WO2007140665A1

WO2007140665A1 - A system and method of authentic connection security authentication based on cpk

Info

Publication number: WO2007140665A1
Application number: PCT/CN2006/003496
Authority: WO
Inventors: Xianghao Nan; Jianguo Zhao
Original assignee: Beijing E-Hengxin Authentication Science & Technology Co. Ltd.
Priority date: 2006-06-06
Filing date: 2006-12-20
Publication date: 2007-12-13
Also published as: CN1859091A

Abstract

A system of communication connection security authentication based on CPK, in which the system is included in the communication system, comprises: a CPK security authentication unit, for having a security authentication to the identification and the integrality code of different terminals using the CPK algorithm in the different levels of the communication system, during the connection of different terminals in the communication system. A method of communication connection security certification based on CPK implements directly the connection of the terminal to the terminal in the CPK authentic connection. It has advantages that the system resource cost is low, the CA management is simple and the process of establishing the communication is further facilitated.

Description

CPK-based trusted connection security authentication system and method

The invention relates to the field of digital communication security authentication, in particular to a combined public key algorithm

(CPK) Trusted Connection Security Certification System and Method. Background technique

The communication network connection protocol is usually divided into multiple levels, each layer is responsible for different communication functions, and the communication protocols at multiple levels (link layer, network layer, transport layer and application layer) are all made on the security side. Special considerations to cope with the various security issues that are now receiving increasing attention.

Take the TCP/IP protocol stack as an example. It is generally considered to be a five-layer protocol system: physical layer, link layer, network layer, transport layer and application layer:

Physical layer: The purpose of the physical layer is to transfer the original bit stream from one computer to another; '

Link layer: The function of the link layer includes providing a well-designed service interface for the network layer, determining how to frame the bits of the physical layer, processing transmission errors, and adjusting the frame flow rate;

Network layer: The network layer is responsible for handling the activities of packets in the network, 'the packets sent from the source are sent to the destination through various channels;

: Transport layer: The transport layer mainly provides end-to-end communication for applications on the source and destination machines; 'Application layer: The application layer is responsible for handling specific application details.

''In addition to the physical layer, each layer of the TCP/IP stack contains multiple communication protocols, such as the wireless LAN protocol (Wireless LAN, WLAN) at the link layer, and the IP protocol (Internet Protocol) at the network layer. Layer TCP/UDP (Transport Control Protocol / User Datagram Protocol) protocol and application layer SMTP (Simple Mail Transfer Protocol) protocol. In the existing important communication protocols, special considerations have been given to the security aspects to cope with various security issues that are now receiving increasing attention, such as EAP_TLS in the link layer 1EEE 802. Hi WLAN' protocol (Extensible) Authentication Protocol (Transport Level Security) authentication, network layer IKE (Internet Key exchange) protocol, SSL/TLS (Secure Socket Layer I Transport Layer Security) protocol in the transport layer.

The following takes the SSL/TLS protocol as an example to perform the security authentication process during the communication connection process: Secure Socket Layer (SSL) is the most popular protocol for establishing secure links today. It has been revised several times, starting with version 1 and finally adopting Transport Layer Security (TLS). The SSL/TLS protocol is located between the TCP and application layers and uses TCP to provide an end-to-end security service whose primary purpose is to ensure data security and integrity between two communication applications. The SSL/TLS protocol consists of two layers: the record layer and the handshake layer. The recording layer is located above TCP, providing basic security services for different higher layer protocols. It implements compression/decompression, encryption/decryption, computing MAC/authentication MAC, etc. The handshake layer allows the server and client to authenticate each other, and Encryption algorithms and key generation can be negotiated before the application layer protocol transmits data.

The existing SSL/TLS handshake protocol requires 13 steps to complete the complete handshake process. The protocol is very complex and the resource consumption is undoubtedly very large. The complete handshake process is roughly divided into four phases - the first phase: establishing security ability

The client sends a .ClientHello packet to the server. The server must respond to a ServerHello packet, or a fatal error has occurred, causing the connection to fail. ClientHello and 'ServerHello messages are used to establish enhanced security between the client and server. ClientHello and ServerHello establish the following attributes: protocol version number, session ID, ciphertext family, and compression method. In addition, the random numbers generated by the two clients and the server are also exchanged.

Msgl (ClientHello) C -> S: versionC | randomC | session— idC | cipher—suites | compression—methods

Msg2(ServerHello) S C: versions | randomS | session—idS | cipher— suite | •compression— method

• Phase 2: Server Authentication and Key Exchange

If authentication is to be performed, the server will issue its certificate after the Hello message. In addition, a ServerKeyExchange message can also be sent if required (for example: the server does not have a certificate or the certificate is only used for signing). If 'the server has been authenticated and is appropriate for the selected ciphertext family, then a certificate from the customer can be requested. The server can now issue a ServerH.elloDone message to indicate that the first two phases of the handshake protocol are complete. The server will then wait for a response from the client. ——.

Msg3(Certificate) S ^ C: certificateJistS .

Msg4(ServerKeyExchange) S - C: exchange—keys

Msg5 (CetificateRequest) S -> C: certificate—typeC | certificate—author Msg6(ServerHelloDone) S - C: NULL

Phase III: Customer Authentication and Key Exchange

If the server has sent a CertificateRequest message, the client must respond to a Certificate message. The ClientKeyExchange message is now sent. The content of this message depends on the public key cipher algorithm selected between ClientHello and ServerHello. If the client has issued a certificate with a signature capability, a Digitally signed CertificateVerify message will be sent to explicitly verify the certificate.

Msg7(Certificate) C S: certificate— listC

Msg8 (Client eyExchange) C S: exchange—keys

Msg9(Certificate Verify) C - S: signature

The fourth stage: The end of the session.

Now, a ChangeCipherSpec message is sent by the client, and the client copies the predetermined password profile to the current password protocol. The client then immediately sends the Finished message with the new algorithm, key and password. In response, the server will send its own ChangeCipherSpec message, convert the predetermined password to the current password protocol, and send its own Finished ' message with the new password protocol. At this point, the handshake is completed and the application data can be exchanged between the client and the server.

Msgl O(ChangeCipherSpec) C - S: change— cipher— spec— type

Msgll (Finished) C -> S: verify- dataC ,

Msgl2(ChangeCipherSpec) S - C: change_cipher_spec_type

Msgl 3 (Finished) S C: verify— dataS

However, these security protocols do not solve the problem of very large-scale key management, so there is no solution that can prove the trust of this connection.

Specifically, although existing network communication protocols have considered security issues, they still have the following problems:

1) The authentication negotiation process needs to obtain a public key certificate, which inevitably consumes a large amount of bandwidth resources;

2) The management and distribution of a large number of certificates greatly increases the complexity of the system;

3) It is difficult to maintain the integrity of the interactive message before obtaining the certificate, and a special message is needed to ensure the integrity of the entire interaction process;

.4) The number of interactions is too many, the process is more complicated, and the implementation cost is large; 5) Unresolved proof of credibility. Summary of the invention

It is an object of the present invention to provide a CPK-based communication connection security authentication system and method that overcomes the above-discussed deficiencies. It directly realizes the verification from the client terminal to the client terminal in the CPK trusted connection, the system resource is sold off small, the certificate management is simple, and the process of establishing communication is greatly simplified.

A communication connection security authentication system provided for the purpose of the present invention is a communication system, including a CPK security authentication unit, for connecting in different terminals of a communication system, in different levels of the communication system, different The identity and integrity code of the terminal are authenticated by the CPK algorithm. The CPK security authentication unit is implemented by a CPK chip, and the CPK chip includes a CPK algorithm unit, an ID certificate, a protocol packet unit, and a public key matrix unit.

The CPK chip is embedded in the U-bar. '

The CPK protocol packet unit includes CPK security authentication parameters.

The CPK security authentication parameters consist of the following parts: . '

a first identification segment parameter; a first identification certification segment parameter; a second identification segment parameter; a key exchange segment parameter; a data encryption segment parameter; and a data integrity certification segment parameter.

In order to achieve the object of the present invention, a communication connection security authentication method is provided, including the following steps: Step A) The first terminal directly sends a message to the second terminal, where the message includes the identifier of the first terminal and the identifier authentication code;

Step Β) The data transmitted by the second terminal to the first terminal is parsed by the CPK algorithm, and the signature is decrypted and verified by the identifier and the public key of the first terminal, and the authenticity and legality of the first terminal identifier are directly Make a judgment, if it is legal, it will be accepted. If it is not legal, it will be rejected.

The communication connection security authentication method of the present invention may further include the following steps:

Step C) The second terminal sends a receipt to the first terminal, and the receipt may be a random number or a data integrity code. The interaction ends. .

Further, the step A) may include the following steps:

Step A1) 'The CPK security authentication unit in the first terminal may include a random number; . ' 'Step A2). The CPK security authentication unit in the first terminal may include a key exchange segment; • The step B) may include the following Steps:

'Step B1) The second terminal obtains a data encryption key from the key exchange segment through a key exchange protocol; Step B2) The security authentication unit in the second terminal decrypts with the symmetric key, and de-densifies the encrypted data of the first terminal;

The step A1) may include the following steps:

Step All) The CPK security authentication unit in the first terminal generates a timestamp T _{A ;}

Step A12) The CPK security authentication unit in the first terminal sets data={T _A , I _B }; where T is time and I is an identifier.

The step B) may further include the following steps - step B4) the CPK security authentication unit of the second terminal checks the identifier I _B in the confirmation data _;

Step B5) The CPK security authentication unit of the second terminal checks the time T _A in the confirmation data to confirm the reporting time; 'The beneficial effect of the present invention is: the CPK-based communication connection security authentication system and method of the present invention, the communication identifier ( Label) Authenticate and provide proof of authenticity. It uses the CPK key algorithm to simplify the complex multiple interaction process in the security authentication process into a single process, directly implementing the trusted communication connection of any two clients, satisfying The requirements for trusted connections at all levels in the communication connection: the system connection security authentication process has low system resource overhead, simple certificate management, and the process of establishing a communication connection security authentication is greatly simplified, and the operation efficiency is greatly improved. ' Description of the drawings

1 is a schematic diagram of a communication connection security authentication system of the present invention;

Figure 2 is a flow chart of the communication connection security authentication method of the present invention. . detailed description '

- The CPK-based communication connection security authentication system and method of the present invention is further described in detail below. The design idea of the communication connection security authentication system and method of the present invention is: An excellent communication connection security authentication system and method, which does not provide a reliable means of verification, but also provides a simple means of verification.

CPK trusted connection system is based on the technology of identifying true and false identification, which is a key step of trusted connection; at the same time, to be easy to verify, technically must solve the scale and ': i identification certificate two problem.

The Combined Public Key (CPK) key algorithm system is a system of key generation and management based on identification (identity). It is based on the mathematical principle of discrete logarithm problem The public key and the private key matrix are constructed. The hash function and the cryptographic transformation are used to map the identity of the entity into the row coordinate and column coordinate sequence of the matrix, which are used to select and combine the matrix elements, and generate a large number of public keys and A public and private key pair composed of private keys, thereby realizing the super-large-scale key production and distribution based on the identification, and providing a technical basis for the credibility verification of the communication identification.

Combined Public Key Algorithm (CPK) is an identification-based public key algorithm whose key management center generates private key calculation parameters (private key calculation base) and public key calculation parameters (public key calculation basis) corresponding to each other; a user-provided identifier, calculating a private key of the first user by using the private key calculation parameter, and providing the generated private key to the first user; and publishing the public key calculation parameter, so that the second user obtains the first After the identifier of the user, the public key of the first user may be calculated according to the identifier of the first user by using the public key calculation parameter. - The Combined Public Key (CPK) algorithm has the following characteristics:

A) Solved the problem of large-scale key management; '

• B) Centralized key management system;

C) 'Identification based on the signature, can directly identify the authenticity of the logo;

' D) Less space required for the storage of keys;

Έ) The system construction investment is small, the operating cost is low, the communication data is small, and the operation efficiency is high, making it simple and easy to be accepted by users. '

- The communication connection security authentication system of the present invention is a trusted connection security authentication system for authenticating and verifying direct X-inch communication identification (tag) based on the large-scale identification authentication technology, which utilizes the CPK key algorithm, The logo is certified to provide a proof of truth and to achieve a trusted 'connection' at either end.

As shown in FIG. 1, the communication connection security authentication system of the present invention is in a communication system, including a CPK security authentication unit, for connecting different terminals of the communication system, in different levels of the communication system, to different terminals. Identification and integrity code, using the CPK algorithm for signature authentication. ·

The CPK security authentication unit is implemented by the CPK chip, and the CPK chip includes the CPK algorithm unit.

'Book, protocol package unit, public key (double point) matrix unit.

The CPK chip with the CPK algorithm in the present invention is described in the specific embodiment of the applicant's Chinese invention patent application. 2005100021564 based on the identified key generation device and method, and is referred to in the present invention in its entirety. '' - The CPK chip can be embedded in the u-bar and can be plug and play.

The ID certificate mainly provides the CPK private key of the client; the protocol package unit mainly includes a key exchange protocol and a digital signature protocol;

The public key matrix unit provides all the public keys of each relying party.

The CPK algorithm unit provides all the parameters and protocols required for secure authentication. Based on the identity of the terminal, the public key matrix unit can be used to calculate the public key of the terminal. ,

In order to realize the trusted connection in the communication, the CPK protocol packet unit includes the CPK security authentication parameter, and the CPK security authentication parameter is composed of the following parts: identification 1 segment parameter; identification 1 certification segment parameter; identification 2 segment parameter ; key exchange segment parameters; data encryption segment parameters; and data integrity certification segment parameters. Its parameter format is shown in Table 1. Table 1 parameter format table

Among them, the identifiers 1 and 2 can be defined by themselves, such as IP address, mobile phone number, etc.; If the IP address of terminal A is marked with IP _A :

'Authenticated identification code: The signature code signed by the private key of the identification, such as: SIG _SK1PA (IP _A )=sign _A , where the private key is provided by the CPK security authentication unit, signature The calculation is performed inside the CPK security authentication unit.

The identification and identification authentication code provides a simple basis for the receiving end, namely: First check the authentication 'code, make a decision to accept or reject. The most typical is that in the mobile phone communication, once the other party's phone is received, the phone number (identification) is firstly judged as authentic. If it is true, it is connected and accepts subsequent voice data; if not, it is rejected. . The method of receiver verification is very simple. The sender's logo is used as the public key. It is OK to verify the sender's identity. The CPK chip provides a public key matrix, and the public key of the identity can be calculated by knowing the identity of the other party. With the public key, the identity of the other party can be verified directly.

In the trusted connection, first encounter the problem that the information should be received. This is solved by the first mode. Then further encounter the problem that the received information is wrong. Commonly used check method is the data integrity code

The signature of the MAC.

In the CPK security authentication system of the present invention, the key exchange is performed at the same time as the identity authentication, and the handshake interaction is not required, because the key exchange r (PK _B ) determines that only the terminal B can receive, and the digital signature SIG _IPA (MAC) Prove that this information is from the identification IP _A. ,

In the key exchange r is a random number, PK _B is the public key identifying IP _B , and in the digital signature the MAC is the data integrity code.

The communication connection security authentication system of the invention is directly established on the basic identification technology of identification authentication, and the identification identification and the key exchange are completed simultaneously, and the handshake interaction process is not required, the authentication protocol is simple, the communication overhead is small, and the implementation is easy. Easy to promote.

The communication connection security authentication system is adapted to multiple layers (link layer, network layer, transport layer and application layer) in the TCP/IP protocol stack, such as SSL/TLS, IKE (IPsec), WLAN, and is also used for mobile phones. In a trusted connection such as wireless communication.

As shown in Fig. 2, the CPK-based communication connection security authentication method of the present invention will be further described in detail below in conjunction with the communication connection security authentication system.

The CPK-based communication connection security authentication method of the present invention is a security and security authentication method running at the bottom of the communication system, wherein the identification of the communication parties is defined by the communication system, and the operations of encrypting/decrypting, signing/verifying, etc. are calling the bottom layer. The CPK communication is connected to the secure authentication system to complete. The remaining parameters can be flexibly selected according to the characteristics of the actual application system. The following is a detailed description of the CPK-based trusted connection security authentication method implemented by the CPK algorithm. For convenience of explanation, the SSL/TLS protocol is taken as an example. However, the present invention is not limited thereto, and it is also applicable to other secure authentication connection protocols for communication connections.

...: Step A) Terminal A initiates a security authentication request to terminal B, and the request message includes the identifier and authentication code of terminal A;

Msgl CS: IDc I SIGSKC(IDC) | ID _S | R | r(PK _s ) | E _key (data);

Where ID _C is the client identifier, ID _S is the server identifier, SK _S is the server private key, and PK _S is

Server public key;

' : Random number..R, indicating the freshness of the identification message, that is, the security authentication of this communication connection is not a duplicate security authentication; The encryption operation E _key { data } indicates that the data data is encrypted by a symmetric algorithm (such as an AES encryption algorithm) using the session symmetric key E _key ;

The signature operation SIG _SKC (IP _C ), indicating that the client signs the identity with a private key through a secure authentication signature algorithm (such as an elliptic curve signature algorithm);

Specific steps are as follows:

A1) The CPK security authentication unit in terminal A generates a random number r, and the security authentication unit in terminal A uses its own CPK private key to sign the identification of terminal A to obtain signature data SIG _SKC (IP _C ); . Specific digital signature method Using the Digital Signature Standard (DSS), the protocol uses X509, and the one-way transmission method is as follows -

All) The CPK authentication unit in terminal A generates a timestamp T _A;

A12) The CPK' authentication unit in terminal A generates data data={T _A , I _B }; where T is time, and I is an identifier;

A13) The CPK authentication unit in terminal A signs the data with its own private key as the identification authentication code: SIGsKc(data);

' A2 ) The CPK authentication unit in terminal A generates a symmetric key and calculates rG=key;

' A3) The CPK authentication unit in terminal A is encrypted by the encryption algorithms E and . Key Ekey(data)=coded-text;

A4) The CPK authentication unit in terminal A uses the identity of the terminal B to calculate the public key of the terminal B through the public key matrix unit, and then encrypts the symmetric key by using an asymmetric encryption algorithm (such as an elliptic curve encryption algorithm) using the public key. Key key, ie calculate r(PK _B )=ex-key;

A5) Terminal A sends the encrypted signature data ex-key, coded-text to terminal B.

Step B) The security authentication data transmitted by the terminal B to the terminal A is parsed by the CPK algorithm, and the signature is decrypted and verified by the private key of the terminal B and the identifier of the terminal A.

Terminal B uses the identifier of terminal A to calculate the public key of terminal A through the public key matrix, calculates the public key of terminal A according to the identifier of terminal A, and verifies the signature: SIG _SKC (data), judges the authenticity of the identifier , decide whether to receive.

.' The specific steps are as follows:

B1) The security authentication unit in terminal B decrypts the symmetric key key with its own private key;

The CPK security authentication unit in terminal B. uses the private key of terminal B to parse e'x-key to obtain terminal A. The symmetric key key sent;

Namely: ex-key*SK- ¹ = r(PK _B )SK- ¹ =r(SK*G)SK-'=rG=key;

B2) The security authentication unit in the terminal B is decrypted by the symmetric key key, and the encrypted signature data coded-text of the terminal A is obtained, that is, D _key (coded-text) ⁼ data;

The CPK security authentication unit of the terminal B is decrypted by the symmetric key key, and the signature data coded-text of the terminal A is obtained, that is, D _A {data};

B3) Using the identity of the terminal A, the public key of the terminal A is calculated by the public key matrix in the C.PK security authentication unit of the terminal B, and the terminal A signature data SIG _{SI C} (IP _C ) is performed by the public key of the terminal A. Verify, determine the authenticity of the signature.

Preferably, the method further comprises the following steps:

B4) The CPK security authentication unit of terminal B checks the identifier I _B in the integrity code data _; B5) The CPK security authentication unit of terminal B checks the time T _A in the integrity code data, and confirms. ;

: Step C) Terminal B sends a receipt to terminal A, and the interaction ends.

Msg2 C ^ S: { SIGSKS(R) } ' , ,

Since the original SSI TLS protocol is a protocol that is completed without addressing the scale and identity authentication technology, the SSL/TLS protocol is compared and analyzed in terms of the CPK-based communication connection security authentication method:

The first phase: Since the interaction between the server and the client does not have the certificate of the other party in the SSL/TLS protocol at the beginning of the interaction, the packets at this stage are transmitted in clear text, but in the CPK. In the beginning of the communication, the communication signature is used to prove the credibility of the connection.

The second phase and the third phase: In the SSL/TLS protocol, the key exchange is performed between the server and the client through complex 3⁄4:, and in the CPK trusted connection protocol, the first phase "identification authentication" is completed simultaneously. Key exchange, so the second and third phases are cumbersome.

The fourth stage: Since the server and the client can calculate the other party's public key by calculation, 'therefore, the integrity of the interaction can be guaranteed from the beginning of the interaction, so the fourth stage is superfluous.

' :. This communication connection security authentication method provides a standardized identification trusted authentication communication protocol framework in the TCP/IP protocol stack. The communication connection security authentication method is also applicable to the requirements of trusted connections at all levels of the protocol stack (link layer, network, 'layer, transport layer and application layer), and has low system resource overhead, certificate management Single, the process of establishing a link is greatly simplified, and the operation efficiency is high.

The present invention is not intended to limit the scope of the present invention, and the present invention is not limited to the spirit of the present invention. Changes made are within the scope of the invention.

Claims

Claim

A communication connection security authentication system, characterized in that, in a communication system, a CPK security authentication unit is provided for identifying different terminals in different levels of the communication system in a process of connecting different terminals of the communication system And integrity code, using CPK algorithm for security authentication.

2. The communication connection security authentication system according to claim 1, wherein the CPK security authentication unit is implemented by a CPK chip, and the CPK chip comprises a CPK algorithm unit, an ID certificate, a protocol packet unit, and a public key matrix unit.

3. The communication connection security authentication system according to claim 2, wherein the CPK chip is embedded in the U-bar.

.

4. The communication connection security authentication system according to claim 2, wherein the CPK protocol packet unit includes a CPK security authentication parameter. . ' '

The CPK security authentication parameters consist of the following parts:

The first identifier segment parameter; the first identifier certification segment parameter; the second identifier segment parameter; the key exchange segment parameter; the data encryption segment parameter; and the data integrity certification segment parameter.

•.

A communication connection security authentication method, comprising the following steps: · "Step A" The terminal initiates a security authentication request to the second terminal, where the request message includes the identity authentication code and the identifier of the first terminal;

Step B) The security authentication data transmitted by the second terminal to the first terminal is parsed by the CPK algorithm, and the signature is decrypted and verified by the private key of the second terminal and the identifier of the first terminal.

6. The communication connection security authentication method according to claim 5, further comprising the following steps:

Step C) The second terminal sends a receipt to the first terminal, and the interaction ends. '

: '

7. The communication connection security authentication method according to claim 5 or 6, wherein said step A) comprises the following steps: ' ' .

Step A1) The CPK security authentication unit in the first terminal generates a random number, and the security authentication unit in the first terminal signs the signature data by using its own CPK private key signature; Step A2) The CPK security authentication unit in the first terminal generates a symmetric key; 'Step A3> The CPK security authentication unit in the first terminal encrypts the signature data by using a symmetric key; Step A4) CPK security in the first terminal The authentication unit uses the identifier of the second terminal, calculates the public key of the second terminal through the public key matrix unit, and then encrypts the symmetric key by using the public key;

Step A5) The first terminal sends the encrypted signature data to the second terminal.

8. The communication connection security authentication method according to claim 7, wherein the step B) comprises the following steps:

Step B1) The security authentication unit in the second terminal decrypts the symmetric key with its own private key; - Step B2) The security authentication unit in the second terminal decrypts with the symmetric key to obtain the encrypted signature data of the first terminal. ' ·

Step B3: using the identifier of the first terminal, calculating the public key of the first terminal by using the public key matrix in the CPK security authentication unit of the second terminal, and verifying the first terminal signature data by using the public key of the first terminal, Determine the authenticity of the signature.

'

9. The communication connection security authentication method according to claim 8, wherein the step A1) comprises the following steps:

Step All) 'The CPK security authentication unit in the first terminal generates a random number R _{A ;}

'Step A12' The CPK security authentication unit in the first terminal sets the integrity code = {T _A RA> IB, d}; where T is time, I is identification, and d is random data.

10. The communication connection security authentication method according to claim 9, wherein the step B) further comprises the following steps:

Step B4) The CPK security authentication unit of the second terminal checks the identifier in the integrity code 3⁄4 _; Step B5) The CPK security authentication unit of the second terminal checks the time T _A in the integrity code to confirm the time of the report. ; '

Step B6) The CPK security authentication unit of the second terminal checks the random number in the integrity code to be compared with the existing random number in the CPK security authentication unit of the second terminal, and confirms that there is no reuse.