CN1933665A - Mobile communication system user certification method - Google Patents

Abstract

The invention proposes a user authentication method suitable for a mobile communication system. The authentication method adopts the public key authentication method based on ElGamal signature. Specifically include: during the system initialization process, the network center public key is determined at the network center, and relevant parameters of the network center are disclosed to the user, the user end selects a random number to determine the user end public key, the network center establishes a user identity ID for the user, and Send to the client, the client performs identity verification, and establishes a database related to s in the network center; the user selects a random number (x, d ₁ , d ₂ ) smaller than p; the network center calculates and verifies? The user end calculates the user signature b and sends the user signature to the network center. The network center queries the user end public key k _up in the database according to the user signature, and verifies whether the user is a legitimate user based on the public key. The invention has the characteristics of high security and low computational complexity, and can meet the requirements of the mobile communication system.

Description

User authentication method in mobile communication system

technical field

The invention relates to the field of mobile communication, in particular to the network security of the mobile communication system.

Background technique

The second and third generation mobile communication systems adopt the user authentication scheme based on the private key system. Although the private key system has the advantages of high speed and low cost, it requires the user and the network center to share a common key in advance. , which reduces the security of the system. At the same time, with the increase of the number of mobile users, this scheme also brings about the distribution and management of keys. Using the public key system to construct a user authentication scheme, it does not require the two parties to share any secret information, so it can simplify the management of the key. Many scholars at home and abroad have successively designed many mobile communication system user authentication schemes based on the public key system. For example, in the 2002 "Journal of Communications" No. 23, Volume 11, pages 118-121, Wang Xiaoming, Chang Zuling, and Chen Lusheng's "User Authentication Scheme for Digital Mobile Communication Systems" proposed a Schnorr signature-based authentication scheme suitable for digital authentication. User identity authentication scheme in mobile communication system, but the scheme has the following disadvantages: the overall security of the scheme is based on Schnorr signature, which is not high in security; the calculation amount is large, and it is not suitable for security authentication of mobile communication terminals.

Contents of the invention

The present invention aims at the above-mentioned shortcomings of the prior art, and aims to design a public key authentication scheme suitable for mobile communication systems with a small amount of calculation and high security. Therefore, an authentication method based on the ElGamal signature system is proposed, and a large amount of calculation is borne by the network side, and the mobile terminal part only undertakes part of the verification work, which reduces the burden on the terminal.

The technical solution of the present invention to solve the above technical problems is to select parameters in the network center and determine the public key of the network end, and disclose the public key k _np and the selected parameters to the user: large prime number p, generator g, one-way hash function h ; The network end establishes an algorithm module and a comparison and judgment module; the user end selects a random number to determine the user end public key k _up ; the network center establishes a user identity ID for the user according to the user public key, and determines the network center digital signature s and its accompanying parameter r ; and ID, s, r are sent to the client, and the client performs network identity verification; a database related to the digital signature S is established in the network center; the client selects parameters and calls the algorithm module for pre-calculation, and determines the verification parameter c of the client; Authentication is done in a challenge-response manner.

The user sends a network access request to the network center, and the network center verifies the digital signature of the network center and the random number selected by the user and saves the session key; the client calculates the user signature b, sends the user signature to the network center, and verifies the network according to the user signature; User identity authentication includes: the network center queries the user's public key k _up in the database according to the user's signature, calculates the user's characteristic value e and signature accompanying parameter r, and verifies the user to determine whether it is a legitimate user.

This method adopts the public key authentication system based on ElGamal signature, and reduces the computational complexity by improving the authentication process, so that the calculation amount of the user end can be reduced, the security of the network is further improved, and the requirements of the user safety authentication of the mobile communication system are met.

Description of drawings

Figure 1 shows the flow chart of data transmission in the network

Detailed ways

The ElGamal signature system is a variant of the Rabin system. The security of the scheme is based on the difficulty of calculating the discrete logarithm.

Below in conjunction with accompanying drawing technical scheme of the present invention is described in detail, and Fig. 1 shows the flowchart of data transmission in the network, and this authentication method specifically comprises the following steps:

First, initialize the system, including: select network center parameters and user parameters, establish user identity ID for users in the network center, establish algorithm modules, establish comparison and judgment modules, select secret random numbers, and generate public keys from secret random numbers .

(1) The network center establishes a corresponding algorithm module and a comparison judgment module, and selects parameters to calculate the network public key k _np . The network center establishes algorithm modules such as public key calculations. For the key x, $x\∈z_p^{*};$ There is y=g ^x modp as the public key. Choose a large prime number p, which can make it difficult to solve the discrete logarithm in the group Z _p , a generator or primitive element of the multiplication group Z _p ^* in Z _p is g, and choose a safe one-way Hash function h. Select a random number k _ns as the private key in the center of the network, so that it satisfies $k_{\mathrm{ns}}\∈Z_p^{*};$ Call the key calculation formula in the algorithm module $k_{\mathrm{np}}=g^{k_{\mathrm{ns}}}\mathrm{mod}p$ Obtain the network public key k _np , and disclose the network center parameters: p, g, h, k _np to users.

(2) The client selects parameters and calculates the user public key k _up . The user selects a random number k _us as the user's private key, which satisfies $k_{\mathrm{us}}\∈Z_p^{*};$ The client sends a request, calls the key algorithm module, and passes the formula $k_{\mathrm{up}}=g^{k_{\mathrm{us}}}\mathrm{mod}p$ Calculate the user public key k _up and send it to the network center.

(3) The network center creates a user identity ID for the user according to the received user public key, and signs it. Choose a secret random number $k\∈Z_p^{*},$ Call the network center algorithm module and related parameters, and calculate the network center number according to the formula: r=g ^k mod p, e=h(ID, k _up , r), s=(ek _ns )k ^-1 mod(p-1) Signature s, signature accompanying value r, user characteristic value e, and send s, ID, r back to the user.

(4) The user performs identity verification, and the user terminal verifies whether the received parameters are sent by the network to be joined. The user end receives the signature verification parameters sent back by the network center, performs identity verification on the user end, calls the comparison judgment module, and verifies whether the received parameters are sent by the network center that the user requests to access the network, if the equation $g^{h(I\mathrm{D.},k_{\mathrm{up}},r)}=k_{\mathrm{np}}{r}^{\mathrm{the\; s}}\mathrm{mod}p$ If it is established, the network sending the parameters is the network requested by the user, and the user end receives the digital signature s sent by the network center, otherwise it refuses to receive s.

(5) Establish a database in the network center according to the digital signature s of the network center. The network center establishes a database related to s, establishes a parameter list in the database according to the value of s, and establishes a one-to-one correspondence list between digital signature s and parameters k _up , r, e.

After the system initialization is completed, there are parameters stored in the network center database memory: k _ns , k _np , k _up , s, ID, r, e, and the user end stores parameters k _np , k _up , s, k in the memory RAM _us .

2. The client establishes an algorithm module and selects parameters for pre-calculation. The user selects random numbers x, d ₁ , d ₂ smaller than p, calls the calculation module, and according to the formula $c=\left(d_{1}P{d}_2\mathrm{PS}\right)k_{\mathrm{np}}^{x{k}_{\mathrm{us}}}\mathrm{mod}p$ (The symbol "P" denotes a concatenation of numbers) Computes the verification parameter c. Each time before entering the network, x, d ₁ , and d ₂ must be selected again, and different parameters are used for each verification, which effectively guarantees the security of the network and users.

3. In the authentication stage, both the network and the user are authenticated by means of challenge and response.

Figure 1 is a flow chart of network data transmission during the authentication process.

(1) The user sends a network access request to the network center, and sends the user public key k _up , the random number x selected by the user terminal, and the calculated verification parameter c to the network center;

(2) The network center verifies the digital signature s of the network center, establishes a digital cascade related to the verification parameters, and saves the session key. The network center receives the user's network access request, starts the algorithm module, and calls the formula according to the network center's private key and the user's public key $\left(d_{1}P{d}_2\mathrm{PS}\right)={\mathrm{ck}}_{\mathrm{up}}^{-{\mathrm{xk}}_{\mathrm{ns}}}\mathrm{mod}p,$ And the parameters sent by the client: k _up and c are substituted into this formula to calculate the corresponding parameters s, d ₁ and d ₂ . Start the comparison judgment module and call the formula: $g^{h(\mathrm{ID},k_{\mathrm{up}},r)}=k_{\mathrm{np}}{r}^{\mathrm{the\; s}}\mathrm{mod}p$ Verify the above parameters. If the equation is established, it indicates that the network end receives the parameters sent by the user requesting network access. The network center selects a random number t, and the value t satisfies the condition: 1≤t≤2 ^q (q≥72), establishes a digital cascading relationship y=(tP d ₁ ), and sends y back to the user, and at the same time the authentication center database saves d ₂ as session key;

(3) The user end determines the user signature b, and verifies whether it is a network to be connected to the network according to the user signature.

After the user receives y, he decrypts it to obtain d ₁ , and judges whether it is equal to the d ₁ sent by himself. If not, the application is abandoned. If they are equal, start the user-side calculation module and call the formula $b=k_{\mathrm{np}}^{t{k}_{\mathrm{us}}}\mathrm{mod}p$ Calculate the user signature b, and send the user signature b to the network center, after the network center receives it, find out the user public key k _up according to the s corresponding to b, and bring the relevant parameters into the formula $b^{\′}=k_{\mathrm{up}}^{t{k}_{\mathrm{ns}}}\mathrm{mod}p$ Calculate and obtain the verification value b' of the user's digital signature, judge whether b and b' are equal, if they are not equal, then deny the user access to the network, if they are equal, determine that the network is a waiting network, and enter the next step;

(4) The network center verifies the user, and the network center calculates the corresponding signature accompanying value and user characteristic value according to the user public key and network private key, and queries the user characteristic value e and signature accompanying value in the database according to the network center digital signature s r, compare the signature accompanying value and user characteristic value to determine whether to allow the user to access the network. The network center calls the algorithm module and the comparison judgment module to calculate the digital signature verification value $b^{\′}=k_{\mathrm{up}}^{t{k}_{\mathrm{ns}}}\mathrm{mod}p$ Calculate the user characteristic value e′=h(ID, k _up , r′) using the user public key k _up at time. The network center finds out e and r according to s, and judges: if e≠e′, then reject the user’s access request; if e=e′, continue to calculate the accompanying value of the signature $r^{\′}=g^{(e-k_{\mathrm{ns}}){\mathrm{the\; s}}^{-1}}\mathrm{mod}p,$ And it is judged that if r'=r, the database has not been changed, and the user's access request is approved, and if r'≠r, the user's access request is rejected.

The process of user signature:

If Party A wants Party B to sign its message m, the steps are as follows:

a. Party B chooses a random number: $k$ $\∈$ $z_p^{*},$ and send it to the network center;

b. The network center calls the formula in the algorithm module: r=g ^k mod p, s=(m-xr)k ^-1 mod(p-1) to calculate (r, s), and use (r, s) as the key to the message Sign and send to Party A;

c. Party A invokes the comparison and judgment module to verify the equation $g^m={\mathrm{the\; y}}_B^r{r}^{\mathrm{the\; s}}\mathrm{mod}p$ Whether it is established to decide whether to accept party B's signature on the message (where y _B is the private key of user B).

The present invention adopts an authentication method based on the ElGamal signature system. By improving the authentication process, the method effectively reduces the user's calculation load, further improves the security of the network center, and can meet the requirements of the mobile communication system.

The above is only a preferred embodiment of the present invention, but the scope of protection of the present invention is not limited thereto, and any person familiar with the technology can easily think of changes and substitutions within the technical scope disclosed in the present invention, All should be included in the scope of protection of the present invention. Therefore, the protection scope of the present invention should be based on the protection scope of the claims.

Claims (5)

1, a kind of mobile communication system user certification method, employing is based on the authentication public key method of ElGamal signature, it is characterized in that, the method comprising the steps of: network center sets up algoritic module and comparison judge module, select calculation of parameter network center PKI, and disclose PKI and selected parameter to the user: user side is chosen random number and is calculated client public key k _Up, and be sent to network center; Network center sets up User Identity ID according to client public key, computing network center digital signature S, and the foundation database relevant with S; User side carries out network identity validation, precomputation user side certificate parameter c; Adopt challenge, response mode that user and network are authenticated.

2, method according to claim 1 is characterized in that, the parameter that network center is selected comprises: big prime number p, generator g, One-Way Hash Function h.

3, method according to claim 1 is characterized in that, the algoritic module that network center sets up comprises the PKI computing formula: for key x, $x\∈z_p^{*},$ PKI y=g is arranged ^xMod p.

4, according to one of them described method of claim 1-3, it is characterized in that the step that network is authenticated comprises: the user sends the request of networking and certificate parameter c to network center; The certifying digital signature s of network center sets up the digital cascade relevant with certificate parameter, and preserves session key; User terminal is determined user's signature b, and whether checking is network to be networked according to user's signature.

5, according to one of them described method of claim 1-3, it is characterized in that, the step that the user is authenticated comprises: the corresponding signature value of following r ' and user characteristics value e ' calculate according to client public key, network privacy in network center, and with database in store with the corresponding signature value of following r of s and user characteristics value e comparison, determine whether to allow this user-network access.