific implementation, the internet of things equipment can obtain a corresponding identity according to the identity authentication request; then calculating to obtain a target parameter by using a subkey according to the identity; and finally, obtaining identity information according to the target parameters.
Optionally, the internet of things device may randomly select another internet of things device in the group, calculate a random number according to the identity corresponding to the internet of things device, and then calculate to obtain the identity information according to the random number.
Firstly, all internet of things devices in the internet of things device group are expressed as:
P={P 1 ,P 2 ,……,P m },P i represent the firstiPersonal internet of things device, wherein 1≤i≤m
In some embodiments, the internet of things devicePiBy means of its own subkeys
Figure SMS_7
Calculate->
Figure SMS_8
Wherein 1 is i≤m,1≤j≤m,And->
Figure SMS_9
. Then, based on the obtained->
Figure SMS_10
Further performing calculation to obtain target parameter (or random number)>
Figure SMS_11
That is to say,
Figure SMS_12
further, the internet of things equipmentP i Calculating its subkeys according to Lagrangian interpolation theorem (Lagrange component, LC)
Figure SMS_13
Lagrangian coefficient +.>
Figure SMS_14
That is to say,
Figure SMS_15
;/>
Figure SMS_16
wherein, the liquid crystal display device comprises a liquid crystal display device,
Figure SMS_17
i.e. +.>
Figure SMS_18
Therefore->
Figure SMS_19
Is significant.
Then, the internet of things deviceP i According to the Lagrangian coefficient
Figure SMS_20
And the target parameterNumber (or random number)/(random number)>
Figure SMS_21
The identity information (updated subkey) is obtained.
Specifically, the method can be calculated by the following formula:
Figure SMS_22
and, in addition, the processing unit,
Figure SMS_23
. That is, the sum of the addition of the target parameters (or random numbers) corresponding to all the internet of things devices in the group is 0.
The proof for the above equation is as follows:
as a result of the fact that,
Figure SMS_24
so that the number of the parts to be processed,
Figure SMS_25
wherein, the liquid crystal display device comprises a liquid crystal display device,
Figure SMS_26
that is to say,
Figure SMS_27
since the addition based on secret sharing is homomorphic, it is possible to obtain:
Figure SMS_28
so that it can be deduced:
Figure SMS_29
Figure SMS_30
in this way, the threshold value is changed with the target parameter (or random number), i.e. the threshold value of the secret sharing can be dynamically changed by updating the subkey obtained from the group management device. In addition, because the updating process is carried out locally, the cooperation of other user equipment is not needed, and the participation of group management equipment in management is not needed, the communication is not needed in the updating process, so that the communication quantity can be optimized, the calculation complexity is reduced, and the calculation efficiency is improved.
In addition, in some embodiments, when the generated identity information is sent to the internet of things device corresponding to the identity authentication request, the generated identity information needs to be encrypted by using the symmetric key and then sent, but cannot be sent in a plaintext form, so that the transmission security is ensured. In particular, for symmetric keys, the generation may be based on the symmetric bivariate polynomials described above.
Furthermore, it should be understood that whenm=tWhen the number of the codes is =2,
Figure SMS_31
at thing networking equipmentP i Receiving another devicePjTo self->
Figure SMS_32
Thereafter, the user equipmentPiCan calculate outCj. In this case it is unsafe. />
Step S104, the internet of things equipment verifies the identity information, and all the internet of things equipment in the internet of things equipment group pass group authentication according to the fact that the identity information meets verification conditions.
In this embodiment, in response to the fact that verification information can be restored according to the identity information of the device and the identity information corresponding to the other internet of things devices, it is determined that all internet of things devices in the internet of things device group are legal group members, and all the internet of things devices pass group authentication; wherein the authentication information characterizes a result of the secret encrypted by discrete logarithms.
In the implementation, after receiving identity information sent to the other internet of things devices (i.e., m-1 internet of things devices) in the group respectively, the internet of things devicesPiThe calculation is performed by the following formula:
Figure SMS_33
if it is
Figure SMS_34
I.e. capable of recovering the inclusion secretSVerification information of (a)SgIndicating that all the internet of things devices in the group are legal group members, namely, successful group authentication.
Otherwise, if the sum of the identity information and the verification informationSgAnd if the group is inconsistent, indicating that at least one Internet of things device in the group is an illegal group member, and failing the group authentication.
In this way, in the present embodiment, since only the discrete logarithm encryption result of the secret is restored without restoring the secret when authentication is completed, the secret can be protected, and thus, multiple authentications can be performed, and multiple authentications are provided.
In addition, in some optional embodiments, in response to failure to recover the verification information according to the identity information of the device and the identity information corresponding to each of the other devices, it is determined that at least one of the devices in the group of devices is an illegal group member, and the group authentication is not passed; and then, for every two Internet of things devices in the Internet of things device group, carrying out interactive verification by sequentially utilizing corresponding identity information encrypted by the pre-generated symmetric key, and finding out illegal Internet of things devices.
It can be understood that in the process of searching for an illegal internet of things device, since identity authentication is mutual for every two devices, that is, both sides are verifiers and provers, multiple rounds of interaction are required to obtain the searched result (i.e., obtain the identity of the illegal internet of things device).
In this way, based on the registration stage of the group management device, the group management device generates and distributes the sub-key corresponding to each piece of internet of things device in the group, and the authentication stage, the identity authentication is realized between the pieces of internet of things devices in the group based on the identity information generated by the sub-keys, and finally, the group authentication under the secret sharing mechanism is realized safely and efficiently. Moreover, as the requirement of the authentication mode based on the threshold value on the resource is not high, the authentication method of the embodiment can be applied to the scene of the internet of things with limited resources, and can well solve the problem of authentication of terminal equipment applied to the internet of things in a large scale.
According to the scheme, the legitimacy of a plurality of Internet of things devices can be verified at the same time without authentication one by one, so that the traffic can be obviously reduced, the calculation efficiency is improved, and the cost overhead is saved; meanwhile, the anti-counterfeit attack can be resisted, and the safety guarantee is provided.
Another secret sharing-based group authentication method 200 is provided, which is implemented by a group management device, and a flow chart of the method is shown in fig. 2. Referring to fig. 2, the method 200 may include the following steps.
Step S201, generating a sub-key corresponding to each Internet of things device in the group based on the secret;
step S202, distributing the subkeys to the corresponding devices of the internet of things.
In some embodiments, based on secretsSAnd a preset threshold valuetGenerating a symmetric matrixA。
Wherein, the liquid crystal display device comprises a liquid crystal display device,
Figure SMS_35
Figure SMS_36
t≤n≤t(t+1)/2 and is 2t>2。
For any ofi,j∈{0,1……,t−1}, all haveb i,j Zq,ZqRepresenting a finite field, Z representing a natural number,qrepresenting a large prime number, characterizing the size of the finite field.
In some embodiments, according to a symmetric matrixAA symmetric binary polynomial is generated.
The symmetrical binary polynomial is:
Figure SMS_37
further, the symmetrical binary polynomials are calculated according to the identity of each Internet of things device in the group, and corresponding sub-keys are generated.
Specifically, the calculation formula is as follows:
Figure SMS_38
wherein, the liquid crystal display device comprises a liquid crystal display device,x 1 ,x 2 ,……, x n are all disclosed, andx i corresponds to the Internet of things equipmentU ix j Corresponds to the Internet of things equipmentU j
Further, for the generated sub-keys, the sub-keys are sent to the corresponding internet of things devices through the secret channels corresponding to each internet of things device in the group.
The application provides a group authentication method 300 based on secret sharing, which is realized by an internet of things device belonging to an internet of things device group, wherein the internet of things device group comprises a group management device and a plurality of internet of things devices.
Firstly, defining an internet of things device group and internet of things devices therein according to the embodiment, wherein p= { isP 1 , P 2 ,……,P m }. That is, assume thatmAuthentication is performed among the devices of the Internet of things, andP i represent the firstiIndividual users, who areIn 1≤i≤m
A schematic flow chart of the method is shown in fig. 3. Referring to fig. 3, the method 300 may include the following steps.
Step 301, respectively sending an identity authentication request to other internet of things devices in the internet of things device group;
step S302, receiving identity information sent by the other Internet of things equipment respectively aiming at the identity authentication requests; the identity information is generated by the Internet of things equipment according to the subkey; the subkey is distributed by the group management device based on the secret;
step S303, verifying the identity information, and determining that all the Internet of things devices in the Internet of things device group pass group authentication in response to the identity information meeting the verification condition.
In some embodiments, in response to determining that the authentication request was received, the subkey is updated to obtain identity information. Specifically, according to the identity authentication request, a corresponding identity is obtained; calculating to obtain a target parameter by using the subkey according to the identity; and obtaining identity information according to the target parameters.
In another embodiment, the internet of things device may randomly select another internet of things device in the group, calculate a random number according to the identity corresponding to the internet of things device, and then calculate to obtain the identity information according to the random number.
Specifically, the calculation formula is as follows:
Figure SMS_39
wherein 1 is≤i≤m,1≤j≤mAnd is also provided with
Figure SMS_40
In some alternative embodiments, the subkeys are calculated according to Lagrangian interpolation theorem
Figure SMS_41
Is a lagrangian coefficient of (c). The calculation formula is as follows:
Figure SMS_42
;/>
Figure SMS_43
in some alternative embodiments, the Lagrangian coefficients are based on
Figure SMS_44
And the target parameter (or random number)
Figure SMS_45
And obtaining identity information. The calculation formula is as follows:
Figure SMS_46
further, in some embodiments, identity information of other internet of things devices is received, so as to perform identity authentication according to the identity information. Responding to the recovery verification information according to the identity information of the user and the identity information corresponding to the other Internet of things equipment, and determining that all Internet of things equipment in the Internet of things equipment group are legal group members and pass group authentication; wherein the authentication information characterizes a result of the secret encrypted by discrete logarithms.
In specific implementation, based on the identity information, whether or not the user can obtain the information
Figure SMS_47
. It should be appreciated that only the discrete logarithm encryption result (i.e., authentication information) by recovering the secret is needed in this embodimentSg) To achieve group authentication without recovering secretsS. That is, if the verification information can be restoredSgIndicating that all the Internet of things devices of the group have legality.
Otherwise, if the sum of the identity information and the verification informationSgAnd if the identity information of the internet of things equipment is inconsistent with the authentication information, determining that at least one internet of things equipment in the internet of things equipment group is an illegal group member and fails to pass the group authentication, wherein the authentication information cannot be recovered according to the identity information of the internet of things equipment and the identity information corresponding to the other internet of things equipment. And further, for every two internet of things devices in the internet of things device group, carrying out interactive verification by sequentially utilizing the corresponding identity information encrypted by the pre-generated symmetric key, and searching out illegal internet of things devices.
As can be seen from the above, the group authentication method based on secret sharing of the present embodiment can verify the legitimacy of a plurality of devices at the same time, thereby significantly reducing the traffic and the computational complexity and saving the cost overhead. In addition, the method can resist counterfeit attacks and protect secrets, thereby being used for multiple group verification on the premise of ensuring the security.
It should be noted that some embodiments of the present application are described above. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments described above and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
It can be appreciated that the method of the present embodiment may be applied in a distributed scenario, where multiple devices cooperate with each other to complete the method. One of the devices may perform only one or more steps of the methods of embodiments of the present application, and the devices interact with each other to complete the methods.
In addition, the application also provides a group authentication system 400 based on secret sharing, which comprises a group management device 420 and a plurality of internet of things devices 410. The group authentication system 400 based on secret sharing has the advantages of the corresponding method embodiments, and will not be described herein.
Specifically, referring to fig. 4, the internet of things device 410 includes:
a transmission module 4101 configured to: respectively sending identity authentication requests to other Internet of things devices in the Internet of things device group;
a receiving module 4102 configured to: receiving identity information sent by the other Internet of things equipment respectively aiming at the identity authentication request; the identity information is generated by the Internet of things equipment according to the subkey; the subkey is distributed by the group management device based on a secret;
a determining module 4103 configured to: verifying the identity information, and determining that all the internet of things devices in the internet of things device group pass group authentication in response to the identity information meeting a verification condition;
the group management device 420 includes:
a generation module 4201 configured to: generating a sub-key corresponding to each Internet of things device in the group based on the secret;
a distribution module 4202 configured to: and distributing the sub-secret key to the corresponding Internet of things equipment.
In some alternative embodiments, the determining module 4103 is specifically configured to: responding to the recovery verification information according to the identity information of the user and the identity information corresponding to the other Internet of things equipment, and determining that all Internet of things equipment in the Internet of things equipment group are legal group members and pass group authentication; wherein the verification information characterizes the result of the secret encrypted by discrete logarithms;
responding to the fact that verification information cannot be restored according to the identity information of the internet of things equipment and the identity information corresponding to the other internet of things equipment, and determining that at least one internet of things equipment in the internet of things equipment group is an illegal group member and fails to pass group authentication; and for every two Internet of things devices in the Internet of things device group, carrying out interactive verification by sequentially utilizing corresponding identity information encrypted by the symmetric key generated in advance, and finding out illegal Internet of things devices.
In some alternative embodiments, the generating module 4201 is specifically configured to: generating a symmetric matrix based on the secret and a preset threshold value; generating a symmetrical binary polynomial according to the symmetrical matrix; and calculating the symmetrical binary polynomial according to the identity of each Internet of things device in the group to generate a corresponding subkey.
In some alternative embodiments, the distribution module 4202 is specifically configured to: and sending the subkey to the Internet of things equipment through a secret channel corresponding to each Internet of things equipment in the group.
It should be noted that, for convenience of description, the above devices are described as being functionally divided into various modules. Of course, the functions of each module may be implemented in the same piece or pieces of software and/or hardware when implementing the present application.
Based on the same technical idea, the application also provides a computer program product corresponding to the method of any embodiment, which comprises the computer program instructions. In some embodiments, the computer program instructions may be executable by one or more processors of a computer to cause the computer and/or the processor to perform the secret sharing based group authentication method. Corresponding to the execution subject corresponding to each step in each embodiment of the group authentication method based on secret sharing, the processor executing the corresponding step may belong to the corresponding execution subject.
The computer program product of the above embodiment is configured to enable the computer and/or the processor to perform the group authentication method based on secret sharing according to any one of the above embodiments, and has the beneficial effects of the corresponding method embodiments, which are not described herein.
Those of ordinary skill in the art will appreciate that: the discussion of any of the embodiments above is merely exemplary and is not intended to suggest that the scope of the application (including the claims) is limited to these examples; the technical features of the above embodiments or in the different embodiments may also be combined within the idea of the present application, the steps may be implemented in any order, and there are many other variations of the different aspects of the embodiments of the present application as described above, which are not provided in detail for the sake of brevity.
Additionally, well-known power/ground connections to Integrated Circuit (IC) chips and other components may or may not be shown within the provided figures, in order to simplify the illustration and discussion, and so as not to obscure the embodiments of the present application. Furthermore, the devices may be shown in block diagram form in order to avoid obscuring the embodiments of the present application, and this also takes into account the fact that specifics with respect to implementation of such block diagram devices are highly dependent upon the platform on which the embodiments of the present application are to be implemented (i.e., such specifics should be well within purview of one skilled in the art). Where specific details (e.g., circuits) are set forth in order to describe example embodiments of the application, it should be apparent to one skilled in the art that embodiments of the application can be practiced without, or with variation of, these specific details. Accordingly, the description is to be regarded as illustrative in nature and not as restrictive.
While the present application has been described in conjunction with specific embodiments thereof, many alternatives, modifications, and variations of those embodiments will be apparent to those skilled in the art in light of the foregoing description. For example, other memory architectures (e.g., dynamic RAM (DRAM)) may use the embodiments discussed.
The present embodiments are intended to embrace all such alternatives, modifications and variances which fall within the broad scope of the appended claims. Accordingly, any omissions, modifications, equivalents, improvements and/or the like which are within the spirit and principles of the embodiments are intended to be included within the scope of the present application.

Claims (10)

1. The group authentication method based on secret sharing is characterized by being realized through Internet of things equipment, wherein the Internet of things equipment belongs to an Internet of things equipment group, and the Internet of things equipment group comprises group management equipment and a plurality of Internet of things equipment, and the method comprises the following steps:
respectively sending identity authentication requests to other Internet of things devices in the Internet of things device group;
receiving identity information sent by the other Internet of things equipment respectively aiming at the identity authentication request; the identity information is generated by the Internet of things equipment according to the subkey; the subkey is distributed by the group management device based on the secret;
and verifying the identity information, and determining that all the internet of things devices in the internet of things device group pass group authentication in response to the identity information meeting a verification condition.
2. The method of claim 1, further comprising generating identity information by: and in response to determining that the identity authentication request is received, updating the subkey to obtain identity information.
3. The method of claim 1, wherein the determining that all internet of things devices in the group of internet of things devices pass group authentication in response to the identity information satisfying a verification condition comprises:
responding to the recovery verification information according to the identity information of the user and the identity information corresponding to the other Internet of things equipment, and determining that all Internet of things equipment in the Internet of things equipment group are legal group members and pass group authentication; wherein the authentication information characterizes a result of the secret encrypted by discrete logarithms.
4. The method of claim 2, wherein updating the subkey to obtain identity information comprises:
obtaining a corresponding identity according to the identity authentication request;
calculating to obtain a target parameter by using the subkey according to the identity;
and obtaining identity information according to the target parameters.
5. The method of claim 4, wherein the obtaining identity information according to the target parameter comprises:
calculating the Lagrange coefficient of the subkey according to the Lagrange interpolation theorem;
and obtaining identity information according to the Lagrangian coefficient and the target parameter.
6. A method according to claim 3, characterized in that the method further comprises:
responding to the fact that verification information cannot be restored according to the identity information of the internet of things equipment and the identity information corresponding to the other internet of things equipment, and determining that at least one internet of things equipment in the internet of things equipment group is an illegal group member and fails to pass group authentication;
and for every two Internet of things devices in the Internet of things device group, carrying out interactive verification by sequentially utilizing corresponding identity information encrypted by the symmetric key generated in advance, and finding out illegal Internet of things devices.
7. A method of group authentication based on secret sharing, the method being implemented by a group management device, the method comprising:
generating a sub-key corresponding to each Internet of things device in the group based on the secret;
and distributing the sub-secret key to the corresponding Internet of things equipment.
8. The method of claim 7, wherein the generating a subkey for each of the internet of things devices in the group based on the secret comprises:
generating a symmetric matrix based on the secret and a preset threshold value;
generating a symmetrical binary polynomial according to the symmetrical matrix;
and calculating the symmetrical binary polynomial according to the identity of each Internet of things device in the group to generate a corresponding subkey.
9. The method of claim 7, wherein the distributing the subkeys to the corresponding internet of things devices comprises:
and sending the subkey to the Internet of things equipment through a secret channel corresponding to each Internet of things equipment in the group.
10. A group authentication system based on secret sharing, comprising: group management equipment and a plurality of internet of things devices;
wherein, thing networking device includes:
a transmission module configured to: respectively sending identity authentication requests to other Internet of things devices in the Internet of things device group;
a receiving module configured to: receiving identity information sent by the other Internet of things equipment respectively aiming at the identity authentication request; the identity information is generated by the Internet of things equipment according to the subkey; the subkey is distributed by the group management device based on a secret;
a determination module configured to: verifying the identity information, and determining that all the internet of things devices in the internet of things device group pass group authentication in response to the identity information meeting a verification condition;
the group management device includes:
a generation module configured to: generating a sub-key corresponding to each Internet of things device in the group based on the secret;
a distribution module configured to: and distributing the sub-secret key to the corresponding Internet of things equipment.
CN202310484839.6A 2023-05-04 2023-05-04 Group authentication method based on secret sharing and related equipment Active CN116208345B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310484839.6A CN116208345B (en) 2023-05-04 2023-05-04 Group authentication method based on secret sharing and related equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310484839.6A CN116208345B (en) 2023-05-04 2023-05-04 Group authentication method based on secret sharing and related equipment

Publications (2)

Publication Number Publication Date
CN116208345A true CN116208345A (en) 2023-06-02
CN116208345B CN116208345B (en) 2023-08-22

Family

ID=86511458

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310484839.6A Active CN116208345B (en) 2023-05-04 2023-05-04 Group authentication method based on secret sharing and related equipment

Country Status (1)

Country Link
CN (1) CN116208345B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116962079A (en) * 2023-09-19 2023-10-27 浙江大华技术股份有限公司 Internet of things authentication method, device, internet of things authentication system and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105071938A (en) * 2015-07-14 2015-11-18 中国科学技术大学 Group authentication method based on threshold secret sharing
CN111049647A (en) * 2019-11-21 2020-04-21 郑州工程技术学院 Asymmetric group key negotiation method based on attribute threshold
CN112039660A (en) * 2020-08-13 2020-12-04 南京航空航天大学 Internet of things node group identity security authentication method
CN112149160A (en) * 2020-08-28 2020-12-29 山东大学 Homomorphic pseudo-random number-based federated learning privacy protection method and system
WO2023036528A1 (en) * 2021-09-07 2023-03-16 Nchain Licensing Ag Generating shared cryptographic keys

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105071938A (en) * 2015-07-14 2015-11-18 中国科学技术大学 Group authentication method based on threshold secret sharing
CN111049647A (en) * 2019-11-21 2020-04-21 郑州工程技术学院 Asymmetric group key negotiation method based on attribute threshold
CN112039660A (en) * 2020-08-13 2020-12-04 南京航空航天大学 Internet of things node group identity security authentication method
CN112149160A (en) * 2020-08-28 2020-12-29 山东大学 Homomorphic pseudo-random number-based federated learning privacy protection method and system
WO2023036528A1 (en) * 2021-09-07 2023-03-16 Nchain Licensing Ag Generating shared cryptographic keys

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
YAN LIN等: "Hierarchical secret sharing scheme for WSN based on linear homogeneous recurrence relations", 《INTERNATIONAL JOURNAL OF DISTRIBUTED SENSOR NETWORKS》, vol. 18, no. 3, pages 2 - 8 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116962079A (en) * 2023-09-19 2023-10-27 浙江大华技术股份有限公司 Internet of things authentication method, device, internet of things authentication system and storage medium
CN116962079B (en) * 2023-09-19 2023-12-15 浙江大华技术股份有限公司 Internet of things authentication method, device, internet of things authentication system and storage medium

Also Published As

Publication number Publication date
CN116208345B (en) 2023-08-22

Similar Documents

Publication Publication Date Title
Irshad et al. A provably secure and efficient authenticated key agreement scheme for energy internet-based vehicle-to-grid technology framework
Kumar et al. Secure CLS and CL-AS schemes designed for VANETs
Zhu et al. A secure and efficient data integrity verification scheme for cloud-IoT based on short signature
Patil et al. Efficient privacy-preserving authentication protocol using PUFs with blockchain smart contracts
He et al. A blockchain-based scheme for secure data offloading in healthcare with deep reinforcement learning
Wazid et al. Fortifying smart transportation security through public blockchain
Eldefrawy et al. Mobile one‐time passwords: two‐factor authentication using mobile phones
Chow et al. Server-aided signatures verification secure against collusion attack
Zhang et al. An energy-efficient authentication scheme based on Chebyshev chaotic map for smart grid environments
Nie et al. NCLAS: a novel and efficient certificateless aggregate signature scheme
CN104954390A (en) Cloud storage integrity detection method for recovering lost secret keys and system applying cloud storage integrity detection method
CN116208345B (en) Group authentication method based on secret sharing and related equipment
Bagga et al. Bilinear pairing-based access control and key agreement scheme for smart transportation
CN113079132A (en) Mass Internet of things equipment authentication method, storage medium and information data processing terminal
CN111147594A (en) Internet of things data transmission system, key generation method and data transmission method thereof
Kefeng et al. A Blockchain‐Based Flexible Data Auditing Scheme for the Cloud Service
Zhou et al. An efficient identity authentication scheme with dynamic anonymity for VANETs
Zhao et al. Fuzzy identity-based dynamic auditing of big data on cloud storage
Hendaoui et al. UAP: A unified authentication platform for IoT environment
Ayub et al. Secure consumer-centric demand response management in resilient smart grid as industry 5.0 application with blockchain-based authentication
CN103414557A (en) Novel secret key separated signing method and system
Qiao et al. An Anonymous and Efficient Certificate-Based Identity Authentication Protocol for VANET
Zhang et al. RRV-BC: Random Reputation Voting Mechanism and Blockchain Assisted Access Authentication for Industrial Internet of Things
CN115242412B (en) Certificateless aggregation signature method and electronic equipment
Kumar et al. Agreement-induced data verification model for securing vehicular communication in intelligent transportation systems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant