TW201129128A - Wireless communication method of mutual authentication with dynamic keys - Google Patents

Abstract

In this invention, we propose a novel communication authentication method which provides wireless communication with a mutual authentication and dynamic keys. Under this invention, a subscriber station (SS) and a base station (BS) individually input a random number into the Diffie-Hellman Public Key Distribution System (DH-PKDS for short) function to separately generate a set of public keys and, hence, a set of common secret keys, with which the SS and BS individually generate their own AKs, TEKs, and NTEKs as the strong data connection between them. With these three sets of parameters, the SS and BS authenticate each other by using the certification keys which are delivered between them. Under this invention, plaintext and ciphertext are respectively encrypted into ciphertext and decrypted into plaintext with a two dimensional encryption/decryption approach. But, only ciphertext is transmitted through wireless channels. Additionally, communication safety between the SS and BS can be improved by using the mutual authentication with dynamic keys and all the parameters transmitted through wireless channels are used once only.

Description

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a wireless communication method in an IEEE 802.16ePKMV1 environment, and more particularly to a wireless communication method with dynamic key mutual authentication. [Prior Art] Wireless communication mainly includes mobile phone communication and wireless network communication. However, in the environment of IEEE 802.16ePKMV1, the subscriber station (w Φ SS) and the base station (BS) are wireless. There is no data link (common basic information) before the communication, which is different from IMSI and Ki data link in the SIM card of the mobile phone or PKMV2 in IEEE 802.16e. User station and authentication, authorization and accounting (Authentication-Authorization) Radius data connection between -Accounting, AAA) 'The data link between all user stations and the base station needs to be established through wireless communication. If the wireless communication is not available at the beginning. · With good security protection, the user terminal The link information established with the base station will be insecure, and then the security of the entire wireless communication system will be fragile. Taking IEEE 802.16ePKMVl as an example, the IEEE 802.16ePKMVl wireless communication implementation steps are as follows: PART I : (PKM Authorization)

Message 1: SS->BS: Cert(Manufacturer(SS))

Message 2: 201129128 SS->BS: Cert(SS) I Capabilities I SAID Message 3: BS->SS:RSA-Encrypt(PubKey(SS),AK) | Lifetime | SeqN ο I SAIDList PART Π : (Privacy And key management)

Message 1: BS^SS: SeqNo | SAID | HMAC(l)

Message 2: SS^BS: SeqNo | SAID | HMAC(2)

Message 3: BS->SS: SeqNo | SAID | OldTEK | NewTEK | HMAC(3) For the aforementioned PKMV1 wireless communication process, at least the following security vulnerabilities are listed as follows: (1) Hacker (Hacjer) can From the CERT (SS) of PARTI, message2, obtain the PubKey(SS) of the SS, and then obtain the AK from the BS from PART I 'message3, and when the hacker (Hacjer) obtains the authentication key (Authentication Key, After AK), in the part jj, all the data transmitted by the subscriber station and the base station are dangerous, because the <a> hacker can easily obtain the OldTEK (where TEK is the traffic encryption key to the Encryption Key, TEK). )) and NewTEK' then any data dissemination will be cracked by the hacker, and there is no security at all; <b> hackers can only play pseudo-user stations and communicate with the base station' can also play pseudo-base Communication between the station and the user, as long as the hacker continues to destroy, the entire wireless communication system will not be able to

LSI 5 201129128. (2) In the PART I (PKM authorization) wireless communication, since the connection information (AK) has not been established between the subscriber station and the base station, and there is no authentication function in the message 3 of the message, the customer is not easy. Play a pseudo-base station and send a pseudo message3 signal to the subscriber station. 'Because there is no authentication function, the subscriber station will unconditionally receive this false signal, causing the subscriber station to get an incorrect AK, so that the subsequent PART Π wireless communication, HAMC ( l) ~ HAMC (3) authentication failed, so that the entire wireless communication can not enter - line. (3) Since the subscriber station requests wireless communication from the outgoing message to the TEKs, there are 6 wireless transmissions between the subscriber station and the base station. This allows the hacker to easily intervene in the wireless transmission between the subscriber station and the base station. Intercepting information or disrupting wireless communications, thus reducing the number of wireless transmissions between subscriber stations and base stations is one of the ways to improve security. In order to improve the defect of IEEE 802.16ePKMV1 in the nature of wireless communication security, the wireless communication process is improved as follows: PART I : (PKM Authorization) • Message 1: SS^BS: Cert(Manufacturer(SS))

Message 2: SS->BS: SS-Random | Cert(SS) | Capabilities | SAID Message 3:

BS->SS: SS-Random I BS-Random I RSA-Encrypt(PubKey(SS),pre_AK) |

Lifetime I SeqNo | SAIDList I Cert(BS) | Sig(BS) PART Π :(Privacy and key management) 201129128

Message 1: BS->SS: SS-Random | BS-Random | SeqNol2 | SAID I HAMC(l) Message 2: SS^BS: SS-Random | BS-Random | SeqNol2 | SAID | HMAC(2) Message 3 : BS->SS: SS-Random I BS-Random | SeqNol2 | SAID | OldTEK I NewTEK|HMAC(3) In this improved method, 'mainly in the wireless communication process (1) adding random parameters SS-Random and BS -Random ; (2) Replace AK with Pre AK and pass it to the user station by BS, and then generate ak according to the formula by the user station, avoiding the AK added directly in the packet; (3) Formula for generating AK and TEK Random parameters such as SS-Random and BS-Random are added to hope that these formulas can have random characteristics and are less likely to be cracked by hackers. However, during the entire wireless communication process, the Mutual authentication mechanism is not established. At best, the generation of AK and TEK can be changed with the random parameters SS Rand〇m and BS-Random. However, the fly in the ointment is ss_Rand〇m and BS. -Random is directly transmitted via wireless, and there is no encryption protection, so the hacker can easily obtain these two data, so this side = does not contribute much to the security in terms of quality; (4) due to The variables required by the ak&tek formula, including Pre-AK, SS-Rand〇m, 201129128 BS-Random, SS-MAC-Addr, BS-MAC-Addr, and pre-TEK, etc., can be communicated via wireless communication. Obtained directly or indirectly, so the system's security has not been significantly improved. Such a modification has limited effectiveness in improving the defects of the entire IEEE 802.16e PKMV1 in the nature of wireless communication security. Such modifications should not be successful and require significant improvements. From the above, in a secure wireless communication system, the basic requirement is that each wireless communication needs to be authenticated, and the parameters used for wireless propagation should be lost, and this is in the environment of IEEE 802.16e PKMV1. It is very difficult to do. The invention integrates Diffie-Hellman public key distribution system (Diffie-Hellman PKDS) 'Data Carriers' and two-way authentication technology, and constructs between the user station and the base station. A secure dynamic key mechanism. Under this mechanism, even in the PKMV1 environment of IEEE 802.16e, any wireless communication between the user station and the base station can be authenticated in both directions and can be used to greatly improve wireless communication. The degree of security. In the PKMV1 environment of ffiEE 802.16e, the dynamic key constructed by the present invention requires only one round-trip wireless communication (that is, its security mechanism is established, and secure wireless communication between the user station and the base station can be effectively eliminated. Any attack over a period of time (about 3 months). Therefore, how to invent a wireless communication system with dynamic key double-effect authentication, so as to improve the security of the wireless communication system, will be positive for the present invention. 201129128 [Invention] In view of the shortcomings of the above wireless communication method, the inventor felt that it was not perfected, and exhausted his mental research to overcome the accumulated experience of the industry for many years, and then developed A wireless communication method with dynamic gold recording two-way authentication, in order to achieve two-way wireless communication between the user station and the base station, a mutual authentication (Mutual authentication) mechanism is required, and only through authentication can the wireless communication data be processed further. To achieve the purpose of improving the security of wireless communication. The main purpose of the present invention is to provide a A wireless communication method with dynamic key mutual authentication, which constructs a secure dynamic key system between the subscriber station and the base station, and under the protection of the system, even in the environment of IEEE 802.16e PKMV1, the subscriber station Any wireless communication with the base station can achieve the requirements of two-way authentication and loss of use, and greatly improve the security of wireless communication. To achieve the above purpose, the wireless communication method of the present invention comprises: a dynamic key bidirectional The authentication wireless communication method comprises: a user station randomly generates a random number of user stations, as a key of the user station, and inputs the key of the group of users to a Diffie-Hellman public key distribution system. (Diffie-Hellman PKDS) function generates a set of subscriber station public key, the subscriber station transmits the group subscriber station public key and a wireless communication authentication request to a base station; the base station receives the subscriber station's wireless communication authentication request, and is randomly Take a set of base station random random numbers as a key to the base station of the subscriber station, and input the set of keys to a Diffie-Hel Lman public key distribution system (Diffie-Hellman PKDS) function to generate a set of base 201129128 platform public key, and then the base station authenticates the user station through mechanical authentication; when the user station passes the mechanical certification of the base station, then The base station uses the public key of the group of subscriber stations transmitted by the subscriber station to calculate a common secret record (Common Secret Key, CSK1, CSK2, CSK3), and then obtains the common secret of the group. The key calculation generates a set of base station first identity authentication keys (Cerfun (CSK1, CSK2, CSK3)), and then the base station transmits an authentication success message and the base station first identity authentication fund to the subscriber station, and then the base station Independent computing generates a set of Base Station Authentication Keys (AKs), a set of Base Station Traffic Encryption Keys (TEKs), and a set of base station new traffic encryption keys (NTEKs). The subscriber station learns the authentication success message and the identity authentication key of the wireless communication authentication request sent by the base station via the operation_identification code, and the subscriber station immediately checks the Pubkey (SS) and the group of subscriber stations transmitted by the base station. Whether the internal Pubkey is equal. If they are equal, the subscriber station uses the group base station public key transmitted by the base station to calculate a common key with the subscriber station key, and then obtains the common key of the group. The key calculation generates a set of user station first identity authentication keys, and compares the calculated first identity authentication key of the user station with the identity authentication key transmitted by the base station; if equal, the subscriber station Independent computing generates a set of User Key Authentication Keys (AKs), a set of User Encryption Keys (TEKs), and a set of User Station New Traffic Encryption Keys (NTEKs); The data transmission request and the second authentication key of the subscriber station (Cerfun (AKl, AK2, AK3)) are given to the base station; the base 201129128 receives the data transmission request of the subscriber station, and Verifying whether the second identity authentication key of the subscriber station transmitted by the subscriber station is equal to the second identity authentication key (Cerfun (AKl. AK2, AK3)) of the group base station generated by the base station via internal calculation; If the base station is equal, the base station returns a data transmission message and a base station third identity authentication certificate (Cerfun (AK4, AK5, AK6)) to the subscriber station; the subscriber station receives the permitted data transmission request of the base station. And the base station third identity authentication record (Cerfun (AK4, AK5, AK6)), and the third identity authentication key of the base station transmitted by the base station is authenticated; if the subscriber station checks the base station to transmit The base station third identity authentication key is equal to one of the subscriber station third identity authentication keys (Cerfun (AK4, AK5, AK6)) generated by the internal calculation of the subscriber station, and the subscriber station encrypts a plaintext data into one. Ciphertext data, and transmitting the ciphertext data and the subscriber station authentication code (EXOR (TEKm, NTEKm)) to the base station; the base station receives the ciphertext data of the subscriber station and the subscriber station authentication code, and verifies the Group user station is encrypted by traffic (TEK) and the set of subscriber station new traffic encryption key (NTEK) calculations to generate one of the subscriber station authentication codes (EXOR (TEKm, NTEKm)) and the set of base station authentication records (TEK) generated in the base station and The base station new traffic encryption key (NTEK) calculates whether one of the base station authentication codes (EXOR (TEKm, NTEKm)) is equal. If the verification is successful, the ciphertext data is decrypted into a plaintext data. Therefore, one of the wireless communication methods with dynamic key mutual authentication can improve the security of wireless communication. [Embodiment] 201129128 In order to fully understand the object, features and effects of the present invention, the present invention will be described in detail by the following specific embodiments and the accompanying drawings, And FIG. 2 is a flow chart of an embodiment of a preferred embodiment of a wireless communication method with dynamic key mutual authentication, and a flow chart of an embodiment of the first embodiment. First, in step S100, the subscriber station (SS) - randomly generates a random number of user stations through a pseudo random number generator (Pseudo Random Number Generator, - PRNG), as a key of the subscriber station, and Entering the key of the group of subscriber stations into a Diffie-Hellman Public Key Distribution System (Diffie-Hellman PKDS) function to obtain a set of subscriber station public keys, and the subscriber station transmits the set of subscriber station public keys and a wireless Communication authentication requires Message 1 to be given to a base station. The above Diffie-Hellman public key distribution system function system DH(p, g, x)=gx mod p, where p is a strong prime, g is the original root of p, X is a random parameter, DH(p, g, x), p and X φ have the same bit size, which can be 512, 1024 or 2048 bits. The form of wireless communication certification requirements is as follows:

Message 1: BS-SS: op-code I Cert(Manufacture(SS)) I Cert(SS) |

The Psri I Psr2 I Psr3 I Lifetime subscriber station randomly generates the random number SR1, SR2, and SR3 of the user station as the key of the subscriber station, and the step further includes the user station randomly inputting a string to a pseudo random number generator. And output a set of three random random numbers SR1, SR2, SR3 with a length of 1024 bits, wherein the format of the string is (SS random input 12 201129128 into the length 212 string) + (Western year + month + day) + hours + minutes + seconds + seconds) + (wireless network card number + seconds + seconds). Next, the subscriber station calculates PSRi = DH(p, g, SRi), lSi$3. Thereafter, in step S110, the base station receives the wireless communication authentication request of the user station, firstly, three sets of base station random random numbers BR1, BR2, BR3, which are 1024 bits long, are taken out from the internal random random number table, and The random number of the base station is input to a Diffie-Hellman public record allocation system - (Diffie-Hellman PKDS) function to calculate a set of base station public key. Lu pBRi=gBRl modp, l$i^3 ' And the following calculation is performed to obtain a set of jointly CKK1, CSK2, and CSK3 'where CSKi=^^/ mod p, 1 S 3, and then the base station is further calculated by the obtained common density calculation of the group. A set of base station first identity keys (Cerfun (CSKl, CSK2, CSK3)). In step S120, the base station authenticates the subscriber station via mechanical authentication. The mechanical certification is an X.509 mechanical certification, the base station passes X.509 Lu certification, and Cert (SS) finds the corresponding PubKey (SS). In addition, in addition to the mechanical certifications described above, any mechanical certification in the same spirit is within the scope of this specification. Step S130, after the user station passes the mechanical authentication of the base station, the base station extracts random random numbers pre_AK 1, pre_AK2, pre_AK3 from the internal data. In addition, the base station transmits an authentication success message Message2 to the subscriber station, and its contents are as follows:

Message2:BS-^SS

〇p_code | PubKey(SS) | PBR1 | PBR2 丨PBR3 丨Cerfun(CSKl,CSK 13 201129128 2,CSK3) I ADR(CSKl,pre_AKl) | ADR(CSK2,pre_AK2) I ADR( CSK3, pre_AK3) I Lifetimes The base station then independently calculates a set of Base Station Authentication Keys (AKs), a set of Base Station Traffic Encryption Keys (TEKs), and a set of base station new traffic encryption keys (NTEKs). If the subscriber station fails the mechanical authentication of the base station, the process proceeds to step S122. In step S122, the base station writes the reason for the failure to the error table (FAJLists) and returns the subscriber station authentication failure message Message2, and then the base Taiwan ended the wireless communication. The content of the authentication failure reply message is as follows:

Message2:BS->SS 〇p_code I Prbi I Prb2 I Prb3 I Cerfun(CSKl,CSK2,CSK3) I FA_List This wireless communication system provides an operation-identification code 〇p-c〇de on the base station and The first field of each message is transmitted between the subscriber stations. The base station and the subscriber station learn the function of transmitting a message by operating an identification code, wherein the operation identifier length is more than 4 bits. Operation—Identification Code 〇p—Sew is one-to-one* 7L control signal. For operation of an identification code comparison table, refer to Figure 3. Step S140' The subscriber station determines whether the mechanical authentication is passed by operating the identification code 〇p_c〇de. If the mechanical authentication is passed, the user enters step si5〇, and the subscriber station checks the PubKey (Ss) transmitted from the base station and the The PubKeys in the group user station are equal. If they are equal, the process proceeds to step 8. If the authentication fails, the process proceeds to step S152, the pseudo message is discarded, and the message is returned to wait for 201129128. If the mechanical verification fails, then to step S142, the subscriber station calculates the common key as follows: CSKi = household intestine.modp, l$i$3. Then, the subscriber station authenticates the base station. The procedure is as follows: determine whether the base station first identity authentication key Cerfun (CSK1, CSK2, CSK3) transmitted from the base station is equal to the subscriber station generated by the internal calculation of the subscriber station. The common key CSKi, l$i$3, and then the first identity authentication of the subscriber station - Cerfun (CSKl, CSK2, CSK3). If they are equal, the process goes to step S144, where the error table (FA_Lists) message is displayed, and the wireless communication is ended. If not, the process proceeds to step S146, and the subscriber station discards the pseudo message and continues to wait for the base station to return the message. In step S160, the subscriber station calculates a set of subscriber station common keys CSK1, CSK2, CSK3'. The calculation process is as follows: CSKi = corpse muscle mod p, l $ 3, the subscriber station performs further identity authentication: determining that the subscriber station receives the base station One of the first base station authentication certificates, Cerfun (CSKl, CSK2, CSK3) | is equal to the CSKi, lSiS3 generated by the internal calculation of the user station, and the first identity authentication key Cerfun of the group of users is obtained. CSKl, CSK2, CSK3). If they are not equal, then to step S162, the base station identity authentication fails, discarding the pseudo message, and continuing to wait for the base station to return the message. If they are equal, then to step S164, the subscriber station obtains the parameters pre_Aki, lS i$3, and the procedure is as follows:

Pre_AKi = IADR (CSKi, ADR (CSKi, pre - AKi)), lSiS3, immediately proceeds to step S170. 15 201129128 In step S170, the subscriber station independently calculates and generates a set of User Key Authentication Keys (AKs), a set of User Encryption Keys (TEKs), and a set of user station new traffic encryption keys ( NTEKs). AKi, IS i <6 is generated as follows: AKl=HMAC-SHAl(CSKl, pre_AKl | CSK2 | pre_AK2 | S S_MAC_Addr| BS_MAC_Addr) AK2=HMAC-SHAl(CSK2,pre_AK2 | CSK3 | pre_AK3 | S - S_MAC_Addr| BS_MAC_Addr )

.. AK3=HMAC-SHAl(CSK3,pre_AK3 | CSK1 |pre_AKl | S S_MAC_Addr| BS_MAC_Addr) AK4=HMAC-SHA1(CSK1,CSK2 | CSK3 | pre_AKl | pre_ AK2| SS_MAC_Addr) AK5=HMAC-SHA1(CSK2,CSK3 | CSK1 | pre_AK2 | pre_ AK3 I BS—MAC—Addr) AK6=HMAC-SHA1(CSK1,CSK3 | CSK2 | pre_AK3 | pre_ ^ AK1 I SS MAC Addr) . TEKi,IS is 243 is generated by the following calculation: TAKa-\) ^j = AKi + Pre - AKU 1 ^ i, j ^ 3 · TCK^j=CSKi + pre_AKj, l<i,j<3. ^^(M)x8i+(yi)x9+* = (-^^(1 +3) ® TAK j) + TCKk, l <i<3, l<j,k<9. NTEKi, IS i S 243 is calculated according to J: NTAKt = AKA® TAKn 1<i<9. NTCKj = ΑΚ^ΘΤϋΚ:』,l<i<9. 201129128 (4)=(乂尤,十+ (#70; 十乂6), BiS3, 1 < j,kS9. In step S180, 'user station transmits a data The transmission request message and the second authentication key of the subscriber station (Cerfun (AKl, AK2, AK3)) are sent to the base station. The content of the above message is as follows:

Message3: SS-^BS op-code I Cerfun(AKl, AK2, AK3) | Lifetime In step S190, the base station learns that the subscriber station requires data transmission by operating the __ identification 〇p_code. The base station receives the data transmission request of the subscriber station, and checks the second identity authentication gold transmission Cerfun (AKl, AK2, AK3) transmitted by the subscriber station and the base station second generated by the calculation within the base station. Whether the authentication key Cerfun (AKl, AK2, AK3) is equal. If they are equal, then to step S200, if they are not equal, then to step S192, the pseudo message is discarded, and the message of the subscriber station is continued. In step S200, the base station returns a permitted data transmission message and a base station third identity authentication key (Cerfun (AK4, AK5, AK6)) to the subscriber station. Among them, the above content is as follows:

Message4: BS_SS op_code I Cerfun(AK4, AK5, AK6) | The Lifetime subscriber station is informed by the operation_identification code op_code that the base station transmits the request for the data transmission of the subscriber station, and proceeds to step S210, where the subscriber station receives the permission of the base station. Data transmission requirements, and the third identity authentication key (Cerfun (AK4, AK5, AK6)) of the group base station transmitted by the base station is authenticated. The subscriber station determines whether the base station third identity authentication key Cerfun (AK4, AK5, AK6) transmitted by the base station is equal to the subscriber station third identity authentication key Cerfun (AK4, which is generated by the subscriber station itself). AK5, AK6). If they are equal, the process goes to step S220. If they are not equal, the process proceeds to step S212, and the pseudo-allowed data transmission message is discarded, and the base station returns the message. Step S220, the subscriber station encrypts a plaintext data into a ciphertext data, and transmits the ciphertext data to the base station. The user station encrypts the plaintext data into ciphertext data and sends it out in the following manner; assuming that plaintext can be decomposed into n plaintext segments, and each plaintext segment is 1024 bits long (Plaintext l~Plaintextn, n 2 1 )then:

Ciphertexti=(plaintexti ten NTEKj)+TEKj, where lgiSn, j=(i mod 243)+1,

Ciphertexts=Ciphertext 1 +Ciphertext2+... +Ciphertextn-1 +Ciphertextn The subscriber station transmits the ciphertext data message and the authentication code EXOR (TEKm, NTEKm) to the base station, and then proceeds to step S230, where the content of the message is as follows:

Message5: SS^BS

Op_code | RHS_EXOR(AK6, Index-m) | EXOR(TEKm,NT EKm) I Ciphertexts I Lifetime In step S230, the base station learns from the operation_identification code 〇p_code that the ciphertext data is transmitted from the subscriber station, then: m =Index-m=RHS(AK6)10 RHS-EXOR(AK6, Index-m). The base station receives the ciphertext data of the subscriber station, and verifies the subscriber station authentication code EXOR (TEKm, NTEKm) transmitted from the group of subscriber stations, and the base station authentication key (TEKs) and the base station group in the base station. The new traffic encryption key (NTEKs) calculates whether the authentication code EXOR (TEKm, NTEKm) produced by 201129128 is equal. If they are equal, the process proceeds to step S234, and the base station decrypts the ciphertext data into a plaintext data. If not, the process proceeds to step S232, and the base station discards the pseudo message and continues to wait for the user station to return the message. The decryption procedure is as follows: Decryption:

Plaintexti= (Ciphextexti-TEKj) ten NTEKj, ifCiphextextigTEKj (Ciphextexti+ΤΈΆ+Ι) ten NTEKj, ifCiphextexti<TEKj where l$i$n,j=(i mod 243)+1 In the above, the base station transmits an authentication success message When the user station and the user station transmit the ciphertext data to the base station, the base station and the user station use a Exclusive-or function or an Adder function as a data carrier (data). Carrier) The ciphertext data transmitted between the subscriber station and the base station is a two-dimensional stream cipher technique protection, where the two-dimensional operation refers to the same plaintext in two different operations. The message is encrypted, and the stream encryption means that each different plaintext byte is encrypted with a different random garbled code, and the cryptographic operation technique combined with the two features is called a two-dimensional stream encryption processing technique. The invention constructs a mutually authenticated wireless communication system between a subscriber station and a base station in an IEEE 802.16e PKMV1 environment. To achieve the above, the present invention has the following sub-functions, which are described as follows: Sub-function (1): Encryption /Decryption Functions : 1. Diffie-Hellman PKDS function: 201129128 DH(p,g,x)=gx mod p where p is a strong prime, g is the original root of p, x is a random parameter, DH(p, g, x), p and x have the same size, both 512, 1024 or 2048 bits. 2. Exclusive OR function: EXOR(x,y)=x ten y. 3. Right-Hand-Side Exclusive OR function: RHS_EXOR(x,y)=RHS(x)10 y where RHS(x) is the right-hand-side of x and length of RHS(x) is equal to length of y ° 4. Adder function: ADR(x,y)=x+y where is a binary adder which discards the carry of the most significant bits of x+y ° 5. Certification function:

Cerfun(x,y,z)=(z 十 y)+x 〇6. Decryption: <a>y=x ten EXOR(x,y) <b>y=RHS(x)10 RHS_EXOR(x,y ) <c>IADR(x,ADR(x,y))=yy=ADR(x,y)-x, if ADR(x,y) ^ xy=ADR(x,y)+x +1, if ADR(x,y)<x <d>ICerfun(x,y,z)=zz=(Cerfun(x,y,z)-x) 十 y,if Cerfun(x,y,z)2x z =(Cerfun(x,y,x)++1) ten y,if Cerfun(x,y,x)<x sub-function (2): Data Carriers 201129128 When the subscriber station and the base station have When a common data link, such as CSK (Common Secrete Key) is owned by both the subscriber station and the base station, we can safely transmit the random parameter RN from the subscriber station to the base station or carry it on the base station by the following two methods. To the user station, not afraid of the hacking of the hacker. (1) Encryption: EXOR (CSK, RN) Decryption: RN = CSK ten EXOR (CSK, RN) (2) Encryption: ADR (CSK, RN)

Decryption: RN=ADR(CSK,RN)-CSK, if ADR(CSK,RN)g CSK

RN=ADR(CSK, RN)+ CSK+1, if ADR(CSK, RN)<CSK (3) mode: encrypting at the transmitting end, transmitting the ciphertext wirelessly to the receiving end, and then decrypting by the receiving end, The random parameter RN data can be transmitted to the receiver wirelessly. At this time, EXOR〇 and ADR〇 become data carriers. Sub-function (3): Mutual Authentication To establish a mutual authentication mechanism between the subscriber station and the base station, firstly, the subscriber station and the base station must have at least two links, such as CSK1 and CSK2, the following two methods can complete mutual authentication. : Method 1: Send encrypted authentication signals, such as EX0R (CSK1, CSK2) or ADR (CSK1, CSK2). Since CSK1 and CSK2 are only known to the subscriber station and the base station, only the subscriber station and the base station can authenticate, and the hacker is Can not be copied, but the disadvantage of this method is that CSK1 and CSK2 have a higher chance of being destroyed by the hacker r «.-· 21 201129128. Method 2: Use the identity authentication function, Cerfun (CSKl, CSK2, CSK3). The advantage of this method is that three random parameter codes CSK1, CSK2, and CSK3 are used to generate an identity authentication code Cerfun (CSK1, CSK2, CSK3), so it has a relatively high degree of security; its disadvantage is that the sender and the receiver are in wireless communication authentication. The three random parameter codes CSK1, CSK2, and CSK3 are required before, and the data link is completed between the sender and the receiver. Sub-function (4): op_code Table 〇p__code is a 4-bit control signal, the connotation is shown in Figure 3. Sub-function (5): PRNG (Pseudo Random Number Generator) The invention is to establish an efficient dynamic system, which has random parameters (garbled) added every time the signal is transmitted wirelessly, and If you use it or lose it, you can improve the security. Therefore, both the base station and the user station need an identical and efficient random garbled generator (PRNG). The basic structure of the PRNG is as follows:

Seeds--- PRNG--► PRNS PRNS(Pseudo-Random Number Sequence): Ψl, Ψ2, ψ3,..., ψq,q: the length of the PRNG, where Seeds is the input seed for starting the PRNG, which can be a fixed unit of the wheel The parameter, and the output of the PRNG is PRNS, which is a random garbled sequence, which is composed of the random 22 201129128 chaotic output. As described above, the present invention fully complies with the three requirements of the patent: novelty, advancement, and industrial applicability. In terms of novelty and advancement, the present invention integrates a Diffie-Hellman Public Key Distribution System (Diffie-Hellman PKDS) > data carrier, and a mutual authentication mechanism, at the subscriber station and A secure dynamic key system is built between the base stations, so that in the environment of IEEE 802.16ePKMV1, any wireless communication between the subscriber station and the base station can achieve the requirements of two-way authentication and loss of use. In turn, the security of wireless communication is improved; in terms of industrial availability, products derived from the present invention can fully satisfy the needs of the current market. The invention has been described above in terms of preferred embodiments, and it is to be understood by those skilled in the art that the present invention is only intended to illustrate the invention, and is not intended to limit the scope of the invention. It should be noted that variations and permutations that are equivalent to the embodiments are intended to be within the scope of the present invention. Therefore, the range of Φ 发 之 5 蔓 蔓 蔓 蔓 蔓 蔓 蔓 蔓 蔓 蔓 蔓 蔓 第 第 第 第 第 第 第 第 第 第 第 第 第 第 第 第 第 第 第 第 第 第 第 第 第Example flow chart. Figure 2 is a flow chart of an embodiment following the first figure. table. The third embodiment is the operation of the preferred embodiment of the present invention - the recognition sound control 23 201129128 [The main component symbol description]

Claims (1)

201129128 VII. Patent application scope: 1. A wireless communication method with dynamic gold residual two-way authentication, comprising: a user station randomly generates a random random number of user stations, as a user station secret record 'and the group of user stations Key input - Diffie-Hellman public gold distribution system (Diffie-Hellman PKDS) function to obtain a set of user stations public record 'The subscriber station transmits the group of subscriber stations public gold and a wireless communication certification request to a base station The base station receives the wireless communication authentication request of the subscriber station, randomly takes out a random number of base station stations as a base station key, and inputs the group base station secret gun into a Diffie-Hellman public gold distribution system. (Diffie-HellmanPKDS) function obtains a set of base station public key, and then the base station authenticates the user station through mechanical authentication; after the user station passes the mechanical certification of the base station, the base station uses the user station The set of user station public key and the base station key calculation generate a common key (Common Secret Key, CSK1, CSK2, CSK3). And the set of common key calculations obtained by the group generates a set of base station first identity authentication key (Cerfun (CSK1, CSK2, CSK3)), and then the base station transmits an authentication success message and the first identity of the base station. The authentication key is given to the subscriber station, and then the base station independently calculates and generates a set of Base Station Authentication Keys (AKs), a set of Base Station Traffic Encryption Keys (TEKs), and a set of base station new traffic. Encryption key (NTEKs); the subscriber station learns, via an operation_identification code, the authentication success message sent by the base station to the wireless communication authentication request and the base station first identity authentication 25 201129128 Whether the pubkey (SS) sent by the base station is equal to the Pubkey in the subscriber station, and if equal, the subscriber station uses the group base station public key transmitted by the base station to calculate the base station key A set of common keys, and then a set of user station first identity authentication keys (Cerfun (CSK1, CSK2, CSK3)) is calculated by the obtained common key group, and the group is calculated. The first identity authentication key of the subscriber station is compared with the first-identity authentication key transmitted by the base station; if equal, the subscriber station independently calculates and generates an authentication key (Authentication Keys, AKs), a set of User Encryption Keys (TEKs) and a set of User Station New Traffic Encryption Keys (NTEKs); the subscriber station transmits a data transmission request and a subscriber station second identity authentication key ( Cerfun (AK1, AK2, AK3)) is given to the base station; the base station receives the data transmission request of the subscriber station, and checks the second identity authentication key of the subscriber station transmitted by the subscriber station and the base station via The internal calculation generates whether the base station second identity φ certificate key (Cerfun (AKl. AK2, AK3)) is equal; if equal, the base station returns a permitted data transmission message and a base station third identity authentication The key (Cerfun (AK4, AK5, AK6)) is given to the subscriber station; the subscriber station receives the permitted data transmission message of the base station and the third identity authentication key of the base station (〇6^1111 (into 4, into 〖5, into 〖6)), Authenticating the third identity authentication key of the base station transmitted by the base station; if the subscriber station checks the third identity authentication key of the base station transmitted by the base station and one of the internal calculations generated by the user station If the third identity key (Cerfun (AK4, AK5, AK6)) is equal, the subscriber station encrypts a plaintext data 26 201129128 into a ciphertext data, and the ciphertext data and a subscriber station authentication code (EXOR ( TEKm, NTEKm)) is transmitted to the base station; the base station receives the ciphertext data of the subscriber station and the subscriber station authentication code, and verifies the group subscriber station by the subscriber station traffic encryption key (TEK) and the group of users The Taiwan New Traffic Encryption Key (NTEK) calculation generates a subscriber station authentication code (EXOR (TEKm, NTEKm)) and the set of base station authentication keys (TEK) generated in the base station and the new base station encryption credit of the group. The key (NTEK) calculation generates whether one of the base station authentication codes (EXOR(TEKm, NTEKm)) is equal. If the verification is successful, the ciphertext data is decrypted into a plaintext material. 2. The wireless communication method with dynamic key mutual authentication as described in claim 1 of the patent scope, wherein the mechanical certification is an X.509 mechanical certification. 3. The wireless communication method with dynamic key mutual authentication according to claim 1, wherein the user station randomly generates the random number of the user stations, and the user station randomly inputs a string to a Pseudo Random Number Generator (PRNG), and output q random garbled characters of length 1024 bits, wherein the format of the string is (user station random 1 input length 212 string) + (west 1 year + month + day + hour + minute + second + 13⁄4 seconds) + (wireless network card number + seconds + 3⁄4 seconds). 4. The wireless communication method with dynamic key mutual authentication according to claim 1, wherein the base station transmits an authentication success message to the user station and the user station transmits the ciphertext data to the base station. In the case of the station, the base station and the subscriber station are used as a data carrier by an exclusive-or function or an adder function, and a sender is the user of the group. The common key or the set of bases 2011 29128 the common key of the platform and a random parameter are encrypted by the exclusive OR function or the addition function, and the cryptographic data is transmitted to the receiving by wireless transmission. The receiving end decrypts the random parameter data by the mutual exclusion function or the adding function. 5. The wireless communication method with dynamic key mutual authentication as described in claim 1 further includes providing an operation_identification code (op_code) to transmit one of each message between the base station and the user station. Blocking, the base station and the subscriber station learn the function of the message by using the operation_identification code, wherein the operation code is a digit of more than 4 bits. 6. The wireless communication method with dynamic key mutual authentication according to claim 1, wherein each plaintext data transmitted between the base station and the user station is protected by a two-dimensional stream encryption process. Two dimension stream cipher technique protection, in which two-dimensional operation refers to the encryption operation of the same plaintext data by two different operations. 'Streaming encryption means that each different plaintext byte has a different random IL. The code is encrypted, and the encryption operation technology combining these two characteristics is called a two-dimensional stream encryption processing technology. 7. The wireless communication method with dynamic key mutual authentication as claimed in claim 1, wherein the base station transmits a failure message to the user if the machine station does not pass the mechanical authentication of the base station And the user station receives the group base station public key transmitted by the base station and the user station key calculation to generate a common key, and further calculates a user station first identity authentication key Cerfun (CSKl, CSK2, CSK3), and then compare the first identity authentication key calculated by the user station and the first identity authentication key Cerfun (CSKl, CSK2, CSK3) transmitted by the base station of the 2011 2011128128 group base station. If they are equal, the subscriber station displays the failure message transmitted by the base station. If not, the subscriber station discards the wireless communication authentication message and continues to wait for the wireless communication authentication message of the base station. 8. The wireless communication method with dynamic mutual authentication according to claim 1, wherein the base station checks the second identity authentication key Cerfun (AK1, AK2, of the subscriber station transmitted by the subscriber station). AK3) and the base station second identity authentication key Cerfun (AK1, AK2, AK3) calculated by the base station, if not equal, the base station discards the data transmission request of the subscriber station, and continues Wait for the data transmission request of the subscriber station. 9. The wireless communication method with dynamic key mutual authentication according to claim 1, wherein the subscriber station checks the base station third identity authentication key Cerfun (AK, AK5, transmitted from the base station). AK6) and the subscriber station third identity authentication key Cerfun (AK4, AK5, AK6) calculated internally by the subscriber station, if not equal, the subscriber station discards the permitted data transmission request message and continues to wait for the base station The data transmission request message is allowed. 10. The wireless communication method with dynamic key mutual authentication as described in claim 1, wherein the base station receives the ciphertext data of the subscriber station, and verifies the authentication code EXOR of the group of subscriber stations (TEKm) , NTEKm) is equal to the authentication code EXOR (TEKm, NTEKm) generated by the internal calculation of the base station. If the verification is unsuccessful, the base station discards the 201129128 ciphertext data transmission of the subscriber station and continues to wait for the secret of the subscriber station. Text transmission. 30