WO2008134918A1 - Authentication method and authentication system - Google Patents

Authentication method and authentication system Download PDF

Info

Publication number
WO2008134918A1
WO2008134918A1 PCT/CN2007/071224 CN2007071224W WO2008134918A1 WO 2008134918 A1 WO2008134918 A1 WO 2008134918A1 CN 2007071224 W CN2007071224 W CN 2007071224W WO 2008134918 A1 WO2008134918 A1 WO 2008134918A1
Authority
WO
WIPO (PCT)
Prior art keywords
hash value
mobile terminal
terminal node
authentication
base station
Prior art date
Application number
PCT/CN2007/071224
Other languages
French (fr)
Chinese (zh)
Inventor
Qin Wu
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2008134918A1 publication Critical patent/WO2008134918A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint

Definitions

  • the present invention relates to the field of communications, and in particular, to an authentication method and an authentication system ⁇ , BACKGROUND
  • the present invention relates to a fast handover technology in the mobile IPv6 field, that is, a mobile terminal node (Mobile Station; hereinafter referred to as: MS) forward access router (hereinafter referred to as PAR) registers its new handover in advance.
  • the node moves from one access router to another, and maintains the continuity of the session. This process is called handover in the handover process, due to the link handover delay.
  • the IP protocol works, the mobile terminal node is in a segment. The packet cannot be sent or received within the time, resulting in an increase in the packet loss rate during this time.
  • Mobile IPv6 fast handover is a handover technique proposed to reduce handover delay and reduce packet loss rate.
  • the mobile terminal node includes a mobile phone, or a notebook computer with a wireless network card, etc., and can be used to save a relatively simple data list.
  • the fast binding update management is a process for notifying the relevant node of the new care-of address in the fast handover, wherein A very important security issue is about the issue of fast binding update and fast binding confirmation message authentication.
  • One way to ensure the security of the handover process is to introduce a one-way hash function algorithm, which authenticates the binding message.
  • the principle is to generate a one-way hash value by using a one-way hash function, and the mobile terminal node distributes a hash value to the access router AR (Access Roofer: AR) as an authentication material, and the message from the mobile terminal node
  • AR Access Roofer: AR
  • the certification is implemented, and a new hash value is replaced as a certification material each time it is switched.
  • a one-way hash chain is based on a one-way hash function 3 ⁇ 4 into a set of one-way hash values... ⁇ , and satisfies ( ).
  • the one-way hash function may be a hash function such as Secure Flash Algorit m 1 (hereinafter referred to as SI1.1;) and Message Digest 5 (hereinafter referred to as MD5).
  • SI1.1 Secure Flash Algorit m 1
  • MD5 Message Digest 5
  • the technical solution implements authentication on the binding message by introducing a one-way hash function algorithm.
  • the authentication principle is that the mobile terminal node generates a one-way hash list. In the proxy route prefix request, the hash list extracts a hash value as a key material and distributes it to the AR. Then, the key material is used to authenticate the fast binding message from the mobile terminal node, and the key material for the next handover is transmitted during the process of establishing a channel between the PAR and the new access router (N
  • Figure ⁇ shows a fast handover authentication procedure in a prediction mode according to the related art, the process of which is as follows:
  • the mobile terminal node first generates a set of 128b it hash values such as 3 ⁇ 4, ⁇ ';, ".'; & , and satisfies K-ZXU, one-way hash function according to the one-way hash function.
  • K-ZXU K-ZXU
  • the one-way hash function has an irreversible sexual shield, that is, knowing ⁇ , you can get n> according to (f') and know that it cannot be launched.
  • the mobile terminal node constructs a hash switching option (Hash Mancloff Option; hereinafter referred to as 0) from the one-way hash chain according to the type length value (Type Lengiti Value; the following cylinder: TLV), and is encapsulated in the option.
  • the request is carried by the proxy router request message to the MR.
  • the proxy router may request a message signature using a Cryptogical Data Generated Address (hereinafter referred to as CC.A) technology.
  • CC.A Cryptogical Data Generated Address
  • PAfl is extracted from the RH0 option, and a 64bU switching vector (Handof f Vector; hereinafter referred to as HY) is randomly generated, and the switching vector option (llandof f Vector Option; hereinafter referred to as: and carried in the proxy router advertisement, is sent to the mobile terminal node.
  • the mobile terminal node performs a hash operation on the HV after receiving the proxy route advertisement (hereinafter referred to as PrRtAdv) message, and generates a new HV ( provided that the PAR must know the mobile terminal node to the HV Suitable processing
  • the mobile terminal node extracts 64bit ⁇ from the HV0 option ; and extracts the new link prefix from the proxy router advertisement message to start configuring the new care-of address.
  • the new care-of address interface IS is calculated as follows: Interface ID part of nCoA. First (64, f'-) oK First (64, nil?) , that is, the interface identification part of the new care-of address is equal to the first 64 bits and the first 64t>h. of the nMV The result, where nCoA (new Care of Address:) refers to the new transfer place, address,
  • the mobile terminal node sends a binding update message to the forward access router, and carries a hash extension option (Ha sh Ex t en s I on Op 11 on; hereinafter referred to as ⁇ ), which includes a hash extension (f!as ⁇ Extension; Hereinafter referred to as: HE) ⁇ &,
  • HE hash extension
  • the front access router pair fast binding update (FBU) message real-time authentication, extracting the first 64blt of the ⁇ ; from the nCoA, plus the last 64 bits extracted from the HE, get, and After the first hash operation, compared with ⁇ "; if the . is equal, the former router successfully authenticates the FBU.
  • FBU front access router pair fast binding update
  • the PAR After the PAR receives the binding update message from the mobile terminal node, it immediately initiates a handover initialization message to the new access router, and the message carries a 64-bit handover option (Handoff Option; hereinafter referred to as H0), USblt's The Greek chain item HO) (i1 ⁇ 2sh Ch in Option, ), the book option is the 64bi t HV generated by R, and the HC0 option contains a one-way hash value.
  • H0 handover Option
  • the front router receives the handover acknowledgement (Handover Acknowl edge; hereinafter referred to as HAck), and then responds to the mobile terminal node with the Fast Binding Ackno l edge (FBAck) option, carrying the token. : Token. Acknowl edge Option (hereinafter referred to as: Ding AO), TA0 option package TAck. Value, calculated as follows:
  • the mobile terminal node authenticates the FBAck message, and calculates the TAck value based on the configured new care-of address, and compares it with the TAc'k value carried in the FBAck. If ⁇ is equal, the authentication is performed. Success, see Figure i where the HH0 option contains the 128-bit HV0 option that the mobile terminal node passes to P.
  • the ⁇ H0 option of 1 contains a 64bi 3 ⁇ 4m random number.
  • a one-way hash chain is generated by a mobile terminal node based on a one-way hash chain pair handover authentication policy, and each time the handover is completed, a hash value needs to be discarded. When all the hash values are discarded, The mobile terminal node needs to regenerate a new hash chain. For the mobile terminal node, the consumption overhead is relatively large.
  • the embodiment of the present invention provides an authentication method and an authentication system, which can solve the problem of low mutual authentication efficiency when the mobile terminal node and the AR switch.
  • an authentication method for performing handover on a mobile terminal node from a first base station to a second base station, where the method includes the following steps:
  • the access router of the first base station receives an authentication request of the mobile terminal node
  • the authentication request includes a first hash value and a media access control address of the mobile terminal node, where the first hash value is obtained by the mobile terminal node querying the locally preset mobile cache list according to the base station identifier of the second base station, where the mobile cache list includes a first hash value and a base station identifier;
  • the access router queries the locally preset access cache list according to the media access control address to obtain a second hash value, and the first hash value and the second hash value that are to be retrieved from the authentication request The value is compared.
  • the access cache list includes a second hash value and a media access control address.
  • an authentication system including: a mobile terminal node, where When switching from the first base station to the base station, querying the local according to the base station identity of the second base station The mobile cache list is configured to obtain a first hash value, and the media access control address of the first hash value and the mobile terminal node is encapsulated in an authentication request and sent to the access router of the first base station, where the mobile cache list includes a first hash value and a station identifier; an access router, configured to query a locally preset access cache list according to the media access control address to obtain a second hash value, the first hash value obtained from the authentication request Compared with the second hash value, if the ⁇ is equal, the authentication succeeds, wherein the access cache list includes the second hash value and the media access control address.
  • the cache list is used, thereby avoiding that the mobile terminal node needs to regenerate a new hash chain, which is beneficial to the mobile terminal node to the Achilles and authentication of each AR, and the mutual authentication of the mobile terminal node and the AR, and improve Mutual authentication efficiency when the mobile terminal node and the AR switch.
  • FIG. 1 shows a fast handover authentication process in a prediction mode according to the related art
  • FIG. 2 shows a flow chart of an authentication method in accordance with an embodiment of the present invention
  • FIG. 3 illustrates a prediction mode fast authentication process according to an embodiment of the present invention
  • FIG. 2 shows a flow chart of a lightweight fast handover authentication method according to an embodiment of the present invention, including the following steps:
  • Step S10 The AR of the former base station (ie, PAR) receives the authentication request of the MS (such as the FBU message, which is exemplified by the FBU message), and the FBU message includes the first hash value and the media access control address of the MS (below) Abbreviation: MAC), the MS obtains a first hash value by querying a local preset mobile cache list according to a base station identifier (Base Station: BSID) to be switched to a new base station, where The cache list includes a first hash value and a BSID; the PAR queries the locally preset access cache list according to the MAC of the MS to obtain a second hash value, and obtains the first hash value and the second hash from the FBy message.
  • BSID base station identifier
  • the PAR queries the locally preset access cache list according to the MAC of the MS to obtain a second hash value, and obtains the first hash value and the second hash from the FBy message.
  • the values are compared. If they are equal, the authentication succeeds.
  • the access cache list includes the second hash value and the MAC address.
  • Step S20 the PAR queries the locally preset access cache list according to the MAC of the MS to obtain a second hash value, and compares the first hash value obtained from the FBI) message with the second hash value, and if equal, authenticates Success, indicating that the one-way hash value of the MS is that the first hash value is not equal to the second hash value of the A distribution, or that the PAR does not query the access cache entry according to the MAC of the MS (Viated Cache Entry; The following is abbreviated: When the authentication fails, the access cache list includes the second hash value and the MAC address.
  • the mobile cache list and the access cache list can be established by the following steps: P generates multiple hash values and sends them to the MS; the MS uses the prefix generated by itself (ie, the random number) and the received hash value as the first hash. The value gets the new BSID, and the first hash value and the BSID constitute a mobile cache entry (Mobile Cache Entry; hereinafter referred to as MCE); the PAR uses multiple hash values as the second hash value, and the MAC of the MS constitutes the VCE, Form a list of mobile cache list access caches
  • the PAR generates a set of hash values of a certain length, such as V0, Vl ⁇ *'Vn, according to the one-way hash function F, and satisfies Vi-F (Vi + U.
  • the length of the hash chain is limited,
  • the calculation overhead of generating a one-way hash chain by a mobile terminal node is relatively large, and the energy consumption is large.
  • the calculation of the hash chain by PAR is beneficial to the terminal to save energy and bandwidth. It is very important to generate a one-way hash chain by MR.
  • the advantage is that the mobile terminal node tracks and authenticates the AR, and mutual authentication between the mobile terminal node and the AR is implemented. The specific steps are as follows:
  • the PA generates a PrRtAdv message and sends it to the mobile terminal node, where the ⁇ is carried;
  • the PAR encrypts the PrRtAdv message and sends it to the mobile terminal node. This can further enhance security.
  • the PAR encrypting the PrRtMv message may include the following steps:
  • the MS generates a public-private key pair, and sends the public key to the AR through a proxy routing request (hereinafter referred to as RtSoLPr) message;
  • the AR encrypts the PrR iv message by using the public key.
  • the implementation of the present invention is combined with a symmetric key system to generate a shared key through a 3?3 ⁇ .
  • public-private key mechanism of Secure Neighbor Discovery (SEND) protocol and protect the FBU with a shared key.
  • FBAck Fast Binding Answer
  • an authentication system including:
  • the MS is configured to: when the base station is switched, query the local preset mobile cache list by using the new BSID to be switched to obtain the first hash value, and encapsulate the first hash value and the own MAC in the FBU message.
  • An access router that is sent to the former base station, where the mobile cache list includes a first hash value and a new BSID;
  • An AR configured to query a locally preset access cache list according to the MAC of the MS to obtain a second hash value, and compare the first hash value obtained from the FBU message with the second hash value, if the ⁇ is equal The authentication succeeds, wherein the access cache list includes the second hash value and MA (;.
  • the AR establishes a VCE list locally.
  • the VCE stores entries for Mac, Ks, and Vi.
  • the MS establishes the MC £ ⁇ table locally, and the MCE stores the entries BSID, Ks, and Vi.
