CN117675285A - Identity verification method, chip and equipment - Google Patents
Identity verification method, chip and equipment Download PDFInfo
- Publication number
- CN117675285A CN117675285A CN202311491646.XA CN202311491646A CN117675285A CN 117675285 A CN117675285 A CN 117675285A CN 202311491646 A CN202311491646 A CN 202311491646A CN 117675285 A CN117675285 A CN 117675285A
- Authority
- CN
- China
- Prior art keywords
- authentication
- message
- session
- algorithm
- server side
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 75
- 238000012795 verification Methods 0.000 title claims abstract description 38
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 111
- 230000004044 response Effects 0.000 claims abstract description 68
- 230000006854 communication Effects 0.000 claims abstract description 47
- 238000004891 communication Methods 0.000 claims abstract description 39
- 230000006870 function Effects 0.000 claims description 36
- 230000005284 excitation Effects 0.000 claims description 21
- 238000012545 processing Methods 0.000 claims description 14
- 238000004590 computer program Methods 0.000 claims description 10
- 230000008569 process Effects 0.000 description 24
- 238000012360 testing method Methods 0.000 description 23
- 238000010586 diagram Methods 0.000 description 18
- 230000007246 mechanism Effects 0.000 description 5
- 238000012986 modification Methods 0.000 description 5
- 230000004048 modification Effects 0.000 description 5
- 238000003860 storage Methods 0.000 description 5
- 230000008901 benefit Effects 0.000 description 4
- 238000013461 design Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 230000004075 alteration Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 238000005336 cracking Methods 0.000 description 2
- 239000011159 matrix material Substances 0.000 description 2
- 238000011056 performance test Methods 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 239000013078 crystal Substances 0.000 description 1
- 238000013496 data integrity verification Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000003631 expected effect Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 239000002086 nanomaterial Substances 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000010076 replication Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000010998 test method Methods 0.000 description 1
- 238000012956 testing procedure Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Abstract
The invention relates to the technical field of communication security, in particular to an identity verification method, which comprises the following steps: after establishing connection with a server, obtaining an authentication message through a target response signal of a pre-stored physical unclonable function by an SM3 algorithm, and sending the authentication message to the server so that the server can obtain an authentication passing message according to the authentication message; acquiring an authentication passing message, and verifying a digital signature of the authentication passing message through a pre-stored public key of a server side to obtain a signature result; if the signature result is the passing verification result, the message is decrypted and authenticated through a decryption algorithm of the SM4 algorithm to obtain the session duration and the session key parameter, wherein the session key parameter is used for communication between the session key parameter and the server side in the session duration. The method ensures the authentication and communication requirements between the equipment and the server, largely resists classical attack, and improves the anti-counterfeiting capacity and information security of the equipment.
Description
Technical Field
The present invention relates to the field of communications security technologies, and in particular, to an identity verification method, a chip, and a device.
Background
The internet of things (Internet ofThings) can exponentially increase in number, with up to billions of heterogeneous devices interconnected. The goal of the internet of things is to enable computers/devices/nodes to collect, process and make decisions with no or minimal human input. With the increase in complexity of the internet of things system, the security of communication data between internet of things devices is quite complex. One study of hewlett-packard found that 70% of internet of things devices are vulnerable to various attacks when connected to the internet. There is also literature indicating that more than 85% of organizations worldwide will utilize internet of things devices in different ways, with about 90% of businesses having uncertainty about their security of internet of things devices. Therefore, the internet of things faces urgent security challenges, including more vulnerabilities and security attacks.
In order to ensure information security of the internet of things equipment, a security chip is generally adopted. The identity verification method of the security chip can provide security functions such as security configuration, data encryption, security storage, key management, digital signature and the like for the Internet of things equipment or system. Security chips are also widely used in a variety of information terminal devices such as servers, communication terminals, smart cards, and electronic tags.
The conventional identity verification method of the physical network equipment generally adopts password operations such as hash and the like to prevent network attack, disguise or violent cracking and the like. However, the risk of being easily broken by the network still exists, and the existing authentication method is caused to have the problem of low security.
Disclosure of Invention
By providing the identity verification method, the chip and the equipment, the technical problem of low safety in the prior art is solved, authentication and communication requirements between the equipment and the server are guaranteed, classical attack is resisted to a great extent, anti-counterfeiting capacity and information safety of the equipment are improved, a high-level safety mechanism is provided for massive nodes of the Internet of things, and technical effects such as data safety of each node are guaranteed.
In a first aspect, an embodiment of the present invention provides an authentication method, applied to a device side, where the method includes:
after establishing connection with a server, obtaining an authentication message through a target response signal of a pre-stored physical unclonable function by an SM3 algorithm, and sending the authentication message to the server so that the server can obtain an authentication passing message according to the authentication message;
Acquiring the authentication passing message, and verifying the digital signature of the authentication passing message through a pre-stored public key of the server side to obtain a signature result;
and if the signature result is a passing verification result, decrypting the authentication passing message through a decryption algorithm of an SM4 algorithm to obtain a session duration and a session key parameter, wherein the session key parameter is used for communication between the session key parameter and the server side in the session duration.
Preferably, before establishing a connection with the server, the method further includes:
in a secure channel, a registration request signal is sent to the server side, so that the server side sends an initial excitation signal and a public key of the server side according to the received registration request signal, wherein the registration request signal comprises a device number of the device side, and the public key of the server side is encrypted by an SM2 algorithm;
receiving the initial excitation signal and the public key of the server side, and obtaining the target response signal according to the initial excitation signal and the physical unclonable function;
and storing the target response signal and the public key of the server side, and sending the target response signal to the server side so that the server side stores the target response signal and the equipment number.
Preferably, the obtaining the authentication message from the target response signal of the pre-stored physical unclonable function by the SM3 algorithm includes:
processing the target response signal and the current time stamp through the SM3 algorithm to obtain an authentication excitation signal, and obtaining an authentication response signal according to the physical unclonable function and the authentication excitation signal;
and obtaining the authentication message according to the authentication excitation signal, the authentication response signal, the target response signal, the current time stamp and the equipment number.
Preferably, the decrypting the authentication-passing message by SM4 algorithm obtains session duration and session key parameters, including:
verifying the authentication passing message to obtain a first random number and a ciphertext;
obtaining a temporary key according to the first random number and the target response signal;
and decrypting the ciphertext through the SM4 algorithm and the temporary key to obtain the session duration and the session key parameter, wherein the session key parameter comprises a session key and a second random number of the ciphertext.
Preferably, the session duration further includes:
and obtaining a session message according to the session key parameter and the SM4 algorithm, and sending the session message to the server side so that the server side obtains a session feedback message according to the session message, and the session feedback message is used for realizing communication with the server side.
Based on the same inventive concept, the second aspect of the invention also provides an identity verification method, which is applied to a server side, and comprises the following steps:
after establishing connection with a device end, acquiring an authentication message sent by the device end;
searching a pre-stored target response signal according to the equipment number of the authentication message, and obtaining a target hash value according to the target response signal and an SM3 algorithm;
and if the target hash value is consistent with the pre-stored hash value, acquiring an authentication passing message, and sending the authentication passing message to the equipment end.
Preferably, the acquiring the authentication passing message includes:
acquiring a session key, a first random number and a second random number;
obtaining a temporary key according to the target response signal, the first random number and the SM3 algorithm;
encrypting the equipment number, the session key, the session duration and the second random number through an encryption algorithm of an SM4 algorithm to obtain a ciphertext;
and carrying out digital signature processing on the current timestamp, the first random number and the ciphertext through the private key of the server side to obtain a digital signature, and obtaining the authentication passing message according to the current timestamp, the first random number and the digital signature.
Preferably, after the authentication passing message is sent to the device side, the method further includes:
acquiring a session message sent by the equipment terminal within the session duration;
decrypting the session message to obtain the message content and the verification random value of the session message;
and if the verification random value is consistent with the second random value, communicating with the equipment end.
Based on the same inventive concept, in a third aspect, the present invention provides a chip comprising a memory, a processor and a computer program stored on the memory and executable on the processor, said processor implementing the steps of the authentication method when executing said program.
Based on the same inventive concept, in a fourth aspect, the present invention provides an electronic device, including the above chip.
One or more technical solutions in the embodiments of the present invention at least have the following technical effects or advantages:
in the embodiment of the invention, after the equipment end establishes connection with the server end, the equipment end obtains an authentication message through a target response signal of a pre-stored physical unclonable function by an SM3 algorithm, and sends the authentication message to the server end so that the server end obtains an authentication passing message according to the authentication message. Here, the device side stores in advance a target response signal obtained by a physical unclonable function, and obtains an authentication message by SM3 algorithm processing, and sends the authentication message to the server side, so that the server side verifies the identity of the device side. The subsequent authentication process and session process of the equipment end and the server end are realized through the target response signals, a large number of PUF responses are not required to be stored in advance, the calculated amount of the equipment end is reduced, the method is more suitable for the equipment of the Internet of things, and the lightweight communication process between the equipment end and the server end is realized. And by combining an SM3 algorithm, the safety and confidentiality of the communication process of the equipment end are improved.
And then, acquiring an authentication passing message, and verifying the digital signature of the authentication passing message through a pre-stored public key of the server side to obtain a signature result. If the signature result is the passing verification result, the SM4 algorithm decrypts the authentication passing message to obtain the session duration and the session key parameter, wherein the session key parameter is used for communication between the session key parameter and the server side in the session duration. Through the matching use of the SM4 algorithm and the session key, the equipment end and the server end firstly establish a safe shared session key through a network and then carry out secret communication, so that the encryption and decryption efficiency and the communication safety of the communication between the equipment end and the server end are ensured, the equipment end has higher differential attack resistance, classical attack is resisted to a great extent, and the communication efficiency is improved.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also throughout the drawings, like reference numerals are used to designate like parts. In the drawings:
Fig. 1 is a schematic flow chart of steps of an authentication method applied to a device side in an embodiment of the present invention;
FIG. 2 shows a schematic flow diagram of a registration phase and an authentication phase in an embodiment of the invention;
FIG. 3 shows a schematic flow diagram of a key establishment phase in an embodiment of the invention;
fig. 4a is a schematic diagram showing the speed of the SM2 algorithm in the embodiment of the present invention to perform functions of generating a public-private key, a private key signature, a public key verification signature, public key encryption, private key decryption, negotiating a session key, and key exchange;
fig. 4b is a schematic diagram of a memory used by the SM2 algorithm in the embodiment of the present invention to perform functions such as public-private key, private key signature, public key verification, public key encryption, private key decryption, session key negotiation, and key exchange;
fig. 5 is a schematic diagram showing speeds at which the SM2 algorithm and the RAS algorithm perform respective functions in the embodiment of the present invention;
fig. 6a is a schematic diagram showing the time spent by the SM4 algorithm executing ECB, CBC, CFB and OFB algorithm modes in the embodiment of the present invention;
fig. 6b is a schematic diagram showing the memory occupied by the SM4 algorithm executing ECB, CBC, CFB and OFB algorithm modes in the embodiment of the present invention;
Fig. 7 is a schematic flow chart of steps of an authentication method applied to a server in an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
Example 1
The first embodiment of the present invention provides an identity verification method, as shown in fig. 1, applied to a device side, including:
s101, after connection is established with a server side, a target response signal of a pre-stored physical unclonable function is obtained through an SM3 algorithm to obtain an authentication message, and the authentication message is sent to the server side, so that the server side obtains an authentication passing message according to the authentication message;
s102, acquiring an authentication passing message, and verifying a digital signature of the authentication passing message through a pre-stored public key of a server side to obtain a signature result;
s103, if the signature result is the passing verification result, the SM4 algorithm decrypts the authentication passing message to obtain the session duration and the session key parameter, wherein the session key parameter is used for communication between the session key parameter and the server side in the session duration.
The identity verification method of the embodiment is applied to equipment terminals, and the equipment terminals are preferably Internet of things equipment, such as intelligent home equipment, industrial sensor equipment, intelligent automobiles, intelligent cameras, medical/fitness equipment and the like.
The following describes in detail the specific implementation steps of the authentication method provided in this embodiment with reference to fig. 1:
before executing step S101, the device side needs to register with the server side. In the registration stage, in the secure channel, a registration request signal is sent to the server side, so that the server side sends an initial excitation signal and a public key of the server side according to the received registration request signal, wherein the registration request signal comprises a device number of the device side, and the public key of the server side is encrypted by an SM2 algorithm. And receiving the initial excitation signal and a public key of the server side, and obtaining a target response signal according to the initial excitation signal and the physical unclonable function. And storing the target response signal and the public key of the server side, and sending the target response signal to the server side so that the server side stores the target response signal and the equipment number.
Specifically, as shown in fig. 2, in the secure channel, the device side first initiates a registration request signal to the server side, where the registration request signal includes a device number ID of the device side A . The device number may be a network address or a MAC address of the device side, or a number set according to actual requirements. After receiving the registration request signal, the server side stores the device number ID A Encrypting the public key by SM2 algorithm and transmitting an initial excitation signal C to the equipment end A And the server's own public key pub_key SM2_B . It should be noted that, the parameters of the subscript band a all represent parameters of the device side, the parameters of the subscript band B all represent parameters of the server side, and the parameters of the lower watchband SM2, SM3, or SM4 respectively represent parameters processed by the SM2 algorithm, the SM3 algorithm, or the SM4 algorithm, such as the public key pub_key of the server side SM2_B To encrypt its own public key by SM2 algorithm. The secure channel is a channel meeting preset requirements, for example, the secure channel is a communication channel capable of preventing eavesdropping, data replication, data tampering, man-in-the-middle attack and other attack modes and guaranteeing confidentiality, integrity and authenticity of data transmission between communication devices. The preset requirements can be set according to actual requirements.
The equipment end obtains a target response signal R according to the received initial excitation signal and a physical unclonable function PUF A . I.e. R A =puf A (C A ). The device side will also send a target response signal R A To the server side to make the server side store the target response signal R A . Wherein a Physical Unclonable Function (PUF) is a physical one-way function built of the unique nanostructure of a physical object (such as an integrated circuit, crystal, magnet, lens or solar cell) and its response to random events. PUFs are unordered physical systems that excite C when input i When generating a unique, unpredictable, repeatable response R by the PUF i . The set of all possible stimuli and their corresponding responses is commonly referred to as the challenge-response (CRP).
Through the registration process, the application registration of the equipment end to the server end is completed. In the registration phase, the device side does not need to pre-store a large number of PUF response signals to the excitation signals sent by the server side. Only one target response signal is stored in the registration process, so that the session key negotiation process and the communication process between the equipment end and the server end are realized through the target response signal, the calculated amount of the equipment end is reduced, the method is more suitable for the equipment of the Internet of things, and the safety and confidentiality of the session key negotiation process are ensured.
In addition, in the registration stage, the device side needs to send a message to the server side, so that only the server side can read correctly. Then, the target response signal R needs to be dependent on the public key of the server side A Encryption is performed to ensure that only the communicating party with the correct private key can decrypt. Therefore, a proper asymmetric encryption algorithm is adopted at this stage. The SM2 algorithm provides the same level of security as the classical RSA algorithm, and requires less memory because of the relatively smaller key size. Encryption and signature operations can be completed better in an environment with limited resources, so that the method is very suitable for the equipment end of the Internet of things, and information security is improved. Meanwhile, the national secret algorithm is applied to help protect the national and personal information security, and reduce the dependence on foreign algorithms.
After the registration process of the device end is completed, step S101 is executed, after the connection is established with the server end, the authentication message is obtained by using the SM3 algorithm to obtain the target response signal of the pre-stored physical unclonable function, and the authentication message is sent to the server end, so that the server end obtains the authentication passing message according to the authentication message.
Specifically, after the registration process of the device side is completed, the device side needs to authenticate, i.e. verify, the identity to the server side each time the device side establishes communication with the server side. As shown in fig. 2, a represents a device side, and B represents a server side. In the authentication phase, the equipment side passes through SM3 algorithm H whether under the condition of a secure channel or an unsafe channel SM3 () Processing the target response signal R A And a current timestamp T 1 Obtaining an authentication excitation signal C' A I.e. C' A =H SM3 (T 1 ||R A ). Based on the physical unclonable function PUF and the authentication stimulus signal C' A Obtaining an authentication response signal R' A I.e. R' A =puf A (C' A )。
According to the authentication stimulus signal C' A Authentication response signal R' A Target response signal R A Current timestamp T 1 And device number ID A An authentication message is obtained. Specifically, the device side obtains the authentication message M 1 =(ID A ,T 1 τ, σ), wherein the first hash value τ=h SM3 (C' A ||R' A ) Second hash valueThe first hash value and the second hash value are both intermediate calculated values.
After the authentication message is obtained, the device side sends the authentication message to the server side. The server receives the authentication message M 1 =(ID A ,T 1 τ, σ), based on the device number ID of the authentication message A Searching for a pre-stored target response signal R A According to the target response signal R A And SM3 algorithm H SM3 () And obtaining a target hash value.
Specifically, the server decrypts the authentication message to obtain an authentication ciphertext H SM3 (Pub_key SM2_B (R A )||R A ) Authentication stimulus signal C' A =H SM3 (T 1 ||R A ) First hash value τ=h SM3 (C' A ||R' A ) And a second hash valueAccording to the second hash valueObtaining an authentication response signalThe server sends a certification excitation signal C 'according to the certification excitation signal' A And an authentication response signal R' A A target hash value τ ', i.e., τ' =h, is obtained SM3 (C' A ||R' A )。
After the target hash value is obtained, the target hash value needs to be judged to determine whether the authentication message is tampered. If the target hash value tau' is consistent with the pre-stored hash value tau, the authentication message is not tampered and is sent by the legal equipment end, the authentication passing message is obtained, and the authentication passing message is sent to the equipment end. If the target hash value tau' is not consistent with the pre-stored hash value tau, which means that the authentication message is tampered or sent by the illegal equipment end, the server end is disconnected from the equipment end.
In the authentication phase, the authentication message needs to be compressed, and the data format is fixed. Thus, it is desirable to create a message "fingerprint" using a hash function. SM3 is a cryptographic hash function used for digest computation of data. The method adopts nonlinear replacement and substitution operation, combines complex operations such as elliptic curve and the like, and has higher collision resistance and attack resistance. It is a cryptographic hash algorithm widely accepted as secure and reliable. The design of the method considers the requirements of hardware realization and software optimization, and is suitable for data summary calculation on various platforms and devices. SM3 has become a cryptographic application standard in a number of fields at home and abroad, including digital certificates, electronic signatures, identity authentication, data integrity verification, and the like. The use of SM3 can meet the security requirements of cryptographic applications and is compatible and interoperable with other systems and devices. And the anti-counterfeiting capacity and information security of the equipment end are further improved through the process of verifying the identity of the equipment end in the authentication stage, and a high-level security mechanism is provided.
As shown in fig. 3, after the server-side authentication passes through the device-side, i.e., after the authentication message is authenticated, the session key negotiation stage is entered. At this stage, the server side obtains the session key k s First random number r 1 And a second random number r 2 . According to a pre-stored target response signal R A First random number r 1 And SM3 algorithm H SM3 () Obtaining a temporary key k t I.e. k t =H SM3 (r 1 ||R A ). Wherein the session key k s First random number r 1 And a second random number r 2 The method can be randomly set, such as by random function generation at the server side, and can also be set according to actual requirements.
Encryption algorithm E by SM4 algorithm SM4_k () To device number ID A Session key k s Session duration deltat and second random number r 2 Encryption is carried out to obtain ciphertext E SM4_kt (ID A ||k s ||ΔT||r 2 ). Wherein the session duration deltat is the session key k s Is also the effective communication time between the device side and the server side. The encryption algorithm of the SM4 algorithm can select a corresponding encryption mode for encryption according to actual requirements.
The server side passes through the private key Pri_key of the server side SM2_B For the current time stamp T 1 First random number r 1 And ciphertext E SM4_kt (ID A ||k s ||ΔT||r 2 ) Digital signature processing is carried out to obtain a digital signature Sig B =Pri_key SM2_B (T 1 ||r 1 ||E SM4_kt (ID A ||k s ||ΔT||r 2 )). Based on the current time stamp T 1 First random number r 1 And digital signature Sig B =Pri_key SM2_B (T 1 ||r 1 ||E SM4_kt (ID A ||k s ||ΔT||r 2 ) To get authentication pass message M 2 =(T 1 ,r 1 ,Sig B ). And the server side sends the authentication passing message to the equipment side.
In the session key negotiation stage, after the server side sends the authentication passing message to the device side, step S102 is executed to obtain the authentication passing message, and the digital signature of the authentication passing message is verified by the pre-stored public key of the server side, so as to obtain a signature result.
Specifically, the device receives the authentication pass message M 2 =(T 1 ,r 1 ,Sig B ) Then, the public key Pub_key of the pre-stored server side is utilized SM2_B For M 2 =(T 1 ,r 1 ,Sig B ) And verifying the digital signature of the server side to obtain a signature result. After the signature result is obtained, the signature result needs to be judged to ensure that the equipment receives parameters such as a session key and the like, ensure normal communication between the equipment and a server point and improve the information security of the equipment.
Next, step S103 is performed, if the signature result is a pass verification result, indicating that the authentication passes the message M 2 =(T 1 ,r 1 ,Sig B ) If the digital signature is correct, the decryption algorithm of the SM4 algorithm decrypts the authentication to obtain the session duration and the session key parameter through the message, wherein the session key parameter is used for communication between the session key parameter and the server side in the session duration.
Specifically, on the condition that the signature result is the passing verification result, the device-end pair authentication passes the message M 2 =(T 1 ,r 1 ,Sig B ) Verifying to obtain a first random number r 1 And ciphertext E SM4_kt (ID A ||k s ||ΔT||r 2 ). According to the first random number r 1 And a target response signal R A Obtaining a temporary key k t . Decryption algorithm D by SM4 algorithm SM4_k () Temporary key k t For ciphertext E SM4_kt (ID A ||k s ||ΔT||r 2 ) Decrypting to obtain the device number, session duration delta T and session key parameters, wherein the session key parameters comprise a session key k s And second random number r of ciphertext 2 . Thus, the identity authentication process between the equipment end and the service end is completed.
If the signature result is a passing verification result, the authentication passing message M is indicated 2 =(T 1 ,r 1 ,Sig B ) If the digital signature in the server is wrong, the device end may encounter man-in-the-middle attack, i.e. someone impersonates the server to communicate with the device end, the device end discards the authentication passing message, which means that the device end no longer communicates with the man-in-the-middle attacker, and the device end waits for the authentication passing message sent by the server end again or the device end to resend the authentication message to the serverAnd a server side.
And in the session duration delta T, when the equipment end communicates with the server end, the equipment end obtains a session message according to the session key parameter and the SM4 algorithm, namely, the session key k is utilized s Encrypting the session content message and the second random value r of the session message by an encryption algorithm of the SM4 algorithm 2 Obtaining a session message M 3 =E SM4_ks (message||r 2 ). The device side sends session message M 3 =E SM4_ks (message||r 2 ) And sending the session feedback message to the server side so that the server side obtains the session feedback message according to the session message and is used for realizing communication with the server side.
The server receives the session message M 3 =E SM4_ks (message||r 2 ) After that, the session message is decrypted through SM4 algorithm to obtain session content message and session random value r of the session message 2 * Validating a session random value r 2 * Whether to match the second random value r 2 And consistent. If the session random value r is verified 2 * And a second random value r 2 And if the session keys are consistent/equal, indicating that the session keys of the equipment side and the server side are finished in a negotiation mode, the equipment side communicates with the server side or establishes a new session key between the equipment side and the server side within the session duration delta T. If the session random value r is verified 2 * And a second random value r 2 If the session information is inconsistent or unequal, the session information is possibly forged or tampered, or the server side is attacked by denial of service, the server side discards the session information, so that the communication safety is ensured, and the data safety is improved.
In the session key negotiation stage, the temporary key is a target response signal R known in the communication process of the equipment end and the server end A Calculated. Therefore, the server only needs to use the first random value r 1 To the device side, then the device side can pass r 1 And R is A The temporary key is calculated to obtain the session key. In the authentication phase, the device side only proves its own identity to the server side. Transmitting to the equipment end at the server endAfter the authentication passes through the message, the equipment end passes through a first random value r 1 Obtaining a temporary key, and obtaining a device number ID through decryption of the temporary key A Session key k s Session duration deltat and second random number r 2 The identity of the server can be verified after the information. Therefore, the temporary key cannot be directly used as the session key. If a temporary key is used as the session key, the device side may receive a pseudo-signature and a pseudo-random value generated by an attacker through the public key of the server side, thereby generating an invalid session key.
Therefore, the session key is obtained through the temporary key, the equipment end and the server end communicate through the session key, the security level of the session key is improved, classical attack is resisted to a great extent, the anti-counterfeiting capacity and information security of the equipment are improved, a high-level security mechanism is provided for massive Internet of things nodes, and the data security of each node is ensured.
The session key is used for normal communication between the equipment end and the server end by virtue of the session key in the session duration, so that the situations that communication between the equipment end and the server end is attacked by a network, information disguised and the like are avoided. The communication safety of the two nodes is guaranteed, a high-level safety mechanism is further provided for the equipment end, and the data safety of each node is guaranteed.
In the session process of the equipment end and the server end, in the process of communication between the actual equipment end (especially the Internet of things equipment) and the server end, in order to ensure encryption and decryption efficiency, a symmetric encryption algorithm is adopted. As one of the symmetric encryption algorithms, the SM4 algorithm adopts complex S-box transformation and 32-round iterative design, and has higher differential attack resistance. The differential attack is a password analysis method, and key information is deduced by observing the behavior of an encryption algorithm under different input differences. The SM4 algorithm design considers the requirement of resisting differential attack, and enhances the safety of the algorithm. The key length of SM4 is 128 bits, providing sufficient security guarantee. The 128-bit key space is large enough, and key attack is difficult to carry out through brute force cracking methods such as exhaustive search. Therefore, the equipment end and the server end adopt an SM4 algorithm to encrypt and decrypt in the key negotiation stage and the session process, so that the communication safety and the data safety of the equipment end are further ensured, classical attacks are resisted to a great extent, and the communication efficiency is improved.
Next, a test procedure and a test result of the identity verification method of the device side in this embodiment are described:
the Golang language writes the identity verification method of the device side of the present embodiment, which includes a device side registration process performed on a secure channel and a communication process between the device side and a server side on a common channel. The testing procedure is mainly spread around the efficiency of communication over the common channel.
In the testing process, the equipment end for testing is a personal computer. The implementation process of the SM2 algorithm, the SM3 algorithm and the SM4 algorithm is realized by writing the SM2 algorithm, the SM3 algorithm and the SM4 algorithm for the proposed protocol based on a national secret algorithm library realized by the github open source item gmsm.
The communication implementation: in order to realize the intercommunication between the test equipment end and the server end, a portable network I/O interface provided by Golang standard library 'net' is adopted to execute the access to network primitives, and the network connection is established based on basic interfaces provided by Dial, listen and Accept functions.
The protocol implementation: the protocol of the identity authentication stage and the session key negotiation stage provided by the invention is realized through Golang. And then, using Visual Studio Code compiling protocol, and sending authentication request and key negotiation request to complete the test by writing the codes of the equipment end and the server end.
Execution time and memory occupation: the support of automatic test of the Go package provided by the Go lang standard library testing package is utilized to write a test suite and feed back information such as execution time and memory occupation of the test.
The testing process comprises the following steps: in order to ensure the credibility of the test result, 15 rounds of tests are carried out, the length of the encrypted data in the test is 512 bytes, and the public and private keys, the common key length and the packet length are 128 bits.
The test results were as follows:
fig. 4a is a schematic diagram of the speed of performing functions of public-private key generation, private key signing, public key verification, public key encryption, private key decryption, session key negotiation, key exchange, etc. by the SM2 algorithm under 15 rounds of test, where the abscissa is the round, and the ordinate is the speed, and the unit is thousand times/s. In fig. 4a, public-private key generation is represented by reference columns filled with diagonal patterns, key exchange is represented by reference columns filled with vertical patterns, private key signing is represented by reference columns not filled with patterns, public key signing is represented by reference columns filled with horizontal patterns, public key encryption is represented by reference columns filled with black-white grid patterns, and private key encryption is represented by reference columns filled with cross line patterns. Fig. 4b is a schematic diagram of the memory used by the SM2 algorithm under 15 rounds of testing to perform functions such as public-private key generation, private key signing, public key verification, public key encryption, private key decryption, session key negotiation, and key exchange, in units (KB/op). As can be seen from fig. 4a and fig. 4b, the basic operation speed of key generation, private key signature and the like executed based on the SM2 algorithm is much faster than the operations of public key signature verification, public key encryption, private key decryption and the like, and compared with other operations, the memory occupied by executing the private key signature operation is larger.
Fig. 5 is a schematic diagram of speeds at which the SM2 algorithm and the RAS algorithm perform respective functions, the SM2 algorithm and the RSA algorithm perform functions of signature & verification, encryption & decryption, and the like, respectively, and both perform a total of 15 tests. In fig. 5, SM2 signature & verification is represented by reference columns filling black-matrix white dot patterns, SM2 encryption & decryption is represented by reference columns filling horizontal line patterns, RSA signature & verification is represented by reference columns not filling patterns, and RSA encryption & decryption is represented by reference columns filling white-matrix black dot patterns. As can be seen from fig. 5, the signing and verifying speeds and the encrypting and decrypting speeds of SM2 are faster than RSA. This is because the SM2 algorithm is implemented based on ECC (Elliptic Curve Cryptography, elliptic curve cryptography based on discrete logarithms). Under the same security intensity, the ECC is longer than the key bit of RSA and the system parameters are smaller, namely the required storage space is smaller, the bandwidth requirement for transmission is lower, the number of logic gates of a logic circuit required by hardware for realizing ECC is smaller than that of RSA, and the power consumption is lower.
Fig. 6a is a schematic diagram of time spent by the SM4 (packet data) algorithm to execute the ECB (Electronic Codebook ), CBC (Cipher block chaining), CFB (Cipher feedback), and OFB (output feedback). The abscissa of fig. 6a is the run for a total of 15 runs. The ordinate of fig. 6a is execution time, units: us. Fig. 6b is a schematic diagram of the memory occupied by the SM4 algorithm executing ECB, CBC, CFB and OFB algorithm modes, and the unit: byte/op, 15 rounds of testing total. In fig. 6a, ECB is represented by reference columns filling white background black dot patterns, CFB is represented by reference columns filling horizontal line patterns, OFB is represented by reference columns filling diagonal line patterns, and CBC is represented by reference columns not filling patterns.
As can be seen from fig. 6a and fig. 6b, the execution time of the SM4 algorithm in different block cipher modes, the encrypted and decrypted information is a common key negotiated between the device side and the server side, i.e. a session key, and the length is 128bits. The time and occupied memory for CBC mode operation is higher than the other three modes. The memory occupied by the OFB mode operation is consistent with the memory occupied by the CFB mode operation. In specific practice, the method can be selected according to the conditions of the equipment end. Because of the gap between the encryption and decryption processes of different encryption modes, the difference between the running time and the occupied memory is caused. During the test, only the implementation of the different encryption modes in the verification scheme is tested, but the use of a certain encryption mode is not specified.
As shown in table 1, table 1 shows the protocol performance test results, mainly for testing the rates of SM2 digital signature generation, SM2 digital signature verification, SM2 encryption, SM2 decryption, SM3 digest generation, SM4 encryption, SM4 decryption in the identity authentication process and the key negotiation communication process. From the protocol performance test results, through 15 rounds of tests, the encryption and decryption speed of SM2 is about 900 times/s, the execution speed of SM3 is about 2000 times/s, and the encryption and decryption speed of SM4 is about 3000 times/s. Since SM3 is a hash algorithm, it is not broken down into multiple processes. Therefore, after multiple rounds of tests, each protocol is found to run stably, each function is better, and the expected effect can be achieved.
As can be seen from the test results, the authentication method of the embodiment is implemented by combining the SM2 algorithm, the SM3 algorithm and the SM4 algorithm, so that the communication safety and the data safety of the equipment end are improved, the calculation amount and the processing amount of the equipment end are optimized, and the lightweight safety authentication and session key establishment scheme which is suitable for both the equipment end and the server end are realized. And a high-level security mechanism is provided for massive nodes of the Internet of things, so that the data security of each node is ensured.
One or more technical solutions in the embodiments of the present invention at least have the following technical effects or advantages:
in the embodiment of the invention, after the equipment end establishes connection with the server end, the equipment end obtains an authentication message through a target response signal of a pre-stored physical unclonable function by an SM3 algorithm, and sends the authentication message to the server end so that the server end obtains an authentication passing message according to the authentication message. Here, the device side stores in advance a target response signal obtained by a physical unclonable function, and obtains an authentication message by SM3 algorithm processing, and sends the authentication message to the server side, so that the server side verifies the identity of the device side. The subsequent authentication process and session process of the equipment end and the server end are realized through the target response signals, a large number of PUF responses are not required to be stored in advance, the calculated amount of the equipment end is reduced, the method is more suitable for the equipment of the Internet of things, and the lightweight communication process between the equipment end and the server end is realized. And by combining an SM3 algorithm, the safety and confidentiality of the communication process of the equipment end are improved.
And then, acquiring an authentication passing message, and verifying the digital signature of the authentication passing message through a pre-stored public key of the server side to obtain a signature result. If the signature result is the passing verification result, the SM4 algorithm decrypts the authentication passing message to obtain the session duration and the session key parameter, wherein the session key parameter is used for communication between the session key parameter and the server side in the session duration. Through the matching use of the SM4 algorithm and the session key, the equipment end and the server end firstly establish a safe shared session key through a network and then carry out secret communication, so that the encryption and decryption efficiency and the communication safety of the communication between the equipment end and the server end are ensured, the equipment end has higher differential attack resistance, classical attack is resisted to a great extent, and the communication efficiency is improved.
Example two
The first embodiment of the present invention provides an identity verification method, as shown in fig. 7, applied to a server, where the method includes:
s201, after establishing connection with a device end, acquiring an authentication message sent by the device end;
s202, searching a pre-stored target response signal according to the equipment number of the authentication message, and obtaining a target hash value according to the target response signal and an SM3 algorithm;
And S203, if the target hash value is consistent with the pre-stored hash value, acquiring an authentication passing message, and transmitting the authentication passing message to the equipment end.
Preferably, the acquiring the authentication passing message includes:
acquiring a session key, a first random number and a second random number;
obtaining a temporary key according to the target response signal, the first random number and the SM3 algorithm;
encrypting the equipment number, the session key, the session duration and the second random number through an encryption algorithm of an SM4 algorithm to obtain a ciphertext;
and carrying out digital signature processing on the current timestamp, the first random number and the ciphertext through the private key of the server side to obtain a digital signature, and obtaining the authentication passing message according to the current timestamp, the first random number and the digital signature.
Preferably, after the authentication passing message is sent to the device side, the method further includes:
acquiring a session message sent by the equipment terminal within the session duration;
decrypting the session message to obtain the message content and the verification random value of the session message;
and if the verification random value is consistent with the second random value, communicating with the equipment end.
Example III
Based on the same inventive concept, a second embodiment of the present invention further provides a chip, including: a memory, a processor and a computer program stored on the memory and executable on the processor, which when executed implements the steps of any of the above-described authentication methods.
Since the chip described in this embodiment is a chip for implementing the authentication method described in embodiment one of the present application, based on the authentication method described in embodiment one of the present application, a person skilled in the art can understand the specific implementation of the chip of this embodiment and various modifications thereof, so how this chip implements the method described in embodiment one of the present application will not be described in detail herein. The chip used by those skilled in the art to implement the authentication method in the first embodiment of the present application is within the scope of protection intended in the present application.
Example IV
Based on the same inventive concept, the fourth embodiment of the present invention also provides an electronic device, including the above-mentioned chip.
It will be appreciated by those skilled in the art that embodiments of the present invention may be provided as a method, apparatus (system), or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present invention without departing from the spirit or scope of the invention. Thus, it is intended that the present invention also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.
Claims (10)
1. An authentication method, applied to a device side, comprising:
After establishing connection with a server, obtaining an authentication message through a target response signal of a pre-stored physical unclonable function by an SM3 algorithm, and sending the authentication message to the server so that the server can obtain an authentication passing message according to the authentication message;
acquiring the authentication passing message, and verifying the digital signature of the authentication passing message through a pre-stored public key of the server side to obtain a signature result;
and if the signature result is a passing verification result, decrypting the authentication passing message through a decryption algorithm of an SM4 algorithm to obtain a session duration and a session key parameter, wherein the session key parameter is used for communication between the session key parameter and the server side in the session duration.
2. The method of claim 1, further comprising, prior to establishing a connection with the server side:
in a secure channel, a registration request signal is sent to the server side, so that the server side sends an initial excitation signal and a public key of the server side according to the received registration request signal, wherein the registration request signal comprises a device number of the device side, and the public key of the server side is encrypted by an SM2 algorithm;
Receiving the initial excitation signal and the public key of the server side, and obtaining the target response signal according to the initial excitation signal and the physical unclonable function;
and storing the target response signal and the public key of the server side, and sending the target response signal to the server side so that the server side stores the target response signal and the equipment number.
3. The method of claim 2, wherein obtaining the authentication message from the target response signal of the pre-stored physical unclonable function by the SM3 algorithm, comprises:
processing the target response signal and the current time stamp through the SM3 algorithm to obtain an authentication excitation signal, and obtaining an authentication response signal according to the physical unclonable function and the authentication excitation signal;
and obtaining the authentication message according to the authentication excitation signal, the authentication response signal, the target response signal, the current time stamp and the equipment number.
4. The method of claim 1, wherein decrypting the authentication-passing message by SM4 algorithm results in a session duration and a session key parameter, comprising:
Verifying the authentication passing message to obtain a first random number and a ciphertext;
obtaining a temporary key according to the first random number and the target response signal;
and decrypting the ciphertext through the SM4 algorithm and the temporary key to obtain the session duration and the session key parameter, wherein the session key parameter comprises a session key and a second random number of the ciphertext.
5. The method of claim 1, wherein the session duration further comprises, within the session duration:
and obtaining a session message according to the session key parameter and the SM4 algorithm, and sending the session message to the server side so that the server side obtains a session feedback message according to the session message, and the session feedback message is used for realizing communication with the server side.
6. An authentication method, applied to a server, comprising:
after establishing connection with a device end, acquiring an authentication message sent by the device end;
searching a pre-stored target response signal according to the equipment number of the authentication message, and obtaining a target hash value according to the target response signal and an SM3 algorithm;
and if the target hash value is consistent with the pre-stored hash value, acquiring an authentication passing message, and sending the authentication passing message to the equipment end.
7. The method of claim 6, wherein the obtaining an authentication pass message comprises:
acquiring a session key, a first random number and a second random number;
obtaining a temporary key according to the target response signal, the first random number and the SM3 algorithm;
encrypting the equipment number, the session key, the session duration and the second random number through an encryption algorithm of an SM4 algorithm to obtain a ciphertext;
and carrying out digital signature processing on the current timestamp, the first random number and the ciphertext through the private key of the server side to obtain a digital signature, and obtaining the authentication passing message according to the current timestamp, the first random number and the digital signature.
8. The method of claim 7, further comprising, after sending the authentication pass message to the device side:
acquiring a session message sent by the equipment terminal within the session duration;
decrypting the session message to obtain the message content and the verification random value of the session message;
and if the verification random value is consistent with the second random value, communicating with the equipment end.
9. A chip comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method steps of any of claims 1-5 when the program is executed.
10. An electronic device comprising the chip of claim 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311491646.XA CN117675285A (en) | 2023-11-10 | 2023-11-10 | Identity verification method, chip and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311491646.XA CN117675285A (en) | 2023-11-10 | 2023-11-10 | Identity verification method, chip and equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117675285A true CN117675285A (en) | 2024-03-08 |
Family
ID=90083569
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311491646.XA Pending CN117675285A (en) | 2023-11-10 | 2023-11-10 | Identity verification method, chip and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117675285A (en) |
-
2023
- 2023-11-10 CN CN202311491646.XA patent/CN117675285A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10693848B2 (en) | Installation of a terminal in a secure system | |
| TWI288552B (en) | Method for implementing new password and computer readable medium for performing the method | |
| CN109559122A (en) | Block chain data transmission method and block chain data transmission system | |
| US10348498B2 (en) | Generating a symmetric encryption key | |
| EP2361462B1 (en) | Method for generating an encryption/decryption key | |
| WO2017004470A1 (en) | Mutual authentication of confidential communication | |
| CN108347419A (en) | Data transmission method and device | |
| CN105991285A (en) | Identity authentication methods, devices and system applied to quantum key distribution process | |
| US20110194698A1 (en) | Key Sharing System | |
| WO2016058404A1 (en) | Entity authentication method and device based on pre-shared key | |
| CN109688098B (en) | Method, device and equipment for secure communication of data and computer readable storage medium | |
| CN113268715A (en) | Software encryption method, device, equipment and storage medium | |
| US20170310665A1 (en) | Method and system for establishing a secure communication channel | |
| CN109309566B (en) | Authentication method, device, system, equipment and storage medium | |
| TW201626775A (en) | Mutual authentication | |
| TW201633206A (en) | Improved security through authentication tokens | |
| CN112713995A (en) | Dynamic communication key distribution method and device for terminal of Internet of things | |
| CN110855667B (en) | Block chain encryption method, device and system | |
| Narendrakumar et al. | Token security for internet of things | |
| US20060053288A1 (en) | Interface method and device for the on-line exchange of content data in a secure manner | |
| Mohamed | New Frontiers in Cryptography: Quantum, Blockchain, Lightweight, Chaotic and DNA | |
| CN114553566B (en) | Data encryption method, device, equipment and storage medium | |
| CN117675285A (en) | Identity verification method, chip and equipment | |
| CN112751858B (en) | Data encryption communication terminal method, device, terminal, server and storage medium | |
| JP6153454B2 (en) | Signature apparatus, method and program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |