Be used for the cryptographic key negotiation method that travelling carriage switches in a kind of WLAN (wireless local area network)
Technical field
The present invention relates to the WLAN communication technology, be specifically related to be used in a kind of WLAN (wireless local area network) the cryptographic key negotiation method that travelling carriage switches.
Background technology
Along with the WLAN development of Communication Technique, the user needs safe, efficient, seamless wireless communication solution.Strengthen draft agreement (IEEE 802.11i Draft 3.0) regulation according to wireless LAN safety, the switching of travelling carriage between diverse access point comprises travelling carriage search fresh target access point and two processes of key agreement.Search fresh target access point refers to the neighboring access point of travelling carriage search current access point, thereby determines the process of next roaming target access; Key agreement referred between travelling carriage and the access point before the professional transmission of beginning the session key agreement that must carry out, produce session key by session key agreement, verify travelling carriage and the access point true and false each other, thereby guarantee the fail safe of WLAN (wireless local area network) message transmission.Key agreement is the important component part that safety strengthens in the WLAN (wireless local area network).
Key agreement can be divided into the key agreement that key agreement that travelling carriage carried out during access network first and travelling carriage are carried out again in the diverse access point handoff procedure.The key agreement that travelling carriage is carried out during access network first is the process of brand-new, complete authentication and key agreement once; The key agreement that travelling carriage is carried out in the diverse access point handoff procedure both can be once brand-new, the complete authentication and the process of key agreement, also can be by the certain master key of negotiation in advance agreement, before travelling carriage switching access point, produce standby master key in advance, finish the process of generation master key consuming time.
Authentication and Key Agreement mode that travelling carriage can adopt when roaming into new access point with access network is identical for the first time and new access point arranging key, but, this scheme is placed on whole work of key agreement when switching and finishes, and is very big to the switch speed influence.Travelling carriage adopts the technology of consulting master key in advance can finish generation master key process consuming time in the process that roams into new access point before travelling carriage switches to new access point, can improve the travelling carriage switch speed under the premise that security is guaranteed, reduce to switch influence, thereby realize safe, efficient, seamless WLAN communication service continuity.At present, the method for consulting master key in advance mainly contains following two kinds:
First method: when travelling carriage roams into the overlay region of current access point and new access point and new access point consult master key in advance.The scheme of the use pre-authentication that is proposed according to IEEE 802.11i agreement, travelling carriage directly carries out IEEE 802.1X-EAP authentication and produces standby master key after finding new access point, before travelling carriage switches, finish the process of authentication consuming time and generation master key, improve switch speed.But there is certain limitation in this method: at first, the prerequisite of using this pre-authentication method is that the coverage of diverse access point exists more overlapping, before switching, finish pre-authentication to guarantee travelling carriage, but the Radio Resource of the big waste of overlapped coverage is just many, certainly will strengthen the wireless network organizing cost; On the other hand, when the pre-authentication scheme of IEEE 802.11i protocol definition requires travelling carriage to roam into new access point and certificate server carry out two-way authentication again, still, this two-way authentication again is not necessary in the practical communication process.
Second method: travelling carriage is finished the master key negotiation before roaming into the fresh target access point between current access point and fresh target access point.In the relevant motion of IEEE 802.11i agreement, the someone has proposed to consult in advance the method for master key between current access point and new access point.According to this method, handoff procedure no longer need be produced the master key of neighboring access point and is distributed to neighboring access point by certificate server, but consults standby master key by the current access point of travelling carriage and other access points that are adjacent according to access point interconnection protocol (IAPP:Inter Access Point Protocol).Travelling carriage goes out the standby master key of corresponding target access with the algorithm computation that consults in advance after determining the roaming target access, and whether checking is consistent with the standby master key that target access has produced, in case be proved to be successful, then continue session key agreement, produce session key, finish the handoff procedure of travelling carriage between diverse access point.Though this method can solve the requirement of quick switching to the access point coverage, but can not provide complete forward security, if promptly the current access point is to forge access point, because verification process is without certificate server, therefore will directly influence the safety of next fresh target access point master key, can not guarantee that travelling carriage switches the fail safe of access point process; In addition, because verification process is without certificate server, in order further to guarantee that the current access point with the fail safe of consulting standby master key between its neighboring access point, must revise the generation structure of existing key, increased the complexity of authentication and key agreement design between access point.
In sum, though proposed the implementation method of consulting master key in advance that travelling carriage switches in the above-mentioned WLAN (wireless local area network) at present, but they have certain defective separately, therefore need a kind of travelling carriage switch speed that improves under the premise that security is guaranteed, reduce to switch influence, thereby realize the solution of safe, efficient, seamless WLAN communication service continuity.
Summary of the invention
At above situation, the purpose of this invention is to provide in a kind of new WLAN (wireless local area network) and be used for the cryptographic key negotiation method that travelling carriage switches, make it can guarantee the fail safe that travelling carriage switches, can improve the travelling carriage switch speed again, reduce handoff delay.
Above-mentioned purpose of the present invention is achieved by the following technical solutions:
Be used for the cryptographic key negotiation method that travelling carriage switches in a kind of WLAN (wireless local area network), comprise the steps: at least
A. at travelling carriage and certificate server identical authentication count information and approval-key information are set in advance;
B. certificate server is that the neighboring access point of travelling carriage current access point is calculated authentication count information and approval-key information, and will authenticate count information and approval-key information sends to neighboring access point;
C. the neighboring access point setting is at the authentication count information of this travelling carriage, and uses the certificate server authentication count information that receives to upgrade the access point authentication count information, waits for that travelling carriage inserts;
D. after travelling carriage is determined the roaming target access, receive access point authentication count information and certificate server approval-key information from target access, and and the authentication count information that self produces according to same rule and approval-key information relatively, if unanimity then continue to finish session key agreement; Otherwise produce master key by certificate server with IEEE 802.1X-EAP agreement between travelling carriage and the target access, finish session key agreement then.
In above-mentioned cryptographic key negotiation method, the authentication count information is meant the master key refresh counter that is used to write down each travelling carriage master key update times.
In above-mentioned cryptographic key negotiation method, the generation rule of authentication count information is: the initial value that the master key refresh counter is set is zero, and after travelling carriage roamed into a new access point, the value of the master key refresh counter of certificate server and travelling carriage self added 1.
In above-mentioned cryptographic key negotiation method, the generation rule of approval-key information is: with seed key, arthmetic statement symbol, current master key, master key refresh counter, the MAC Address of access point and the MAC Address of travelling carriage is parameter, obtains approval-key information by pseudo random number algorithm.
In above-mentioned cryptographic key negotiation method, step b further comprises: certificate server begins the neighboring access point of travelling carriage current access point is calculated authentication count information and approval-key information after the notice of the professional transmission of beginning that receives the transmission of travelling carriage current access point.
In above-mentioned cryptographic key negotiation method, step b further comprises: certificate server is determined all neighboring access point of travelling carriage current access point by inquiry access point topology diagram, and notify all neighboring access point to ask master key in advance, after receiving the master key of the negotiation in advance solicited message of neighboring access point, calculate authentication count information and approval-key information for the neighboring access point of the request of receiving.
Ask in advance in the method for master key in above-mentioned neighboring access point, further comprise: neighboring access point is after receiving the announcement information of certificate server, judge self whether to support to consult in advance master key, if, consult the master key solicited message in advance to the certificate server transmission, and the authentication count information is set at access point, and do not consult the master key solicited message in advance otherwise do not send to certificate server, the authentication count information is not set at access point yet.
In above-mentioned cryptographic key negotiation method, steps d further comprises: travelling carriage is after determining the roaming target access, send connection request to target access, target access sends one to travelling carriage and comprises the connection response of whether supporting to consult in advance master key information, if master key is consulted in the target access support in advance, travelling carriage receives access point authentication count information and certificate server approval-key information, and compares according to authentication count information and approval-key information that same rule produces with self; Otherwise directly finish key agreement between travelling carriage and the target access by IEEE 802.1X-EAP authentication.
In above-mentioned cryptographic key negotiation method, steps d further comprises: if the authentication count information of travelling carriage and access point and approval-key information are through relatively all consistent then continue to finish session key agreement, otherwise produce master key by certificate server with IEEE 802.1X-EAP agreement between travelling carriage and the target access, finish session key agreement then.
In above-mentioned cryptographic key negotiation method, further be included in certificate server approval-key information life cycle timer is set, if approval-key information arrives the timing of life cycle timer, regenerate approval-key information between certificate server and the travelling carriage, and again execution in step b to steps d.
In above-mentioned cryptographic key negotiation method, comprise that further access point is provided with an approval-key information life cycle timer when upgrading the authentication count information at travelling carriage, if described approval-key information is cited in life cycle, then approval-key information life cycle timer restarts counting; Otherwise the approval-key information that access point deletion is preserved at this travelling carriage and the authentication count information of its correspondence.
The present invention distributes master key in advance by certificate server, has avoided existing scheme one for realizing switching fast the requirement to the access point coverage.Use the master key of distribution in advance, also avoided carrying out in the roaming needs of IEEE 802.1X-EAP authentication consuming time, improved the roaming switch speed.Use the authentication count information, as: the master key refresh counter, simplified the synchronous determining step of master key.Simultaneously, master key is produced respectively by certificate server and travelling carriage, and complete forward security can be provided.To authenticate count information and the combination of key life cycle, and avoid access point or travelling carriage to suffer the attack of expired master key to a certain extent.Therefore, the present invention has not only improved the speed of switching, and has guaranteed system safety.
Description of drawings
Fig. 1 is that wireless lan network is formed structural representation;
Fig. 2 is that access point covers distribution map;
Fig. 3 is an access point topological structure schematic diagram;
Fig. 4 is that key of the present invention is consulted flow chart in advance.
Embodiment
The present invention will be described in more detail below in conjunction with the drawings and specific embodiments.
Consult the related network of method of master key in the WLAN (wireless local area network) of the present invention in advance and form structure as shown in Figure 1, form in the structural representation at this network, access point (AP:Access Point) A, B, C, D, E are a group of access point that adjoins each other, wherein, access point A is the current access point of travelling carriage (STA:Station), access point B, E are the neighboring access point of current access point A, and certificate server (AS:Authentication Server) links to each other with each access point.Figure 2 shows that the covering distribution map of this group access point correspondence.Figure 3 shows that the topological structure schematic diagram of this group access point correspondence.The information that each access point covers interconnective topological structure between distribution and access point is kept in the certificate server, each access point can send query requests to certificate server, knows and whole access points of this adjacency of access points and relevant address information thereof.
In the present embodiment, for the purpose that realizes improving the travelling carriage switch speed under the safe prerequisite, reducing handoff delay, introduce the authentication count information, adopt master key refresh counter (RKC:ReKey Counter) in the present embodiment, finish master key and consult in advance.The master key refresh counter has write down the number of times that each travelling carriage approval-key information is upgraded, and the counter initial value is 0.Adopt master key as approval-key information in the present embodiment.In certificate server, preserve a RKC counter (RKC for each travelling carriage
AS), each access point is that current each travelling carriage of having registered master key is preserved a RKC counter (RKC
AP), travelling carriage self also has a RKC counter (RKC
STA).The main effect of master key refresh counter is the synchronous of master key when guaranteeing travelling carriage and access point consulting session key, can prevent that the malice access point from using the master key that lost efficacy to attack travelling carriage simultaneously to a certain extent.
The present invention introduces process that key that the master key refresh counter realizes that travelling carriage switches consults in advance as shown in Figure 4, comprises the steps:
Step 401: current access point A finish and travelling carriage between session key agreement, and the notification authentication server has begun to carry out business transmission with travelling carriage.
Step 402: the access point topology diagram that certificate server notified back inquiry is preserved, select neighboring access point B and the E of access point A, and notify neighboring access point B and E can ask master key in advance.
After step 403: neighboring access point B and E receive the notice of certificate server, judge whether to support to consult in advance master key,, and master key refresh counter RKC is set at access point if support just to send the request that sends master key in advance to certificate server
AP, execution in step 404 then; If certain neighboring access point does not support to consult in advance master key, transfer execution in step 406 to for the processing of this neighboring access point.
Step 404: if receive the master key of the transmission in advance request that neighboring access point is sent, certificate server is just to being kept at certificate server to master key refresh counter RKC that should travelling carriage
ASAdd 1, and produce the standby master key PMK that algorithm calculates corresponding each this travelling carriage of neighboring access point respectively by the pseudo random number that consults with travelling carriage
APCertificate server is with the standby master key PMK of corresponding each neighboring access point
APAnd master key refresh counter RKC
ASSend to each neighboring access point respectively.If certificate server is not received the master key request of certain access point, think that then this access point do not support to distribute in advance master key, be not that it produces master key.
Master key PMK
APComputational methods be that the pseudo random number that consults by certificate server and travelling carriage produces algorithm (PRF:Pseudo-Random Function) and calculates.
PMK
AP=PRF(MK,LABEL,PMK
0||RKC
AS||AP
mac||STA
mac)
(1)
As shown in Equation 1, to the standby master key PMK of certain access point that should travelling carriage
APBe with seed key MK, arthmetic statement symbol LABEL, current master key PMK
0, master key refresh counter RKC
AS, this target access MAC Address AP
MacMAC Address STA with travelling carriage
MacBe parameter, algorithm computation drew in generation through pseudo random number.Wherein, seed key MK (Master Key) is shared by certificate server and travelling carriage; Arthmetic statement symbol LABEL is a character string of describing the algorithm purposes; Current master key PMK
0Be to be kept at master key between current access point on the certificate server and travelling carriage; Master key refresh counter RKC
ASFor be kept on the certificate server to master key refresh counter that should travelling carriage; AP
MacMAC Address for the neighboring access point of current access point; The MAC Address STA of travelling carriage
MacBe stored on the certificate server.
Step 405: after each neighboring access point is received the master key of the transmission in advance request response of certificate server, note to standby master key PMK that should travelling carriage
AP, and by certificate server send to master key refresh counter RKC that should travelling carriage
ASRenewal be kept at neighboring access point to master key refresh counter RKC that should travelling carriage
AP, begin then to wait for that travelling carriage inserts.
Step 406: travelling carriage is determined roaming target access, the master key refresh counter RKC that self preserves
STAAdd 1, and produce algorithm computation by the pseudo random number that consults with certificate server and go out the corresponding master key PMK that newly roams target access
STA
Master key PMK
STAComputational methods be that the pseudo random number that consults by certificate server and travelling carriage produces algorithm computation and draws.
PMK
STA=PRF(MK,LABEL,PMK
0||RKC
STA||AP
mac||STA
mac)
(2)
As shown in Equation 2, travelling carriage calculate to roaming the master key PMK of target access
STABe with seed key MK, arthmetic statement symbol LABEL, current master key PMK
0, master key refresh counter RKC
STA, the roaming target access MAC Address AP
MacMAC Address STA with travelling carriage
MacBe parameter, algorithm computation drew in generation through pseudo random number.Wherein, seed key MK (Master Key) is shared by certificate server and travelling carriage; Arthmetic statement symbol LABEL is a character string of describing the algorithm purposes; Current master key PMK
0Be to be kept at master key between current access point on the travelling carriage and travelling carriage; Master key refresh counter RKC
STAFor being kept at the master key refresh counter on the travelling carriage; AP
MacMAC Address for the roaming target access; STA
MacMAC Address for travelling carriage.
Step 407: travelling carriage sends connection request to the fresh target access point, and the fresh target access point sends connection response after receiving connection request.Whether explanation supports to consult in advance master key in connection request and the connection response.If master key is distributed in the support of fresh target access point in advance, then execution in step 408; If the fresh target access point is not supported to consult in advance master key and is just forwarded step 412 to.
Step 408: this target access is sent article one message of session key agreement to travelling carriage, comprising the master key refresh counter RKC of the corresponding current mobile station of access point record
APBe distributed to the standby master key PMK of this access point in advance with certificate server
AP
Step 409: after travelling carriage is received session key agreement article one message that target access sends, relatively be recorded in the master key refresh counter RKC corresponding to this travelling carriage of fresh target access point
APWith the master key refresh counter RKC that is recorded in travelling carriage
STAWhether equate, if equate that then execution in step 410; If the master key refresh counter RKC that is recorded in the fresh target access point relatively corresponding to this travelling carriage
APWith the master key refresh counter RKC that is recorded in travelling carriage
STAUnequal, then forward step 412 to.
Step 410: travelling carriage continues session key agreement, the master key PMK of the corresponding target access that the comparison travelling carriage calculates
STABe distributed to the standby master key PMK of this access point in advance with certificate server
APWhether consistent, if consistent then execution in step 411, if the master key PMK of the corresponding target access that travelling carriage relatively calculates
STABe distributed to the standby master key PMK of this access point in advance with certificate server
APInconsistent, then forward step 412 to.
Step 411: further session key agreement, produce session key PTK, and then finish session key agreement, finish the overall process that travelling carriage switches the key agreement of access point.
Step 412: produce master key by certificate server with the IEEE802.1X-EAP agreement between travelling carriage and the target access.
Step 413: further session key agreement, produce session key PTK, and then finish session key agreement, finish the overall process that travelling carriage switches the key agreement of access point.
In the key agreement that travelling carriage switches, all keys all can have a life cycle to guarantee the fail safe and the validity of key, that is to say, switch in the process of access point at travelling carriage, the generation of the master key of fresh target access point all is that the master key of an above access point is a parameter generating, through certain cycle, for fail safe and the validity that guarantees key agreement, certificate server need be with carrying out brand-new authentication and key agreement by IEEE 802.1X-EAP authentication protocol between the travelling carriage.For this reason, certificate server is provided with master key life cycle timer, with the effective life cycle that decides key.When the master key life cycle timer of certificate server determines that the current master key of travelling carriage has reached its life cycle, travelling carriage needs more new master key, certificate server and travelling carriage carry out brand-new authentication and key agreement by the IEEE802.1X-EAP authentication protocol, calculate the master key PMK ' that makes new advances respectively; And upgrade the master key refresh counter RKC that is kept at travelling carriage respectively
STABe kept on the certificate server to master key refresh counter RKC that should travelling carriage
ASSimultaneously, certificate server upgrades the standby master key and the master key refresh counter RKC that is kept on the neighboring access point of distribution in advance for each neighboring access point
AP, just restart cipher key agreement process of the present invention.
Access point is after being provided with the master key refresh counter at the travelling carriage that may switch to this access point, in order to optimize the access point internal information, for not switching to this access point in the certain hour or having switched to the travelling carriage of this access point a period of time, access point can be deleted the master key refresh counter that is provided with at this travelling carriage.For this reason, access point is provided with standby master key life cycle timer for each standby master key, with the life cycle that decides standby master key.If standby master key is cited in life cycle, then standby master key life cycle timer restarts counting; If this standby master key is not cited in standby master key life cycle, then access point is deleted this standby master key and its corresponding master key refresh counter.
The present invention distributes master key in advance by certificate server, has avoided existing scheme one for realizing switching fast the requirement to the access point coverage.Use the master key of distribution in advance, also avoided carrying out in the roaming needs of IEEE 802.1X-EAP authentication consuming time, improved the roaming switch speed.Use the master key refresh counter, simplified the synchronous determining step of master key.Simultaneously, master key is produced respectively by certificate server and travelling carriage, and complete forward security can be provided.With master key refresh counter and the combination of key life cycle, avoided access point or travelling carriage to suffer the attack of expired master key to a certain extent.Therefore, the present invention has not only improved the speed of switching, and has guaranteed system safety.
Certainly; can also come further assurance to consult the fail safe of master key process in advance by the extended authentication count information as required; in a word; above-described only is the preferable embodiment of the present invention with the master key refresh counter as the method that authenticates count information; but protection scope of the present invention is not limited thereto; any people who is familiar with this area is in technical scope disclosed in this invention, and the variation that can expect easily or replacement all should be encompassed within protection scope of the present invention.