CN116866908B - 5G authentication and key agreement method based on segmented block chain - Google Patents

5G authentication and key agreement method based on segmented block chain Download PDF

Info

Publication number
CN116866908B
CN116866908B CN202310938245.8A CN202310938245A CN116866908B CN 116866908 B CN116866908 B CN 116866908B CN 202310938245 A CN202310938245 A CN 202310938245A CN 116866908 B CN116866908 B CN 116866908B
Authority
CN
China
Prior art keywords
leader
node
proposal
signature
algorithm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202310938245.8A
Other languages
Chinese (zh)
Other versions
CN116866908A (en
Inventor
刘懿中
邢馨心
白琳
韩瑞
刘建伟
王景璟
周琳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beihang University
Original Assignee
Beihang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beihang University filed Critical Beihang University
Priority to CN202310938245.8A priority Critical patent/CN116866908B/en
Publication of CN116866908A publication Critical patent/CN116866908A/en
Application granted granted Critical
Publication of CN116866908B publication Critical patent/CN116866908B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/46Secure multiparty computation, e.g. millionaire problem
    • H04L2209/463Electronic voting

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a 5G authentication and key agreement method based on a sliced block chain, which belongs to the technical field of 5G systems and comprises the following steps: s1: designing multi-leader Bayesian-family fault-tolerant algorithm II MLBFT Parallel processing of non-contradictory requests by multiple leaders; s2: by applying pi MLBFT Algorithm, replacing a single HN node in a 5G AKA protocol with an HN committee, so that the committee can tolerate 1/3 node as a malicious node, and obtaining a 5G AKA protocol pi based on a sliced block chain SBAKA . The invention greatly improves the fault tolerance of malicious nodes, greatly improves the efficiency of the consensus algorithm, and has good use value and wide application prospect.

Description

5G authentication and key agreement method based on segmented block chain
Technical Field
The invention belongs to the technical field of 5G systems, and particularly relates to a 5G authentication and key negotiation method based on a fragment block chain.
Background
The fifth generation mobile communication technology (5G) is rapidly developed in various countries in the world at present, and is widely applied to a plurality of emerging fields such as unmanned driving, edge computing, federal learning, internet of things, metauniverse and the like. In 2017, the third generation partnership project (3rd Generation Partnership Project,3GPP) promulgates a 5G authentication and key agreement protocol (5G Authentication and Key Agreement Protocol,5G AKA) in the 5G system security architecture and flow technical specifications. The protocol realizes interactive authentication and key negotiation among User Equipment (UE), home Network (HN) and Service Network (SN) through a challenge-response mechanism, and is a core mechanism for guaranteeing the 5G technical security.
The 5GAKA protocol still suffers from some drawbacks. First, in terms of security, the home network is composed of a single node, resulting in insufficient fault tolerance of the system. Once the home network server fails or is under attack, such as a distributed denial of service attack, a corrupt attack, etc., a secure authentication service cannot be provided. Secondly, in terms of throughput and delay, a single HN server has performance bottlenecks, and concurrent access requests of mass 5G devices in the scene of the Internet of things cannot be met. Third, existing architectures are not scalable enough in terms of scalability. As the number of users increases, performance cannot be improved by adding HN nodes. Fourth, in terms of privacy, user information is stored in a single semi-honest HN node, bringing higher risks to data security and privacy. Fifth, the user authentication history is difficult to record permanently and trustfully.
Disclosure of Invention
In view of the above, the present invention aims to provide a 5G authentication and key negotiation method based on a sliced blockchain, which is directed to the single point vulnerability problem of HN nodes in a 5G AKA protocol, combines the sliced blockchain technology, the consensus algorithm, etc., designs a multi-leader bayer occupational fault-tolerant protocol with a high degree of parallelism, and improves the 5G AKA protocol on the basis.
In order to achieve the above purpose, the present invention provides the following technical solutions:
A5G authentication and key agreement method based on a sliced blockchain comprises the following steps:
s1: design multi-leader Bayesian and busy court fault tolerance algorithm II MLBFT Parallel processing of non-contradictory requests by multiple leaders;
s2: by using II MLBFT Algorithm, replacing a single HN node in a 5G AKA protocol with an HN committee, so that the committee can tolerate 1/3 node as a malicious node, and obtaining a 5G AKA protocol II based on a sliced block chain SBAKA
Further, step S1 is a multi-leader Bayesian fault tolerance algorithm II MLBFT The method specifically comprises the following steps:
s11: running a distributed key generation algorithm to generate a node public and private key;
s12: leading from II SBAKA After receiving the input, constructing a corresponding proposal;
s13: the leader broadcasts a proposal, and the recipient node votes for the legal proposal;
s14: after receiving enough legal votes, the leader aggregates the signatures in the votes into promise proof;
s15: the leader constructs a proposal message and will broadcast using the proposal and proof of promise;
s16: for legal proposal messages, the node updates the local states of the first two proposals; constructing a new block and updating the state of the local block chain;
s17: if the proposal is legal, the node votes to the leader; if not, triggering a view conversion mechanism;
s18: if the leader has malicious behaviors, the leader can be replaced through a view conversion stage; there are two different situations in the view transition phase.
Further, the step S11 specifically includes: the node in each fragment invokes a distributed key generation algorithm DKG to generate a public key and a private key of the node, wherein the distributed key generation algorithm DKG is as follows:
DKG(1 λ )→(dsk i ,dpk i ,TPK)
the input is a security parameter lambda, and the public and private keys dpk of each participant are output i ,dsk i And a total public key TPK.
Further, in the step S12, the method specifically includes: when one leader ML in a shard I From II SBAKA Is received input (SUPI, PK) SN ) (Res, H (SUCI)) or { SUPI, K, b } |q| After that, call ACom, KCom or MTCom to construct corresponding proposalThe ACom, KCom or MTCom are all proposed processing algorithms.
Further, the ACom algorithm flow is as follows:
input SUPI, PK SN The method comprises the steps of carrying out a first treatment on the surface of the If it isOutputting a reject instruction reject, otherwise:
xRes=Challenge(R,K,PK SN ),hxRes=H(xRes,R)
store (H (SUCI), xRes), return (AUTN, R, hxRes);
the KCom algorithm flow is as follows:
inputs Res, H (sui);
obtaining xRes corresponding to H (SUCI), if Res=xRes, calculatingOutput K seaf The method comprises the steps of carrying out a first treatment on the surface of the Otherwise, outputting a reject instruction reject;
the MTCom algorithm flow is as follows:
input { SUPI, K, b } |q| The method comprises the steps of carrying out a first treatment on the surface of the Using leaf node SUPI 1 ||K 1 ||b 1 ,…,SUPI q ||K q ||b q Updating the merck tree MT I The method comprises the steps of carrying out a first treatment on the surface of the Computing the root MR of the Merck tree I =MT I Mroot, output (MT I ,MR I )。
Further, in step S13, the leader ML I Broadcast proposalThe receiver node votes for legal proposal and attaches a threshold signShare of name; in step S14, when the leader ML I After receiving enough legal votes, the signature in the votes is aggregated by using a threshold signature technique, and a promise proof is calculated>And is directed to pi SBAKA Output-> Or->The threshold signature technique is as follows: assuming that there are n participants, a (t, n) threshold signature algorithm first applies a distributed key generation technique DKG to generate a public-private key dpk interrelated between the n participants i ,dsk i And a total public key TPK; in calculating the signature, each honest party calculates the signature share σ i When the legal signature share collected by an aggregator is greater than or equal to t, a legal threshold signature sigma can be aggregated; in the threshold signature algorithm, any t-1 participants cannot obtain any information related to the signature; the black box of the threshold signature is described as follows:
(1)DKG(1 λ )→(dsk i ,dpk i TPK) that is a distributed key generation algorithm, inputs as a security parameter λ, outputs each participant's public-private key dpk i ,dsk i And a total public key TPK;
(2)SSign(dsk i ,m)→(σ i m) for signature share generation algorithm, input for each participant's private key dsk i And message m, output as signature share sigma i And message m;
(3)SVer(σ i ,dpk i m) →0/1, the algorithm is a signature share verification algorithm, and the input is signature share sigma i Signer's public key dpk i And message m, output boolean value0 or 1.
Further, in step S18, if the leader has malicious behavior, the leader is replaced through the view conversion stage;
s181: the node constructs a view conversion message, signs the message and sends the message to a new leaderMeanwhile, the node regards the proposal, promise and the like of the old leader as illegal;
s182: after receiving the view conversion information, a leader sets a proving set VCC of view conversion;
s183: if the leader receives enough view conversion information, acquiring the highest proposal in the VCC; in the case of an optimistic situation,corresponding proposal->Similarly, the initial proposal under this view is set to +.>Proof of Protocol jump step S185; otherwise, the protocol performs steps S184-S185;
s184: the leader node sends a request message QC_request to nodes other than the node in the VCC, if a legal vote is received, wherein r' > r is received * Setting proposal and promise proof corresponding to r' as initial information; otherwise randomly selecting a proposal and a corresponding promise proof;
s185: the leader constructs the proposal message of the new view, signs and broadcasts to other nodes.
Further, the 5G based on the sliced blockchainAKA protocol II SBAKA The method comprises the following steps:
s21: running a distributed key generation algorithm to generate a node public and private key;
s22: the MNO registers SUPI and K for a plurality of UE, and submits request information;
s23: after the registration step in one fragment is completed, the request message is transmitted to other fragments across fragments, and the consensus certificate is sent to the MNO;
s24: the MNO verifies the legitimacy of the consensus certificate;
s25: the UE encrypts SUPI to obtain SUCI, and forwards the SUCI to HN committee via SN;
s26: HN node verifies the received message and runs II MLBFT Consensus is achieved for the method, and return information is constructed to the SN;
s27: the SN verifies the legality of the signature in the returned information and forwards the AUTN to the UE; the UE verifies the validity of the AUTN, constructs Res and sends the Res to the SN;
s28: the SN verifies the validity of Res, and if the Res is legal, the Res is sent to the slicing S [ U ]]HN committee of (b); HN node verifies its legality and runs II MLBFT Achieving consensus, and constructing return information to the SN; after the SN verifies that the signature is legal, K is stored seaf As a key for communication with the UE;
s29: all are formed by pi MLBFT The processed proposal is stored in the blockchain of a different leader within each shard.
Further, in step S23, the leader node of HN verifiesIf legal, using multi-leadership busy fault tolerance algorithm pi MLBFT Achieving consensus on registration information and obtaining consensus certificate with threshold signatureWhen the registration step in one slice is completed, the request message is transferred to other slices through cross-slice communication, and the consensus certificate +.>Is passed back to the MNO.
The invention has the beneficial effects that: 1) The invention has safety. By replacing a single HN node with an HN committee and applying a consensus algorithm, the fault tolerance of the invention to malicious nodes is greatly improved, so that key components in a 5G protocol are difficult to break by adversaries, and the method can effectively solve the rotten attack, the examination attack and the like of the adversaries. 2) The invention has practicability. The invention is improved on the basis of the existing 5G AKA protocol, and can not conflict with the existing 5G AKA protocol in the actual floor application process, thereby having good use value and wide application prospect. 3) The invention realizes the balance of safety and efficiency. The security of protocol design inevitably brings about the reduction of efficiency, but the invention adopts the pipeline technology to design the concurrent consensus algorithm of multiple leaders, and combines the slicing technology, thus greatly improving the efficiency of the consensus algorithm. Experiments prove that under the conditions that 16 HN nodes, 4 leader nodes and the request number are 500 and the fragment number is 4, the time delay is about 3s. 4) The invention has expandability. The expansion and performance improvement of the HN committee can be performed by adding fragments, so that important components of the 5G AKA protocol are allowed to be continuously updated and upgraded to meet the connection requirements of massive 5G devices.
Additional advantages, objects, and features of the invention will be set forth in part in the description which follows and in part will become apparent to those having ordinary skill in the art upon examination of the following or may be learned from practice of the invention. The objects and other advantages of the invention may be realized and obtained by means of the instrumentalities and combinations particularly pointed out in the specification.
Drawings
In order to make the objects, technical solutions and advantageous effects of the present invention more clear, the present invention provides the following drawings for description:
FIG. 1 is a general flow chart of the 5G authentication and key agreement method based on the sliced blockchain;
FIG. 2 is a general architecture diagram of a system employed in an embodiment of the present invention;
FIG. 3 is n MLBFT Process flowA figure;
FIG. 4 is a pi SBAKA A flow chart.
Detailed Description
The enemy model of the invention is as follows: enemy considering probability polynomial timeThe adversary cannot forge the digital signature and cannot break the encryption scheme. Let n denote the number of nodes inside the slice, adversary +.>At most f malicious nodes can be controlled in one slice, wherein n, f satisfies that n is not less than 3f+1.
The communication model of the present invention is as follows: each member of the domain employs an authentication channel. The network model of the invention is a partially synchronous network, which means that the messages sent between honest nodes are finally received by the other party, and the time interval between sending and receiving is unknown but limited.
The system architecture of the invention is as follows: the invention mainly comprises four entities of User Equipment (UE), home Network (HN), service Network (SN) and blockchain. Based on the traditional 5G protocol, the invention combines the technology of the block chain of the slice, so that a plurality of HN nodes are divided into different slices and are responsible for the requests of SNs and UE in different areas. The HN nodes in each slice together run a protocol pi MLBFT To process the request. Within the shard, multiple leaders may make different requests, divided according to the characteristics of the user permanent identifier (Subscription Permanent Identifier, SUPI), for improving the performance of the protocol. The mechanism is that the processing process inside the slice is parallel, and each leader constructs a blockchain for recording the history of authentication.
The general idea of the invention is as follows: the present invention improves a single HN node in the 5G AKA protocol to a committee with multiple nodes and partitions into different slices. In the invention, a block chain architecture and a communication flow are applied among the fragments, and a Bayesian fault-tolerant type consensus algorithm is applied in the fragments, so that the safety of the 5G AKA protocol is greatly improved. Meanwhile, the invention designs the Bayesian fault-tolerant protocol of multiple leaders, combines the pipeline technology, improves the running efficiency by reducing the number of rounds of protocol running, and realizes the balance of safety and efficiency.
As shown in fig. 1-4, the complete protocol of the invention is pi SBAKA Representation, in protocol II SBAKA In each segment, the nodes together operate a multi-leader Bayesian fault-tolerant protocol II MLBFT To improve the operation efficiency of the consensus algorithm. In the II MLBFT Three subfunctions ACom, KCom and MTCom need to be invoked for handling three different types of proposals. This embodiment will be described separately from the BLS threshold signature, three proposed processing functions, the multi-leader bayer-based fault-tolerant protocol, and the 5G AKA protocol based on a sliced blockchain.
BLS threshold signature
The threshold signature scheme is a functional improvement over ordinary digital signatures. The threshold signature differs from the normal signature in that the normal signature is calculated by the owner of a single private key, and the threshold signature is calculated jointly by a group of people. Assuming n participants are present, a (t, n) threshold signature algorithm first applies a distributed key generation technique (Distributed Key Generation, DKG) to generate a public-private key dpk that is interrelated between the n participants i ,dsk i And a total public key TPK. In calculating the signature, each honest party calculates the signature share σ i When the legal signature share collected by an aggregator is greater than or equal to t, a legal threshold signature sigma can be aggregated. In the threshold signature algorithm, any t-1 participants cannot obtain any information about the signature. The black box of the threshold signature is described as follows:
(1)DKG(1 λ )→(dsk i ,dpk i TPK) the algorithm is a distributed key generation algorithm, inputs as security parameter lambda, outputs public and private keys dpk of each participant i ,dsk i And a total public key TPK.
(2)SSign(dsk i ,m)→(σ i M) the algorithm is signatureShare generation algorithm, input as private key dsk for each participant i And message m, output as signature share sigma i And message m.
(3)SVer(σ i ,dpk i M) →0/1. The algorithm is a signature share verification algorithm, the input is signature share σ i Signer's public key dpk i And message m, outputs boolean value 0 or 1.
(4)TSign({σ i } |t| M) to sigma, the algorithm is a signature share aggregation algorithm, inputs not less than t signature shares and message m, and outputs a threshold signature sigma.
(5) Tver (sigma, TPK, m) →0/1. The algorithm is a threshold signature verification algorithm, a threshold signature sigma is input, a total public key TPK and a message m are output, and a Boolean value 0 or 1 is output.
2. The specific flow of the proposed processing functions ACom, KCom and MTCom is shown in table 1.
TABLE 1
3. Multi-leader Bayesian-busy-court fault-tolerant protocol pi MLBFT
П MLBFT Comprising four phases, the protocol steps can be described generally as follows:
stage one: initialization phase
Step 1: the node in each fragment invokes a DKG algorithm to generate a public-private key of the node.
Stage two: QC generation and broadcast phase
Step 2: when one leader ML in a shard I From II SBAKA Is received input (SUPI, PK) SN ) (Res, H (SUCI)) or { SUPI, K, b } |q| After that, call ACom, KCom or MTCom to construct corresponding proposal
Step 3: leader ML I Broadcast proposalThe recipient node votes for legal proposals and attaches a share of the threshold signature.
Step 4: when leader ML I After receiving enough legal votes, the signature in the votes is aggregated by using a threshold signature technique, and a commitment proof is calculatedAnd to the II SBAKA Output->Or->
Step 5: leader ML I Constructing proposal messages using proposals and proof of promiseAnd broadcast it.
Stage three: voting and promise stage
Step 6: if the node receives legal proposal messageUpdate proposal->And->Is a local state of (c). Node output->Or->At the same time, corresponding offer->A new block is constructed and the state of the local blockchain is updated.
Step 7: meanwhile, if the proposal is legal, the node votes to the leader; if not, triggering a view conversion mechanism.
The process of handling the proposal uses pipelining, so the traditional 2 rounds of preparation, voting and commitment are combined into 1 round.
Stage four: view conversion stage
If the leader has malicious behavior, the leader can be replaced by a view transition phase.
Step 8: the node constructs a view conversion message, signs the message and sends the message to a new leaderMeanwhile, the node regards the proposal, promise, etc. of the old leader as illegal.
Step 9: after receiving the view transition information, the leader sets a proof set VCC of the view transition.
Step 10: if the leader receives enough view transition information, the highest proposal in the VCC is obtained. In the case of an optimistic situation,corresponding proposal->Similarly, the initial proposal under this view is set to +.>Proof of The protocol jumps to step 12. Otherwise, the protocol performs steps 11-12.
Step 11: the leader node sends a request message QC_request to nodes other than the node in the VCC, if a legal vote is received, wherein r' > r is received * And setting the proposal and promise proof corresponding to r' as initial information. Otherwise, randomly selecting the proposal and the corresponding promise proof.
Step 12: the leader constructs the proposal message of the new view, signs and broadcasts to other nodes.
Multi-leader Bayesian-busy-court fault-tolerant protocol II MLBFT The overall flow of (a) can be described as in table 2:
TABLE 2
4. 5G AKA protocol II based on slicing block chain SBAKA
П SBAKA Comprising four phases, the protocol steps can be described generally as follows:
stage one: initialization phase
Step 1: the nodes in each segment together run a distributed key generation algorithm (Distributed Key Generation, DKG) that generates the public-private key dpk of the node i ,dsk i And a total public key TPK.
Stage two: SUPI registration phase
Step 2: the MNO constructs a registration request SRegist, which is signed and sent to the HN Committee of the shard S [ U ], registering SUPI and K for multiple UEs. MNO only needs to submit request information to one fragment.
Step 3: leader node authentication for HNIf legal, invoking II MLBFT Agreement agrees with the registration information to obtain consensus certificate +.>When the registration step in one slice is completed, the request message is transferred to other slices through cross-slice communication, and the consensus certificate +.>Is passed back to the MNO.
Step 4: MNO calls a threshold signature verification algorithm to verify the consensus certificateIf the update is legal, the success of the SUPI update is proved.
Stage three: authentication and key agreement phase
Step 5: the UE encrypts SUPI to obtain SUCI, and the SUCI and the public key PK of the target home network HN And sent to the SN. The SN signs the received message and forwards the message to the slicing S [ U ]]Is a HN committee of (C).
Step 6: HN node pairVerify signature and decrypt, HN committee runs II MLBFT To agree on SUPI information sent by SN, construct return information +.>Or reject, returns SN.
Step 7: the SN verifies the validity of the information returned by the HN by verifying the threshold signature. If the information is legal, the SN forwards (AUTN, R) to the UE. After the UE receives it, the legitimacy of the AUTN is verified according to the procedure specified in the 5G AKA protocol. If the result is legal, the UE constructs the RES and sends the RES to the SN.
Step 8: after receiving Res, SN verifies its legitimacy, if it is legal, it willIs sent to the slice S [ U ]]Is a HN committee of (C). HN node authentication->Operation II MLBFT To reach consensus, construct return informationOr reject, returns SN. After the SN verifies that the signature is legal, K is stored seaf As a key for communication with the UE.
Stage four: block chain construction stage
All by the Pi MLBFT The processed proposal is stored in the blockchain of a different leader within each shard.
5G AKA protocol II based on slicing block chain SBAKA The overall flow is shown in table 3:
TABLE 3 Table 3
/>
/>
The invention designs a novel multi-leader Byzantine fault-tolerant algorithm II aiming at the requirements of high throughput and low time delay of a 5G AKA protocol MLBFT . In the present invention, a plurality of leaders andthe rows process non-conflicting requests to improve throughput. Meanwhile, the invention designs a new view changing mechanism, which ensures that a malicious leader can be replaced under optimistic or non-optimistic conditions. The invention improves the 5G AKA protocol II SBAKA By applying II MLBFT The invention replaces a single HN node in the 5G AKA protocol with the HN committee, so that the committee can tolerate 1/3 node as a malicious node, and higher security is realized while breaking through the performance bottleneck of the single HN. In addition, the invention combines the technology of slicing blockchain to divide HN committee into a plurality of slices, each HN slice runs pi MLBFT To process the corresponding proposal of the region, thereby improving the expandability of the system. When the number of users increases, the throughput of the system can be improved by increasing the fragments so as to meet the application requirements of massive 5G devices.
Finally, it is noted that the above-mentioned preferred embodiments are only intended to illustrate rather than limit the invention, and that, although the invention has been described in detail by means of the above-mentioned preferred embodiments, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the scope of the invention as defined by the appended claims.

Claims (6)

1. A5G authentication and key agreement method based on a sliced block chain is characterized in that: the method is based on a 5G AKA protocol pi of a sliced block chain SBAKA To be realized, in the protocol pi SBAKA In each segment, the nodes in each segment together operate a multi-leader Bayesian fault tolerance protocol pi MLBFT Replacing a single HN node in a 5G AKA protocol with an HN committee, so that the committee can tolerate 1/3 node as a malicious node;
the 5G AKA protocol pi based on the sliced block chain SBAKA The method comprises the following steps:
s11: running a distributed key generation algorithm to generate a node public and private key;
s12: the MNO registers SUPI and K for a plurality of UE, and submits request information;
s13: after the registration step in one fragment is completed, the request message is transmitted to other fragments across fragments, and the consensus certificate is sent to the MNO;
s14: the MNO verifies the legitimacy of the consensus certificate;
s15: the UE encrypts SUPI to obtain SUCI, and forwards the SUCI to HN committee via SN;
s16: HN node verifies the received message and runs pi MLBFT Consensus is achieved for the method, and return information is constructed to the SN;
s17: the SN verifies the legality of the signature in the returned information and forwards the AUTN to the UE; the UE verifies the validity of the AUTN, constructs Res and sends the Res to the SN;
s18: the SN verifies the validity of Res, and if the Res is legal, the Res is sent to the slicing S [ U ]]HN committee of (b); HN node verifies its legality and runs pi MLBFT Achieving consensus, and constructing return information to the SN; after the SN verifies that the signature is legal, K is stored seaf As a key for communication with the UE;
s19: all of the U.S. Pat. No. 5 MLBFT The processed proposal is stored in the blockchain of a different leader within each shard;
the multi-leader Bayesian family fault tolerance algorithm pi MLBFT Parallel processing of non-contradictory requests by multiple leaders, comprising in particular the steps of:
s21: running a distributed key generation algorithm to generate a node public and private key;
s22: leading from pi SBAKA After receiving the input, constructing a corresponding proposal;
s23: the leader broadcasts a proposal, and the recipient node votes for the legal proposal;
s24: after receiving enough legal votes, the leader aggregates the signatures in the votes into promise proof;
s25: the leader constructs a proposal message and will broadcast using the proposal and proof of promise;
s26: for legal proposal messages, the node updates the local states of the first two proposals; constructing a new block and updating the state of the local block chain;
s27: if the proposal is legal, the node votes to the leader; if not, triggering a view conversion mechanism;
s28: if the leader has malicious behavior, the leader can be replaced through the view transition phase.
2. The 5G authentication and key agreement method based on a sliced blockchain of claim 1, wherein: in step S13, the leader node of HN verifiesIf legal, using multi-leadership busy-court fault-tolerant algorithm II MLBFT Agree on the registration information and obtain the consensus certificate with the threshold signature +.>When the registration step in one slice is completed, the request message is transferred to other slices through cross-slice communication, and the consensus certificate +.>Is passed back to the MNO.
3. The 5G authentication and key agreement method based on a sliced blockchain of claim 1, wherein: the step S21 specifically includes: the node in each fragment invokes a distributed key generation algorithm DKG to generate a public key and a private key of the node, wherein the distributed key generation algorithm DKG is as follows:
DKG(1 λ )→(dsk i ,dpk i ,TPK)
the input is a security parameter lambda, and the public and private keys dpk of each participant are output i ,dsk i And a total public key TPK.
4. The 5G authentication and key agreement method based on a sliced blockchain of claim 1, wherein:
in step S22, specifically, the method includes: when one leader ML in a shard I From pi SBAKA Is received input (SUPI, PK) SN ) (Res, H (SUCI)) or { SUPI, K, b } |q| After that, call ACom, KCom or MTCom to construct corresponding proposalThe ACom, KCom or MTCom are all proposal processing algorithms;
the ACom algorithm flow is as follows:
input SUPI, PK SN The method comprises the steps of carrying out a first treatment on the surface of the If it isOutputting a reject instruction reject, otherwise:
xRes=Challenge(R,K,PK SN ),hxRes=H(xRes,R)
store (H (SUCI), xRes), return (AUTN, R, hxRes);
the KCom algorithm flow is as follows:
inputs Res, H (sui);
obtaining xRes corresponding to H (SUCI), if Res=xRes, calculating Output K seaf The method comprises the steps of carrying out a first treatment on the surface of the Otherwise, outputting a reject instruction reject;
the MTCom algorithm flow is as follows:
input { SUPI, K, b } |q| The method comprises the steps of carrying out a first treatment on the surface of the Using leaf node SUPI 1 ||K 1 ||b 1 ,…,SUPI q ||K q ||b q Updating the merck tree MT I The method comprises the steps of carrying out a first treatment on the surface of the Computing the root MR of the Merck tree I =MT I Mroot, output (MT I ,MR I )。
5. The 5G authentication and key agreement method based on a sliced blockchain of claim 1, wherein: in step S23, the leader ML I Broadcast proposalThe receiver node votes on legal proposal and attaches share of threshold signature; in step S24, when the leader ML I After receiving enough legal votes, the signature in the votes is aggregated by using a threshold signature technique, and a promise proof is calculated>And towards pi SBAKA Output-> Or (b)The threshold signature technique is as follows: assuming that there are n participants, a (t, n) threshold signature algorithm first applies a distributed key generation technique DKG to generate a public-private key dpk interrelated between the n participants i ,dsk i And a total public key TPK; in calculating the signature, each honest party calculates the signature share σ i When the legal signature share collected by an aggregator is greater than or equal to t, a legal threshold signature sigma can be aggregated; in the threshold signature algorithm, any t-1 participants cannot obtain any information related to the signature; the black box of the threshold signature is described as follows:
(1)DKG(1 λ )→(dsk i ,dpk i TPK), which is a distributed key generation algorithm, is entered as a security parameter lambda,outputting public-private keys dpk of each participant i ,dsk i And a total public key TPK;
(2)SSign(dsk i ,m)→(σ i m) for signature share generation algorithm, input for each participant's private key dsk i And message m, output as signature share sigma i And message m;
(3)SVer(σ i ,dpk i m) →0/1, the algorithm is a signature share verification algorithm, and the input is signature share sigma i Signer's public key dpk i And message m, outputs boolean value 0 or 1.
6. The 5G authentication and key agreement method based on a sliced blockchain of claim 1, wherein: in step S28, if the leader has malicious behavior, the leader is replaced through the view conversion stage;
s281: the node constructs a view conversion message, signs the message and sends the message to a new leaderMeanwhile, the node regards the proposal, promise and the like of the old leader as illegal;
s282: after receiving the view conversion information, a leader sets a proving set VCC of view conversion;
s283: if the leader receives enough view conversion information, acquiring the highest proposal in the VCC; in the case of an optimistic situation,corresponding proposal->Similarly, the initial proposal under this view is set to +.>Proof ofProtocol jump step S185; otherwise, the protocol performs steps S284-S285;
s284: the leader node sends a request message QC_request to nodes other than the node in the VCC, if a legal vote is received, wherein r' > r is received * Setting proposal and promise proof corresponding to r' as initial information; otherwise randomly selecting a proposal and a corresponding promise proof;
s285: the leader constructs the proposal message of the new view, signs and broadcasts to other nodes.
CN202310938245.8A 2023-07-28 2023-07-28 5G authentication and key agreement method based on segmented block chain Active CN116866908B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310938245.8A CN116866908B (en) 2023-07-28 2023-07-28 5G authentication and key agreement method based on segmented block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310938245.8A CN116866908B (en) 2023-07-28 2023-07-28 5G authentication and key agreement method based on segmented block chain

Publications (2)

Publication Number Publication Date
CN116866908A CN116866908A (en) 2023-10-10
CN116866908B true CN116866908B (en) 2024-03-12

Family

ID=88219024

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310938245.8A Active CN116866908B (en) 2023-07-28 2023-07-28 5G authentication and key agreement method based on segmented block chain

Country Status (1)

Country Link
CN (1) CN116866908B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113935016A (en) * 2021-11-03 2022-01-14 北京邮电大学 Trusted access and cross-domain authentication method based on block chain in named data network
CN114077637A (en) * 2020-08-12 2022-02-22 北京航空航天大学 Method for realizing block chain of fragments
CN114389811A (en) * 2022-02-28 2022-04-22 南京邮电大学 Cross-domain authentication method based on medical alliance chain
CN115767539A (en) * 2022-11-29 2023-03-07 国网山东省电力公司电力科学研究院 5G authentication method based on terminal identifier update
WO2023035065A1 (en) * 2021-09-07 2023-03-16 Jalalzai Mohammad Methods and systems for fast consensus within distributed ledgers

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114077637A (en) * 2020-08-12 2022-02-22 北京航空航天大学 Method for realizing block chain of fragments
WO2023035065A1 (en) * 2021-09-07 2023-03-16 Jalalzai Mohammad Methods and systems for fast consensus within distributed ledgers
CN113935016A (en) * 2021-11-03 2022-01-14 北京邮电大学 Trusted access and cross-domain authentication method based on block chain in named data network
CN114389811A (en) * 2022-02-28 2022-04-22 南京邮电大学 Cross-domain authentication method based on medical alliance chain
CN115767539A (en) * 2022-11-29 2023-03-07 国网山东省电力公司电力科学研究院 5G authentication method based on terminal identifier update

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
A Security Authentication Scheme of 5G Ultra-Dense Network Based on Block Chain;ZHONGLIN CHEN等;《IEEE ACCESS》;第6卷;第55372-55379页 *

Also Published As

Publication number Publication date
CN116866908A (en) 2023-10-10

Similar Documents

Publication Publication Date Title
Kumar et al. Secure CLS and CL-AS schemes designed for VANETs
Shen et al. Privacy-preserving and lightweight key agreement protocol for V2G in the social Internet of Things
CN113194469B (en) 5G unmanned aerial vehicle cross-domain identity authentication method, system and terminal based on block chain
Miao et al. Fair and dynamic data sharing framework in cloud-assisted internet of everything
Zhang et al. BTCAS: A blockchain-based thoroughly cross-domain authentication scheme
Byali et al. Fast secure computation for small population over the internet
KR101479973B1 (en) Method for a public-key infrastructure providing communication integrity and anonymity while detecting malicious communication
CN113572765B (en) Lightweight identity authentication key negotiation method for resource-limited terminal
Le et al. A lightweight block validation method for resource-constrained iot devices in blockchain-based applications
Zhu et al. An Efficient Identity‐Based Proxy Blind Signature for Semioffline Services
Eledlebi et al. Empirical studies of TESLA protocol: Properties, implementations, and replacement of public cryptography using biometric authentication
Gu et al. Multi-fogs-based traceable privacy-preserving scheme for vehicular identity in Internet of Vehicles
Han et al. Privacy-preserving proxy re-encryption with decentralized trust management for mec-empowered vanets
CN116546499B (en) Mobile terminal identity authentication method based on lightweight Bayesian fault tolerance
CN116866908B (en) 5G authentication and key agreement method based on segmented block chain
CN115941680A (en) Flexible fragmentation block chain method and device based on cross-fragmentation Byzantine fault-tolerant algorithm
CN111541668A (en) Energy Internet of things information safe transmission and storage method based on block chain
Agiollo et al. Anonymous federated learning via named-data networking
CN114584975A (en) Anti-quantum satellite network access authentication method based on SDN
Annessi et al. To trust or not to trust: Data origin authentication for group communication in 5G networks
Songshen et al. Hash-Based Signature for Flexibility Authentication of IoT Devices
Zhang et al. Towards Time‐Sensitive and Verifiable Data Aggregation for Mobile Crowdsensing
Liu et al. Distributed functional signature with function privacy and its application
Cui et al. Conditional privacy protection scheme based on blockchain and ring signcryption in Vanets
Chen et al. A secure network coding based on broadcast encryption in sdn

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant