CN118102290B - Quantum attack-resistant train-ground authentication method and system based on NTRU public key encryption - Google Patents

Quantum attack-resistant train-ground authentication method and system based on NTRU public key encryption Download PDF

Info

Publication number
CN118102290B
CN118102290B CN202410508372.9A CN202410508372A CN118102290B CN 118102290 B CN118102290 B CN 118102290B CN 202410508372 A CN202410508372 A CN 202410508372A CN 118102290 B CN118102290 B CN 118102290B
Authority
CN
China
Prior art keywords
authentication
initialization
vehicle
management entity
mobile unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202410508372.9A
Other languages
Chinese (zh)
Other versions
CN118102290A (en
Inventor
周长利
温景良
陈祖希
张灵慧
梅萌
朱永华
张宏扬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huaqiao University
Original Assignee
Huaqiao University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huaqiao University filed Critical Huaqiao University
Priority to CN202410508372.9A priority Critical patent/CN118102290B/en
Publication of CN118102290A publication Critical patent/CN118102290A/en
Application granted granted Critical
Publication of CN118102290B publication Critical patent/CN118102290B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/002Countermeasures against attacks on cryptographic mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/006Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving public key infrastructure [PKI] trust models
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/40Security arrangements using identity modules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/72Subscriber identity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/08Randomization, e.g. dummy operations or using noise
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/84Vehicles

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a quantum attack resistant train-ground authentication method and system based on NTRU public key encryption, which relate to the technical field of LTE-R train-ground wireless communication.

Description

Quantum attack-resistant train-ground authentication method and system based on NTRU public key encryption
Technical Field
The invention relates to the technical field of LTE-R train-ground wireless communication, in particular to a quantum attack-resistant train-ground authentication method and system based on NTRU (number theory research unit) public key encryption.
Background
With the continued development and modernization of railway traffic, the demand for communications by railway systems is also increasing. Conventional railway communication systems often have problems of limited coverage, slow data transmission speed, difficulty in communicating with modern wireless communication technologies, and the like. To solve these problems and to improve the efficiency and reliability of railway communications, the concept of LTE-R has evolved. LTE-R can be seen as an evolution of GSM-R to LTE and 5G, which can provide more efficient, reliable, secure and intelligent railway wireless communication services. Compared with the traditional narrow-band communication system GSM-R, the LTE-R system is based on the long-term evolution technology (Long Term Evolution, LTE), has the advantages of high bandwidth, low time delay, high speed and the like, and is more suitable for the requirements of a railway communication system. In LTE-R, vehicle-to-ground communication authentication plays a vital role, which ensures the security and legitimacy of communication. However, LTE-R systems introduce a series of security issues while providing convenience. Its open air interface, full IP, and flattened network architecture makes LTE-R more vulnerable to various security threats including eavesdropping, data tampering, fraud, and DoS (denial of service) attacks. In the traditional LTE-R system, the vehicle-ground communication authentication adopts a traditional asymmetric encryption algorithm, such as elliptic curve scalar multiplication, modular exponentiation operation or bilinear matching and the like, so as to ensure the communication security. However, with the continued advancement of quantum computing technology, the security of these traditional algorithms is challenged. The potential threat of quantum computers may in the future make these traditional encryption algorithms vulnerable to compromise railway communications. Based on this, there is a need for a vehicle-ground communication authentication technique that can resist quantum attacks and is small in calculation amount.
Disclosure of Invention
The invention aims to provide an NTRU public key encryption-based anti-quantum attack train-ground authentication method and system, wherein an NTRU public key encryption algorithm for resisting quantum attack is introduced into LTE-R train-ground communication authentication, and the traditional encryption algorithm is replaced by the NTRU public key encryption algorithm, so that the LTE-R train-ground communication authentication for resisting quantum attack is realized.
In order to achieve the above object, the present invention provides the following solutions:
in a first aspect, the present application provides a method for authenticating a vehicle-ground against quantum attack based on NTRU public key encryption, the method comprising:
Initializing a system:
The home subscriber server issues public parameters to the vehicle-mounted mobile unit and the mobility management entity; the public parameters comprise an initialization parameter, a system public key and a plurality of one-way hash functions; the system public key is calculated by the home subscriber server based on the initialization parameter by applying an NTRU key generation process in an NTRU public key encryption algorithm; the initialization parameters are obtained based on an NTRU parameter initialization process in the NTRU public key encryption algorithm.
USIM card registration:
The home subscriber server receives a USIM card registration request of the vehicle-mounted mobile unit; obtaining a first authentication token of the vehicle-mounted mobile unit based on the USIM card registration request and the public parameter; the public and private keys of the vehicle-mounted mobile unit are obtained by applying the NTRU key generation process, and registration response information is sent to the vehicle-mounted mobile unit; the registration response information includes a public private key of the in-vehicle mobile unit and the first authentication token.
Initializing authentication:
The mobile management entity receives a first initialization authentication message generated by the vehicle-mounted mobile unit; generating a second initialization authentication message based on the first initialization authentication message, and sending the second initialization authentication message to the home subscriber server; the first initialization authentication message is obtained by the vehicle-mounted mobile unit applying an NTRU encryption process in the NTRU public key encryption algorithm according to the registration response information.
The home subscriber server authenticates the location information of the mobility management entity and the second initialization authentication message, and after the authentication is passed, generates a third initialization authentication message by applying the NTRU key generation process, and sends the third initialization authentication message to the mobility management entity.
The mobility management entity obtains a fourth initialization authentication message by applying the NTRU encryption process based on the third initialization authentication message, and sends the fourth initialization authentication message to the vehicle-mounted mobile unit; the vehicle-mounted mobile unit authenticates the mobility management entity, generates a fifth initialization authentication message after the authentication is passed, and sends the fifth initialization authentication message to the mobility management entity; and the mobile management entity authenticates the vehicle-mounted mobile unit based on the fifth initialization authentication message, and the initialization authentication is completed after the authentication is passed.
In a second aspect, the present application provides a quantum attack resistant train-ground authentication system based on NTRU public key encryption, the system comprising:
The system initialization module is used for issuing public parameters to the vehicle-mounted mobile unit and the mobility management entity by the home subscriber server; the public parameters comprise an initialization parameter, a system public key and a plurality of one-way hash functions; the system public key is calculated by the home subscriber server based on the initialization parameter by applying an NTRU key generation process in an NTRU public key encryption algorithm; the initialization parameters are obtained based on an NTRU parameter initialization process in the NTRU public key encryption algorithm.
The USIM card registration module is used for receiving a USIM card registration request of the vehicle-mounted mobile unit by the home subscriber server; obtaining a first authentication token of the vehicle-mounted mobile unit based on the USIM card registration request and the public parameter; the public and private keys of the vehicle-mounted mobile unit are obtained by applying the NTRU key generation process, and registration response information is sent to the vehicle-mounted mobile unit; the registration response information includes a public private key of the in-vehicle mobile unit and the first authentication token.
An initialization authentication module, configured to receive, by the mobility management entity, a first initialization authentication message generated by the vehicle-mounted mobile unit; generating a second initialization authentication message based on the first initialization authentication message, and sending the second initialization authentication message to the home subscriber server; the first initialization authentication message is obtained by the vehicle-mounted mobile unit applying an NTRU encryption process in the NTRU public key encryption algorithm according to the registration response information; the home subscriber server authenticates the position information of the mobility management entity and the second initialization authentication message, and after the authentication is passed, generates a third initialization authentication message by applying the NTRU key generation process, and sends the third initialization authentication message to the mobility management entity; the mobility management entity obtains a fourth initialization authentication message by applying the NTRU encryption process based on the third initialization authentication message, and sends the fourth initialization authentication message to the vehicle-mounted mobile unit; the vehicle-mounted mobile unit authenticates the mobility management entity, generates a fifth initialization authentication message after the authentication is passed, and sends the fifth initialization authentication message to the mobility management entity; and the mobile management entity authenticates the vehicle-mounted mobile unit based on the fifth initialization authentication message, and the initialization authentication is completed after the authentication is passed.
According to the specific embodiment provided by the invention, the invention discloses the following technical effects:
the invention provides a quantum attack resistant train-ground authentication method and system based on NTRU public key encryption, which are characterized in that an NTRU public key encryption algorithm is introduced in the system initialization, USIM card registration and initialization authentication processes, the traditional cryptography algorithm is replaced by the quantum attack resistant NTRU public key encryption algorithm, the quantum attack resistant identity authentication is realized while the calculation cost is reduced, and a safe, reliable and efficient identity authentication scheme is provided for LTE-R train-ground communication authentication.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions of the prior art, the drawings that are needed in the embodiments will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic diagram of a system node model of an NTRU public key encryption-based method for authenticating a vehicle-ground against quantum attack according to embodiment 1 of the present invention;
Fig. 2 is a schematic flow chart of USIM card registration provided in embodiment 1 of the present invention;
fig. 3 is a schematic diagram of an initialization authentication procedure provided in embodiment 1 of the present invention;
fig. 4 is a schematic diagram of a re-authentication flow provided in embodiment 1 of the present invention;
Fig. 5 is a schematic diagram of a handover authentication procedure according to embodiment 1 of the present invention;
Fig. 6 is a system block diagram of an NTRU public key encryption-based anti-quantum attack train-ground authentication system according to embodiment 2 of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The invention aims to provide an NTRU public key encryption-based anti-quantum attack train-ground authentication method and system, wherein an NTRU public key encryption algorithm for resisting quantum attack is introduced into LTE-R train-ground communication authentication, and the traditional encryption algorithm is replaced by the NTRU public key encryption algorithm, so that the LTE-R train-ground communication authentication for resisting quantum attack is realized. Meanwhile, the invention designs three processes of initialization authentication, re-authentication and node switching authentication, provides more choices for vehicle-to-ground communication authentication under different scenes, improves the security, ensures the efficiency of an authentication method, and provides a safe, efficient and reliable identity authentication scheme for LTE-R vehicle-to-ground authentication.
The method for encrypting the NTRU public key is introduced:
(1) NTRU parameter initialization: selecting three integers WhereinAndSatisfy the following requirementsAnd (2) andGreater thanRepresenting the dimension of a polynomial ring in an NTRU algorithm; three are selectedOrder polynomial set
(2) NTRU key generation: randomly selecting polynomialsAnd polynomialsAcquisition ofAndWhereinAndI.e.AndRespectively areIn-mold dieSum dieThe following inversion element; computing public keysPrivate key
(3) NTRU encryption: selecting a message to encryptAnd randomly select a polynomialCalculating ciphertext (i.e., encrypted information)
(4) NTRU decryption: upon receipt of ciphertextThereafter, the ciphertext is decrypted using the following formula to obtain plaintext (i.e., the information to be encrypted)
Wherein,Is an intermediate parameter in the decryption process.
In order that the above-recited objects, features and advantages of the present invention will become more readily apparent, a more particular description of the invention will be rendered by reference to the appended drawings and appended detailed description.
Example 1
As shown in fig. 1, the present embodiment provides a quantum attack resistant train-ground authentication method based on NTRU public key encryption, which includes:
system initialization:
the home subscriber server HSS issues public parameters to the on-board mobile unit OBU and the mobility management entity MME; the public parameters comprise an initialization parameter, a system public key and a plurality of one-way hash functions; the system public key is calculated by the home subscriber server based on the initialization parameter by applying an NTRU key generation process in an NTRU public key encryption algorithm; the initialization parameters are obtained based on an NTRU parameter initialization process in the NTRU public key encryption algorithm. The system initialization specifically comprises the following steps:
(1) The home subscriber server selects and selects three integers I.e. first integerA second integer q and a third integer N, and selecting three N-1 order polynomial sets, respectively recorded as a first polynomial setSecond polynomial setAnd a third polynomial set; The first integerAnd the second integer q satisfiesAnd the second integer q is greater than the first integer; The third integer N is the dimension of a polynomial ring in the NTRU public key encryption algorithm; the initialization parameter includes the first integer-Said second integer q and said third integer N; Representing the greatest common divisor of the two numbers p and q.
(2) The home subscriber server respectively extracts the first polynomial set from the first polynomial setAnd the second set of polynomialsA first polynomial h HSS and a second polynomial g HSS are randomly selected, and a first inverse is calculated according to the first polynomial h HSS, the first integer p and the second integer qAnd a second inverse element; Wherein,AndI.e.AndThe inverse of h HSS at modulo p and modulo q, respectively. According to the first polynomial h HSS, the second polynomial g HSS, the second integer q, the first inverseAnd the second inverse elementComputing the system public keySystem private key
(3) The home subscriber server uses the initialization parameter, the system public key and a plurality of one-way hash functions as the public parameterAnd issuing the public parameters to the vehicle-mounted mobile unit and the mobility management entity
As an example, a plurality of one-way hash functions, in particular three one-way hash functions, may be selectedWhereinFor connecting arbitrary lengthsMapping the binary sequence of (2) to a shorter fixed lengthIs a binary sequence of (a).
(II) USIM card registration: the method is used for finishing registration of the USIM card in the Home Subscriber Server (HSS) and writing of related information, namely finishing authorization process of the HSS to the USIM card.
The home subscriber server HSS receives a USIM card registration request of the on-board mobile unit OBU; the USIM card registration request is generated by the in-vehicle mobile unit based on the IMSI of the USIM card of the in-vehicle mobile unit. Obtaining a first authentication token of the on-board mobile unit OBU based on the USIM card registration request and the public parameter; the public and private keys of the vehicle-mounted mobile unit are obtained by applying the NTRU key generation process, and registration response information is sent to the vehicle-mounted mobile unit; the registration response information includes a public private key of the in-vehicle mobile unit and the first authentication token.
As shown in fig. 2, USIM card registration specifically includes:
(1) The on-board mobile unit OBU obtains the international mobile subscriber identity IMSI of the USIM card, generates a first random number RN, calculates an international mobile subscriber identity hash value HIMSI according to the international mobile subscriber identity IMSI and the first random number RN by applying a first one-way hash function h 1 () in the public parameters, Representing the presentation to beAndAnd (5) performing connection. In the calculation to obtainAfter HIMSI, sending HIMSI to a home subscriber server HSS for registration, that is, sending the USIM card registration request to the home subscriber server; the USIM card registration request includes the international mobile subscriber identity hash value.
(2) After receiving the USIM card registration request sent by the on-board mobile unit OBU, the home subscriber server generates a second random numberAnd based on the international mobile subscriber identity hash value HIMSI and the second random numberAs input, the first authentication token wt u of the on-board mobile unit is calculated by applying the first one-way hash function h 1',
(3) The home subscriber server generates an OBU public key for the on-board mobile unit OBU through the NTRU key generation processAnd OBU private key. The method comprises the following steps:
The home subscriber server respectively extracts the first polynomial set from the first polynomial set And the second set of polynomialsIs selected randomly from a first polynomialAnd a second polynomialAccording to the first polynomialCalculating a first inverse of said first integer p and said second integer qAnd a second inverse element; Wherein,AndI.e.AndRespectively areInverse under modulo p and modulo q. According to the first polynomialThe second polynomialThe second integer q, the first inverseAnd the second inverse elementCalculating a public key of the on-board mobile unitPrivate key
(4) The home subscriber server transmits the public and private key of the in-vehicle mobile unit and the first authentication token wt u as the registration response information to the in-vehicle mobile unit. After receiving the registration response information, the vehicle-mounted mobile unit stores
Thus far, USIM card registration is completed, and obtained OBU public keyOBU private keyAnd a first authentication tokenFor subsequent initialization authentication, re-authentication and handover authentication processes.
Initializing authentication: when the method is used for the vehicle-mounted mobile unit to access the authentication network for the first time, the initialization authentication of the OBU is completed.
As shown in fig. 3, the initialization authentication process includes the steps of:
(1) The mobile management entity receives a first initialization authentication message generated by the vehicle-mounted mobile unit; generating a second initialization authentication message based on the first initialization authentication message, and sending the second initialization authentication message to the home subscriber server; the first initialization authentication message is obtained by the vehicle-mounted mobile unit applying an NTRU encryption process in the NTRU public key encryption algorithm according to the registration response information. The method specifically comprises the following steps:
1) In-vehicle mobile unit reading And generates HIMSI a set of data,. The vehicle-mounted mobile unit obtains intermediate parameters based on the international mobile subscriber identity hash value, the first one-way hash function and a physical unclonable function; and generating a first random polynomialAnd a third random number sku; the first random polynomialFrom the third set of polynomialsIs selected from the group consisting of.
The on-board mobile unit obtains an intermediate parameter based on the international mobile subscriber identity hash value, the first one-way hash function and a physical unclonable function, and specifically includes:
Applying the physical unclonable function based on the International Mobile subscriber identity hash value HIMSI A physical unclonable output response Ru is obtained,; Applying the first one-way hash function h 1 (), according to the physical unclonable output response Ru, obtaining the intermediate parameter HR,
2) The vehicle-mounted mobile unit generates a first random polynomial according to the first integer p in the common parameterSaid system public keyAnd the international mobile subscriber identity hash value HIMSI is calculated using the NTRU encryption process to obtain a first initialization authentication ciphertext FS 1,; A second initialization authentication ciphertext FS 2 is derived from the first initialization authentication ciphertext FS 1, the international mobile subscriber identity hash value HIMSI and the third random number sku,; Obtaining a third initialization authentication ciphertext FS 3 according to the second initialization authentication ciphertext FS 2, the third random number sku and the mobile management entity location information LAI acquired by the vehicle-mounted mobile unit,; A fourth initialization authentication ciphertext FS 4 is obtained from the third initialization authentication ciphertext FS 3, the mobility management entity location information LAI and the intermediate parameter,
3) The vehicle-mounted mobile unit takes the first initialization authentication ciphertext, the second initialization authentication ciphertext, the third initialization authentication ciphertext, the fourth initialization authentication ciphertext and the intermediate parameter as inputs, calculates and obtains a first integrity verification value V u by applying a second one-way hash function h 2 () in the common parameter,; And sending the first initialization authentication message to the mobility management entity MME; The first initialization authentication message includes the first initialization authentication ciphertext, the second initialization authentication ciphertext, the third initialization authentication ciphertext, the fourth initialization authentication ciphertext, the first integrity verification value, and the identification ID of the home subscriber server.
4) After receiving a first initialization authentication message sent by an on-board mobile unit (OBU), a mobility management entity obtains real location information (LAI 1) of the mobility management entity and a mobility management entity identifier (SNID) to generate a second initialization authentication messageTransmitting the second initialization authentication message to the home subscriber server according to the identification ID of the home subscriber server; the second initialization authentication message comprises the first initialization authentication messageThe actual location information of the mobility management entity and the mobility management entity identification SNID.
(2) The home subscriber server authenticates the location information of the mobility management entity and the second initialization authentication message, and after the authentication is passed, generates a third initialization authentication message by applying the NTRU key generation process, and sends the third initialization authentication message to the mobility management entity. The method specifically comprises the following steps:
1) After receiving the second initialization authentication message sent by the MME, the home subscriber server uses the system private key Decrypting the first initialization authentication ciphertext FS 1, the second initialization authentication ciphertext FS 2, the third initialization authentication ciphertext FS 3, and the fourth initialization authentication ciphertext FS 4 in the second initialization authentication message to obtain a decrypted international mobile subscriber identity hash valueDecrypted third random numberDecrypted mobility management entity location informationAnd intermediate parameters for decryptionObtaining the product
2) The home subscriber server judging the true location information LAI 1 of the mobility management entity and the decrypted mobility management entity location informationIf the first and second initial authentication ciphertexts are the same, the authentication process is terminated, if the first and second initial authentication ciphertexts are different, the home subscriber server applies the second one-way hash function to calculate and obtain a second integrity verification value according to the first, second, third, fourth and decrypted intermediate parameters HR 1 ; Determining the second integrity verification valueIs identical to the first integrity verification value V u, i.e. judgingIf the message integrity verification is successful, the authentication of the home subscriber server to the second initialization authentication message is passed.
3) The home subscriber server generates a fourth random numberWith the fourth random numberAnd the mobility management entity identifier SNID is used as input, and the first one-way hash function is applied to calculate and obtain a second authentication token of the mobility management entity
4) The home subscriber server generates a public key of the mobility management entity for the mobility management entity through an NTRU key generation processPrivate key. The method specifically comprises the following steps:
The home subscriber server respectively extracts the first polynomial set from the first polynomial set And the second set of polynomialsA first polynomial h M and a second polynomial g M are randomly selected, and a first inverse is calculated according to the first polynomial h M, the first integer p and the second integer qAnd a second inverse element; Wherein,AndI.e.AndThe inverse of h M at modulo p and modulo q, respectively. According to the first polynomial h M, the second polynomial g M, the second integer q, the first inverseAnd the second inverse elementCalculating a public key of the mobility management entityPrivate key
5) The home subscriber server searches the first authentication token of the vehicle-mounted mobile unit according to the decrypted international mobile subscriber identity hash value HIMSI 1 And a public key of the on-board mobile unitAnd sending the third initialization authentication message to the mobility management entity; The third initialization authentication message includes the decrypted international mobile subscriber identity hash value HIMSI 1, the decrypted third random numberThe first authentication tokenSaid decrypted intermediate parameter HR 1, the public key of said on-board mobile unitThe second authentication tokenPublic key of the mobility management entityPrivate key
(3) The mobility management entity obtains a fourth initialization authentication message by applying the NTRU encryption process based on the third initialization authentication message, and sends the fourth initialization authentication message to the vehicle-mounted mobile unit; the vehicle-mounted mobile unit authenticates the mobility management entity, generates a fifth initialization authentication message after the authentication is passed, and sends the fifth initialization authentication message to the mobility management entity; and the mobile management entity authenticates the vehicle-mounted mobile unit based on the fifth initialization authentication message, and the initialization authentication is completed after the authentication is passed. The method specifically comprises the following steps:
1) The mobility management entity generates a second random polynomial And a fifth random number skm, expressed by the first integer p and the second random polynomialPublic key of the vehicle-mounted mobile unitAnd the second authentication tokenFor input, a fifth initialization certification ciphertext FS 5 is calculated using the NTRU encryption process,; According to the fifth initialization authentication ciphertext FS 5, the second authentication tokenAnd the fifth random number skm to obtain a sixth initialization authentication ciphertext FS 6,; The mobility management entity uses the first authentication tokenThe second authentication tokenThe decrypted third random number sku 1 and the fifth random number skm are used as inputs, and a third one-way hash function h 3 () in the common parameter is applied to calculate and obtain a first session key; The second one-way hash function is applied to calculate a third integrity verification value by using the decrypted intermediate parameter HR 1, the fifth initialization authentication ciphertext, the sixth initialization authentication ciphertext, the first session key and the authentication management domain identification AMFAnd a first response parameter XRES,; According to the fifth initialization authentication ciphertext FS 5, the sixth initialization authentication ciphertext FS 6, the third integrity verification valueAnd a public key of the mobility management entityGenerating the fourth initialization authentication messageAnd transmitting to the on-board mobile unit; the second random polynomialAnd selecting from the third polynomial set.
2) After receiving the fourth initialization authentication message sent by the mobility management entity, the vehicle-mounted mobile unit uses the private key of the vehicle-mounted mobile unitDecrypting the fifth initialization authentication ciphertext and the sixth initialization authentication ciphertext in the fourth initialization authentication message to obtain a decrypted second authentication tokenAnd a decrypted fifth random number; With the first authentication tokenSaid decrypted second authentication tokenSaid third random number sku and said decrypted fifth random numberFor input, a second session key is calculated by applying the third one-way hash function; The intermediate parameters HR, the fifth initialization authentication ciphertext, the sixth initialization authentication ciphertext and the second session keyAnd the authentication management domain identification AMF is used as input, and the second one-way hash function is applied to calculate and obtain a fourth integrity verification valueAnd a second response parameter RES, and,; Judging whether the fourth integrity verification value is the same as the third integrity verification value, if so, passing the authentication of the vehicle-mounted mobile unit to the mobility management entity, and sending a fifth initialization authentication message to the mobility management entity by the vehicle-mounted mobile unit; the fifth initialization authentication message comprises a second response parameter RES.
3) And the mobility management entity judges whether the second response parameter RES is the same as the first response parameter XRES, and if so, the authentication of the mobile management entity to the vehicle-mounted mobile unit passes to finish initialization authentication.
So far, initializing authentication is completed, the OBU negotiates a session key with the MME, and the MME obtains the public key of the OBUAnd a first authentication tokenAnd OBU obtains the public key of MMEAnd a second authentication tokenFor the next authentication.
In this embodiment, in the movement process of the train, the OBU is sequentially connected with a plurality of MMEs after authentication, and the authentication process can be implemented through the initialization authentication process, that is, no matter which coverage area the OBU enters into, the authentication process between the OBU and the MME is completed by using the initialization authentication process, and after the authentication is passed, the OBU is connected with the MME, so that identity authentication of the access device in the LTR-R system is completed.
In this embodiment, the session key is negotiated for subsequent secure communication and authentication operation while authenticating the access device in the LTR-R train-ground wireless communication network, so as to meet the requirements of identity authentication and privacy protection in the existing LTE-R system, where the used NTRU public key encryption algorithm has smaller calculation overhead than elliptic curve encryption, and meanwhile, the NTRU algorithm can resist quantum attack, so that the security in the LTE-R authentication network is further improved, that is, the embodiment introduces the NTRU public key encryption algorithm resisting quantum attack in the LTE-R authentication system, so that the security is improved while the high efficiency of the authentication process is ensured, and the secure, efficient and reliable identity authentication and key negotiation protocol is provided for the LTE-R train-ground wireless communication.
When the on-board mobile unit needs to be reconnected with the mobility management entity that has completed the initialization authentication (or has completed the node handover authentication), that is, corresponds to reconnection with the connected mobility management entity, the authentication method of the embodiment further includes:
(IV) re-authentication: the authentication method is used for completing the authentication process when the vehicle-mounted mobile unit reenters the coverage area of the connected mobility management entity, and the process is different from the initialization authentication, does not need HSS participation, and reduces the communication pressure of the HSS.
As shown in fig. 4, the re-authentication includes the steps of:
(1) The mobile management entity receives a first reauthentication message generated by the vehicle-mounted mobile unit; authenticating the vehicle-mounted mobile unit and the first re-authentication message based on the third initialization authentication message, generating a second re-authentication message after passing authentication, and sending the second re-authentication message to the vehicle-mounted mobile unit; the first reauthentication message is calculated by the in-vehicle mobile unit using the NTRU encryption process based on the registration response information and the fourth initialization authentication message. The method specifically comprises the following steps.
1) In-vehicle mobile unit readingAnd generates a newHash value. Based on newCalculating the hash value and the first one-way hash function to obtain new intermediate parameters, in particular to obtain new intermediate parametersHash valueAs input, use is made of a physically unclonable functionCalculating to obtain newOutput responseThen use newOutput responseAs input, use is made of a first one-way hash functionCalculating to obtain new intermediate parameters. Generating a third random polynomialAnd a new third random numberIn a common parameterA third random polynomialPublic keyAnd a new third random numberAs input, a first reauthentication ciphertext is computed using an NTRU encryption process. With first re-authentication ciphertextNew third random numberAnd mobility management entity location informationAs input, calculate a second authentication ciphertext. Authentication of ciphertext with a second partyMobility management entity location informationAnd new intermediate parametersAs input, calculate a third authentication ciphertext. With first re-authentication ciphertextSecond authentication ciphertextThird authentication ciphertextAnd new intermediate parametersUsing as input a second one-way hash function in the common parametersCalculating to obtain new first integrity verification value. Sending a first reauthentication message to a mobility management entityThe first reauthentication message includes a first reauthentication ciphertextSecond authentication ciphertextThird authentication ciphertextAnd a new first integrity verification value
2) After receiving the first re-authentication message sent by the OBU, the mobility management entity usesPrivate keyDecrypting the first reauthentication ciphertextSecond authentication ciphertextAnd third authentication ciphertextObtaining a new third random numberMobility management entity location informationAnd new intermediate parametersThus obtaining
3) The mobility management entity obtains the true position information of the mobility management entityJudging the true position information of the mobile management entityWith mobility management entity location informationWhether or not it is the same, i.e. judgeIf the authentication is true, the authentication is continued by the mobility management entity if the authentication is true, otherwise, the authentication process is terminated. With first re-authentication ciphertextSecond authentication ciphertextThird authentication ciphertextAnd new intermediate parametersUsing as input a second one-way hash function in the common parametersCalculating to obtain a new second integrity verification value,Determining a new second integrity verification valueAnd a new first integrity verification valueWhether or not it is the same, i.e. judgeIf the message integrity verification is successful, the first re-authentication message passes the authentication, otherwise the authentication process is terminated.
4) The mobility management entity generates a new second random polynomialAnd a new fifth random numberIn a common parameterNew second random polynomialOBU public keyAnd a new fifth random numberAs input, a fourth authentication ciphertext is calculated by the NTRU encryption process. With a first authentication tokenSecond authentication tokenNew third random numberAnd a new fifth random numberUsing as input a third one-way hash function in the common parametersCalculating to obtain new session key. With new intermediate parametersFourth authentication ciphertextNew session keyAnd authentication management domain identificationUsing as input a second one-way hash function in the common parametersCalculating to obtain a new third integrity verification valueAnd a new first response parameterObtaining a second authentication messageAnd transmitting a second re-authentication message to the in-vehicle mobile unit, the second re-authentication message including a fourth re-authentication ciphertextAnd a new third integrity verification value
(2) The vehicle-mounted mobile unit authenticates the mobility management entity based on the second authentication message, generates a third authentication message after passing the authentication and sends the third authentication message to the mobility management entity; and the mobile management entity authenticates the vehicle-mounted mobile unit based on the third re-authentication message, and re-authentication is completed after the authentication is passed. The method specifically comprises the following steps.
1) After receiving the second authentication message sent by the mobility management entity, the vehicle-mounted mobile unit uses the OBU private keyDecrypting fourth authentication ciphertextObtaining a new fifth random number. With a first authentication tokenSecond authentication tokenNew third random numberAnd a new fifth random numberUsing as input a third one-way hash function in the common parametersCalculating to obtain new session key. With new intermediate parametersFourth authentication ciphertextNew session keyAnd authentication management domain identificationUsing as input a second one-way hash function in the common parametersCalculating to obtain a new fourth integrity verification valueAnd a new second response parameter. Determining a new fourth integrity verification valueAnd a new third integrity verification valueWhether or not it is the same, i.e. judgeIf they are the same, OBU authenticationSuccessful, i.e. authentication passes, and sends a third re-authentication message to the mobility management entity, the third re-authentication message comprising the new second response parameters
2) After receiving the third re-authentication message, the mobility management entity judges a new second response parameterWith new first response parametersWhether or not it is the same, i.e. judgeWhether or not it is true, if soAnd (5) successful authentication of the OBU, namely authentication passing, and finishing the re-authentication process.
(V) node switching authentication: when the train enters different MME ranges, node switching authentication is carried out, and the authentication is completed through the last authenticationCompletion of the presentMutual authentication with the in-vehicle mobile unit. i refers to before handover, i+1 refers to after handover.
As shown in fig. 5, the node switching authentication includes the steps of:
(1) The mobile management entity after switching receives a first switching authentication message generated by the vehicle-mounted mobile unit and forwards the first switching authentication message to the mobile management entity before switching; the first handover authentication message is calculated by the vehicle-mounted mobile unit by applying the NTRU encryption process based on the registration response information and the fourth initialization authentication message (or a third handover authentication message: when the mobility management entity after handover becomes the mobility management entity before handover, the first handover authentication is used to the fourth initialization authentication message in the next handover authentication process, and then if the initialization authentication is not performed, the third handover authentication message is used). The method specifically comprises the following steps.
1) In-vehicle mobile unit readingAnd generates a newHash value. Based on newCalculating the hash value and the first one-way hash function to obtain new intermediate parameters, in particular to obtain new intermediate parametersHash valueAs input, use is made of a physically unclonable functionCalculating to obtain newOutput responseThen use newOutput responseAs input, use is made of a first one-way hash functionCalculating to obtain new intermediate parameters. Generating a new third random polynomialAnd a sixth random numberIn a common parameterNew third random polynomialPublic keyAnd a sixth random numberAs input, a first switching authentication ciphertext is calculated using an NTRU encryption process. Authentication ciphertext by first switchingSixth random numberAnd new intermediate parametersAs input, calculate a second switching authentication ciphertext. Authentication ciphertext with a second switchIntermediate parametersAnd session keyAs input, calculate a third switching authentication ciphertext. Authentication ciphertext by first switchingSecond switching authentication ciphertextThird switching authentication ciphertextAnd session keyUsing as input a second one-way hash function in the common parametersCalculating to obtain new first integrity verification value. To-be-switched mobility management entityTransmitting a first handover authentication messageThe first switching authentication message comprises a first switching authentication ciphertextSecond switching authentication ciphertextThird switching authentication ciphertextNew first integrity verification valueMobility management entityPosition information of (a)
2) After receiving the handover authentication request, the mobility management entity to be handed over confirms the mobility management entityPosition information of (a)To be switched to mobility management entitySelf-stored mobility management entityPosition information of (a)Comparing, if the authentication information is the same, the authenticity confirmation is passed, and the first handover authentication message is forwarded to the mobility management entity
(2) The mobility management entity before switching authenticates the vehicle-mounted mobile unit and the first switching authentication message based on the fourth initialization authentication message (or a second switching authentication message: used in the next switching authentication process, namely if the mobility management entity before switching does not perform initialization authentication, the second switching authentication message of the mobility management entity before switching is generated through the second switching authentication message of the mobility management entity before switching, which is generated through the previous mobility management entity before switching), and the second switching authentication message is generated through the NTRU key generation process after authentication is passed and is sent to the mobility management entity after switching. The method specifically comprises the following steps.
1) Mobility management entityAfter receiving the first handover authentication message, use is made ofPrivate keyDecrypting first switching authentication ciphertextSecond switching authentication ciphertextAnd a third switching authentication ciphertextObtaining a sixth random numberIntermediate parametersAnd session keyThus obtaining
2) Mobility management entityAcquiring a true location of a mobility management entityJudging the true position information of the mobile management entityWith mobility management entity location informationWhether or not it is the same, i.e. judgeIf the authentication is true, the authentication is continued by the mobility management entity if the authentication is true, otherwise, the authentication process is terminated. Authentication ciphertext by first switchingSecond switching authentication ciphertextThird switching authentication ciphertextAnd session keyUsing as input a second one-way hash function in the common parametersCalculating to obtain a new second integrity verification valueDetermining a new second integrity verification valueAnd a new first integrity verification valueWhether or not it is the same, i.e. judgeIf the message integrity verification is successful, the first re-authentication message passes the authentication, otherwise the authentication process is terminated.
3) Mobility management entityJudgingWith previous session keysWhether or not it is the same, i.e. judgeIf so, the OBU authentication is successful.By the NTRU key generation procedure ofGenerating NTRU public keysPrivate keyTo the mobility management entityTransmitting a second handover authentication messageThe second handover authentication message includes the first authentication tokenOBU public keySixth random numberIntermediate parametersMobility management entity to be switchedPrivate key [ ]And a mobility management entity to be switchedPublic key
(3) And the mobility management entity after switching obtains a third switching authentication message based on the second switching authentication message and the NTRU encryption process, and sends the third switching authentication message to the vehicle-mounted mobile unit. And the vehicle-mounted mobile unit authenticates the switched mobility management entity based on the third switching authentication message, generates a fourth switching authentication message after passing the authentication and sends the fourth switching authentication message to the switched mobility management entity. And the switched mobile management entity authenticates the vehicle-mounted mobile unit based on the fourth switching authentication message, and node switching authentication is completed after authentication is passed. The method specifically comprises the following steps.
1) Mobility management entity to be switchedGenerating a fourth random polynomialSeventh random numberAnd an eighth random number. By a mobility management entityIdentity of (2)And a seventh random numberAs input, use is made of a first one-way hash functionCalculating to obtain mobility management entity to be switchedIs a third authentication token of (2). In a common parameterFourth random polynomialOBU public keyAnd a third authentication tokenAs input, a fourth switching authentication ciphertext is calculated by the NTRU encryption process. Authentication ciphertext with fourth switchThird authentication tokenAnd an eighth random numberAs input, calculate the fifth switching authentication ciphertext. With a first authentication tokenThird authentication tokenSixth random numberAnd an eighth random numberUsing as input a third one-way hash function in the common parametersCalculating to obtain session key. With new intermediate parametersFourth switching authentication ciphertextFifth switching authentication ciphertextSession keyAnd authentication management domain identificationUsing as input a second one-way hash function in the common parametersCalculating to obtain a fifth integrity verification valueAnd a third response parameterGenerating a third handover authentication messageAnd transmitting a third handover authentication message to the vehicle-mounted mobile unit, the third handover authentication message including a fourth handover authentication ciphertextFifth switching authentication ciphertextFifth integrity verification valueAndPublic key of (a)
2) The vehicle-mounted mobile unit receives a mobility management entity to be switchedAfter the third switching authentication message is sent, the OBU private key is utilizedDecrypting fourth switching authentication ciphertextAnd fifth switching authentication ciphertextObtaining a third authentication tokenAnd an eighth random numberThus obtaining. With a first authentication tokenThird authentication tokenSixth random numberAnd an eighth random numberUsing as input a third one-way hash function in the common parametersCalculating to obtain session key. With new intermediate parametersFourth switching authentication ciphertextFifth switching authentication ciphertextSession keyAnd authentication management domain identificationUsing as input a second one-way hash function in the common parametersCalculating to obtain a sixth integrity verification valueAnd fourth response parameter. Judging a sixth integrity verification valueAnd a fifth integrity verification valueWhether or not it is the same, i.e. judgeIf they are the same, OBU authenticationSuccessful, i.e. authentication is passed, and a fourth handover authentication message is sent to the mobility management entity to be handed over, the fourth handover authentication message comprising a fourth response parameter
3) Mobility management entity to be switchedReceiving a fourth response parameterThen, the fourth response parameter is judgedAnd a third response parameterWhether or not it is the same, i.e. judgeWhether or not it is true, if soAnd (5) successful authentication OBU, namely authentication passing, and finishing node switching authentication. OBU (on-Board Unit)Negotiating a session keyAt the same timeObtaining public key of OBUAnd a first authentication tokenAnd OBU getsPublic key of (a)And a third authentication tokenFor mobile management entity to be switchedUsed by the re-authentication process of (c).
Thus, the node switching authentication is completed, and the OBU is formed bySwitching toAcquiring related authentication information for next re-authentication or cut point switching authentication, and when next node switching authentication, currently authenticating the nodeWill be taken asAnd new nodeAuthentication is performed through the above-described procedure.
Through the re-authentication and node switching authentication process described above, the home subscriber server HSS in this embodiment only participates in the USIM card registration and initialization authentication process, and subsequent re-authentication and node switching authentication are realized by the MME participating.
The present embodiment implements train-ground wireless communication authentication, which refers to authentication between a train and ground equipment (road side units, base stations, etc.), HSS is one core network element in the LTE network, for managing important data such as user identities and location information, OBU is a vehicle-mounted mobile unit, which is usually installed on a vehicle, for communicating with the road side units or the ground equipment such as the base stations, and transmitting vehicle-related data (such as location, speed, acceleration, etc.), and MME is another core network element in the LTE network, and is mainly responsible for controlling and managing functions in mobility management, such as mobility management, security authentication, etc. In this embodiment, authentication between the OBU and the MME is mainly implemented, and subsequent authentication is completed by multiple MMEs together except that HSS is required for the first authentication.
The method for authenticating vehicle-to-ground wireless communication based on NTRU public key encryption provided by the embodiment comprises the processes of system initialization, USIM card registration, initialization authentication, reauthentication, node switching authentication and the like, wherein an HSS is responsible for registering a USIM card of an on-board mobile unit OBU and assisting in completing the initialization authentication process, an MME participates in the initialization authentication, key negotiation process and later reauthentication and node switching authentication process of the OBU, the vehicle-to-ground wireless communication authentication and key negotiation under an LTE-R network environment are realized based on NTRU public key encryption, parameters participating in key negotiation are protected by an NTRU algorithm in the whole process, IMSI information is anonymized, and a physical unclonable function is addedAs an authentication factor of the vehicle-mounted mobile unit, the impersonation attack in the authentication process is effectively resisted, and the data and privacy security in the authentication process are ensured. The authentication method of the present embodiment has the following advantages: (1) The LTE-R system is strengthened to prevent known attacks, and meanwhile, the privacy and safety of relevant data are ensured to be protected in the process of completing authentication and key negotiation; (2) Aiming at the problem that the existing method cannot resist quantum attack, an NTRU public key encryption algorithm for resisting quantum attack is introduced, so that a safe and efficient authentication process is realized; (3) And the communication pressure of the HSS is reduced through the re-authentication and node switching authentication processes, the session key is dynamically updated, and the forward and backward safety of each communication is ensured.
More specifically, compared with the existing authentication protocol, the authentication method of the embodiment has the following beneficial effects:
(1) And introducing an NTRU public key encryption algorithm to resist quantum attack: in the embodiment, the conventional encryption algorithm is replaced by the NTRU public key encryption algorithm, the safety of key negotiation parameters is ensured by utilizing the lattice (RLWE, ring Learning with Errors) problem in the NTRU, and meanwhile, the NTRU public key encryption algorithm is mainly based on polynomial multiplication calculation with low calculation complexity and is more suitable for an LTE-R environment with limited resources, so that the safety is ensured and the efficient authentication process is realized.
(2) Providing a re-authentication, node-switched authentication process reduces HSS communication pressure: the embodiment provides the re-authentication and node switching authentication process, further improves the authentication efficiency while ensuring the security, and after the initialization authentication is completed on the first MME, the subsequent re-authentication and node switching authentication process does not need to communicate with the home subscriber server HSS any more, thereby reducing the burden of the HSS and enhancing the resistance of the system to the bandwidth exhaustion attack.
(3) Anonymity is achieved by anonymizing IMSI information using a hash function: in the authentication process of the embodiment, the IMSI information is anonymously processed (the transmitted information is shown by HIMSI), so that the confidentiality of the IMSI information is ensured. In addition, a random factor is introduced in each authentication process to generate different HIMSI values, so that the acquisition of IMSI information by internal personnel is prevented, and the influence on the potential risk of railway traffic safety is reduced.
(4) The random factor is added to ensure the forward and backward safety: the authentication method provided by the embodiment uses a new random number to generate a session key in each authentication process, and meanwhile, due to the characteristic of an NTRU public key encryption algorithm, a random polynomial is added into a ciphertext, so that the authentication parameters used each time are ensured to be different from the authentication participation used last time, replay attack is effectively resisted, the forward and backward security of a protocol and the data security in each authentication are ensured, and further the railway traffic security is ensured.
(5) The physical unclonable function is introduced to resist impersonation attacks: according to the embodiment, a Physical Unclonable Function (PUF) is introduced, a PUF calculation mode is embedded in the vehicle-mounted mobile unit, HIMSI values are adopted as input challenges of the PUF in the authentication process, so that the uniqueness of messages in each authentication attempt is ensured, the input challenges and output responses of the PUF are not stored, and meanwhile, the acquired secret values are brought into the message verification process, so that impersonation attacks are effectively resisted, and the security is enhanced.
Example 2
As shown in fig. 6, the present embodiment provides a quantum attack resistant train-ground authentication system based on NTRU public key encryption, the system including:
a system initialization module 100, configured to issue a public parameter to the mobile unit and the mobility management entity by the home subscriber server; the public parameters comprise an initialization parameter, a system public key and a plurality of one-way hash functions; the system public key is calculated by the home subscriber server based on the initialization parameter by applying an NTRU key generation process in an NTRU public key encryption algorithm; the initialization parameters are obtained based on an NTRU parameter initialization process in the NTRU public key encryption algorithm.
A USIM card registration module 200, configured to receive a USIM card registration request of the on-vehicle mobile unit by using the home subscriber server; obtaining a first authentication token of the vehicle-mounted mobile unit based on the USIM card registration request and the public parameter; the public and private keys of the vehicle-mounted mobile unit are obtained by applying the NTRU key generation process, and registration response information is sent to the vehicle-mounted mobile unit; the registration response information includes a public private key of the in-vehicle mobile unit and the first authentication token.
An initialization authentication module 300, configured to receive, by the mobility management entity, a first initialization authentication message generated by the mobile unit; generating a second initialization authentication message based on the first initialization authentication message, and sending the second initialization authentication message to the home subscriber server; the first initialization authentication message is obtained by the vehicle-mounted mobile unit applying an NTRU encryption process in the NTRU public key encryption algorithm according to the registration response information; the home subscriber server authenticates the position information of the mobility management entity and the second initialization authentication message, and after the authentication is passed, generates a third initialization authentication message by applying the NTRU key generation process, and sends the third initialization authentication message to the mobility management entity; the mobility management entity obtains a fourth initialization authentication message by applying the NTRU encryption process based on the third initialization authentication message, and sends the fourth initialization authentication message to the vehicle-mounted mobile unit; the vehicle-mounted mobile unit authenticates the mobility management entity, generates a fifth initialization authentication message after the authentication is passed, and sends the fifth initialization authentication message to the mobility management entity; and the mobile management entity authenticates the vehicle-mounted mobile unit based on the fifth initialization authentication message, and the initialization authentication is completed after the authentication is passed.
When the mobile unit needs to connect with the mobility management entity which has completed initializing authentication again, the system further comprises a re-authentication module 400; the reauthentication module 400 is configured to receive, by the mobility management entity, a first reauthentication message generated by the mobile unit; authenticating the vehicle-mounted mobile unit and the first re-authentication message based on the third initialization authentication message, generating a second re-authentication message after passing authentication, and sending the second re-authentication message to the vehicle-mounted mobile unit; the first reauthentication message is calculated by the vehicle-mounted mobile unit by applying the NTRU encryption process based on the registration response information and the fourth initialization authentication message; the vehicle-mounted mobile unit authenticates the mobility management entity based on the second authentication message, generates a third authentication message after passing the authentication and sends the third authentication message to the mobility management entity; and the mobile management entity authenticates the vehicle-mounted mobile unit based on the third re-authentication message, and re-authentication is completed after the authentication is passed.
When the vehicle-mounted mobile unit needs to be connected with other mobility management entities, the system further comprises a node switching authentication module 500; the node switching authentication module 500 is configured to receive a first switching authentication message generated by the vehicle-mounted mobile unit by using a mobility management entity after switching, and forward the first switching authentication message to the mobility management entity before switching; the first handover authentication message is calculated by the vehicle-mounted mobile unit by applying the NTRU encryption process based on the registration response information and the fourth initialization authentication message; the mobility management entity before switching authenticates the vehicle-mounted mobile unit and the first switching authentication message based on the fourth initialization authentication message, and generates a second switching authentication message by applying the NTRU key generation process after passing authentication and sends the second switching authentication message to the mobility management entity after switching; the mobility management entity after switching obtains a third switching authentication message based on the second switching authentication message and the NTRU encryption process, and sends the third switching authentication message to the vehicle-mounted mobile unit; the vehicle-mounted mobile unit authenticates the switched mobility management entity based on the third switching authentication message, generates a fourth switching authentication message after passing authentication and sends the fourth switching authentication message to the switched mobility management entity; and the switched mobile management entity authenticates the vehicle-mounted mobile unit based on the fourth switching authentication message, and node switching authentication is completed after authentication is passed.
Example 3
The present embodiment provides an electronic device including a memory for storing a computer program and a processor that runs the computer program to cause the electronic device to execute the method for authenticating a vehicle against quantum attack based on NTRU public key encryption of embodiment 1.
Alternatively, the electronic device may be a server.
In addition, an embodiment of the present invention also provides a computer-readable storage medium storing a computer program that, when executed by a processor, implements the quantum attack vehicle-ground authentication method based on NTRU public key encryption of embodiment 1.
Embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Each embodiment is mainly described and is different from other embodiments, and the same similar parts among the embodiments are mutually referred. For the system disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant points refer to the description of the method section.
The principles and embodiments of the present invention have been described herein with reference to specific examples, the description of which is intended only to assist in understanding the methods of the present invention and the core ideas thereof; also, it is within the scope of the present invention to be modified by those of ordinary skill in the art in light of the present teachings. In view of the foregoing, this description should not be construed as limiting the invention.

Claims (4)

1. An NTRU public key encryption-based anti-quantum attack train-ground authentication method is characterized by comprising the following steps:
Initializing a system:
The home subscriber server issues public parameters to the vehicle-mounted mobile unit and the mobility management entity; the public parameters comprise an initialization parameter, a system public key and a plurality of one-way hash functions; the system public key is calculated by the home subscriber server based on the initialization parameter by applying an NTRU key generation process in an NTRU public key encryption algorithm; the initialization parameters are obtained based on an NTRU parameter initialization process in the NTRU public key encryption algorithm;
USIM card registration:
The home subscriber server receives a USIM card registration request of the vehicle-mounted mobile unit; obtaining a first authentication token of the vehicle-mounted mobile unit based on the USIM card registration request and the public parameter; the public and private keys of the vehicle-mounted mobile unit are obtained by applying the NTRU key generation process, and registration response information is sent to the vehicle-mounted mobile unit; the registration response information comprises a public and private key of the vehicle-mounted mobile unit and the first authentication token;
initializing authentication:
The mobile management entity receives a first initialization authentication message generated by the vehicle-mounted mobile unit; generating a second initialization authentication message based on the first initialization authentication message, and sending the second initialization authentication message to the home subscriber server; the first initialization authentication message is obtained by the vehicle-mounted mobile unit applying an NTRU encryption process in the NTRU public key encryption algorithm according to the registration response information;
The home subscriber server authenticates the position information of the mobility management entity and the second initialization authentication message, and after the authentication is passed, generates a third initialization authentication message by applying the NTRU key generation process, and sends the third initialization authentication message to the mobility management entity;
the mobility management entity obtains a fourth initialization authentication message by applying the NTRU encryption process based on the third initialization authentication message, and sends the fourth initialization authentication message to the vehicle-mounted mobile unit; the vehicle-mounted mobile unit authenticates the mobility management entity, generates a fifth initialization authentication message after the authentication is passed, and sends the fifth initialization authentication message to the mobility management entity; the mobile management entity authenticates the vehicle-mounted mobile unit based on the fifth initialization authentication message, and after the authentication is passed, initialization authentication is completed;
The home subscriber server issues public parameters to the vehicle-mounted mobile unit and the mobility management entity, and specifically comprises the following steps:
The home subscriber server selects a first integer, a second integer and a third integer, and selects three N-1 order polynomial sets, which are respectively marked as a first polynomial set, a second polynomial set and a third polynomial set; the first integer and the second integer satisfy And the second integer is greater than the first integer; the third integer is the dimension of a polynomial ring in the NTRU public key encryption algorithm; the initialization parameter includes the first integer, the second integer, and the third integer; p is a first integer; q is a second integer; n is a third integer; representing the greatest common divisor for solving the two numbers of p and q;
The home subscriber server randomly selects a first polynomial h HSS and a second polynomial g HSS from the first polynomial set and the second polynomial set respectively, calculates a first inverse element according to the first polynomial h HSS, the first integer and the second integer And a second inverse element; According to the first polynomial h HSS, the second polynomial g HSS, the second integer, the first inverseAnd the second inverse elementCalculating the system public key and the system private key;
The home subscriber server takes the initialization parameter, the system public key and a plurality of one-way hash functions as the public parameter and issues the public parameter to the vehicle-mounted mobile unit and the mobility management entity;
The home subscriber server receives a USIM card registration request of the vehicle-mounted mobile unit; obtaining a first authentication token of the vehicle-mounted mobile unit based on the USIM card registration request and the public parameter; the method comprises the steps of obtaining a public and private key of the vehicle-mounted mobile unit by applying the NTRU key generation process, and sending registration response information to the vehicle-mounted mobile unit, and specifically comprises the following steps:
the vehicle-mounted mobile unit acquires an international mobile subscriber identity of a USIM card, generates a first random number, calculates an international mobile subscriber identity hash value according to the international mobile subscriber identity and a first one-way hash function in the public parameter, and sends the USIM card registration request to the home subscriber server; the USIM card registration request comprises the international mobile subscriber identity hash value;
after receiving the USIM card registration request, the home subscriber server generates a second random number, and calculates the first authentication token of the vehicle-mounted mobile unit by applying the first one-way hash function according to the international mobile subscriber identity hash value and the second random number;
The home subscriber server randomly selects a first polynomial h u and a second polynomial g u from the first polynomial set and the second polynomial set respectively, calculates a first inverse element according to the first polynomial h u, the first integer and the second integer And a second inverse element; According to the first polynomial h u, the second polynomial g u, the second integer, the first inverseAnd the second inverse elementCalculating a public key and a private key of the vehicle-mounted mobile unit;
The home subscriber server sends the public and private keys of the vehicle-mounted mobile unit and the first authentication token to the vehicle-mounted mobile unit as the registration response information;
the mobile management entity receives a first initialization authentication message generated by the vehicle-mounted mobile unit; generating a second initialization authentication message based on the first initialization authentication message, and sending the second initialization authentication message to the home subscriber server, specifically including:
the vehicle-mounted mobile unit obtains intermediate parameters based on the international mobile subscriber identity hash value, the first one-way hash function and a physical unclonable function; generating a first random polynomial and a third random number; the first random polynomial is selected from the third polynomial set;
The vehicle-mounted mobile unit calculates a first initialization authentication ciphertext according to the first integer, the first random polynomial, the system public key and the international mobile subscriber identity hash value in the public parameter by applying the NTRU encryption process; obtaining a second initialization authentication ciphertext according to the first initialization authentication ciphertext, the international mobile subscriber identity hash value and the third random number; obtaining a third initialization authentication ciphertext according to the second initialization authentication ciphertext, the third random number and the mobile management entity position information acquired by the vehicle-mounted mobile unit; obtaining a fourth initialization authentication ciphertext according to the third initialization authentication ciphertext, the mobile management entity position information and the intermediate parameter;
the vehicle-mounted mobile unit calculates a first integrity verification value according to the first initialization authentication ciphertext, the second initialization authentication ciphertext, the third initialization authentication ciphertext, the fourth initialization authentication ciphertext and the intermediate parameter by applying a second one-way hash function in the public parameter; and sending the first initialization authentication message to the mobility management entity; the first initialization authentication message comprises the first initialization authentication ciphertext, the second initialization authentication ciphertext, the third initialization authentication ciphertext, the fourth initialization authentication ciphertext, the first integrity verification value and the identification ID of the home subscriber server;
The mobility management entity obtains the real position information of the mobility management entity and a mobility management entity identification SNID, generates the second initialization authentication message, and sends the second initialization authentication message to the home subscriber server according to the identification ID of the home subscriber server; the second initialization authentication message comprises the first initialization authentication message, the real position information of the mobility management entity and the SNID of the mobility management entity;
The on-board mobile unit obtains an intermediate parameter based on the international mobile subscriber identity hash value, the first one-way hash function and a physical unclonable function, and specifically includes:
Applying the physical unclonable function according to the hash value of the international mobile subscriber identity to obtain a physical unclonable output response;
Applying the first one-way hash function according to the physical unclonable output response to obtain the intermediate parameter;
The home subscriber server authenticates the mobility management entity location information and the second initialization authentication message, and after the authentication is passed, applies the NTRU key generation process to generate a third initialization authentication message, and sends the third initialization authentication message to the mobility management entity, specifically including:
The home subscriber server decrypts the first initialization authentication ciphertext, the second initialization authentication ciphertext, the third initialization authentication ciphertext and the fourth initialization authentication ciphertext in the second initialization authentication message by using the system private key to obtain a decrypted international mobile subscriber identity hash value, a decrypted third random number, decrypted mobile management entity position information and decrypted intermediate parameters;
if the home subscriber server judges that the real position information of the mobility management entity is the same as the decrypted mobility management entity position information, the home subscriber server calculates a second integrity verification value by applying the second one-way hash function according to the first initialization authentication ciphertext, the second initialization authentication ciphertext, the third initialization authentication ciphertext, the fourth initialization authentication ciphertext and the decrypted intermediate parameter; if the second integrity verification value is the same as the first integrity verification value, the home subscriber server passes the authentication of the second initialization authentication message;
The home subscriber server generates a fourth random number, and applies the first one-way hash function to calculate and obtain a second authentication token of the mobility management entity according to the fourth random number and the SNID;
The home subscriber server randomly selects a first polynomial h M and a second polynomial g M from the first polynomial set and the second polynomial set respectively, calculates a first inverse element according to the first polynomial h M, the first integer and the second integer And a second inverse element; According to the first polynomial h M, the second polynomial g M, the second integer, the first inverseAnd the second inverse elementCalculating a public key and a private key of the mobility management entity;
The home subscriber server searches the first authentication token of the vehicle-mounted mobile unit and the public key of the vehicle-mounted mobile unit according to the decrypted international mobile subscriber identity hash value, and sends the third initialization authentication message to the mobility management entity; the third initialization authentication message comprises the decrypted international mobile subscriber identity hash value, the decrypted third random number, the first authentication token, the decrypted intermediate parameter, a public key of the vehicle-mounted mobile unit, the second authentication token and a public-private key of the mobility management entity;
The mobility management entity applies the NTRU encryption process to obtain a fourth initialization authentication message based on the third initialization authentication message, and sends the fourth initialization authentication message to the vehicle-mounted mobile unit; the vehicle-mounted mobile unit authenticates the mobility management entity, generates a fifth initialization authentication message after the authentication is passed, and sends the fifth initialization authentication message to the mobility management entity; the mobility management entity authenticates the vehicle-mounted mobile unit based on the fifth initialization authentication message, and completes initialization authentication after the authentication is passed, and the method specifically comprises the following steps:
The mobility management entity generates a second random polynomial and a fifth random number, and calculates a fifth initialization authentication ciphertext by applying the NTRU encryption process according to the first integer, the second random polynomial, the public key of the vehicle-mounted mobile unit and the second authentication token; obtaining a sixth initialization authentication ciphertext according to the fifth initialization authentication ciphertext, the second authentication token and the fifth random number; the mobility management entity calculates a first session key according to the first authentication token, the second authentication token, the decrypted third random number and the fifth random number by applying a third one-way hash function in the public parameter; applying the second one-way hash function according to the decrypted intermediate parameter, the fifth initialization authentication ciphertext, the sixth initialization authentication ciphertext, the first session key and the authentication management domain identifier to calculate a third integrity verification value and a first response parameter; generating the fourth initialization authentication message according to the fifth initialization authentication ciphertext, the sixth initialization authentication ciphertext, the third integrity verification value and the public key of the mobility management entity, and sending the fourth initialization authentication message to the vehicle-mounted mobile unit; the second random polynomial is selected from the third polynomial set;
The vehicle-mounted mobile unit decrypts the fifth initialization authentication ciphertext and the sixth initialization authentication ciphertext in the fourth initialization authentication message by using a private key of the vehicle-mounted mobile unit to obtain a decrypted second authentication token and a decrypted fifth random number; applying the third one-way hash function to calculate a second session key according to the first authentication token, the decrypted second authentication token, the third random number and the decrypted fifth random number; applying the second one-way hash function according to the intermediate parameter, the fifth initialization authentication ciphertext, the sixth initialization authentication ciphertext, the second session key and the authentication management domain identifier to calculate a fourth integrity verification value and a second response parameter; if the fourth integrity verification value is the same as the third integrity verification value, the authentication of the vehicle-mounted mobile unit to the mobility management entity passes, and the vehicle-mounted mobile unit sends a fifth initialization authentication message to the mobility management entity; the fifth initialization authentication message includes a second response parameter;
And the mobility management entity judges whether the second response parameter is the same as the first response parameter, and if so, the mobility management entity passes the authentication of the vehicle-mounted mobile unit to finish the initialization authentication.
2. The NTRU public key encryption based quantum attack resistant train-ground authentication method according to claim 1, wherein when the on-board mobile unit needs to be reconnected with the mobility management entity that has completed initialization authentication, the method further includes re-authentication; the re-authentication includes:
The mobile management entity receives a first reauthentication message generated by the vehicle-mounted mobile unit; authenticating the vehicle-mounted mobile unit and the first re-authentication message based on the third initialization authentication message, generating a second re-authentication message after passing authentication, and sending the second re-authentication message to the vehicle-mounted mobile unit; the first reauthentication message is calculated by the vehicle-mounted mobile unit by applying the NTRU encryption process based on the registration response information and the fourth initialization authentication message;
The vehicle-mounted mobile unit authenticates the mobility management entity based on the second authentication message, generates a third authentication message after passing the authentication and sends the third authentication message to the mobility management entity;
and the mobile management entity authenticates the vehicle-mounted mobile unit based on the third re-authentication message, and re-authentication is completed after the authentication is passed.
3. The method for authenticating a vehicle-to-ground against quantum attack based on NTRU public key encryption according to claim 2, wherein when the on-board mobile unit needs to connect with other mobility management entities, the method further comprises node switching authentication; the node switching authentication includes:
The mobile management entity after switching receives a first switching authentication message generated by the vehicle-mounted mobile unit and forwards the first switching authentication message to the mobile management entity before switching; the first handover authentication message is calculated by the vehicle-mounted mobile unit by applying the NTRU encryption process based on the registration response information and the fourth initialization authentication message;
The mobility management entity before switching authenticates the vehicle-mounted mobile unit and the first switching authentication message based on the fourth initialization authentication message, and generates a second switching authentication message by applying the NTRU key generation process after passing authentication and sends the second switching authentication message to the mobility management entity after switching;
The mobility management entity after switching obtains a third switching authentication message based on the second switching authentication message and the NTRU encryption process, and sends the third switching authentication message to the vehicle-mounted mobile unit;
The vehicle-mounted mobile unit authenticates the switched mobility management entity based on the third switching authentication message, generates a fourth switching authentication message after passing authentication and sends the fourth switching authentication message to the switched mobility management entity;
And the switched mobile management entity authenticates the vehicle-mounted mobile unit based on the fourth switching authentication message, and node switching authentication is completed after authentication is passed.
4. An NTRU public key encryption-based quantum attack resistant train-ground authentication system, comprising:
The system initialization module is used for issuing public parameters to the vehicle-mounted mobile unit and the mobility management entity by the home subscriber server; the public parameters comprise an initialization parameter, a system public key and a plurality of one-way hash functions; the system public key is calculated by the home subscriber server based on the initialization parameter by applying an NTRU key generation process in an NTRU public key encryption algorithm; the initialization parameters are obtained based on an NTRU parameter initialization process in the NTRU public key encryption algorithm;
The USIM card registration module is used for receiving a USIM card registration request of the vehicle-mounted mobile unit by the home subscriber server; obtaining a first authentication token of the vehicle-mounted mobile unit based on the USIM card registration request and the public parameter; the public and private keys of the vehicle-mounted mobile unit are obtained by applying the NTRU key generation process, and registration response information is sent to the vehicle-mounted mobile unit; the registration response information comprises a public and private key of the vehicle-mounted mobile unit and the first authentication token;
An initialization authentication module, configured to receive, by the mobility management entity, a first initialization authentication message generated by the vehicle-mounted mobile unit; generating a second initialization authentication message based on the first initialization authentication message, and sending the second initialization authentication message to the home subscriber server; the first initialization authentication message is obtained by the vehicle-mounted mobile unit applying an NTRU encryption process in the NTRU public key encryption algorithm according to the registration response information; the home subscriber server authenticates the position information of the mobility management entity and the second initialization authentication message, and after the authentication is passed, generates a third initialization authentication message by applying the NTRU key generation process, and sends the third initialization authentication message to the mobility management entity; the mobility management entity obtains a fourth initialization authentication message by applying the NTRU encryption process based on the third initialization authentication message, and sends the fourth initialization authentication message to the vehicle-mounted mobile unit; the vehicle-mounted mobile unit authenticates the mobility management entity, generates a fifth initialization authentication message after the authentication is passed, and sends the fifth initialization authentication message to the mobility management entity; the mobile management entity authenticates the vehicle-mounted mobile unit based on the fifth initialization authentication message, and after the authentication is passed, initialization authentication is completed;
The home subscriber server issues public parameters to the vehicle-mounted mobile unit and the mobility management entity, and specifically comprises the following steps:
The home subscriber server selects a first integer, a second integer and a third integer, and selects three N-1 order polynomial sets, which are respectively marked as a first polynomial set, a second polynomial set and a third polynomial set; the first integer and the second integer satisfy And the second integer is greater than the first integer; the third integer is the dimension of a polynomial ring in the NTRU public key encryption algorithm; the initialization parameter includes the first integer, the second integer, and the third integer; p is a first integer; q is a second integer; n is a third integer; representing the greatest common divisor for solving the two numbers of p and q;
The home subscriber server randomly selects a first polynomial h HSS and a second polynomial g HSS from the first polynomial set and the second polynomial set respectively, calculates a first inverse element according to the first polynomial h HSS, the first integer and the second integer And a second inverse element; According to the first polynomial h HSS, the second polynomial g HSS, the second integer, the first inverseAnd the second inverse elementCalculating the system public key and the system private key;
The home subscriber server takes the initialization parameter, the system public key and a plurality of one-way hash functions as the public parameter and issues the public parameter to the vehicle-mounted mobile unit and the mobility management entity;
The home subscriber server receives a USIM card registration request of the vehicle-mounted mobile unit; obtaining a first authentication token of the vehicle-mounted mobile unit based on the USIM card registration request and the public parameter; the method comprises the steps of obtaining a public and private key of the vehicle-mounted mobile unit by applying the NTRU key generation process, and sending registration response information to the vehicle-mounted mobile unit, and specifically comprises the following steps:
the vehicle-mounted mobile unit acquires an international mobile subscriber identity of a USIM card, generates a first random number, calculates an international mobile subscriber identity hash value according to the international mobile subscriber identity and a first one-way hash function in the public parameter, and sends the USIM card registration request to the home subscriber server; the USIM card registration request comprises the international mobile subscriber identity hash value;
after receiving the USIM card registration request, the home subscriber server generates a second random number, and calculates the first authentication token of the vehicle-mounted mobile unit by applying the first one-way hash function according to the international mobile subscriber identity hash value and the second random number;
The home subscriber server randomly selects a first polynomial h u and a second polynomial g u from the first polynomial set and the second polynomial set respectively, calculates a first inverse element according to the first polynomial h u, the first integer and the second integer And a second inverse element; According to the first polynomial h u, the second polynomial g u, the second integer, the first inverseAnd the second inverse elementCalculating a public key and a private key of the vehicle-mounted mobile unit;
The home subscriber server sends the public and private keys of the vehicle-mounted mobile unit and the first authentication token to the vehicle-mounted mobile unit as the registration response information;
the mobile management entity receives a first initialization authentication message generated by the vehicle-mounted mobile unit; generating a second initialization authentication message based on the first initialization authentication message, and sending the second initialization authentication message to the home subscriber server, specifically including:
the vehicle-mounted mobile unit obtains intermediate parameters based on the international mobile subscriber identity hash value, the first one-way hash function and a physical unclonable function; generating a first random polynomial and a third random number; the first random polynomial is selected from the third polynomial set;
The vehicle-mounted mobile unit calculates a first initialization authentication ciphertext according to the first integer, the first random polynomial, the system public key and the international mobile subscriber identity hash value in the public parameter by applying the NTRU encryption process; obtaining a second initialization authentication ciphertext according to the first initialization authentication ciphertext, the international mobile subscriber identity hash value and the third random number; obtaining a third initialization authentication ciphertext according to the second initialization authentication ciphertext, the third random number and the mobile management entity position information acquired by the vehicle-mounted mobile unit; obtaining a fourth initialization authentication ciphertext according to the third initialization authentication ciphertext, the mobile management entity position information and the intermediate parameter;
the vehicle-mounted mobile unit calculates a first integrity verification value according to the first initialization authentication ciphertext, the second initialization authentication ciphertext, the third initialization authentication ciphertext, the fourth initialization authentication ciphertext and the intermediate parameter by applying a second one-way hash function in the public parameter; and sending the first initialization authentication message to the mobility management entity; the first initialization authentication message comprises the first initialization authentication ciphertext, the second initialization authentication ciphertext, the third initialization authentication ciphertext, the fourth initialization authentication ciphertext, the first integrity verification value and the identification ID of the home subscriber server;
The mobility management entity obtains the real position information of the mobility management entity and a mobility management entity identification SNID, generates the second initialization authentication message, and sends the second initialization authentication message to the home subscriber server according to the identification ID of the home subscriber server; the second initialization authentication message comprises the first initialization authentication message, the real position information of the mobility management entity and the SNID of the mobility management entity;
The on-board mobile unit obtains an intermediate parameter based on the international mobile subscriber identity hash value, the first one-way hash function and a physical unclonable function, and specifically includes:
Applying the physical unclonable function according to the hash value of the international mobile subscriber identity to obtain a physical unclonable output response;
Applying the first one-way hash function according to the physical unclonable output response to obtain the intermediate parameter;
The home subscriber server authenticates the mobility management entity location information and the second initialization authentication message, and after the authentication is passed, applies the NTRU key generation process to generate a third initialization authentication message, and sends the third initialization authentication message to the mobility management entity, specifically including:
The home subscriber server decrypts the first initialization authentication ciphertext, the second initialization authentication ciphertext, the third initialization authentication ciphertext and the fourth initialization authentication ciphertext in the second initialization authentication message by using the system private key to obtain a decrypted international mobile subscriber identity hash value, a decrypted third random number, decrypted mobile management entity position information and decrypted intermediate parameters;
if the home subscriber server judges that the real position information of the mobility management entity is the same as the decrypted mobility management entity position information, the home subscriber server calculates a second integrity verification value by applying the second one-way hash function according to the first initialization authentication ciphertext, the second initialization authentication ciphertext, the third initialization authentication ciphertext, the fourth initialization authentication ciphertext and the decrypted intermediate parameter; if the second integrity verification value is the same as the first integrity verification value, the home subscriber server passes the authentication of the second initialization authentication message;
The home subscriber server generates a fourth random number, and applies the first one-way hash function to calculate and obtain a second authentication token of the mobility management entity according to the fourth random number and the SNID;
The home subscriber server randomly selects a first polynomial h M and a second polynomial g M from the first polynomial set and the second polynomial set respectively, calculates a first inverse element according to the first polynomial h M, the first integer and the second integer And a second inverse element; According to the first polynomial h M, the second polynomial g M, the second integer, the first inverseAnd the second inverse elementCalculating a public key and a private key of the mobility management entity;
The home subscriber server searches the first authentication token of the vehicle-mounted mobile unit and the public key of the vehicle-mounted mobile unit according to the decrypted international mobile subscriber identity hash value, and sends the third initialization authentication message to the mobility management entity; the third initialization authentication message comprises the decrypted international mobile subscriber identity hash value, the decrypted third random number, the first authentication token, the decrypted intermediate parameter, a public key of the vehicle-mounted mobile unit, the second authentication token and a public-private key of the mobility management entity;
The mobility management entity applies the NTRU encryption process to obtain a fourth initialization authentication message based on the third initialization authentication message, and sends the fourth initialization authentication message to the vehicle-mounted mobile unit; the vehicle-mounted mobile unit authenticates the mobility management entity, generates a fifth initialization authentication message after the authentication is passed, and sends the fifth initialization authentication message to the mobility management entity; the mobility management entity authenticates the vehicle-mounted mobile unit based on the fifth initialization authentication message, and completes initialization authentication after the authentication is passed, and the method specifically comprises the following steps:
The mobility management entity generates a second random polynomial and a fifth random number, and calculates a fifth initialization authentication ciphertext by applying the NTRU encryption process according to the first integer, the second random polynomial, the public key of the vehicle-mounted mobile unit and the second authentication token; obtaining a sixth initialization authentication ciphertext according to the fifth initialization authentication ciphertext, the second authentication token and the fifth random number; the mobility management entity calculates a first session key according to the first authentication token, the second authentication token, the decrypted third random number and the fifth random number by applying a third one-way hash function in the public parameter; applying the second one-way hash function according to the decrypted intermediate parameter, the fifth initialization authentication ciphertext, the sixth initialization authentication ciphertext, the first session key and the authentication management domain identifier to calculate a third integrity verification value and a first response parameter; generating the fourth initialization authentication message according to the fifth initialization authentication ciphertext, the sixth initialization authentication ciphertext, the third integrity verification value and the public key of the mobility management entity, and sending the fourth initialization authentication message to the vehicle-mounted mobile unit; the second random polynomial is selected from the third polynomial set;
The vehicle-mounted mobile unit decrypts the fifth initialization authentication ciphertext and the sixth initialization authentication ciphertext in the fourth initialization authentication message by using a private key of the vehicle-mounted mobile unit to obtain a decrypted second authentication token and a decrypted fifth random number; applying the third one-way hash function to calculate a second session key according to the first authentication token, the decrypted second authentication token, the third random number and the decrypted fifth random number; applying the second one-way hash function according to the intermediate parameter, the fifth initialization authentication ciphertext, the sixth initialization authentication ciphertext, the second session key and the authentication management domain identifier to calculate a fourth integrity verification value and a second response parameter; if the fourth integrity verification value is the same as the third integrity verification value, the authentication of the vehicle-mounted mobile unit to the mobility management entity passes, and the vehicle-mounted mobile unit sends a fifth initialization authentication message to the mobility management entity; the fifth initialization authentication message includes a second response parameter;
And the mobility management entity judges whether the second response parameter is the same as the first response parameter, and if so, the mobility management entity passes the authentication of the vehicle-mounted mobile unit to finish the initialization authentication.
CN202410508372.9A 2024-04-26 2024-04-26 Quantum attack-resistant train-ground authentication method and system based on NTRU public key encryption Active CN118102290B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410508372.9A CN118102290B (en) 2024-04-26 2024-04-26 Quantum attack-resistant train-ground authentication method and system based on NTRU public key encryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410508372.9A CN118102290B (en) 2024-04-26 2024-04-26 Quantum attack-resistant train-ground authentication method and system based on NTRU public key encryption

Publications (2)

Publication Number Publication Date
CN118102290A CN118102290A (en) 2024-05-28
CN118102290B true CN118102290B (en) 2024-07-02

Family

ID=91160238

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410508372.9A Active CN118102290B (en) 2024-04-26 2024-04-26 Quantum attack-resistant train-ground authentication method and system based on NTRU public key encryption

Country Status (1)

Country Link
CN (1) CN118102290B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107733632A (en) * 2017-11-29 2018-02-23 四川大学 A kind of wireless network secure switching method of anti-quantum attack
CN111586685A (en) * 2020-04-26 2020-08-25 重庆邮电大学 Anonymous roaming authentication method based on lattices

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003124927A (en) * 2001-10-15 2003-04-25 Sony Corp Mutual authentication system, mutual authentication method, mutual authentication equipment and storage medium
CN114339735B (en) * 2021-12-10 2023-09-08 重庆邮电大学 Method for authenticating anonymous access of world integrated network based on NTRU

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107733632A (en) * 2017-11-29 2018-02-23 四川大学 A kind of wireless network secure switching method of anti-quantum attack
CN111586685A (en) * 2020-04-26 2020-08-25 重庆邮电大学 Anonymous roaming authentication method based on lattices

Also Published As

Publication number Publication date
CN118102290A (en) 2024-05-28

Similar Documents

Publication Publication Date Title
CN107947913B (en) Anonymous authentication method and system based on identity
CN101238677B (en) Cryptographic authentication, and/or establishment of shared cryptographic keys, using a signing key encrypted with a non-one-time-pad encryption, including (but not limited to) techniques with improved safety
CN110020524B (en) Bidirectional authentication method based on smart card
CN111277412B (en) Data security sharing system and method based on block chain key distribution
CN101123501A (en) A WAPI authentication and secret key negotiation method and system
CN104754581A (en) Public key password system based LTE wireless network security certification system
CN108809637A (en) The car-ground communication Non-Access Stratum authentication key agreement methods of LTE-R based on mixed cipher
CN109347626B (en) Safety identity authentication method with anti-tracking characteristic
CN110278088A (en) A kind of SM2 collaboration endorsement method
Madhusudhan A secure and lightweight authentication scheme for roaming service in global mobile networks
CN101192927B (en) Authorization based on identity confidentiality and multiple authentication method
CN111586685B (en) Anonymous roaming authentication method based on lattices
Shim Cryptanalysis of mutual authentication and key exchange for low power wireless communications
CN113055394A (en) Multi-service double-factor authentication method and system suitable for V2G network
CN113411801A (en) Mobile terminal authentication method based on identity signcryption
CN116388995A (en) Lightweight smart grid authentication method based on PUF
Xie et al. [Retracted] Provable Secure and Lightweight Vehicle Message Broadcasting Authentication Protocol with Privacy Protection for VANETs
CN113676448B (en) Offline equipment bidirectional authentication method and system based on symmetric key
CN112055333B (en) LTE-R vehicle-ground wireless communication security authentication method without certificate proxy signature
CN116599659B (en) Certificate-free identity authentication and key negotiation method and system
CN114189338B (en) SM9 key secure distribution and management system and method based on homomorphic encryption technology
CN102739660A (en) Key exchange method for single sign on system
CN118102290B (en) Quantum attack-resistant train-ground authentication method and system based on NTRU public key encryption
CN113014376B (en) Method for safety authentication between user and server
CN116528235B (en) Vehicle-ground wireless communication authentication method and system based on extended chebyshev polynomial

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant