CN116567633A - Identity authentication method, system and equipment based on ECDSA signature algorithm - Google Patents
Identity authentication method, system and equipment based on ECDSA signature algorithm Download PDFInfo
- Publication number
- CN116567633A CN116567633A CN202310833201.9A CN202310833201A CN116567633A CN 116567633 A CN116567633 A CN 116567633A CN 202310833201 A CN202310833201 A CN 202310833201A CN 116567633 A CN116567633 A CN 116567633A
- Authority
- CN
- China
- Prior art keywords
- authentication
- message
- management entity
- vehicle
- mobile unit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 57
- 238000004422 calculation algorithm Methods 0.000 title claims abstract description 47
- 239000013598 vector Substances 0.000 claims abstract description 200
- 230000004044 response Effects 0.000 claims description 192
- 238000012795 verification Methods 0.000 claims description 57
- 230000007774 longterm Effects 0.000 claims description 21
- 238000004590 computer program Methods 0.000 claims description 15
- 238000000605 extraction Methods 0.000 claims description 11
- 239000000284 extract Substances 0.000 claims description 6
- 230000002457 bidirectional effect Effects 0.000 claims description 5
- 238000004891 communication Methods 0.000 abstract description 26
- 230000005540 biological transmission Effects 0.000 description 9
- 238000010586 diagram Methods 0.000 description 9
- 238000004364 calculation method Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 238000004846 x-ray emission Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 238000011161 development Methods 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- YKFRUJSEPGHZFJ-UHFFFAOYSA-N N-trimethylsilylimidazole Chemical compound C[Si](C)(C)N1C=CN=C1 YKFRUJSEPGHZFJ-UHFFFAOYSA-N 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/10—Integrity
- H04W12/106—Packet or message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3252—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
- H04W12/033—Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0431—Key distribution or pre-distribution; Key agreement
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/30—Services specially adapted for particular environments, situations or purposes
- H04W4/40—Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
- H04W4/42—Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P] for mass transport vehicles, e.g. buses, trains or aircraft
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Aviation & Aerospace Engineering (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses an identity authentication method, a system and equipment based on an ECDSA signature algorithm, which relate to the field of wireless communication of rail transit and mainly comprise the following steps: A. registering the global user identification card; B. initializing an access stage: when the OBU accesses the network for the first time, the public key of the HSS is utilized to transmit the request message, and a temporary international mobile subscriber identity (TMSI) is generated and stored for subsequent communication; C. and a switching authentication stage: when the OBU changes in position and a scene of switching the train across the mobile management entity occurs or the network access needs to be requested again, the OBU only needs to use a temporary International Mobile Subscriber Identity (IMSI) to mutually authenticate with a new MME and an old MME by using an authentication vector. The invention uses ECDSA signature algorithm, can provide higher reliable and high-efficiency data communication and identity authentication for LTE-R, and provides safer, more comprehensive and more intelligent communication service for railway industry.
Description
Technical Field
The invention relates to the field of rail transit wireless communication, in particular to a lightweight identity authentication method, system and equipment using an ECDSA signature algorithm in a mobile communication standard LTE-R environment.
Background
With the rapid development of the railway industry, the traditional communication technology cannot meet the increasing communication demands of the railway industry. Accordingly, the railroad sector is beginning to research emerging communication technologies, considering the use of LTE technology to meet communication needs. The traditional GSM-R is difficult to meet the requirements of a future high-speed railway system on services such as reliable transmission of high-redundancy data, real-time multimedia video monitoring and the like. Accordingly, at the seventh worldwide high-speed railway conference, the international railroad alliance (UIC) formally proposes the development of the next-generation high-speed railway wireless communication system based on LTE-R. LTE-R (LTE for Railways) is an LTE wireless communication system specifically designed for railway communication needs, providing high-speed data transmission and reliable communication services for railway communication. However, due to the special working environment and high safety requirements of railways, the requirements for LTE technology are also more stringent. Therefore, reliability, safety and stability of the LTE-R system in a railway environment must be ensured through an authentication protocol. For this purpose, a series of standards and specifications for LTE-R certification are established, and a specific certification authority and test center are established to certify and test the LTE-R system. These authentications and tests will ensure that the LTE-R system meets the requirements of the railroad industry, providing more efficient, reliable, safe service for railroad communications. In a word, the LTE-R is an LTE wireless communication system which is specially optimized for railway communication requirements, and has wide applicability while meeting the special requirements of railway industry.
The LTE-R authentication protocol has security issues of identity authentication, such as IMSI plaintext transmission, root key disclosure, service network identifier plaintext transmission, and authentication vector plaintext transmission. The invention provides an identity authentication method, an identity authentication system and identity authentication equipment based on an ECDSA signature algorithm.
Disclosure of Invention
The invention aims to provide an identity authentication method, an identity authentication system and identity authentication equipment based on an ECDSA signature algorithm, which can improve the security of identity authentication in an LTE-R authentication protocol.
In order to achieve the above object, the present invention provides the following solutions:
an identity authentication method based on ECDSA signature algorithm, the method comprises initializing authentication; the initializing authentication includes:
the method comprises the steps that a vehicle-mounted mobile unit encrypts an IMSI, a vehicle-mounted mobile unit identity identifier and a base station identifier acquired by the vehicle-mounted mobile unit by using a public key of a home subscriber server and generates an access authentication message; the public key of the home subscriber server and the IMSI are security parameters stored in a USIM card in the USIM card registration process of the vehicle-mounted mobile unit;
the mobile management entity receives the access authentication message and sends an authentication vector request message to the home subscriber server based on the access authentication message, a network service number and a base station identifier acquired by the mobile management entity;
The home subscriber server receives the authentication vector request message, verifies the accuracy of the authentication vector request message, generates an authentication vector group after the message passes verification, generates a primary authentication signature by applying an ECDSA signature algorithm based on a private key of the home subscriber server, and sends the primary authentication signature and an authentication vector response message to the mobile management entity; the authentication vector response message includes the authentication vector group; the authentication vector group comprises a plurality of authentication vectors; each of the authentication vectors includes a message authentication code, an anonymity key, a master key, an authentication token, and an expected response;
the mobile management entity receives the authentication vector response message and the initial authentication signature, performs signature verification on the initial authentication signature, generates a temporary mobile subscriber identity after the initial authentication signature is verified, generates an authentication challenge message based on the authentication vector group and the temporary mobile subscriber identity, and sends the authentication challenge message to the vehicle-mounted mobile unit;
the vehicle-mounted mobile unit receives the authentication challenge message, verifies the identity identifier of the mobile management entity in the authentication challenge message, verifies the message authentication code after the identity verification is passed, generates a challenge response message after the authentication code verification is passed, and sends the challenge response message to the mobile management entity;
The mobile management entity receives the challenge response message, compares the challenge response message with the expected response, generates an authentication success message after the comparison is passed, and sends the authentication success message to the home subscriber server; and the home subscriber server receives the authentication success message and updates the long-term shared key to finish initialization authentication.
Optionally, the on-vehicle mobile unit encrypts the IMSI, the on-vehicle mobile unit identifier and the base station identifier acquired by the on-vehicle mobile unit by using a public key of the home subscriber server and generates an access authentication message, which specifically includes:
the vehicle-mounted mobile unit determines a first time stamp for initial authentication, selects a first random number from a number field of an elliptic curve in an ECDSA signature algorithm, and calculates first intermediate data based on the first random number and a base point of the elliptic curve in the ECDSA signature algorithm; the base point of the elliptic curve and the number domain of the elliptic curve are security parameters stored in a USIM card in the USIM card registration process of the vehicle-mounted mobile unit; the number domain of the elliptic curve is a value domain formed by points meeting an elliptic curve equation;
the vehicle-mounted mobile unit determines a target home subscriber server identity identifier to be accessed, and applies hash message authentication code operation to obtain first hash data based on the first intermediate data, the target home subscriber server identity identifier, the long-term shared key, the vehicle-mounted mobile unit identity identifier and the initial authentication first time stamp;
The vehicle-mounted mobile unit encrypts the IMSI, the first intermediate data, the vehicle-mounted mobile unit identity identifier and a base station identifier acquired by the vehicle-mounted mobile unit by using a public key of the home subscriber server to obtain first encrypted data;
the vehicle-mounted mobile unit generates the access authentication message based on the first hash data, the first encryption data and the initial authentication first time stamp and sends the access authentication message to the mobile management entity.
Optionally, the home subscriber server receives the authentication vector request message, verifies the accuracy of the authentication vector request message, generates an authentication vector group after the message passes verification, applies an ECDSA signature algorithm to generate a primary authentication signature based on a private key of the home subscriber server, and sends the primary authentication signature and an authentication vector response message to the mobile management entity; the authentication vector response message includes the authentication vector group, and specifically includes:
after receiving the authentication vector request message and the initial authentication signature, the home subscriber server verifies whether the network service number is correct, and if the network service number is correct, the first encrypted data is decrypted by using a private key of the home subscriber server to obtain first decrypted data; the first decrypted data comprises a decrypted IMSI, decrypted first intermediate data, a decrypted vehicle-mounted mobile unit identity identifier and a decrypted base station identifier;
The home subscriber server verifies the identity of the vehicle-mounted mobile unit by using the decrypted vehicle-mounted mobile unit identity identifier and checks whether the decrypted base station identifier is matched with the base station identifier acquired by the mobile management entity;
if the identity of the vehicle-mounted mobile unit passes the authentication and the decrypted base station identifier is matched with the base station identifier acquired by the mobile management entity, the home subscriber server determines the long-term shared key according to the decrypted IMSI;
the home subscriber server calculates second hash data based on the long-term shared key, the decrypted first intermediate data, the decrypted vehicle-mounted mobile unit identity identifier, the target home subscriber server identity identifier and the initial authentication first timestamp, and judges whether the first hash data and the second hash data are equal;
when the first hash data and the second hash data are equal, the home subscriber server determines a first authentication second time stamp and randomly selects a plurality of second random numbers, and calculates each second random number and a base point of the elliptic curve respectively to obtain a plurality of second intermediate data;
The home subscriber server calculates each second random number and the first intermediate data respectively to obtain a plurality of first negotiation keys; for each second random number, taking the corresponding second intermediate data, the decrypted IMSI, the network service number, the corresponding first negotiation key, a serial number and an authentication management domain as input, and calculating to obtain the message authentication code, the anonymity key, the master key, the authentication token and the expected response by using the hash message authentication code operation;
the home subscriber server forms each message authentication code, the corresponding anonymity key, the master key, the authentication token and the expected response into one authentication vector to obtain the authentication vector group;
the home subscriber server selects one random number from a plurality of second random numbers, and generates the initial authentication signature by applying the ECDSA signature algorithm according to the selected second random number, the base point of the elliptic curve, the initial authentication second time stamp, the authentication vector corresponding to the selected second random number and the private key of the home subscriber server;
The home subscriber server sends an authentication vector response message and the primary authentication signature to the mobility management entity, the authentication vector response message including the authentication vector set and the primary authentication second timestamp.
Optionally, the mobile management entity receives the authentication vector response message, performs signature verification on the primary authentication signature, generates a temporary mobile subscriber identity after the primary authentication signature passes verification, generates an authentication challenge message based on the authentication vector group and the temporary mobile subscriber identity, and sends the authentication challenge message to the vehicle-mounted mobile unit, and specifically includes:
after receiving the authentication vector response message and the primary authentication signature, the mobile management entity checks the freshness of the primary authentication second timestamp and performs primary authentication signature verification, after the primary authentication signature verification is passed, the authentication vector group is stored in a mobile management entity database, and a group of authentication vectors is randomly extracted;
the mobile management entity applies the hash message authentication code operation to obtain a temporary mobile user identification code according to a third random number and the IMSI, and confirms a first authentication third timestamp; the third random number is a random number which is generated by the mobile management entity and sent to the vehicle-mounted mobile unit when the vehicle-mounted mobile unit is accessed to the network for the first time; the third random number is data in a number field of the elliptic curve;
The mobile management entity calculates an intermediate key according to the master key and the third random number in the extracted authentication vector, and encrypts a mobile management entity identity identifier, the temporary mobile user identification code and the initial authentication third timestamp by using the intermediate key to obtain second encrypted data;
the mobile management entity generates the authentication challenge message based on the extracted authentication vector, the second encrypted data and the initial authentication third timestamp and sends the authentication challenge message to the vehicle-mounted mobile unit.
Optionally, the vehicle-mounted mobile unit receives the authentication challenge message, verifies a mobile management entity identifier in the authentication challenge message, verifies the message authentication code after the authentication is passed, generates a challenge response message after the authentication code is passed, and sends the challenge response message to the mobile management entity, and specifically includes:
after receiving the authentication challenge message, the vehicle-mounted mobile unit calculates the intermediate key according to the third random number and the master key in the extracted authentication vector, and decrypts the second encrypted data by using the intermediate key to obtain second decrypted data;
The vehicle-mounted mobile unit checks the freshness of the decrypted initial authentication third timestamp, verifies the accuracy of the decrypted mobile management entity identity, and calculates a second negotiation key according to the second intermediate data and the first random number corresponding to the extraction authentication vector after the identity passes the verification;
the vehicle-mounted mobile unit calculates an expected message authentication code according to the second negotiation key, the serial number and the hash message authentication code operation applied by the authentication management domain, judges whether the message authentication code is equal to the expected message authentication code, and if the message authentication code is equal to the expected message authentication code, the vehicle-mounted mobile unit stores the temporary mobile subscriber identity code and the master key in the extraction authentication vector;
the vehicle-mounted mobile unit calculates a challenge response based on the second negotiation key and the second intermediate data corresponding to the extracted authentication vector, generates the challenge response message based on the challenge response, and sends the challenge response message to the mobile management entity.
Optionally, the mobility management entity receives the challenge response message, compares the challenge response message with the expected response, generates an authentication success message after the comparison is passed, and sends the authentication success message to the home subscriber server; the home subscriber server receives the authentication success message, and updates the long-term shared key to complete initialization authentication, and specifically comprises the following steps:
After receiving the challenge response message, the mobile management entity compares the challenge response with the expected response in the extraction authentication vector, if the challenge response is equal to the expected response in the extraction authentication vector, the temporary mobile subscriber identity is saved, and the mobile management entity and the vehicle-mounted mobile unit are successfully authenticated;
the mobile management entity deletes the extracted authentication vector from the authentication vector group and sends the second intermediate data corresponding to the extracted authentication vector to the home subscriber server as the authentication success message;
and after receiving the authentication success message, the home subscriber server updates the long-term shared key into the first negotiation key corresponding to the extracted authentication vector to finish initialization authentication.
Optionally, when the on-board mobile unit needs to be connected with the mobility management entity which has completed initializing authentication again, the method further comprises re-authentication; the re-authentication includes:
the vehicle-mounted mobile unit extracts the temporary mobile subscriber identity from the memory of the vehicle-mounted mobile unit and generates a reauthentication first time stamp, applies the ECDSA signature algorithm to generate a reauthentication signature based on the temporary mobile subscriber identity, the reauthentication first time stamp and a private key of the vehicle-mounted mobile unit, and sends the reauthentication signature and a reauthentication request message to the mobile management entity; the reauthentication request message includes the temporary mobile subscriber identity and the reauthentication first timestamp;
The mobile management entity receives the reauthentication request message and the reauthentication signature, then carries out reauthentication signature verification, generates a reauthenticated temporary mobile subscriber identity after the reauthentication signature verification is passed, and generates a reauthentication request response message based on the reauthenticated temporary mobile subscriber identity and sends the reauthentication request response message to the vehicle-mounted mobile unit;
after receiving the reauthentication request response message, the vehicle-mounted mobile unit calculates the challenge response, generates a reauthentication response message and sends the reauthentication response message to the mobile management entity;
and after receiving the reauthentication response message, the mobile management entity compares the challenge response with the expected response, and after the comparison is passed, the two-way reauthentication between the vehicle-mounted mobile unit and the mobile management entity is completed.
Optionally, when the on-board mobile unit needs to connect with other mobile management entities, the method further includes handover authentication; the handover authentication includes:
the vehicle-mounted mobile unit generates a switching authentication request message based on a base station identifier of the mobile management entity before switching, a switching authentication first time stamp and the temporary mobile user identification code extracted from the vehicle-mounted mobile unit memory and sends the switching authentication request message to the mobile management entity after switching; the mobile management entity after the switching receives the switching authentication request message and forwards the switching authentication request message to the mobile management entity before the switching;
After receiving the handover authentication request message, the mobility management entity before handover determines the authentication vector corresponding to the temporary mobile subscriber identity, and deletes the authentication vector corresponding to the temporary mobile subscriber identity from the current authentication vector group; generating a switching authentication signature by applying the ECDSA signature algorithm, and sending the switching authentication signature and a first switching authentication response message to the switched mobile management entity; the first handover authentication response message includes remaining authentication vectors in the current authentication vector set;
after receiving the switching authentication signature and the first switching authentication response message, the mobile management entity performs switching authentication signature verification, generates a temporary mobile subscriber identity of switching authentication after the switching authentication signature verification is passed, generates a second switching authentication response message based on the temporary mobile subscriber identity of switching authentication, and sends the second switching authentication response message to the vehicle-mounted mobile unit;
after receiving the second handover authentication response message, the vehicle-mounted mobile unit calculates the challenge response and sends a handover challenge response message to the mobile management entity after handover;
After receiving the handover challenge response message, the mobile management entity after the handover compares the challenge response with the expected response, and after the comparison is passed, the bidirectional handover authentication between the vehicle-mounted mobile unit and the mobile management entity after the handover is completed.
The invention also provides an identity authentication system based on the ECDSA signature algorithm, which comprises an initialization authentication subsystem; the initialization authentication subsystem includes:
the access authentication message sending module is used for encrypting the IMSI, the vehicle-mounted mobile unit identity identifier and the base station identifier acquired by the vehicle-mounted mobile unit by using the public key of the home subscriber server and generating an access authentication message; the public key of the home subscriber server and the IMSI are security parameters stored in a USIM card in the USIM card registration process of the vehicle-mounted mobile unit;
an authentication vector request message sending module, configured to receive the access authentication message by a mobility management entity, and send an authentication vector request message to the home subscriber server based on the access authentication message, a network service number, and a base station identifier acquired by the mobility management entity;
An authentication vector response message sending module, configured to receive the authentication vector request message by the home subscriber server, verify accuracy of the authentication vector request message, generate an authentication vector group after the message passes the verification, apply an ECDSA signature algorithm to generate a primary authentication signature based on a private key of the home subscriber server, and send the primary authentication signature and the authentication vector response message to the mobility management entity; the authentication vector response message includes the authentication vector group; the authentication vector group comprises a plurality of authentication vectors; each of the authentication vectors includes a message authentication code, an anonymity key, a master key, an authentication token, and an expected response;
the mobile management entity is used for receiving the authentication vector response message and the initial authentication signature, carrying out signature verification on the initial authentication signature, generating a temporary mobile subscriber identity after the initial authentication signature is verified, generating an authentication challenge message based on the authentication vector group and the temporary mobile subscriber identity, and sending the authentication challenge message to the vehicle-mounted mobile unit;
the challenge response message sending module is used for receiving the authentication challenge message by the vehicle-mounted mobile unit, verifying the mobile management entity identity identifier in the authentication challenge message, verifying the message authentication code after the identity verification is passed, generating a challenge response message after the authentication code verification is passed, and sending the challenge response message to the mobile management entity;
The authentication success message sending module is used for receiving the challenge response message by the mobile management entity, comparing the challenge response message with the expected response, generating an authentication success message after the comparison is passed, and sending the authentication success message to the home subscriber server; and the home subscriber server receives the authentication success message and updates the long-term shared key to finish initialization authentication.
The invention also provides an electronic device comprising a memory and a processor, the memory is used for storing a computer program, and the processor runs the computer program to enable the electronic device to execute the identity authentication method based on the ECDSA signature algorithm.
According to the specific embodiment provided by the invention, the invention discloses the following technical effects:
the identity authentication method, the system and the equipment based on the ECDSA signature algorithm provided by the invention use the ECDSA signature algorithm, and can be used for confirming the identity information of both communication parties and proving whether the public key held by the communication parties is effective, thereby ensuring the security of an authentication channel. The invention encrypts the sensitive information IMSI and LAI by using the public key of the HSS, so that the sensitive information IMSI and LAI are not transmitted in a plaintext form in the transmission process, and the confidentiality of the sensitive information is effectively ensured. In the authentication process, the long-term shared secret key between the OBU and the HSS is updated after each authentication is successful, so that replay attack can be well resisted, forward security and other attacks can be guaranteed, and compared with the existing protocol at present, the invention has the security feature.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions of the prior art, the drawings that are needed in the embodiments will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a complete flowchart of identity authentication based on ECDSA signature algorithm under the track traffic LTE-R provided in embodiment 1 of the present invention;
fig. 2 is a detailed authentication procedure diagram of initializing authentication provided in embodiment 1 of the present invention;
fig. 3 is a detailed authentication procedure diagram of reauthentication provided in embodiment 1 of the present invention;
fig. 4 is a detailed authentication procedure diagram of handover authentication provided in embodiment 1 of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The LTE-R authentication protocol also has the following problems: (1) The vehicle moves at a high speed, resulting in instability of the connection; (2) The dense vehicles can cause an increase in the communication load of the signal tower, thereby affecting the efficiency of the authentication protocol.
In this regard, the present invention aims to provide an identity authentication method, system and device based on ECDSA signature algorithm, which can use ECDSA signature algorithm to provide higher reliability and higher efficiency data communication and identity authentication for LTE-R, and provide safer, more comprehensive and more intelligent communication service for railway industry, and in addition, can also improve the stability of connection and reduce the communication burden of LTE-R network.
In order that the above-recited objects, features and advantages of the present invention will become more readily apparent, a more particular description of the invention will be rendered by reference to the appended drawings and appended detailed description.
Example 1
The embodiment provides an identity authentication method based on ECDSA signature algorithm, as shown in FIG. 1, which comprises initializing authentication. The identity authentication method comprises the following steps: the mobile unit OBU, the mobility management entity MME and the home subscriber server HSS. eNodeB is an Evolved Node B, which is translated into an evolution type Node B, and is the name of a base station in LTE.
Global subscriber identity card registration:
USIM card registration is required before initializing authentication:
before the OBU accesses the MME, the OBU first needs to apply for registering the USIM card of the special global subscriber identity card in LTE-R, and selectsAs private key of OBU, +.>As public key of OBU +.>As private key of HSS->As a public key of the HSS. After the identity registration is completed, public key U of on-board mobile unit OBU is disclosed pb And a public key H of a home subscriber server HSS pb And stores security parameters in the USIM card, including: public key U of international mobile subscriber identity IMSI and on-board mobile unit OBU pb And private key U pr Public key H of mobile management entity HSS pb And private key H pr The long-term shared key K between the on-board mobile unit OBU and the home subscriber server HSS and the related variables involved in the elliptic curve in the ECDSA signature algorithm, and then the USIM card is installed on the OBU. Wherein, related variables involved in the elliptic curve in the ECDSA signature algorithm comprise base points and number domains of the elliptic curve; the numerical range of an elliptic curve refers to the range of point compositions that satisfy the elliptic curve equation.
(II) initializing authentication: the initialisation access phase needs to be performed when the OBU first accesses the network.
Specifically, as shown in fig. 2, the initialization authentication specifically includes:
(1) And the vehicle-mounted mobile unit encrypts the IMSI, the vehicle-mounted mobile unit identity identifier and the base station identifier acquired by the vehicle-mounted mobile unit by using the public key of the home subscriber server and generates an access authentication message. The method specifically comprises the following steps:
when OBU first accesses MME, it will first receive a third random number generated by MMEAnd an identity identifier +.>. Then selects a first random number +.>Wherein->A number field representing an elliptic curve and determining a primary authentication first time stamp T 1 Selecting a target home subscriber server identity identifier ID to be accessed HSS Calculate first intermediate data +.>And first hash data->,H 2 A hash message authentication code operation representing output 64 bits; ID (identity) OBU Representing an on-board mobile unit identity identifier; p represents the base point of the elliptic curve. Then, public key H of HSS is used pb For international mobile subscriber identity IMSI, vehicle mobile unit identity ID OBU The base station identifier LAI acquired by the vehicle-mounted mobile unit and the first intermediate data A obtained by calculation are encrypted and represented by Q to generate an access authentication message M 1 :{O,Q,T 1 And the information is transmitted to a mobile management entity MME through a wireless secure channel.
(2) And the mobile management entity MME receives the access authentication message and sends an authentication vector request message to the home subscriber server based on the access authentication message, the network service number and the base station identifier LAI' acquired by the mobile management entity.
When the MME receives the access authentication message M 1 After that, first checking the first time stamp T of the initial authentication 1 Then checking whether the home subscriber server HSS for the selected access is present; acquiring a base station identifier LAI 'and a network service number SNID associated with a mobility management entity MME, and combining the base station identifier LAI', the network service number SNID and an access authentication message M 1 Generating authentication vector request message M by concatenating 2 :{M 1 LAI', SNID }, sent to the home subscriber server HSS over a wireless secure channel.
(3) The home subscriber server receives the authentication vector request message, verifies the accuracy of the authentication vector request message, generates an authentication vector group after the message passes verification, generates a primary authentication signature by applying an ECDSA signature algorithm based on a private key of the home subscriber server, and sends the primary authentication signature and an authentication vector response message to the mobile management entity; the authentication vector response message includes the authentication vector group; the authentication vector group comprises a plurality of authentication vectors; each of the authentication vectors includes a message authentication code, an anonymity key, a master key, an authentication token, and an expected response. The method specifically comprises the following steps:
1) The home subscriber server HSS receives the authentication vector request message M 2 Then, verifying whether the network service number is correct, and if the network service number is incorrect, terminating the session; if the network service number is correct, the private key H of the home subscriber server is utilized pr Decrypting the first encrypted data Q to obtain first decrypted dataThe method comprises the steps of carrying out a first treatment on the surface of the The first decrypted data comprises a decrypted IMSI, decrypted first intermediate data A and a decrypted vehicle-mounted mobile unit identity identifier ID OBU And decrypted base station identity LAI;
2) And the home subscriber server verifies the identity of the vehicle-mounted mobile unit by using the decrypted vehicle-mounted mobile unit identity identifier and checks whether the decrypted base station identifier LAI is matched with the base station identifier LAI' acquired by the mobile management entity.
3) If the identity of the vehicle-mounted mobile unit passes the authentication and the decrypted base station identifier is matched with the base station identifier acquired by the mobile management entity, the home subscriber server determines the long-term shared key K according to the decrypted IMSI; if the authentication fails or the base station identifier matches fails, the session is terminated.
4) The home subscriber server computes second hash data based on the long-term shared key, decrypted first intermediate data, decrypted in-vehicle mobile unit identity identifier, the target home subscriber server identity identifier, and the initial authentication first timestamp Judging whether the first hash data O and the second hash data XO are equal or not; thereby checking the authentication vector request message M 2 If not, terminating the session.
5) If the first hash data and the second hash data are equal, the home subscriber server determines a first authentication second timestamp and randomly selects a plurality of second random numbers, denoted as b (i), i=1, 2, n; calculating each second random number and the base point of the elliptic curve to obtain a plurality of second intermediate dataA plurality of first negotiation keys +.>The method comprises the steps of carrying out a first treatment on the surface of the For each of the second random numbers, the corresponding second intermediate data B (i), the decrypted IMSI, the network service number SNID, the corresponding first negotiation key K UH (i) The serial number SQN and the authentication management domain AMF are used as input, and the message authentication code is calculated by utilizing the hash message authentication code operationSaid anonymity key->Said master key->The authentication tokenAnd the desired response +.>;H 1 Hash message authentication code operation H representing output 128 bits 2 Hash message authentication code operation H representing output 64 bits 3 Hash message authentication code operation H representing output 48 bits 4 Representing the output 256 bits of the hashed message authentication code operation.
6) The home subscriber server transmits the message authentication code MAC (i), the anonymity key AK (i), and the master key K ASME (i) The authentication token AUTN (i) and the expected response XRES (i) form an authentication vector, resulting in the authentication vector set AV comprising a plurality of the authentication vectors.
7) The home subscriber server selects one random number from the plurality of second random numbers, and the primary authentication second timestamp T is performed according to the selected second random number b, the base point P of the elliptic curve and the selected second random number b 2 The authentication vector AV (i) corresponding to the selected second random number and the private key H of the home subscriber server pr Generating the primary authentication signature by applying the ECDSA signature algorithm, i.e. calculating,Generating an initial authentication signature->. Which is a kind ofMod () represents modulo; q represents a large prime number in the elliptic curve. The home subscriber server responds the authentication vector to message M 3 { authentication vector group AV, T ] 2 And the combined signature and the initial authentication signature SigH are sent to a mobile management entity MME through a wireless secure channel.
(4) The mobile management entity receives the authentication vector response message M 3 And carrying out signature verification on the initial authentication signature SigH, generating a temporary mobile subscriber identity after the initial authentication signature verification is passed, generating an authentication challenge message based on the authentication vector group and the temporary mobile subscriber identity, and sending the authentication challenge message to the vehicle-mounted mobile unit.
When the MME receives the response message M of the access authentication vector 3 After the primary authentication signature SigH, the primary authentication second timestamp T is checked 2 And performs primary authentication signature verification, calculates,,/>,/>Verify equation->If not, terminating the session; otherwise (the primary authentication signature passes verification), the received authentication vector set AV is stored in a database of the authentication vector set AV, and a set of authentication vectors is randomly extracted; the mobility management entity MME then generates a temporary mobile subscriber identity +.>And a first authentication third timestamp T 3 Based on the master key K in the extracted authentication vector AV (i) ASME (i) And said third random number Ra calculates an intermediate key +.>Using the intermediate key K M For mobile management entity identity identifier ID MME The temporary mobile subscriber identity TMSI and the initial authentication third timestamp T 3 Encrypting to obtain second encrypted dataThe extracted authentication vector AV (i) is then compared with the initial authentication third timestamp T 3 Generating authentication challenge message M by concatenating second encrypted data INF 4 { extracted authentication vectors AV (i), INF, T 3 And transmitted to the on-board mobile unit OBU via a wireless secure channel.
(5) And the vehicle-mounted mobile unit receives the authentication challenge message, verifies the identity identifier of the mobile management entity in the authentication challenge message, verifies the message authentication code after the identity verification is passed, generates a challenge response message after the authentication code verification is passed, and sends the challenge response message to the mobile management entity.
When the on-board mobile unit OBU receives the authentication challenge message M 4 Then, the master key K in the authentication vector is extracted according to the third random number Ra ASME (i) Calculating intermediate keysAnd decrypting the second encrypted data INF with said intermediate key to obtain second decrypted data,/->The method comprises the steps of carrying out a first treatment on the surface of the Checking the primary authentication third timestamp T 3 And verify the accuracy of the decrypted mobile management entity identity (i.e., determine the decrypted ID) MME Whether or not equal to +.>) If not, terminating the session; otherwise, the identity identification passes verification, and then the second intermediate data and the first random number corresponding to the extraction authentication vector are obtainedCalculating a second negotiation key between the OBU and the HSS +.>Calculating a desired message authentication code based on said second negotiation key, said sequence number and said authentication management domain>Checking whether XMAC (i) is equal to message authentication code MAC (i), if not, terminating the session; otherwise, the OBU stores the TMSI and extracts the master key K in the authentication vector ASME (i) Generating a challenge response +/based on the second negotiation key and the second intermediate data corresponding to the extracted authentication vector >As challenge response message M 5 { RES (i) } is sent to the mobility management entity MME over a wireless secure channel.
(6) The mobility management entity receives the challenge response message M 5 Comparing the challenge response message with the expected response, generating an authentication success message after the comparison is passed, and sending the authentication success message to the home subscriber server; and the home subscriber server receives the authentication success message and updates the long-term shared key to finish initialization authentication.
When the mobile management entity MME receives the challenge response message M 5 Comparing the challenge response with the expected response in the extraction authentication vector, and terminating the session if the challenge response and the expected response are different; otherwise, the Temporary Mobile Subscriber Identity (TMSI) is stored, and authentication between the Mobile Management Entity (MME) and the on-board mobile unit (OBU) is successful. Subsequently, the extracted authentication vector is deleted, and the authentication vector group AV is updated. Taking second intermediate data B (i) corresponding to the extracted authentication vector as an authentication success message M 6 { B (i) } is sent to the home subscriber server HSS over a wireless secure channel.
The home subscriber server HSS receives the authentication success message M 6 Then, the home subscriber server HSS and the on-board mobile unit OBU are connected Is updated to a first negotiation K corresponding to the extraction authentication vector UH (i) I.e. the initialization authentication is completed, the on-board mobile unit OBU may communicate with the mobility management entity MME.
(III) a re-authentication stage: and when the OBU changes in position and needs to re-request access to the network, re-authentication is performed. As shown in fig. 3, the re-authentication includes:
(a) The OBU extracts the TMSI from the memory and generates a first time stampBased on the temporary mobile subscriber identity, the re-authentication first timestampAnd private key U of vehicle-mounted mobile unit pr And generating a reauthentication signature by applying the ECDSA signature algorithm, and sending the reauthentication signature and a reauthentication request message to the mobile management entity. The reauthentication request message includes the temporary mobile subscriber identity and the reauthentication first timestamp.
On-board mobile unit OBU extracts TMSI from memory and generates reauthentication first time stampSelecting a fourth random number from the number domain of the elliptic curve>Calculate->,/>,,/>GeneratingReauthentication signature->Will reauthenticate request message N 1 :{TMSI,/>And the reauthentication signature SigU is sent to the mobile management entity MME through a wireless secure channel.
(b) And the mobile management entity receives the reauthentication request message and the reauthentication signature, performs reauthentication signature verification, generates a reauthenticated temporary mobile subscriber identity after the reauthentication signature verification is passed, and generates a reauthentication request response message based on the reauthenticated temporary mobile subscriber identity and sends the reauthentication request response message to the vehicle-mounted mobile unit.
When the MME receives the re-authentication request message N 1 After the reauthentication signature SigU, the reauthentication first timestamp is checkedRe-authentication signature verification is performed, and calculation is performed,/>,Verify equation->If not, terminating the session; otherwise, searching out a corresponding authentication vector group through the IMSI, and executing a primary authentication process if the corresponding authentication vector group does not exist; extracting a group of authentication vectors AV (i) from the searched authentication vector group, and selecting and generating a fifth random number from the number domain of the elliptic curveAnd determines a reauthentication second timestamp +.>Generating a reauthenticated temporary mobile subscriber identity for the OBU based on the IMSI and said fifth random number +.>Preserving the master key K in the extracted authentication vector ASME (i) And expected response XRES (i), and generating re-authentication request response N by serially connecting the second intermediate data B (i) corresponding to the extracted authentication vector and the message verification code MAC (i) 2 :{B(i),MAC(i),/>,/>And transmitted to the on-board mobile unit OBU via a wireless secure channel.
(c) After receiving the reauthentication request response message, the vehicle-mounted mobile unit calculates the challenge response, generates a reauthentication response message and sends the reauthentication response message to the mobile management entity;
when the on-board mobile unit OBU receives the reauthentication request response message N 2 Then, the second time stamp is checked and re-authenticatedCalculates a second negotiation key between the on-board mobile unit OBU and the home subscriber server HSS +.>Generating a desired message authentication code->Checking whether XMAC (i) is equal to MAC (i), if not, terminating the session; otherwise, the on-board mobile unit OBU and the mobile management entity MME are successfully authenticated; saving the temporary mobile subscriber identity of the reauthentication, then generating a challenge response +.>Taking this as a reauthentication response message N 3 { RES (i) } is sent to the mobility management entity MME over a wireless secure channel.
(d) And after receiving the reauthentication response message, the mobile management entity compares the challenge response with the expected response, and after the comparison is passed, the two-way reauthentication between the vehicle-mounted mobile unit and the mobile management entity is completed.
When the MME receives the reauthentication response message N 3 Then, comparing the challenge response with the expected response XRES (i) in the authentication vector extracted in the step (b), and if the challenge response is different from the expected response XRES (i), terminating the session; otherwise, the MME and the OBU are successfully authenticated, and the temporary mobile subscriber identity of the reauthentication is saved. And (c) deleting the authentication vector extracted in the step (b), and updating the authentication vector set AV, namely finishing the bidirectional re-authentication between the OBU and the MME.
(IV) switching authentication: when the OBU moves to the old MME 0 With new MME n When the vehicle-mounted mobile unit needs to be connected with other mobile management entities, the method further comprises switching authentication; the handover authentication includes:
(i) The vehicle-mounted mobile unit generates a switching authentication request message based on a base station identifier of the mobile management entity before switching, a switching authentication first time stamp and the temporary mobile user identification code extracted from the vehicle-mounted mobile unit memory and sends the switching authentication request message to the mobile management entity after switching; and the mobile management entity after the handover receives the handover authentication request message and forwards the handover authentication request message to the mobile management entity before the handover.
When the OBU moves to the old MME 0 (the mobility management entity before handover) and a new MME n When the boundary of the mobile management entity after the handover, the OBU extracts TMSI and old MME from the memory 0 Base station identifier LAI of (a) o And generates a handover authentication first timestampGenerating a handover authentication request message S by concatenating them 1 :{TMSI,/>,LAI o Transmission to new MME over a wireless secure channel n 。
When new MME n Receiving the handover authentication request message S 1 After that, the first time stamp of switching authentication is checkedIs then checked for freshness of the old MME 0 Base station identifier LAI of (a) o Is then directed to the old MME o Transmitting S 2 :{TMSI,LAI o A handoff request.
(ii) The mobility management entity before handover receives a handover authentication request message S 2 Then, determining the authentication vector corresponding to the temporary mobile user identification code, and deleting the authentication vector corresponding to the temporary mobile user identification code from the current authentication vector group; generating a switching authentication signature by applying the ECDSA signature algorithm, and sending the switching authentication signature and a first switching authentication response message to the switched mobile management entity; the first handover authentication response message includes remaining authentication vectors of the current set of authentication vectors.
When the old MME o Receiving the handover authentication request message S 2 Searching the rest authentication vectors according to the TMSI, searching the related authentication vector information through the TMSI, deleting the authentication vector, and obtaining an unused authentication vector; then generating a sixth random numberAs private key, get public key +.>Generating a seventh random number +.>Calculation of,/>,/>,/>Generating a handover authentication signature->Will be connected in series to form a first switching authentication response message S 3 { remaining unused vector set, M pb SigM is transmitted to new MME through wireless secure channel n 。
(iii) After receiving the switching authentication signature and the first switching authentication response message, the mobile management entity after switching performs switching authentication signature verification, and generates a temporary mobile subscriber identity of switching authentication after the switching authentication signature verification is passedAnd generating a second switching authentication response message based on the temporary mobile subscriber identity of the switching authentication and sending the second switching authentication response message to the vehicle-mounted mobile unit.
When MME n Receiving the first handover authentication response message S 3 After switching the authentication signature SigM, performing signature verification and calculation,/>,/>,/>Verification, etc->If not, terminating the session;
otherwise, the rest authentication vector is stored to generate an eighth random number And switch authentication second timestamp +.>Temporary mobile subscriber identity for generating a handover authentication for an OBU +.>Randomly extracting a set of authentication vectors from the remaining authentication vectors>Concatenated into a second handover authentication response message S 4 :{/>,,/>And transmitted to the OBU over a wireless secure channel.
(IV) after receiving the second handover authentication response message, the in-vehicle mobile unit calculates the challenge response and sends a handover challenge response message to the mobile management entity after the handover;
when the OBU receives the second switching authentication response message S 4 After that, the second time stamp of switching authentication is checkedCalculates a second negotiation key between the on-board mobile unit OBU and the home subscriber server HSS +.>Generating a desired message authentication code->Checking whether XMAC (i) is equal to MAC (i), if not, terminating the session; otherwise, the on-board mobile unit OBU and the mobile management entity MME are successfully authenticated; temporary Mobile Subscriber Identity (TMSIM) for preserving handover authentication>Then generate challenge response +.>Taking the message as a switching challenge response message S 5 { RES (i) } sent to the new MME over a wireless secure channel n 。
And (V) after receiving the handover challenge response message, the mobile management entity after handover compares the challenge response with the expected response, and after the comparison is passed, the bidirectional handover authentication between the vehicle-mounted mobile unit and the mobile management entity after handover is completed.
Comparing the challenge response with the expected response XRES (i) in the authentication vector extracted in step (iii), if not, terminating the session; otherwise, the MME and the OBU are successfully authenticated, and the temporary mobile subscriber identity of the handover authentication is saved. Subsequently, deleting the authentication vector extracted in the step (iii), and updating the authentication vector set AV, namely completing the OBU and the new MME n And (3) bidirectional switching authentication between the two.
The embodiment has the following beneficial effects:
(1) The invention uses ECDSA signature algorithm, which can be used for confirming the identity information of both communication parties and proving whether the public key held by the communication parties is effective, thereby ensuring the security of the authentication channel. And generating a public and private key of the entity by using the elliptic curve, wherein the security of the key can be well ensured based on discrete logarithm difficulty.
(2) The invention encrypts the sensitive information IMSI and LAI by using the public key of the HSS, so that the sensitive information IMSI and LAI are not transmitted in a plaintext form in the transmission process, and the confidentiality of the sensitive information is effectively ensured. In the authentication process, the freshness of the time stamp is frequently checked, more random numbers are used for hiding the original information, and the long-term shared secret key between the OBU and the HSS is updated after each authentication success, so that replay attack, forward security and other attacks can be well resisted, and compared with the existing protocol, the invention has the security feature.
(3) The public key of the HSS is directly written into the memory of the card when the USIM is registered, so that the problems of public key certificate management and transmission are avoided, meanwhile, a relatively complex encryption algorithm is not used in the authentication process, only ECC operation (operation based on elliptic curve, namely, taking a value from the domain of the elliptic curve to participate in calculation in the authentication process, such as the process that a random number is multiplied by a base point by first intermediate data, namely, A=a.P) and a hash function are used, the communication burden of an LTE-R network can be effectively reduced, and a lightweight identity authentication protocol is realized.
Example 2
The embodiment provides an identity authentication system based on an ECDSA signature algorithm, which comprises an initialization authentication subsystem; the initialization authentication subsystem includes:
the access authentication message sending module is used for encrypting the IMSI, the vehicle-mounted mobile unit identity identifier and the base station identifier acquired by the vehicle-mounted mobile unit by using the public key of the home subscriber server and generating an access authentication message; and the public key of the home subscriber server and the IMSI are security parameters stored in a USIM card in the USIM card registration process of the vehicle-mounted mobile unit.
And the authentication vector request message sending module is used for receiving the access authentication message by the mobile management entity and sending the authentication vector request message to the home subscriber server based on the access authentication message, the network service number and the base station identifier acquired by the mobile management entity.
An authentication vector response message sending module, configured to receive the authentication vector request message by the home subscriber server, verify accuracy of the authentication vector request message, generate an authentication vector group after the message passes the verification, apply an ECDSA signature algorithm to generate a primary authentication signature based on a private key of the home subscriber server, and send the primary authentication signature and the authentication vector response message to the mobility management entity; the authentication vector response message includes the authentication vector group; the authentication vector group comprises a plurality of authentication vectors; each of the authentication vectors includes a message authentication code, an anonymity key, a master key, an authentication token, and an expected response.
And the authentication challenge message sending module is used for receiving the authentication vector response message and the initial authentication signature by the mobile management entity, carrying out signature verification on the initial authentication signature, generating a temporary mobile subscriber identity after the initial authentication signature passes verification, generating an authentication challenge message based on the authentication vector group and the temporary mobile subscriber identity, and sending the authentication challenge message to the vehicle-mounted mobile unit.
The challenge response message sending module is used for receiving the authentication challenge message by the vehicle-mounted mobile unit, verifying the mobile management entity identity identifier in the authentication challenge message, verifying the message authentication code after the identity verification is passed, generating the challenge response message after the authentication code verification is passed, and sending the challenge response message to the mobile management entity.
The authentication success message sending module is used for receiving the challenge response message by the mobile management entity, comparing the challenge response message with the expected response, generating an authentication success message after the comparison is passed, and sending the authentication success message to the home subscriber server; and the home subscriber server receives the authentication success message and updates the long-term shared key to finish initialization authentication.
Example 3
The present embodiment provides an electronic device including a memory and a processor, where the memory is configured to store a computer program, and the processor is configured to execute the computer program to cause the electronic device to execute the identity authentication method based on the ECDSA signature algorithm of embodiment 1.
Alternatively, the electronic device may be a server.
In addition, the embodiment of the present invention further provides a computer readable storage medium storing a computer program, where the computer program when executed by a processor implements the identity authentication method based on the ECDSA signature algorithm of embodiment 1.
Embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In the present specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different point from other embodiments, and identical and similar parts between the embodiments are all enough to refer to each other. For the system disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant points refer to the description of the method section.
The principles and embodiments of the present invention have been described herein with reference to specific examples, the description of which is intended only to assist in understanding the methods of the present invention and the core ideas thereof; also, it is within the scope of the present invention to be modified by those of ordinary skill in the art in light of the present teachings. In view of the foregoing, this description should not be construed as limiting the invention.
Claims (10)
1. An identity authentication method based on an ECDSA signature algorithm is characterized by comprising the steps of initializing authentication; the initializing authentication includes:
the method comprises the steps that a vehicle-mounted mobile unit encrypts an IMSI, a vehicle-mounted mobile unit identity identifier and a base station identifier acquired by the vehicle-mounted mobile unit by using a public key of a home subscriber server and generates an access authentication message; the public key of the home subscriber server and the IMSI are security parameters stored in a USIM card in the USIM card registration process of the vehicle-mounted mobile unit;
the mobile management entity receives the access authentication message and sends an authentication vector request message to the home subscriber server based on the access authentication message, a network service number and a base station identifier acquired by the mobile management entity;
The home subscriber server receives the authentication vector request message, verifies the accuracy of the authentication vector request message, generates an authentication vector group after the message passes verification, generates a primary authentication signature by applying an ECDSA signature algorithm based on a private key of the home subscriber server, and sends the primary authentication signature and an authentication vector response message to the mobile management entity; the authentication vector response message includes the authentication vector group; the authentication vector group comprises a plurality of authentication vectors; each of the authentication vectors includes a message authentication code, an anonymity key, a master key, an authentication token, and an expected response;
the mobile management entity receives the authentication vector response message and the initial authentication signature, performs signature verification on the initial authentication signature, generates a temporary mobile subscriber identity after the initial authentication signature is verified, generates an authentication challenge message based on the authentication vector group and the temporary mobile subscriber identity, and sends the authentication challenge message to the vehicle-mounted mobile unit;
the vehicle-mounted mobile unit receives the authentication challenge message, verifies the identity identifier of the mobile management entity in the authentication challenge message, verifies the message authentication code after the identity verification is passed, generates a challenge response message after the authentication code verification is passed, and sends the challenge response message to the mobile management entity;
The mobile management entity receives the challenge response message, compares the challenge response message with the expected response, generates an authentication success message after the comparison is passed, and sends the authentication success message to the home subscriber server; and the home subscriber server receives the authentication success message and updates the long-term shared key to finish initialization authentication.
2. The method according to claim 1, wherein the mobile unit encrypts the IMSI, the mobile unit identifier and the base station identifier acquired by the mobile unit with the public key of the home subscriber server and generates an access authentication message, in particular comprising:
the vehicle-mounted mobile unit determines a first time stamp for initial authentication, selects a first random number from a number field of an elliptic curve in an ECDSA signature algorithm, and calculates first intermediate data based on the first random number and a base point of the elliptic curve in the ECDSA signature algorithm; the base point of the elliptic curve and the number domain of the elliptic curve are security parameters stored in a USIM card in the USIM card registration process of the vehicle-mounted mobile unit; the number domain of the elliptic curve is a value domain formed by points meeting an elliptic curve equation;
The vehicle-mounted mobile unit determines a target home subscriber server identity identifier to be accessed, and applies hash message authentication code operation to obtain first hash data based on the first intermediate data, the target home subscriber server identity identifier, the long-term shared key, the vehicle-mounted mobile unit identity identifier and the initial authentication first time stamp;
the vehicle-mounted mobile unit encrypts the IMSI, the first intermediate data, the vehicle-mounted mobile unit identity identifier and a base station identifier acquired by the vehicle-mounted mobile unit by using a public key of the home subscriber server to obtain first encrypted data;
the vehicle-mounted mobile unit generates the access authentication message based on the first hash data, the first encryption data and the initial authentication first time stamp and sends the access authentication message to the mobile management entity.
3. The method of claim 2, wherein the home subscriber server receives the authentication vector request message, verifies the accuracy of the authentication vector request message, generates an authentication vector group after the message verification is passed and generates a primary authentication signature based on a private key of the home subscriber server by applying an ECDSA signature algorithm, and sends the primary authentication signature and an authentication vector response message to the mobility management entity; the authentication vector response message includes the authentication vector group, and specifically includes:
After receiving the authentication vector request message and the initial authentication signature, the home subscriber server verifies whether the network service number is correct, and if the network service number is correct, the first encrypted data is decrypted by using a private key of the home subscriber server to obtain first decrypted data; the first decrypted data comprises a decrypted IMSI, decrypted first intermediate data, a decrypted vehicle-mounted mobile unit identity identifier and a decrypted base station identifier;
the home subscriber server verifies the identity of the vehicle-mounted mobile unit by using the decrypted vehicle-mounted mobile unit identity identifier and checks whether the decrypted base station identifier is matched with the base station identifier acquired by the mobile management entity;
if the identity of the vehicle-mounted mobile unit passes the authentication and the decrypted base station identifier is matched with the base station identifier acquired by the mobile management entity, the home subscriber server determines the long-term shared key according to the decrypted IMSI;
the home subscriber server calculates second hash data based on the long-term shared key, the decrypted first intermediate data, the decrypted vehicle-mounted mobile unit identity identifier, the target home subscriber server identity identifier and the initial authentication first timestamp, and judges whether the first hash data and the second hash data are equal;
When the first hash data and the second hash data are equal, the home subscriber server determines a first authentication second time stamp and randomly selects a plurality of second random numbers, and calculates each second random number and a base point of the elliptic curve respectively to obtain a plurality of second intermediate data;
the home subscriber server calculates each second random number and the first intermediate data respectively to obtain a plurality of first negotiation keys; for each second random number, taking the corresponding second intermediate data, the decrypted IMSI, the network service number, the corresponding first negotiation key, a serial number and an authentication management domain as input, and calculating to obtain the message authentication code, the anonymity key, the master key, the authentication token and the expected response by using the hash message authentication code operation;
the home subscriber server forms each message authentication code, the corresponding anonymity key, the master key, the authentication token and the expected response into one authentication vector to obtain the authentication vector group;
the home subscriber server selects one random number from a plurality of second random numbers, and generates the initial authentication signature by applying the ECDSA signature algorithm according to the selected second random number, the base point of the elliptic curve, the initial authentication second time stamp, the authentication vector corresponding to the selected second random number and the private key of the home subscriber server;
The home subscriber server sends an authentication vector response message and the primary authentication signature to the mobility management entity, the authentication vector response message including the authentication vector set and the primary authentication second timestamp.
4. A method according to claim 3, wherein the mobile management entity receives the authentication vector response message, performs signature verification on the initial authentication signature, generates a temporary mobile subscriber identity after the initial authentication signature verification is passed, generates an authentication challenge message based on the authentication vector group and the temporary mobile subscriber identity, and transmits the authentication challenge message to the vehicle-mounted mobile unit, and specifically comprises:
after receiving the authentication vector response message and the primary authentication signature, the mobile management entity checks the freshness of the primary authentication second timestamp and performs primary authentication signature verification, after the primary authentication signature verification is passed, the authentication vector group is stored in a mobile management entity database, and a group of authentication vectors is randomly extracted;
the mobile management entity applies the hash message authentication code operation to obtain a temporary mobile user identification code according to a third random number and the IMSI, and confirms a first authentication third timestamp; the third random number is a random number which is generated by the mobile management entity and sent to the vehicle-mounted mobile unit when the vehicle-mounted mobile unit is accessed to the network for the first time; the third random number is data in a number field of the elliptic curve;
The mobile management entity calculates an intermediate key according to the master key and the third random number in the extracted authentication vector, and encrypts a mobile management entity identity identifier, the temporary mobile user identification code and the initial authentication third timestamp by using the intermediate key to obtain second encrypted data;
the mobile management entity generates the authentication challenge message based on the extracted authentication vector, the second encrypted data and the initial authentication third timestamp and sends the authentication challenge message to the vehicle-mounted mobile unit.
5. The method according to claim 4, wherein the vehicle-mounted mobile unit receives the authentication challenge message, verifies a mobile management entity identifier in the authentication challenge message, verifies the message authentication code after the authentication is passed, generates a challenge response message after the authentication code is passed, and sends the challenge response message to the mobile management entity, and specifically comprises:
after receiving the authentication challenge message, the vehicle-mounted mobile unit calculates the intermediate key according to the third random number and the master key in the extracted authentication vector, and decrypts the second encrypted data by using the intermediate key to obtain second decrypted data;
The vehicle-mounted mobile unit checks the freshness of the decrypted initial authentication third timestamp, verifies the accuracy of the decrypted mobile management entity identity, and calculates a second negotiation key according to the second intermediate data and the first random number corresponding to the extraction authentication vector after the identity passes the verification;
the vehicle-mounted mobile unit calculates an expected message authentication code according to the second negotiation key, the serial number and the hash message authentication code operation applied by the authentication management domain, judges whether the message authentication code is equal to the expected message authentication code, and if the message authentication code is equal to the expected message authentication code, the vehicle-mounted mobile unit stores the temporary mobile subscriber identity code and the master key in the extraction authentication vector;
the vehicle-mounted mobile unit calculates a challenge response based on the second negotiation key and the second intermediate data corresponding to the extracted authentication vector, generates the challenge response message based on the challenge response, and sends the challenge response message to the mobile management entity.
6. The method of claim 5, wherein the mobility management entity receives the challenge response message, compares the challenge response message with the expected response, and generates an authentication success message and sends the authentication success message to the home subscriber server after the comparison is passed; the home subscriber server receives the authentication success message, and updates the long-term shared key to complete initialization authentication, and specifically comprises the following steps:
After receiving the challenge response message, the mobile management entity compares the challenge response with the expected response in the extraction authentication vector, if the challenge response is equal to the expected response in the extraction authentication vector, the temporary mobile subscriber identity is saved, and the mobile management entity and the vehicle-mounted mobile unit are successfully authenticated;
the mobile management entity deletes the extracted authentication vector from the authentication vector group and sends the second intermediate data corresponding to the extracted authentication vector to the home subscriber server as the authentication success message;
and after receiving the authentication success message, the home subscriber server updates the long-term shared key into the first negotiation key corresponding to the extracted authentication vector to finish initialization authentication.
7. The method of claim 6, wherein when the in-vehicle mobile unit requires a re-connection with the mobility management entity that has completed initializing authentication, the method further comprises re-authenticating; the re-authentication includes:
the vehicle-mounted mobile unit extracts the temporary mobile subscriber identity from the memory of the vehicle-mounted mobile unit and generates a reauthentication first time stamp, applies the ECDSA signature algorithm to generate a reauthentication signature based on the temporary mobile subscriber identity, the reauthentication first time stamp and a private key of the vehicle-mounted mobile unit, and sends the reauthentication signature and a reauthentication request message to the mobile management entity; the reauthentication request message includes the temporary mobile subscriber identity and the reauthentication first timestamp;
The mobile management entity receives the reauthentication request message and the reauthentication signature, then carries out reauthentication signature verification, generates a reauthenticated temporary mobile subscriber identity after the reauthentication signature verification is passed, and generates a reauthentication request response message based on the reauthenticated temporary mobile subscriber identity and sends the reauthentication request response message to the vehicle-mounted mobile unit;
after receiving the reauthentication request response message, the vehicle-mounted mobile unit calculates the challenge response, generates a reauthentication response message and sends the reauthentication response message to the mobile management entity;
and after receiving the reauthentication response message, the mobile management entity compares the challenge response with the expected response, and after the comparison is passed, the two-way reauthentication between the vehicle-mounted mobile unit and the mobile management entity is completed.
8. The method of claim 6, further comprising switching authentication when the in-vehicle mobile unit needs to connect with other of the mobility management entities; the handover authentication includes:
the vehicle-mounted mobile unit generates a switching authentication request message based on a base station identifier of the mobile management entity before switching, a switching authentication first time stamp and the temporary mobile user identification code extracted from the vehicle-mounted mobile unit memory and sends the switching authentication request message to the mobile management entity after switching; the mobile management entity after the switching receives the switching authentication request message and forwards the switching authentication request message to the mobile management entity before the switching;
After receiving the handover authentication request message, the mobility management entity before handover determines the authentication vector corresponding to the temporary mobile subscriber identity, and deletes the authentication vector corresponding to the temporary mobile subscriber identity from the current authentication vector group; generating a switching authentication signature by applying the ECDSA signature algorithm, and sending the switching authentication signature and a first switching authentication response message to the switched mobile management entity; the first handover authentication response message includes remaining authentication vectors in the current authentication vector set;
after receiving the switching authentication signature and the first switching authentication response message, the mobile management entity performs switching authentication signature verification, generates a temporary mobile subscriber identity of switching authentication after the switching authentication signature verification is passed, generates a second switching authentication response message based on the temporary mobile subscriber identity of switching authentication, and sends the second switching authentication response message to the vehicle-mounted mobile unit;
after receiving the second handover authentication response message, the vehicle-mounted mobile unit calculates the challenge response and sends a handover challenge response message to the mobile management entity after handover;
After receiving the handover challenge response message, the mobile management entity after the handover compares the challenge response with the expected response, and after the comparison is passed, the bidirectional handover authentication between the vehicle-mounted mobile unit and the mobile management entity after the handover is completed.
9. An identity authentication system based on ECDSA signature algorithm, which is characterized by comprising an initialization authentication subsystem; the initialization authentication subsystem includes:
the access authentication message sending module is used for encrypting the IMSI, the vehicle-mounted mobile unit identity identifier and the base station identifier acquired by the vehicle-mounted mobile unit by using the public key of the home subscriber server and generating an access authentication message; the public key of the home subscriber server and the IMSI are security parameters stored in a USIM card in the USIM card registration process of the vehicle-mounted mobile unit;
an authentication vector request message sending module, configured to receive the access authentication message by a mobility management entity, and send an authentication vector request message to the home subscriber server based on the access authentication message, a network service number, and a base station identifier acquired by the mobility management entity;
An authentication vector response message sending module, configured to receive the authentication vector request message by the home subscriber server, verify accuracy of the authentication vector request message, generate an authentication vector group after the message passes the verification, apply an ECDSA signature algorithm to generate a primary authentication signature based on a private key of the home subscriber server, and send the primary authentication signature and the authentication vector response message to the mobility management entity; the authentication vector response message includes the authentication vector group; the authentication vector group comprises a plurality of authentication vectors; each of the authentication vectors includes a message authentication code, an anonymity key, a master key, an authentication token, and an expected response;
the mobile management entity is used for receiving the authentication vector response message and the initial authentication signature, carrying out signature verification on the initial authentication signature, generating a temporary mobile subscriber identity after the initial authentication signature is verified, generating an authentication challenge message based on the authentication vector group and the temporary mobile subscriber identity, and sending the authentication challenge message to the vehicle-mounted mobile unit;
the challenge response message sending module is used for receiving the authentication challenge message by the vehicle-mounted mobile unit, verifying the mobile management entity identity identifier in the authentication challenge message, verifying the message authentication code after the identity verification is passed, generating a challenge response message after the authentication code verification is passed, and sending the challenge response message to the mobile management entity;
The authentication success message sending module is used for receiving the challenge response message by the mobile management entity, comparing the challenge response message with the expected response, generating an authentication success message after the comparison is passed, and sending the authentication success message to the home subscriber server; and the home subscriber server receives the authentication success message and updates the long-term shared key to finish initialization authentication.
10. An electronic device comprising a memory for storing a computer program and a processor that operates the computer program to cause the electronic device to perform the ECDSA signature algorithm based identity authentication method of any one of claims 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310833201.9A CN116567633B (en) | 2023-07-10 | 2023-07-10 | Identity authentication method, system and equipment based on ECDSA signature algorithm |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310833201.9A CN116567633B (en) | 2023-07-10 | 2023-07-10 | Identity authentication method, system and equipment based on ECDSA signature algorithm |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116567633A true CN116567633A (en) | 2023-08-08 |
| CN116567633B CN116567633B (en) | 2023-10-10 |
Family
ID=87486485
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310833201.9A Active CN116567633B (en) | 2023-07-10 | 2023-07-10 | Identity authentication method, system and equipment based on ECDSA signature algorithm |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116567633B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104754581A (en) * | 2015-03-24 | 2015-07-01 | 河海大学 | Public key password system based LTE wireless network security certification system |
| CN108092776A (en) * | 2017-12-04 | 2018-05-29 | 南京南瑞信息通信科技有限公司 | A kind of authentication server and authentication token |
| CN108809637A (en) * | 2018-05-02 | 2018-11-13 | 西南交通大学 | The car-ground communication Non-Access Stratum authentication key agreement methods of LTE-R based on mixed cipher |
| US20190149545A1 (en) * | 2017-11-15 | 2019-05-16 | Parallel Wireless, Inc. | Two-Factor Authentication in a Cellular Radio Access Network |
| CN112055333A (en) * | 2020-10-21 | 2020-12-08 | 西南交通大学 | LTE-R vehicle-ground wireless communication security authentication method without certificate proxy signature |
| CN114362993A (en) * | 2021-11-24 | 2022-04-15 | 北京理工大学 | Block chain assisted Internet of vehicles security authentication method |
| US20230014894A1 (en) * | 2021-07-08 | 2023-01-19 | Cisco Technology, Inc. | Quantum resistant secure key distribution in various protocols and technologies |
| CN116405187A (en) * | 2023-04-21 | 2023-07-07 | 石家庄铁道大学 | Distributed node intrusion situation sensing method based on block chain |
-
2023
- 2023-07-10 CN CN202310833201.9A patent/CN116567633B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104754581A (en) * | 2015-03-24 | 2015-07-01 | 河海大学 | Public key password system based LTE wireless network security certification system |
| US20190149545A1 (en) * | 2017-11-15 | 2019-05-16 | Parallel Wireless, Inc. | Two-Factor Authentication in a Cellular Radio Access Network |
| CN108092776A (en) * | 2017-12-04 | 2018-05-29 | 南京南瑞信息通信科技有限公司 | A kind of authentication server and authentication token |
| CN108809637A (en) * | 2018-05-02 | 2018-11-13 | 西南交通大学 | The car-ground communication Non-Access Stratum authentication key agreement methods of LTE-R based on mixed cipher |
| CN112055333A (en) * | 2020-10-21 | 2020-12-08 | 西南交通大学 | LTE-R vehicle-ground wireless communication security authentication method without certificate proxy signature |
| US20230014894A1 (en) * | 2021-07-08 | 2023-01-19 | Cisco Technology, Inc. | Quantum resistant secure key distribution in various protocols and technologies |
| CN114362993A (en) * | 2021-11-24 | 2022-04-15 | 北京理工大学 | Block chain assisted Internet of vehicles security authentication method |
| CN116405187A (en) * | 2023-04-21 | 2023-07-07 | 石家庄铁道大学 | Distributed node intrusion situation sensing method based on block chain |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116567633B (en) | 2023-10-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108809637B (en) | LTE-R vehicle-ground communication non-access stratum authentication key agreement method based on mixed password | |
| WO2020177768A1 (en) | Network verification method, apparatus, and system | |
| US8379854B2 (en) | Secure wireless communication | |
| CN108260102B (en) | LTE-R vehicle-ground communication non-access layer authentication method based on proxy signature | |
| TWI361609B (en) | System and method for wireless mobile network authentication | |
| CN109889484B (en) | Information security method and device for rail transit vehicle-mounted signal control system | |
| CN111314056A (en) | Heaven and earth integrated network anonymous access authentication method based on identity encryption system | |
| US11159940B2 (en) | Method for mutual authentication between user equipment and a communication network | |
| CN111630882B (en) | User equipment, authentication server, medium, and method and system for determining key | |
| CN101009919A (en) | Authentication method based on the end-to-end communication of the mobile network | |
| CN107204847B (en) | System and method for access authentication and key agreement of air overhead traveling crane ground track private network | |
| CN111147231A (en) | Key agreement method, related device and system | |
| CN110166445A (en) | A kind of the secret protection anonymous authentication and cryptographic key negotiation method of identity-based | |
| CN101192927A (en) | Authorization based on identity confidentiality and multiple authentication method | |
| CN112055333B (en) | LTE-R vehicle-ground wireless communication security authentication method without certificate proxy signature | |
| CN110248334B (en) | LTE-R vehicle-ground communication non-access stratum authentication method | |
| EP3381208B1 (en) | Charging record authentication for anonymized network service utilization | |
| CN116567633B (en) | Identity authentication method, system and equipment based on ECDSA signature algorithm | |
| CN111770496B (en) | 5G-AKA authentication method, unified data management network element and user equipment | |
| US9038143B2 (en) | Method and system for network access control | |
| CN108337661B (en) | LTE-R vehicle-ground communication access layer switching authentication method based on bill | |
| CN116528235B (en) | Vehicle-ground wireless communication authentication method and system based on extended chebyshev polynomial | |
| CN100499899C (en) | Playback attack prevention method | |
| CN114301593B (en) | EAP authentication system and method based on quantum key | |
| CN117614626B (en) | Lightweight identity authentication method based on PUF |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |