CN1298194C - Radio LAN security access method based on roaming key exchange authentication protocal - Google Patents

Radio LAN security access method based on roaming key exchange authentication protocal Download PDF

Info

Publication number
CN1298194C
CN1298194C CNB2004100259737A CN200410025973A CN1298194C CN 1298194 C CN1298194 C CN 1298194C CN B2004100259737 A CNB2004100259737 A CN B2004100259737A CN 200410025973 A CN200410025973 A CN 200410025973A CN 1298194 C CN1298194 C CN 1298194C
Authority
CN
China
Prior art keywords
mobile node
certificate server
authentication
message
identity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CNB2004100259737A
Other languages
Chinese (zh)
Other versions
CN1564626A (en
Inventor
马建峰
赖晓龙
孙军帅
王卫东
史庭俊
彭志威
王超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CNB2004100259737A priority Critical patent/CN1298194C/en
Publication of CN1564626A publication Critical patent/CN1564626A/en
Application granted granted Critical
Publication of CN1298194C publication Critical patent/CN1298194C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention relates to a radio LAN security access method based on a roaming cipher key exchange authentication protocol (EAP-RKE). An outdoor authentication server F-AS is used for substituting for a home authentication server H-AS to send authentication challenge to a mobile node MN. The mutual identity authentication of the mobile node MN and an access node AP is carried out, and a share cipher key is set. A network access identity NAI of the mobile node MN is userarealm, user is the identity of a user, and realm is a domain which the user belongs to. The user and the realm are separated, and the user is randomly encrypted to realize the protection of the identity of the user. An interactive turn number of protocol information between the outdoor authentication server F-AS and the home authentication server H-AS is 1 turn on the premise that the security of the present invention is ensured, performance is enhanced, and the identity of the user is simultaneously protected. When the mobile node MN is at a home domain and roams at an outdoor domain, the access control of the mobile node MN all can be realized, and the present invention can also ensure that the mobile node safely accesses a network.

Description

Wireless LAN safety cut-in method based on roaming cipher key change authentication protocol
Technical field
The invention belongs to the secure wireless communication technical field, be specifically related to a kind of wireless LAN safety cut-in method (EAP-RKE) based on roaming cipher key change authentication protocol, inserting and roam to insert for this locality of mobile node provides safety assurance.
Term
EAP-Extensible Authentication Protocol (Extensible Authentication Protocol)
NAI-Network Access Identifier (Network Access Identifier)
RADIUS-remote authentication dial-in user service (Remote Authentication Dial In User Service)
AAA-authentication, mandate and audit (Authentication, Authorization, Accounting)
TLS-Transport Layer Security (Transport Layer Security)
TTLS-Tunneled TLS (Tunneled TLS)
PEAP-protects EAP (Protected EAP Protocol)
RKE-roams cipher key change (Roaming Key Exchange)
MN-mobile node (Mobile Node)
AP-access node (Access Point)
AS-certificate server (Authentication Server)
F-AS-other places certificate server (Foreign Authentication Server)
H-AS-local certificate server (Home Authentication Server)
KKS-well-known key safety (Known Key Security)
PFS-improves forward secrecy (Perfect Forward Secrecy)
The non-key of N-KCI-leaks camouflage (No Key Compromise Impersonation)
The non-unknown key of N-UKS-is shared (No Unknown Key Share)
The AVP-property value is to (Attribute Value Pairs)
MAC-message authentication code (Message Authentication Code)
WAI-wireless local area network (WLAN) verification basis (WLAN Authentication Infrastructure)
Background technology
IEEE 802.11 WLAN (wireless local area network) are to adopt to carry out the safe access control of wireless terminal and the data confidentiality on the Radio Link based on the method for wired equivalent privacy WEP (Wired Equivalent Privacy) at present.
Because the wireless LAN safety technological deficiency based on WEP is very big, proposed at present much to improve one's methods.Wherein the agreement based on public-key technology has WAI (WLANAuthentication Infrastructure) that uses among EAP-TLS (EAP Transport Layer Security), EAP-TTLS (EAP Tunneled TLSAuthentication Protocol), PEAP (Protected EAP Protocol) and the GB15629.11 etc.Except WAI, other all are encapsulated among the Extensible Authentication Protocol EAP (Extensible Authentication Protocol).
1.EAP-TLS
EAP-TLS is a kind of authentication mode based on TLS (Transport Layer Security), is provided by RFC2716.Certificate server and customer end adopted tls protocol consulting session key, agreement five are taken turns alternately totally.Being analyzed as follows of it:
1) because both sides' certificate that uses public-key authenticates, and follow-up message all is to carry out under the protection of PKI, the assailant promptly can't obtain the real content of message, also can't distort message, utilizes random number to guarantee freshness simultaneously, prevents Replay Attack.Exist attack pattern can make both sides consult an algorithm groups that intensity is lower;
2) this protocol requirement both sides have public key certificate, and when PKIX did not have widespread deployment, comparison difficulty in practice operated;
3) this agreement is not protected user identity, and protocol interaction wheel number is 5 to take turns.
2.PEAP
PEAP has eliminated the requirement to the mobile node public key certificate, and its verification process is divided into two stages: the phase I is set up the TLS tunnel of one directional service device authentication; Second stage authenticates mobile node under this protecting tunnel.This agreement has autgmentability and adaptability preferably, can adopt corresponding authentication mode for different mobile nodes.It is described in detail referring to document http://www.ietf.org/internet-drafts/draft-josefsson-pppext-eap-tls-eap-07.txt, and Oct 2003.Tool is analyzed as follows:
1) this agreement has been eliminated the requirement to the mobile node public key certificate, has autgmentability preferably, can adopt suitable authentication mode for different mobile nodes, has excellent adaptability.Because the first of this agreement has set up safe lane by EAP-TLS, under the protection of this safe lane, has finished the authentication to mobile node, the identity of mobile node can be maintained secrecy;
2) this agreement does not possess the security property of forward secrecy PFS and non-key leakage camouflage N-KCI, and protocol interaction wheel number is greater than 5 and takes turns;
3.EAP-TTLS
EAP-TTLS also is the draft of IETF, and it is closely similar with PEAP, also is the TLS tunnel of setting up server authentication the phase I, carries out the authentication of second stage to client under this protecting tunnel.
Their difference is second stage, and TTLS uses TLS tunnel exchange " attribute-value pairs " (AVP), and the form of AVP is very similar to the form of RADIUS AVP.This general coded system makes TTLS can carry out the authentication of variety of way, and is not limited only to the authentication mode that EAP supports, also supports other modes (CHAP, PAP, MS-CHAP andMS-CHAPv2).It is described in detail referring to http://www.ietf.org/internet-drafts/draft-ietf-pppext-eap-ttls-03.txt, and Aug 2003.Its agreement flow process and PEAP are the same.
Protocal analysis is identical with PEAP.
4.WAI
State Intellectual Property Office discloses an application for a patent for invention in 2003, (publication number: CN 14236200A) the related patent of this patent application is used in GB15629.11, is called for short WAI.WAI employing public key certificate authenticates, key agreement.When mobile node MN signed in to wireless access point AP, mobile node MN and WAP (wireless access point) were carried out two-way authentication by certificate server AS; Behind the authentication success, mobile node MN and wireless access point AP are carried out session key agreement, produce session key.Because WAI does not adopt the form of EAP, so protocol interaction wheel number is 2 to take turns.When mobile node was roamed, interactive messages was 1 to take turns between nonlocal certificate server and the local certificate server.It is analyzed as follows:
1) independent on this protocol authentication part and the key agreement partial logic, when key updating, have advantage;
2) this agreement does not possess the character of identity protection;
3) mobile node MN and wireless access point AP may generate inconsistent session key.
All there is obvious deficiency in above-mentioned agreement.Though EAP-TLS has higher fail safe, can not provide identity protection; EAP-TTLS and PEAP change the occupation mode of TLS, and identity protection is provided, and have but lost some security property, and have increased protocol interaction wheel number; Though the mutual wheel number of WAI agreement is few, the public key calculation quantity of WAI on access node AP is too much, has influenced the performance of AP, and the consistency of identity protection and session key can not be provided; Under the wireless network environment, the security threat that the user is subjected to is greater than wired network, so can not sacrificing security obtain other interests; But for wireless mobile subscriber, its identity is again need to be keep secret.In sum, present prior art can not satisfy the requirement of wireless environment to fail safe fully, can not satisfy the performance requirement of roaming to agreement.
Summary of the invention
The objective of the invention is to overcome the deficiency of above-mentioned prior art; a kind of wireless LAN safety cut-in method (EAP-RKE) based on roaming cipher key change authentication protocol is provided; under the prerequisite of guarantee agreement fail safe and calculated performance; make authentication protocol have the characteristic of identity protection; and interactive messages is 1 to take turns between nonlocal certificate server F-AS and local certificate server F-AS, thereby guarantees that mobile node safety inserts and satisfies roaming requirement in WLAN (wireless local area network).
For solving the problems of the technologies described above, technical scheme provided by the invention is to adopt roaming cipher key change authentication protocol EAP-RKE, carry out mutual authentication in mobile node MN and access node AP, consult to set up and share key, its key step comprises beginning authentication, authenticate and setting up to be shared key and finishes authentication;
Described begin the authentication comprise:
1) mobile node MN begins message to EAP and issues access node AP;
2) access node AP sends to mobile node MN to the message of the identity of request mobile node.
Described authentication and foundation are shared key and are comprised:
1) mobile node MN sends to access node AP to the message of response identity request, but user's identity is empty;
2) access node AP forwards that mobile node MN is sent is given nonlocal certificate server F-AS;
3) nonlocal certificate server F-AS sends the message that EAP-RKE begins to access node AP, requires the authentication of beginning EAP-RKE.In message, comprise a random number N, as the access authentication challenge;
4) access node AP gives mobile node MN forwards;
5) after mobile node MN was received the message of beginning EAP-RKE authentication, mobile node MN generated interim public private key pair, calculated identity encryption and decryption key with the long-term private of its interim PKI and local certificate server H-AS, to the identity ciphering of mobile node MN; And the identity after will encrypting, the authentication challenge N that sends of affiliated territory realm, nonlocal certificate server F-AS, the interim PKI and the signature thereof of mobile node MN send to access node AP;
6) access node AP gives nonlocal certificate server F-AS with the forwards of receiving;
7) nonlocal certificate server F-AS judges the local of mobile node MN according to the affiliated territory realm in the message, if mobile node is a local node, and the local certificate server that then nonlocal certificate server F-AS is exactly a mobile node; As not being the local certificate server H-AS that then message of receiving is sent to the corresponding mobile node;
8) certificate server H-AS in local receives that deciphering after the message obtains the identity user of mobile node MN and determines the long-term PKI of mobile node, utilizes the signature of this long-term public key verifications mobile node then, if authentication failed termination protocol then; If checking is passed through, then certificate server H-AS in local generates the interim public private key pair of oneself, utilizes the interim PKI of its temporary private and mobile node to calculate master key and session key; Certificate server H-AS in local utilizes the interim PKI (also as authentication challenge) of authentication challenge N, mobile node MN and the interim PKI (also as authentication challenge) of local certificate server H-AS and the identity that identity encryption and decryption cipher key calculation goes out local certificate server H-AS to differentiate message then, and last local certificate server H-AS differentiates that with its identity message, its interim PKI and session key send to nonlocal certificate server F-AS;
9) nonlocal certificate server F-AS removes the session key in the message of receiving, remaining content is sent to access node AP;
10) access node AP gives mobile node MN the forwards of receiving; After mobile node MN was received message, the identity of checking local certificate server was differentiated message, and authentication failed is termination protocol then; After checking was passed through, mobile node MN utilized temporary private of oneself and the interim PKI of local certificate server H-AS to calculate master key and session key.
Described finish the authentication comprise:
5) mobile node MN sends to access node AP to the EAP response message;
6) access node AP gives nonlocal certificate server F-AS forwards;
7) nonlocal certificate server F-AS sends to access node AP to the message of authentication success, contains session key in the message;
8) access node AP sends to mobile node MN to the message of authentication success.
According to the present invention, mobile node MN the territory, local with roam into outside the region all adopt identical cut-in method, it is transparent promptly roaming for mobile node.
According to the present invention, the identity that described mobile node MN is encrypted is meant the identity of randomized encryption
The identity of above-mentioned mobile node MN randomized encryption can adopt following method, and mobile node MN is related with a random number with its identity, uses the public key encryption of local certificate server H-AS then.
The identity of above-mentioned local certificate server H-AS differentiates that message can adopt following method to produce, and local certificate server H-AS utilizes the private key of oneself to sign, and the identity that generates local certificate server H-AS is differentiated message.
The present invention has realized that the interacting message between local certificate server H-AS and the nonlocal certificate server F-AS is 1 to take turns; Master key calculates generation by the temporary private of mobile node MN and the interim PKI of local certificate server H-AS, also calculate generation by the interim PKI of mobile node MN and the temporary private of local certificate server H-AS simultaneously, these two master keys that calculate are consistent.
The present invention compares with above-mentioned prior art, has the following advantages:
1. territory realm under user identity user and the user is separately handled, realized user identity protection;
2. authentication protocol is 4 to take turns alternately between mobile node and the local area network (LAN), and interacting message is 1 to take turns between nonlocal certificate server F-AS and the local certificate server H-AS, has improved protocol capabilities;
3. agreement is a provable security under the security model of Canetti and Krawczyk proposition.
4. agreement is a provable security under the security model of Canetti and Krawczyk proposition, and then agreement just has the security property of KKS, PFS and N-UKS.And in agreement, communicating pair must know that all the private key of oneself could generate authentication load, so agreement also has the security property of N-KCI.
Table 1 the present invention and prior art fail safe are relatively
Agreement Identity protection Provable security PFS KKS N-KCI N-UKS
EAP-TLS N * Y# Y Y# Y
PEAP Y * Y# Y N Y
EAP-TTLS Y * Y# Y N Y
WAI N * N Y N N
EAP-RKE Y Y Y Y Y Y
Annotate: # refers to use Diffie-Hellman interim public and private and signature
* expression is not done
From table 1 more as can be seen, the present invention is based on the safety access method of EAP-RKE, its security performance is better than prior art on the whole greatly.
Description of drawings
Fig. 1 is EAP-RKE verification process figure of the present invention
Fig. 2 is the building-block of logic of security certification system of the present invention
Fig. 3 is a mobile node of the present invention influences the emulation comparison diagram in local EAP-RKE and EAP-TLS agreement to what communicate by letter
Fig. 4 is a mobile node of the present invention influences the emulation comparison diagram in nonlocal EAP-RKE and EAP-TLS agreement to what communicate by letter
Symbol description among Fig. 1:
Message format is: type of message w/{ message content }.Wherein type of message is as follows:
EAP-Start begins Extensible Authentication Protocol EAP;
EAP-Rqst/RKE EAP-RKE request message;
EAP-Resp/RKE EAP-RKE response message;
EAP-Rqst/ID EAP asks identity message;
EAP-Resp/ID EAP response identity message;
EAP-Rqst/RKE start begins the EAP-RKE protocol message;
Radius-Rqst Radius agreement request message;
Radius-Acct Radius agreement is accepted message;
EAP-Success EAP completes successfully message.
Message content is described as follows:
The private key of u mobile node;
g uThe PKI of mobile node;
The user identity of user mobile node MN;
The affiliated territory of realm mobile node MN;
The private key of a H-AS;
g aThe PKI of H-AS;
Cert AThe certificate of H-AS;
E (k; .) key is the encryption function of the symmetric cryptography of k;
MAC (k; .) key is the message authentication code function of k;
The Sig signature function;
Prf (k; .) key is the pseudo-random function of k, is used for the session key derivative function.
Embodiment
Below in conjunction with drawings and Examples the present invention is elaborated:
Referring to Fig. 2, MN is a mobile node, and AP is an access node, and F-AS and H-AS are respectively other places and local certificate server.
Safety on the dotted line presentation logic among Fig. 2 connects, and solid line represents that actual physical connects.Mobile node MN and its local certificate server H-AS share secure relationship (share key or pass through public key certificate).There are safe lane in access node AP and nonlocal certificate server F-AS, access node AP and nonlocal certificate server F-AS mutual trust; Also there are safe lane in other places certificate server F-AS and local certificate server H-AS, other places certificate server F-AS is trusted by local certificate server H-AS, based on this, the present invention replaces local certificate server H-AS to send authentication challenge to mobile node MN with nonlocal certificate server F-AS, make between nonlocal certificate server F-AS and the local certificate server H-AS interacting message be 1 to take turns and be achieved.
As mobile node MN login access node AP,, need mobile node MN and access node AP to confirm identity mutually, and set up a shared key for the safety that realizes MN inserts.The present invention adopts EAP-RKE to realize authentication and key agreement, and its authentication and key are set up execution mode as shown in Figure 1, specifically comprise the steps:
1. begin authentication
1) mobile node MN begins message to EAP and issues access node AP;
2) access node AP sends to mobile node to the message of the identity of request mobile node MN;
2. authenticate and set up shared key
1) mobile node MN sends to access node AP to the message of response identity request, but user's identity is empty;
2) access node AP forwards that mobile node MN is sent is given nonlocal certificate server F-AS;
3) nonlocal certificate server F-AS sends the message that EAP-RKE begins to access node AP, requires the authentication of beginning EAP-RKE.In message, comprise a random number N, identify as the access authentication challenge;
4) access node AP gives mobile node MN forwards;
5) after mobile node MN is received the message of beginning EAP-RKE authentication, generate temporary private x, interim PKI g xWith the interim PKI g of oneself xCalculate identity encryption and decryption key K=(g with the long-term private a of local certificate server H-AS x) a, to the identity ciphering of mobile node MN.With its crypto identity Enc (K; User), the authentication challenge N that sends of affiliated territory realm, nonlocal certificate server F-AS, interim PKI g xSignature AUTH1=Sigu (g with mobile node MN x| N|Enc (K; User)) message sends to access node AP;
6) access node AP gives nonlocal certificate server F-AS forwards;
7) nonlocal certificate server F-AS judges the local of mobile node MN according to the affiliated territory Realm in the message, if mobile node is a local node, and the local certificate server H-AS that then nonlocal certificate server F-AS is exactly a mobile node; As not being then message { Enc (K; User), N, g x, AUTH1} sends the local certificate server H-AS of corresponding mobile node to;
8) after certificate server H-AS in local receives message, with the long-term private a of oneself and the interim PKI g of mobile node MN xCalculate identity encryption and decryption key K=(g x) a, deciphering Enc (K; User), obtain the identity user of mobile node MN and the long-term PKI g of definite mobile node u, certificate server H-AS in local utilizes this PKI g then uIf the signature authentication load AUTH1 of checking mobile node is authentication failed termination protocol then; If checking is passed through, then certificate server H-AS in local produces temporary private y, interim PKI g yLocal certificate server H-AS utilizes the interim PKI g of own temporary private y and mobile node xCalculate master key K Master=(g x) y, session key K s=prf (K Master0).Certificate server H-AS in local utilizes the interim PKI g of identity encryption and decryption key K to authentication challenge N, mobile node MN then xThe interim PKI g of (also as authentication challenge) and local certificate server H-AS y(also as authentication challenge) calculates the identity of local certificate server H-AS and differentiates message AUTH2=MAC (K; N|g x| g y), certificate server H-AS in local differentiates message AUTH2=MAC (K with identity then; N|g x| g y), interim PKI g y, session key K s=prf (K Master0) sends to nonlocal certificate server F-AS.
9) nonlocal certificate server F-AS is the session key K in the message sRemove, remaining { g y, AUTH2} sends access node AP to;
10) access node AP gives mobile node MN forwards.After mobile node MN was received message, the identity of checking local certificate server was differentiated message AUTH2, and authentication failed is termination protocol then; After checking was passed through, mobile node MN was utilized temporary private x of oneself and the interim PKI g of local certificate server H-AS yCalculate master key Kmaster=(g y) x, session key K s=prf (K Master0);
3. finish mutual Authentication and Key Agreement, access point AP obtains the shared key with mobile node MN
1) mobile node MN sends to access node AP to the EAP response message;
2) access node AP gives nonlocal certificate server F-AS forwards;
3) nonlocal certificate server F-AS issues access node AP to the message of authentication success, and session key K is arranged in the message s
4) access node AP sends to mobile node MN to the message of authentication success.
So far, mobile node MN and access node AP have finished mutual authentication, and have obtained identical session key K sIn other words, the safety of having finished mobile node MN inserts.In above-mentioned authentication, cipher key agreement process, adopt nonlocal certificate server F-AS to replace local certificate server H-AS to challenge to mobile node MN, realize between nonlocal certificate server F-AS and the local certificate server H-AS that information interaction is 1 to take turns.In addition, the foundation of mobile node MN and access point AP authentication and shared key is carried out synchronously.
It is pointed out that above-mentioned cut-in method based on EAP-RKE both had been applicable to the access of mobile node MN in the territory, local, be applicable to that also mobile node roams into the access of outer region, it is transparent promptly roaming mobile node.
In authentication process shown in Figure 1, be to the another kind of execution mode of mobile node MN identity ciphering:
Mobile node MN is associated its identity user with a random number m, such as carrying out XOR with user and m cascade or with user and m, use the PKI g of local certificate server H-AS then aEncrypt.Identity and random number m after encrypting are sent to local certificate server H-AS in the lump.
In authentication process shown in Figure 1, the another kind of execution mode that the identity of local certificate server H-AS is differentiated is:
Local certificate server H-AS utilizes its private key a to sign, and the identity that generates local certificate server H-AS is differentiated message.
The EAP-RKE performance relatively
An importance of protocol capabilities is to take turns number alternately.If mutual wheel number is many, it is also many that then agreement is finished the time that needs.And along with the development of IEEE 802.11 WLAN (wireless local area network), mobile node can be at different management domain internetwork roamings, and moving node may need to authenticate in roam procedure.
After mobile node roamed into field network, the maximum delay that authenticates was the propagation delay time between F-AS and the H-AS.And the mutual wheel number of EAP-TLS is 5 to take turns, and will be between F-AS and H-AS when roaming mutual 2 takes turns.As for EAP-TTLS,, take turns number alternately and also be greater than EAP-TLS according to the form of authentication that second stage adopts.Therefore, they do not meet the demands, and the mutual wheel number that the present invention adopts EAP-RKE to realize is 4 to take turns, and the message transfer between F-AS and H-AS only is 1 to take turns.
For the performance of the contrast agreement of image, the performance of agreement has been carried out emulation, the contrast agreement is EAP-TLS.Adopt NS-2.26 as emulation platform, be operated in (C1.7G, 256M RAM) on the PC, operating system is Red Hat Linux8.0.
Authentication to the influence of normal flow as shown in Figure 3, Figure 4.Abscissa is the sequence number of packet among the figure, and ordinate is the time difference of adjacent two data bag arrival purpose, and unit is second.Solid line is represented the situation of EAP-TLS agreement, and dotted line is represented the situation of EAP-RKE agreement.Ledge among the figure is the time delay that authentication protocol is introduced.
Fig. 3 is the situation of mobile node in the territory, local, and Fig. 4 is the mobile node situation of region outside.
From Fig. 3 and Fig. 4 as can be seen, the protocol authentication time delay is better than EAP-TLS greatly, convincingly demonstrates the roaming efficient that the present invention has good performance and can improve IEEE 802.11 WLAN greatly.

Claims (4)

1. wireless LAN safety cut-in method " EAP-RKE " based on roaming cipher key change authentication protocol, adopt Extensible Authentication Protocol EAP to carry out mutual authentication in mobile node MN and access node AP, consult to set up share key, its key step comprises and begins authentication, authenticates and set up and share key and finish authentication;
Described begin the authentication comprise:
1) mobile node MN begins message to EAP and issues access point AP;
2) access point AP sends to mobile node MN to the message of request mobile node identity;
Described authentication and foundation are shared key and are comprised:
1) mobile node MN sends to access node AP to the message of response identity request, but user's identity is empty;
2) access node AP forwards that mobile node MN is sent is given nonlocal certificate server F-AS;
3) nonlocal certificate server F-AS sends the message that EAP-RKE begins to access node AP, requires the authentication of beginning EAP-RKE, comprises a random number N in message, identifies as the access authentication challenge;
4) access node AP gives mobile node MN forwards;
5) after mobile node MN is received the message of beginning EAP-RKE authentication, mobile node MN generates interim public private key pair, adopt the method for randomized encryption, calculate identity encryption and decryption key with the long-term private of its interim PKI and local certificate server H-AS, the identity ciphering of mobile node MN; Described encryption and decryption key is: K=(g x) a, in the formula, x, g xBe the temporary private of MN, interim PKI; A is the long-term private of H-AS;
6) identity, affiliated territory realm, the authentication challenge N that nonlocal certificate server F-AS sends, the interim PKI of mobile node MN and the signature of mobile node MN after mobile node MN is encrypted it send to access node AP;
7) access node AP gives nonlocal certificate server F-AS with the forwards of receiving;
8) nonlocal certificate server F-AS judges the local of mobile node MN according to the affiliated territory realm in the message, if mobile node is a local node, and the local certificate server that then nonlocal certificate server F-AS is exactly a mobile node; As not being the local certificate server H-AS that then message of receiving is sent to the corresponding mobile node;
9) after certificate server H-AS in local received message, deciphering obtained the identity user of mobile node MN and determines the long-term PKI of mobile node, utilizes the signature of this long-term public key verifications mobile node then, if authentication failed termination protocol then; If checking is passed through, then certificate server H-AS in local generates the interim public private key pair of oneself, utilizes the interim PKI of its temporary private and mobile node MN to calculate master key and session key;
Described master key is: K Master=(g x) y
Described session key is: K s=prf (K Master0)
In the following formula, y is the temporary private of H-AS;
10) certificate server H-AS in local utilizes the interim PKI " also as authentication challenge " of authentication challenge N, mobile node MN, the interim PKI " also as authentication challenge " of local certificate server H-AS and the identity that identity encryption and decryption key K calculates local certificate server H-AS to differentiate message AUTH2=MAC (K; N|g x| g y), wherein, g yBe interim PKI, local certificate server H-AS differentiates message AUTH2, interim PKI g with its identity yWith session key K sSend to nonlocal certificate server F-AS;
11) nonlocal certificate server F-AS is the session key K in the message of receiving sDeletion is remaining " g y, AUTH2 " and content sends access node AP to;
12) access node AP issues mobile node MN to the message of receiving; Mobile node MN receives that the identity of checking local certificate server after the message differentiates message, and authentication failed is termination protocol then; After checking was passed through, mobile node MN utilized temporary private of oneself and the interim PKI of local certificate server H-AS to calculate master key and session key;
Described master key is: K Master=(g y) x
Described session key is: K s=prf (K Master0);
Described finish the authentication comprise:
1) mobile node MN sends to access node AP to the EAP response message;
2) access node AP gives nonlocal certificate server F-AS forwards;
3) nonlocal certificate server F-AS sends to access node AP to the message of authentication success, contains session key in the message;
4) access node AP sends to mobile node MN to the message of authentication success.
2. the wireless LAN safety cut-in method based on roaming cipher key change authentication protocol according to claim 1, it is characterized in that mobile node the territory, local with roam into outside the region all adopt identical cut-in method, it is transparent promptly roaming for mobile node.
3. the wireless LAN safety cut-in method based on roaming cipher key change authentication protocol according to claim 1, it is characterized in that described mobile node MN is related with a random number with its identity, with the PKI of local certificate server H-AS identity is encrypted then.
4. the wireless LAN safety cut-in method based on roaming cipher key change authentication protocol according to claim 1, tool is characterised in that the identity discriminating message of described local certificate server H-AS adopts following method to produce, local certificate server H-AS utilizes the private key of oneself to sign, and the identity that generates local certificate server H-AS is differentiated message.
CNB2004100259737A 2004-03-22 2004-03-22 Radio LAN security access method based on roaming key exchange authentication protocal Expired - Fee Related CN1298194C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB2004100259737A CN1298194C (en) 2004-03-22 2004-03-22 Radio LAN security access method based on roaming key exchange authentication protocal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB2004100259737A CN1298194C (en) 2004-03-22 2004-03-22 Radio LAN security access method based on roaming key exchange authentication protocal

Publications (2)

Publication Number Publication Date
CN1564626A CN1564626A (en) 2005-01-12
CN1298194C true CN1298194C (en) 2007-01-31

Family

ID=34480510

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2004100259737A Expired - Fee Related CN1298194C (en) 2004-03-22 2004-03-22 Radio LAN security access method based on roaming key exchange authentication protocal

Country Status (1)

Country Link
CN (1) CN1298194C (en)

Families Citing this family (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100843072B1 (en) * 2005-02-03 2008-07-03 삼성전자주식회사 Wireless network system and communication method using wireless network system
FI20050384A0 (en) * 2005-04-14 2005-04-14 Nokia Corp Use of generic authentication architecture for distribution of Internet protocol keys in mobile terminals
CN1889562A (en) * 2005-06-28 2007-01-03 华为技术有限公司 Method for identifying equipment for receiving initial session protocol request information
US7813511B2 (en) 2005-07-01 2010-10-12 Cisco Technology, Inc. Facilitating mobility for a mobile station
US8948395B2 (en) 2006-08-24 2015-02-03 Qualcomm Incorporated Systems and methods for key management for wireless communications systems
US8539559B2 (en) 2006-11-27 2013-09-17 Futurewei Technologies, Inc. System for using an authorization token to separate authentication and authorization services
US8583923B2 (en) * 2006-12-08 2013-11-12 Toshiba America Research, Inc. EAP method for EAP extension (EAP-EXT)
US8099597B2 (en) 2007-01-09 2012-01-17 Futurewei Technologies, Inc. Service authorization for distributed authentication and authorization servers
CN101242269B (en) * 2007-02-09 2011-12-07 西门子(中国)有限公司 Mobile communication terminal, service provider terminal, system and method for subscribing telecommunication service
CN100496156C (en) * 2007-02-16 2009-06-03 西安西电捷通无线网络通信有限公司 A certificate roaming authentication method based on WAPI
US8005224B2 (en) 2007-03-14 2011-08-23 Futurewei Technologies, Inc. Token-based dynamic key distribution method for roaming environments
US8285990B2 (en) 2007-05-14 2012-10-09 Future Wei Technologies, Inc. Method and system for authentication confirmation using extensible authentication protocol
CN101459506B (en) * 2007-12-14 2011-09-14 华为技术有限公司 Cipher key negotiation method, system, customer terminal and server for cipher key negotiation
CN101471773B (en) * 2007-12-27 2011-01-19 华为技术有限公司 Negotiation method and system for network service
CN101471777B (en) * 2007-12-29 2011-08-31 中国科学院计算技术研究所 Access control system and method between domains based on domain name
CN101272241B (en) * 2008-04-09 2010-05-12 西安西电捷通无线网络通信有限公司 Cryptographic key distribution and management method
US8370503B2 (en) * 2008-05-02 2013-02-05 Futurewei Technologies, Inc. Authentication option support for binding revocation in mobile internet protocol version 6
CN101431518B (en) * 2008-12-09 2011-06-01 西安西电捷通无线网络通信股份有限公司 Discovery and negotiation method for authentication associated kit
CN101562812B (en) 2009-05-14 2011-06-01 西安西电捷通无线网络通信股份有限公司 STA switching method when WPI is finished by AC in convergence type WLAN and system thereof
CN101562811B (en) 2009-05-14 2011-04-06 西安西电捷通无线网络通信股份有限公司 STA roaming switching method when WPI is finished by WTP in convergence type WLAN and system thereof
CN101719829B (en) * 2009-06-11 2012-02-29 中兴通讯股份有限公司 Processing and system for realizing IDM system interoperation
CN101707770B (en) * 2009-11-12 2012-02-01 浙江大学 Key exchange authentication method capable of guaranteeing system security
CN102082665B (en) * 2009-11-30 2013-10-23 中国移动通信集团公司 Identity authentication method, system and equipment in EAP (Extensible Authentication Protocol) authentication
CN102629928B (en) * 2012-04-13 2014-09-03 江苏新彩软件有限公司 Implementation method for safety link of internet lottery ticket system based on public key
CN103491540B (en) * 2013-09-18 2016-05-25 东北大学 The two-way access authentication system of a kind of WLAN based on identity documents and method
CN107690138B (en) * 2016-08-05 2020-08-14 华为技术有限公司 Fast roaming method, device, system, access point and mobile station
CN114760038A (en) * 2020-12-26 2022-07-15 西安西电捷通无线网络通信股份有限公司 Identity authentication method and device
CN114760032A (en) * 2020-12-26 2022-07-15 西安西电捷通无线网络通信股份有限公司 Identity authentication method and device
CN114124355B (en) * 2021-11-19 2024-01-23 西安热工研究院有限公司 Key authentication method based on extensible authentication protocol

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000011832A1 (en) * 1998-08-21 2000-03-02 Visto Corporation System and method for enabling secure access to services in a computer network
WO2000079457A1 (en) * 1999-06-17 2000-12-28 Internet Revenue Network, Inc. System and method for authentication over a public network
CN1468024A (en) * 2002-07-08 2004-01-14 华为技术有限公司 Network for implementing mobile phone localized roaming
CN1479553A (en) * 2002-08-29 2004-03-03 ��Ϊ�������޹�˾ Roam user information safety control equipment and roam user information interactive method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000011832A1 (en) * 1998-08-21 2000-03-02 Visto Corporation System and method for enabling secure access to services in a computer network
WO2000079457A1 (en) * 1999-06-17 2000-12-28 Internet Revenue Network, Inc. System and method for authentication over a public network
CN1468024A (en) * 2002-07-08 2004-01-14 华为技术有限公司 Network for implementing mobile phone localized roaming
CN1479553A (en) * 2002-08-29 2004-03-03 ��Ϊ�������޹�˾ Roam user information safety control equipment and roam user information interactive method

Also Published As

Publication number Publication date
CN1564626A (en) 2005-01-12

Similar Documents

Publication Publication Date Title
CN1298194C (en) Radio LAN security access method based on roaming key exchange authentication protocal
US7546459B2 (en) GSM-like and UMTS-like authentication in a CDMA2000 network environment
EP1589695B1 (en) A method for the access of the mobile terminal to the WLAN and for the data communication via the wireless link securely
JP5597676B2 (en) Key material exchange
US7890745B2 (en) Apparatus and method for protection of management frames
US20170118633A1 (en) Method and system of secured direct link set-up (dls) for wireless networks
JP5036099B2 (en) How to update the communication key
CN1767429A (en) Mobile communication user certification and key negotiation method
CN101052033A (en) Certifying and key consulting method and its device based on TTP
CN1659922A (en) Method and system for challenge-response user authentication
CN101056456A (en) Method and secure system for authenticating the radio evolution network
CN1805333A (en) Data security in wireless network system
Fu et al. A fast handover authentication mechanism based on ticket for IEEE 802.16 m
CN1259811A (en) Method and device used for secret in communication system
CN1720688A (en) Key generation in a communication system
CN1770681A (en) Conversation key safety distributing method under wireless environment
CN1859098A (en) Method for realizing EAP identification relay in radio cut-in system
CN1929371A (en) Method for negotiating key share between user and peripheral apparatus
CN1819698A (en) Method for acquring authentication cryptographic key context from object base station
CN1283062C (en) Cut-in identification realizing method for wireless local network
CN101064606A (en) System, apparatus and method for authentication
CN109768861A (en) Massive D2D anonymous discovery authentication and key agreement method
WO2011015060A1 (en) Extensible authentication protocol authentication method, base station and authentication server thereof
CN101047505A (en) Method and system for setting safety connection in network application PUSH service
CN1801705A (en) Pre-authentication method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C17 Cessation of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20070131

Termination date: 20110322