  • FIG. 3 illustrates a prediction mode fast authentication process according to an embodiment of the present invention, including the following steps: PAR generates a set of 128-bit hash values such as V(), Vl, ''' ⁇ according to a one-way hash function F. Meet V i F(Vi+:i) s
  • the mobile terminal node generates a 64-bit random number Nonce as a prefix, and generates an RSA public-private key pair according to the internal L system, and sends the random number and the RSA public key to the PAR through the RtSoiPr message, and the message is carried by the C (JA signature, carrying RSA, HV0 option It is worth noting here that only the RtSoiPr sent by the mobile terminal node for the first time is signed ⁇ .
  • PAR extracts the RSA public key, generates a shared key Ks according to the internal mechanism, and sends s to the mobile terminal node through the PrRtAdv message.
  • the message is encrypted by RSA public copper to ensure the security of ⁇ , Ks transmission ⁇ fcL
  • the mobile terminal node extracts the shared key lis from the PrRtAclv message, and generates an interface ID of the new care-of address based on Vi and Nonce (ie, the BSID of the new base station) as follows:
  • HE is generated as follows: HE - Las t (6 5 Vi) ® Nonce
  • the MCE cache list entry of the corresponding PAR is established, and then the FBU message is sent to the PAR, the message carries the 0-escape item, and the message is encrypted by the shared key Ks.
  • the PAR receives the FBI! message from the mobile terminal node, authenticates the message, and calculates from the message that V I is compared with the locally established YCE of the PAR. If there is a (Mac, s, Vi) entry in the YCE, the authentication succeeds.
  • the PAR After the PAR successfully authenticates the FBli, it sends a Handover Initiative (hereinafter referred to as HI) message to the AR, carrying the i!EO option and the RSA public key option, and the NAR is based on the new care-of address and the HE0 option.
  • HI Handover Initiative
  • the VI Calculate the VI, generate a new shared key KKs according to the internal mechanism, and establish a VCE entry corresponding to the mobile terminal node
  • PAR enhances the encrypted s option, sends an FBAck: message to the mobile terminal, carries the TAck option and the encrypted s option, and JL encrypts with the shared key Ks.
  • the mobile terminal node decrypts the FBAck message with Ks and calculates TAcfc with the new care-of address. If ⁇ is equal to TAck in the message, the FBAck authentication succeeds. At the same time with the RSA private key to decrypt KKs options, and add a cache list MCE article about NAR is 3 ⁇ 4 ⁇
  • the tracking of the AR by the mobile terminal node is as follows:
  • the mobile terminal node When the mobile terminal node sends a proxy routing request at the time of handover, or resends the routing request on the local link, first according to the new query MCE. If there is a corresponding entry, extracting ⁇ i, the VI is encapsulated in the message as the MN0 option. The message is encrypted and sent to the AR by using the shared key Ks.
  • the AR queries the local VCE according to the MAC of the mobile terminal node, obtains the shared key Ks, decrypts the received message with the shared key, and obtains the Vi option, and Compared with the corresponding VCE entries, if equal, the one-way hash value of the mobile terminal node is distributed by the AR.
  • the AR responds to the mobile terminal node message, carries the Vi 1 option, and encrypts with the shared key. If the unequal or M does not query the corresponding VCE strip according to the MAC of the mobile terminal node, the AR responds to the mobile terminal node message without carrying any I option.
  • the mobile terminal node decrypts the routing agent advertisement with Ks, extracts V] 1, and verifies whether Vi 1 is equal to F (vn. If equal, mutual authentication is implemented, and if the mobile terminal node does not wait, the mobile terminal node deletes the corresponding
  • the mobile terminal node deletes the corresponding entry and initiates a handover to the AR according to the above authentication process.
  • the M-initiation is initiated according to the above authentication process.
  • FIG. 4 shows the reactive mode fast authentication process in accordance with the implementation of the present invention.
  • the KKS option contains the newly generated shared key material of the NAR, and the process is as follows:
  • Steps 2 and 3 quickly switch the authentication step with the prediction mode
  • the mobile terminal node sends an FNA message to the NAR, nests the F leg message, and encrypts only the 11E0 option in the FBI! message with the shared key, and the FBU message includes the UE0 option and the RSA public key material.
  • the NAR performs DAD detection on the new care-of address. If the new care-of address has no MD conflict, the FFI is extracted from the FNA and sent directly to the PAR. At the same time, the RSA public key material is extracted, and the H-local PAR is decrypted to the HB0 option.
  • the mode authentication method calculates ⁇ ., checks whether the local VCE. exists (Mae, s, Vi). If it exists, the FBU message is successfully authenticated.
  • the TA0 escape item is sent to the NAR through the FBAek message with the shared key Ks encryption.
  • the MAR extracts the TA0 option and option, and generates a new shared key ls according to the internal mechanism, encrypts with the RS public key, sends the TO, Ks and the new KKs to the mobile terminal node through the R tAdv message and then establishes the mobile terminal node.
  • VCE list entry
  • the mobile terminal node decrypts the R tAdv message, calculates TA0 according to the new care-of address, and compares it with the TAO in the R tMv message. If ⁇ is equal, the entire authentication is successful. Simultaneously extract s and establish an MCE cache list entry for R.
  • a one-way hash chain is generated by PAR, which reduces the energy consumption of the terminal, and the length of the one-way hash value is not limited, and the generation is easier;
  • a one-way hash chain is generated by the PAR, and the mobile terminal node and the AR respectively generate a cache list, and the mobile terminal node is prevented from re-generating a new hash chain, which is beneficial to the mobile terminal node to each AR. Tracking and authentication, and mutual authentication of mobile terminal nodes, improve the mutual authentication efficiency of mobile terminal nodes and AR handover.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

An authentication method and an authentication system are provided, which are used to authenticate a handover to a base station for a mobile terminal node, the method includes steps that: an access router of the first base station receives an authentication request from the mobile terminal node, the authentication request contains the first hash value and a media access control address of the mobile terminal node, the first hash value is obtained by looking up a locally preset mobile buffer list by the mobile terminal node according to the base station identifier of the second base station, the mobile buffer list contains the first hash value and the base station identifier; the access router looks up a locally preset access buffer list based on the media access control address to obtain the second hash value, compares the first hash value obtained from the authentication request with the second hash value, and the authentication successes if they are equal, in which the access buffer list contains the second hash value and the media access control address. The question that the mutual authentication efficiency is low during the handover for the mobile terminal node and the access router can be solved.

Description

认^£方法和认 i£系统 技术领域  Recognize the method and recognize the system
本发明涉及通信领域, 尤其涉及认证方法和认证系统 <, 背景技术  The present invention relates to the field of communications, and in particular, to an authentication method and an authentication system <, BACKGROUND
本发明涉及移动 IPv6 领域快速切换技术, 即移动终端节点 (Mobile Station; 以下缩称: MS) 向前接入路由器 ( Previous Access Router; 以下 简称: PAR)提前注册自己新的转交.地址 当移动终端节点从一个接入路由器 移动到另一个接入路由器, 而保持会话的连续性, 这一过程称为切换 在切 换过程中, 由于链路切换时延.和 IP协议搡作, 移动终端节点在一段时间内无 法收发数据包, 导致这段时间的丟包率增加。 移动 IPv6快速切换是为了降低 切换时延, 减少丟包率提出的一种切换技术。 一般来说, 移动终端节点包括 手机, 或者带有无线网卡的笔记本电脑等, 可用于保存比较简单的数据列表 快速绑定更新管理是用于快速切换中通知相关节点新的转交地址的过 程, 其中一个很重要的安全问题是关于对快速绑定更新和快速绑定确认消息 认证的问题 目前保证切换过程的安全的一种方法是引入单向哈希函数算法, 对绑定消息实拖认证 其认证原理是利用单向哈希函数生成一纽单向哈希值, 由移动终端节点向接入路由器 AR ( Access Roofer: 以下简称: AR ) 分发哈 希值作为认证材料, 对来自移动终端节点的消息实施认证, 且每次切换须更 换新的哈希值作为认证材料。  The present invention relates to a fast handover technology in the mobile IPv6 field, that is, a mobile terminal node (Mobile Station; hereinafter referred to as: MS) forward access router (hereinafter referred to as PAR) registers its new handover in advance. The node moves from one access router to another, and maintains the continuity of the session. This process is called handover in the handover process, due to the link handover delay. And the IP protocol works, the mobile terminal node is in a segment. The packet cannot be sent or received within the time, resulting in an increase in the packet loss rate during this time. Mobile IPv6 fast handover is a handover technique proposed to reduce handover delay and reduce packet loss rate. Generally, the mobile terminal node includes a mobile phone, or a notebook computer with a wireless network card, etc., and can be used to save a relatively simple data list. The fast binding update management is a process for notifying the relevant node of the new care-of address in the fast handover, wherein A very important security issue is about the issue of fast binding update and fast binding confirmation message authentication. One way to ensure the security of the handover process is to introduce a one-way hash function algorithm, which authenticates the binding message. The principle is to generate a one-way hash value by using a one-way hash function, and the mobile terminal node distributes a hash value to the access router AR (Access Roofer: AR) as an authentication material, and the message from the mobile terminal node The certification is implemented, and a new hash value is replaced as a certification material each time it is switched.
单向哈希链是基于单向哈希函数 ¾成一组单向哈希值 … ίζ, 且 满足 ( )。单向哈希函数可以是安全哈希算法 l.( Secure flash Algorit m 1; 以下简称: SI1.1;) 、 消息摘要 5 (Message Digest 5; 以下简称: MD5 ) 等哈希函数。 兹技术方案通过引入单向哈希函数算法, 对绑定消息实施认证。 其认证 原理是由移动终端节点生成单向哈希链表, 在代理路由前缀请求中, 该哈 希链表提取一个哈希值作为密钥材料分发给 AR。 然后利用该密钥材料对来自 移动终端节点的快速绑定消息实施认证,在 PAR与新接入路由器(New Access Router; 以下简称: NAR.) 建立通道过程中传递下一次切换的密钥材料 A one-way hash chain is based on a one-way hash function 3⁄4 into a set of one-way hash values... ίζ, and satisfies ( ). The one-way hash function may be a hash function such as Secure Flash Algorit m 1 (hereinafter referred to as SI1.1;) and Message Digest 5 (hereinafter referred to as MD5). The technical solution implements authentication on the binding message by introducing a one-way hash function algorithm. The authentication principle is that the mobile terminal node generates a one-way hash list. In the proxy route prefix request, the hash list extracts a hash value as a key material and distributes it to the AR. Then, the key material is used to authenticate the fast binding message from the mobile terminal node, and the key material for the next handover is transmitted during the process of establishing a channel between the PAR and the new access router (NAR.).
图 ί示出了根据相关技术的预测模式下的快速切换认证过程, 其过程如 下:  Figure ί shows a fast handover authentication procedure in a prediction mode according to the related art, the process of which is as follows:
1、 移动终端节点在快速切换中, 首先根据单向哈希函数 "生成一组 128b it哈希值如 ¾, ί';," .';&, 且满足 K-ZXU, 单向哈希函数 可以 SHA1., 瞻 5 等各种散列函数。这里强调一下单向哈希函数具有不可逆的性盾, 即知道 ϋ, 可以根据 (f' )得到 n> 而知道 却无法推出 1. In the fast handover, the mobile terminal node first generates a set of 128b it hash values such as 3⁄4, ί';, ".';& , and satisfies K-ZXU, one-way hash function according to the one-way hash function. Can be SHA1., Zhan 5 and other hash functions. It is emphasized here that the one-way hash function has an irreversible sexual shield, that is, knowing ϋ, you can get n> according to (f') and know that it cannot be launched.
1、 移动终端节点从单向哈希链中取 按照类型长度值 (Type Lengiti Value; 以下筒称: TLV) 方式构造哈希切换选项 (Hash Mancloff Option; 以 下简称: 0) , 将 封装于该选项, 通过代理路由器请求消息携带该选项发 送给 MR。 为保证代理路由器请求消息的安全性, 可以使用密码生成地址 ( Cryptograp ical I y Generated Address; 以下简称: CC.A)技术对代理路 由器请求消息签名。 PAfl从 RH0选项提取 , 同时随机生成 64bU切换矢量 ( Handof f Vector; 以下简称: HY ) , 填入切换矢量选项 ( llandof f Vector Option; 以下简称: 并承载在代理路由器通告, 发送给移动终端节点。 为防止被人篡改 iiV,移动终端节点在收到代理路由通告(以下简称: PrRtAdv) 消息后, 对 HV作一个哈希运算, 生成新的 HV(, 前提是 PAR必须知道移动终端节 点对 HV的适.算处理 1. The mobile terminal node constructs a hash switching option (Hash Mancloff Option; hereinafter referred to as 0) from the one-way hash chain according to the type length value (Type Lengiti Value; the following cylinder: TLV), and is encapsulated in the option. The request is carried by the proxy router request message to the MR. To ensure the security of the proxy router request message, the proxy router may request a message signature using a Cryptogical Data Generated Address (hereinafter referred to as CC.A) technology. PAfl is extracted from the RH0 option, and a 64bU switching vector (Handof f Vector; hereinafter referred to as HY) is randomly generated, and the switching vector option (llandof f Vector Option; hereinafter referred to as: and carried in the proxy router advertisement, is sent to the mobile terminal node. In order to prevent the iiV from being tampered with, the mobile terminal node performs a hash operation on the HV after receiving the proxy route advertisement (hereinafter referred to as PrRtAdv) message, and generates a new HV ( provided that the PAR must know the mobile terminal node to the HV Suitable processing
3、 移动终端节点从 HV0选项中提馭 64bit ίί¥; 并从代理路由器通告消 息中提取新链路前缀,开始配置新的转交地址,新转交地址接口 IS 计算如下: Interface ID part of nCoA. - First (64, f'-) oK First (64, nil?) , 即, 新的转交地址的接口标识部分等于 的前 64bit与 nMV的前 64t>h.异或得 到的结果, 其中, nCoA (new Care of Address:)是指新转交地,址、、 3. The mobile terminal node extracts 64bit ίί¥ from the HV0 option ; and extracts the new link prefix from the proxy router advertisement message to start configuring the new care-of address. The new care-of address interface IS is calculated as follows: Interface ID part of nCoA. First (64, f'-) oK First (64, nil?) , that is, the interface identification part of the new care-of address is equal to the first 64 bits and the first 64t>h. of the nMV The result, where nCoA (new Care of Address:) refers to the new transfer place, address,
iHV-Fi rst (64, t(n-l)HV)  iHV-Fi rst (64, t(n-l)HV)
移动终端节点向前接入路由器发送绑定更新消息, 携带哈希扩展选项 ( Ha sh Ex t en s I on Op 11 on; 以下简称: ίίΒΟ ) , 其中包括哈希扩展( f!a s ΙΊ Extension; 以下简称: HE) {&, 值计算如下:  The mobile terminal node sends a binding update message to the forward access router, and carries a hash extension option (Ha sh Ex t en s I on Op 11 on; hereinafter referred to as ίίΒΟ ), which includes a hash extension (f!as ΙΊ Extension; Hereinafter referred to as: HE) {&, The value is calculated as follows:
HE=Last (64, i) XoR First (64, ntlV)  HE=Last (64, i) XoR First (64, ntlV)
4. 前接入路由器对快速绑定更新 (fast Binding Update; 以下简称: FBU) 消息实拖认证, 从 nCoA提取 ί·;的前 64blt, 加上 HE中提取的后 64bit, 得到 , 并对 作 I次哈希运算后, 与 ί";比较, 如果.相等, 则前路由器对 FBU认 证成功  4. The front access router pair fast binding update (FBU) message real-time authentication, extracting the first 64blt of the ί·; from the nCoA, plus the last 64 bits extracted from the HE, get, and After the first hash operation, compared with ί"; if the . is equal, the former router successfully authenticates the FBU.
5、 在 PAR收到来自移动终端节点的绑定更新消息后, 紧接着向新的接入 路由器发起切换初始化消息,该消息承载了 64bit切换选项(Handoff Option; 以下简称: H0 ) , USblt的哈希链逸項 HO) (i½sh Ch in Option, ) , 冊选 项是 R生成的 64bi t的 HV, 而 HC0选项包含单向哈希值 ,  After the PAR receives the binding update message from the mobile terminal node, it immediately initiates a handover initialization message to the new access router, and the message carries a 64-bit handover option (Handoff Option; hereinafter referred to as H0), USblt's The Greek chain item HO) (i1⁄2sh Ch in Option, ), the book option is the 64bi t HV generated by R, and the HC0 option contains a one-way hash value.
6、 前路由器收到切换确认( Handover Acknowl edge; 以下简称: HAck ) 应答后, 紧接着向移动终端节点回应快速绑定响应 ( Fast Binding Ackno l edge;以下简称: FBAck )选项 ,携带令牌确:认逸项 ( Token. Acknowl edge Option: 以下简称: 丁 AO) , TA0选项包舍 TAck .值, 计算如下:  6. The front router receives the handover acknowledgement (Handover Acknowl edge; hereinafter referred to as HAck), and then responds to the mobile terminal node with the Fast Binding Ackno l edge (FBAck) option, carrying the token. : Token. Acknowl edge Option (hereinafter referred to as: Ding AO), TA0 option package TAck. Value, calculated as follows:
TAck - First [ 64, SHA1 [ nCoA (pref ίχ) ! (nCo fliD) XOR BV) ] ] 移动终端节点对 FBAck 消息认证, 才|1据配置的新的转交地址计算 TAck 值, 并与 FBAck中携带的 TAc'k值作比较, 如杲相等, 则认证成功, 见图 i 其中, HH0选项包含移动终端节点传递给 P 的 128bit的 HV0选项包舍 PAR传递给移动终端节点的 6413 的随机数 »(;€;; 酣 0选项包含随; HC0选项 包含 1281)1 的^ H0选项包含 64bi ¾m 随机数。  TAck - First [ 64, SHA1 [ nCoA (pref ίχ) ! (nCo fliD) XOR BV) ]] The mobile terminal node authenticates the FBAck message, and calculates the TAck value based on the configured new care-of address, and compares it with the TAc'k value carried in the FBAck. If 杲 is equal, the authentication is performed. Success, see Figure i where the HH0 option contains the 128-bit HV0 option that the mobile terminal node passes to P. The PAR passed to the mobile terminal node's 6413 random number»(;€;; 酣0 option contains; HC0 option contains 1281 The ^H0 option of 1 contains a 64bi 3⁄4m random number.
目前基于单向哈希链对切换实 认证的策略由移动终端节点生成单向哈 希链、 且每次切换完成, 需要舍弃一个哈希值, 当所有哈希值全部舍弃后, 移动终端节点需要重新生成一新的哈希链, 对于移动终端节点终端来说, 消 耗开销比较大 发明内容 At present, a one-way hash chain is generated by a mobile terminal node based on a one-way hash chain pair handover authentication policy, and each time the handover is completed, a hash value needs to be discarded. When all the hash values are discarded, The mobile terminal node needs to regenerate a new hash chain. For the mobile terminal node, the consumption overhead is relatively large.
本发明实施例 S"在提供一种认证方法和认证系统, 能够解决移动终端节 点和 AR切换时相互认证效率较低的问题。  The embodiment of the present invention provides an authentication method and an authentication system, which can solve the problem of low mutual authentication efficiency when the mobile terminal node and the AR switch.
本发明的实施例中, 提供了一种认证方法, 用于对移动终端节点从第一 基站切换到第二基站进行认证, 包括以下步驟: 第一基站的接入路由器接收 移动终端节点的认证请求, 认证请求中包括第一哈希值和移动终端节点的媒 体访问控制地址, 第一哈希值由移动终端节点根据第二基站的基站标识查询 本地預设的移动緩存列表获得, 移动緩存列表包括第一哈希值和基站标识; 接入路由器根据媒体访问控制地址查询本地预设的访问緩存列表以得到第二 哈希值, 将从认证请求中荻取的第一吟希值与第二哈希值进行比较, 如果相 等则认证成功, 其中, 访问緩存列表包括第二哈希值和媒体访问控制地址, 本发明的实 例中, 还提供了一种认证系统, 包括: 移动终端节点, 其 用于当从第一基站切换到第 · 基站时, 根据第二基站的基站标识查询本地领 设的移动緩存列表以得到第一哈希值, 将笫一哈希值和移动终瑞节点的媒体 访问控制地址封装在认证请求中发送给第一基站的接入路由器, 其中, 移动 緩存列表包括第一哈希值和 站标识; 接入路由器, 其用于裉据媒体访问控 制地址查询本地预设的访问緩存列表以得到笫二哈希值, 将从认证请求中获 取的第一哈希值与第二哈希值进行比较, 如杲相等則认证成功, 其中, 访问 緩存列表包括第二哈希值和媒体访问控制地址。  In an embodiment of the present invention, an authentication method is provided for performing handover on a mobile terminal node from a first base station to a second base station, where the method includes the following steps: The access router of the first base station receives an authentication request of the mobile terminal node The authentication request includes a first hash value and a media access control address of the mobile terminal node, where the first hash value is obtained by the mobile terminal node querying the locally preset mobile cache list according to the base station identifier of the second base station, where the mobile cache list includes a first hash value and a base station identifier; the access router queries the locally preset access cache list according to the media access control address to obtain a second hash value, and the first hash value and the second hash value that are to be retrieved from the authentication request The value is compared. If the authentication is equal, the authentication succeeds. The access cache list includes a second hash value and a media access control address. In the example of the present invention, an authentication system is further provided, including: a mobile terminal node, where When switching from the first base station to the base station, querying the local according to the base station identity of the second base station The mobile cache list is configured to obtain a first hash value, and the media access control address of the first hash value and the mobile terminal node is encapsulated in an authentication request and sent to the access router of the first base station, where the mobile cache list includes a first hash value and a station identifier; an access router, configured to query a locally preset access cache list according to the media access control address to obtain a second hash value, the first hash value obtained from the authentication request Compared with the second hash value, if the 杲 is equal, the authentication succeeds, wherein the access cache list includes the second hash value and the media access control address.
上述技术方案中利用緩存列表, 从而避免了移动终端节点需要重新生成 一新的哈希链, 这有利于移动终端节点对各个 AR的跟粽和认证, 以及移动终 端节点和 AR的相互认证, 提高了移动终端节点和 AR切换时相互认证效率。  In the above technical solution, the cache list is used, thereby avoiding that the mobile terminal node needs to regenerate a new hash chain, which is beneficial to the mobile terminal node to the Achilles and authentication of each AR, and the mutual authentication of the mobile terminal node and the AR, and improve Mutual authentication efficiency when the mobile terminal node and the AR switch.
本发明的其它特征和优点将在随后的说明书中阐述, 并且, 部分地从说 明书中变得显而易见, 或者通过实施本发明而了解 本发明的目的和其他优 点可通过在所写的说明书、 权利要求书、 以及附图中所特別指出的结构来实 现和获得 附图说明 Other features and advantages of the present invention will be set forth in the description which follows, and in part The objectives and other advantages of the present invention will be realized and attained by the <RTIgt;
此处所说明的鲋图用来提.供对本发明的进一步理解, 构成本申请的一部 分, 本发明的示意性实施例及其说明用于解释本发明、 并不构成对本发明的 不当限定。 在附图中:  The present invention is intended to be a part of the present invention, and is intended to be illustrative of the invention and is not to be construed as limiting the invention. In the drawing:
图 1示出了根据相关技术的预测模式下的快速切换认证过程;  FIG. 1 shows a fast handover authentication process in a prediction mode according to the related art;
图 2示出了根据本发明实施例的认证方法的流程图;  2 shows a flow chart of an authentication method in accordance with an embodiment of the present invention;
图 3示出了根据本发明实旄例的预测模式快速认证流程;  FIG. 3 illustrates a prediction mode fast authentication process according to an embodiment of the present invention;
图 4示出了根据本发明实旄例的反应模式快速认证流程,, 具体实施方式  4 shows a reaction mode fast authentication process according to an embodiment of the present invention, and a specific implementation manner
下面结合附图和实施例, 对本发明的实施例的技术方案做进一步的详细 描述。  The technical solutions of the embodiments of the present invention are further described in detail below with reference to the accompanying drawings and embodiments.
图 2 示出了根据本发明实施例的轻量级快速切换认证方法的流程图, 包 括以下步骤:  2 shows a flow chart of a lightweight fast handover authentication method according to an embodiment of the present invention, including the following steps:
步骤 S10 , 前基站的 AR (即 PAR )接收 MS的认证请求 (倒如 FBU消息, 以下利用 FBU消息进行举例说明) , FBU消息包括第一哈希值和 MS的媒.体访 问控制地址(以下简称: MAC ) , MS通过根据要切换新基站的基站标识(Base S ta t ion Iden t i fier; 以下筒称: BSID )查询本地预设的移动緩存列表而得 到第一哈希值, 其中, 移动緩存列表包括第一哈希值和 BSID; PAR根据 MS的 MAC查询本地预设的访问緩存列表以得到第二哈希值, 将从 FBy消息中获取. 的第一哈希值与第二哈希值进行比较, 如果相等则认证成功, 其中, 访问缓 存列表包括第二哈希值和 MAC 步骤 S20, PAR根据 MS的 MAC查询本地预设的访问緩存列表以得到第二 哈希值, 将从 FBI)消息中获取的第一哈希值与第二哈希值进行比较, 如果相 等则认证成功, 表明 MS的单向哈希值是该 A 分发的 当第一哈希值与第二 哈希值不相等时,或者 PAR根据 MS的 MAC没有查询到访问緩存条目( Vis i ted Cache Entry; 以下简称: 时, 则认证失败。 其中 访问缓存列表包括 第二哈希值和 MAC, Step S10: The AR of the former base station (ie, PAR) receives the authentication request of the MS (such as the FBU message, which is exemplified by the FBU message), and the FBU message includes the first hash value and the media access control address of the MS (below) Abbreviation: MAC), the MS obtains a first hash value by querying a local preset mobile cache list according to a base station identifier (Base Station: BSID) to be switched to a new base station, where The cache list includes a first hash value and a BSID; the PAR queries the locally preset access cache list according to the MAC of the MS to obtain a second hash value, and obtains the first hash value and the second hash from the FBy message. The values are compared. If they are equal, the authentication succeeds. The access cache list includes the second hash value and the MAC address. Step S20, the PAR queries the locally preset access cache list according to the MAC of the MS to obtain a second hash value, and compares the first hash value obtained from the FBI) message with the second hash value, and if equal, authenticates Success, indicating that the one-way hash value of the MS is that the first hash value is not equal to the second hash value of the A distribution, or that the PAR does not query the access cache entry according to the MAC of the MS (Viated Cache Entry; The following is abbreviated: When the authentication fails, the access cache list includes the second hash value and the MAC address.
可以通过以下步骤建立移动緩存列表和访问緩存列表: P 生成多个哈希 值, 并发送给 MS; MS利用自己生成的前綴(即随机数)和收到的的哈希值作 为第一哈希值得到新 BSID,将第一哈希值和 BSID构成移动緩存条目(Mobile Cache Entry; 以下简称: MCE) ; PAR将多个哈希值作为第二哈希值, 与 MS 的 MAC构成 VCE, 以构成移动緩存列表访问緩存列表  The mobile cache list and the access cache list can be established by the following steps: P generates multiple hash values and sends them to the MS; the MS uses the prefix generated by itself (ie, the random number) and the received hash value as the first hash. The value gets the new BSID, and the first hash value and the BSID constitute a mobile cache entry (Mobile Cache Entry; hereinafter referred to as MCE); the PAR uses multiple hash values as the second hash value, and the MAC of the MS constitutes the VCE, Form a list of mobile cache list access caches
可选的, 由 PAR 据单向哈希函数 F 生成一组确定长度的哈希值如 V0,Vl^*'Vn, 且满足 Vi-F(Vi + U。 哈希链的长度是有限的, 由移动终端节点 生成单向哈希链的计算开销比较大, 消耗能量大。 而由 PAR 负责哈希链的计 算, 有利于终端节省能量和带宽。 由 MR生成单向哈希链一个很重要的优点, 就是:使于移动终端节点跟踪和认证 AR, 实现移动终端节点和 AR的相互认证。 具体步骤如下:  Optionally, the PAR generates a set of hash values of a certain length, such as V0, Vl^*'Vn, according to the one-way hash function F, and satisfies Vi-F (Vi + U. The length of the hash chain is limited, The calculation overhead of generating a one-way hash chain by a mobile terminal node is relatively large, and the energy consumption is large. The calculation of the hash chain by PAR is beneficial to the terminal to save energy and bandwidth. It is very important to generate a one-way hash chain by MR. The advantage is that the mobile terminal node tracks and authenticates the AR, and mutual authentication between the mobile terminal node and the AR is implemented. The specific steps are as follows:
PA 生成 PrRtAdv消息发送给移动终端节点, 其中携带 Π;  The PA generates a PrRtAdv message and sends it to the mobile terminal node, where the 携带 is carried;
优选地, PAR对 PrRtAdv消息加密后发送给移动终端节点。这.可以进一步 加强安全性。  Preferably, the PAR encrypts the PrRtAdv message and sends it to the mobile terminal node. This can further enhance security.
例如, PAR对 PrRtMv消息加密可包括以下步骤: MS生成公私钥对, 将 公钥通过代理路由请求 (以下筒称: RtSoLPr )消息发送给 AR; AR利用公钥 加密 PrR iv消息。  For example, the PAR encrypting the PrRtMv message may include the following steps: The MS generates a public-private key pair, and sends the public key to the AR through a proxy routing request (hereinafter referred to as RtSoLPr) message; the AR encrypts the PrR iv message by using the public key.
本发明实施倒中与对称密钥体制相结合, 通过安全邻居发现 (Secure Neighbor Discovery; 以下简称: SEND )协议的 3?3^.公私钥机制, 生成共享 密钥, 用共享密钥保护 FBU和快速绑定应答( Fast Biiidlng Acknowledge; 以下简称: FBAck) , 增强了消息的安全性 The implementation of the present invention is combined with a symmetric key system to generate a shared key through a 3?3^. public-private key mechanism of Secure Neighbor Discovery (SEND) protocol, and protect the FBU with a shared key. Fast Binding Answer ( Fast Biiidlng Acknowledge; Hereinafter referred to as: FBAck), enhanced message security
根据上述实施倒的认证方法, 建立了一种认证系统, 包括:  According to the authentication method implemented above, an authentication system is established, including:
MS, 其用于当切换基站时, 根椐要切换的新 BSID查询本地预设的移动緩 存列表以得到第一哈希值, 将第一哈希值和自己的 MAC封装在 FBU消息中发. 送给前基站的接入路由器, 其中, 移动緩存列表包括第一哈希值和新 BSID;  The MS is configured to: when the base station is switched, query the local preset mobile cache list by using the new BSID to be switched to obtain the first hash value, and encapsulate the first hash value and the own MAC in the FBU message. An access router that is sent to the former base station, where the mobile cache list includes a first hash value and a new BSID;
AR, 其用于根据 MS的 MAC查询本地预设的访问緩存列表以得到第二哈希 值, 将从 FBU消息中获取的第一哈希值与第二哈希值进行比较, 如杲相等则 认证成功, 其中, 访问緩存列表包括第二哈希值和 MA (;。  An AR, configured to query a locally preset access cache list according to the MAC of the MS to obtain a second hash value, and compare the first hash value obtained from the FBU message with the second hash value, if the 杲 is equal The authentication succeeds, wherein the access cache list includes the second hash value and MA (;.
下面来举倒说明移动终端节点和 AR的本地緩存列表  Let's take a look at the local cache list of the mobile terminal node and the AR.
AR在本地建立 VCE列表, VCE存储的条目有 Mac, Ks和 Vi  The AR establishes a VCE list locally. The VCE stores entries for Mac, Ks, and Vi.
MS在本地建立 MC£ ^表, MCE存储的条目有 BSID、 Ks和 Vi。  The MS establishes the MC £ ^ table locally, and the MCE stores the entries BSID, Ks, and Vi.
下面将描述.如何利用上述的緩存列表进行认证;,  How to use the above cache list for authentication;
图 3示出了根椐本发明实施例的预测模式快速认证流程, 包括以下步骤: 、 PAR根据单向哈希函数 F生成一组 128bit哈希值如 V(), Vl, '''^ 且 满足 V i F(Vi+:i) s FIG. 3 illustrates a prediction mode fast authentication process according to an embodiment of the present invention, including the following steps: PAR generates a set of 128-bit hash values such as V(), Vl, '''^ according to a one-way hash function F. Meet V i F(Vi+:i) s
2、 移动终端节点生成一个 64bit的随机数 Nonce作为前缀, 并且根据内 部 L制, 生成 RSA公私钥对, 将随机数和 RSA公钥通过 RtSoiPr消息发送给 PAR, 该消息用 C(JA签名, 携带 RSA, HV0选项 这里值得注意的是只有 移动终端节点第一次发送的 RtSoiPr是用 签名的 <.  2. The mobile terminal node generates a 64-bit random number Nonce as a prefix, and generates an RSA public-private key pair according to the internal L system, and sends the random number and the RSA public key to the PAR through the RtSoiPr message, and the message is carried by the C (JA signature, carrying RSA, HV0 option It is worth noting here that only the RtSoiPr sent by the mobile terminal node for the first time is signed <.
3、 PAR提取 RSA公钥, 根据内部机制生成一个共享密钥 Ks, 将 s 通过 PrRtAdv消息发送给移动终端节点, 该消息通过 RSA公铜加密, 来保证 Υί , Ks传输的安全 <fcL  3. PAR extracts the RSA public key, generates a shared key Ks according to the internal mechanism, and sends s to the mobile terminal node through the PrRtAdv message. The message is encrypted by RSA public copper to ensure the security of Υί, Ks transmission <fcL
4、 移动终端节点从 PrRtAclv消息中提取共享密钥 lis, 基于 Vi和 Nonce 生成新的转交地址的接口 ID (即新基站的 BSID)如下:  4. The mobile terminal node extracts the shared key lis from the PrRtAclv message, and generates an interface ID of the new care-of address based on Vi and Nonce (ie, the BSID of the new base station) as follows:
ID of nCoA - First (64, VI) @ Nonce  ID of nCoA - First (64, VI) @ Nonce
同时生成 HE, 如下: HE - Las t (6 5 Vi) ® Nonce At the same time, HE is generated as follows: HE - Las t (6 5 Vi) ® Nonce
同时建立相应 PAR的 MCE緩存列表条目 , 紧接着向 PAR发送 FBU消息, 该消息携带 0逸项, 且对该消息通 it共享密钥 Ks加密。  At the same time, the MCE cache list entry of the corresponding PAR is established, and then the FBU message is sent to the PAR, the message carries the 0-escape item, and the message is encrypted by the shared key Ks.
PAR收到来自移动终端节点的 FBI! 消息, 对该消息认证, 从该消息计算 V I与 PAR在本地建立的 YCE作比较, 若 YCE中存在 ( Mac , s , Vi )条目, 则认证成功。  The PAR receives the FBI! message from the mobile terminal node, authenticates the message, and calculates from the message that V I is compared with the locally established YCE of the PAR. If there is a (Mac, s, Vi) entry in the YCE, the authentication succeeds.
5、 PAR 对 FBli 认证成功后, 紧接着向 AR 发送切换发起 ( Handover Ini t i a te; 以下简称: HI ) 消息, 携带 i!EO选项和 RSA公钥选项, NAR根据 新的转交地址和 HE0选项, 计算 VI , 根据内部机制生成新的共享密钥 KKs, 并建立移动终端节点对应的 VCE条目  5. After the PAR successfully authenticates the FBli, it sends a Handover Initiative (hereinafter referred to as HI) message to the AR, carrying the i!EO option and the RSA public key option, and the NAR is based on the new care-of address and the HE0 option. Calculate the VI, generate a new shared key KKs according to the internal mechanism, and establish a VCE entry corresponding to the mobile terminal node
6、 醒用 RSA公钥对 IIAck 中的共享密钥 lis加密, 并将该消息发送给 6. Wake up the RSA public key to encrypt the shared key lis in IIAck and send the message to
PAR , PAR,
7、 PAR提馭加密的 s选项,向移动终端节点发送 FBAck:消息,携带 TAck 选项和加密的 s选项, JL用共享密钥 Ks加密  7. PAR enhances the encrypted s option, sends an FBAck: message to the mobile terminal, carries the TAck option and the encrypted s option, and JL encrypts with the shared key Ks.
移动终端节点用 Ks解密 FBAck消息, 并用新的转交地址计算 TAcfc,如杲 等于消息中 TAck, 则 FBAck认证成功。 同时用 RSA私钥解密 KKs选項, 并增 加一条关于 NAR的 MCE緩存列表条 ¾ Λ The mobile terminal node decrypts the FBAck message with Ks and calculates TAcfc with the new care-of address. If 杲 is equal to TAck in the message, the FBAck authentication succeeds. At the same time with the RSA private key to decrypt KKs options, and add a cache list MCE article about NAR is ¾ Λ
其中, 移动终端节点对 AR的跟踪具体实现如下:  The tracking of the AR by the mobile terminal node is as follows:
当移动终端节点在切换时发送代理路由请求, 或者在本地链路重新发送 路由请求时, 首先根据新 查询 MCE., 如果存在对应的条目, 提取 ¥i , 将 VI作为丽 0选项封装在该消息中, 并对消息用共享密钥 Ks加密发送给 AR , AR根据移动终端节点的 MAC查询本地 VCE, 获.取共享密钥 Ks, 用共享密钥 对收到的消息解密, 获取 Vi选项, 并与相应的 VCE条目比较, 如果相等, 则 移动终端节点的单向哈希值是该 AR分发的。 AR回应移动终端节点消息, 携 带 Vi 1选项, 且用共享密钥加密 如果不相等或者 M根据移动终端节点的 MAC没有查询到相应的 VCE条 , 則 AR回应移动终端节点消息, 不携带任何 I选项。 When the mobile terminal node sends a proxy routing request at the time of handover, or resends the routing request on the local link, first according to the new query MCE. If there is a corresponding entry, extracting ¥i, the VI is encapsulated in the message as the MN0 option. The message is encrypted and sent to the AR by using the shared key Ks. The AR queries the local VCE according to the MAC of the mobile terminal node, obtains the shared key Ks, decrypts the received message with the shared key, and obtains the Vi option, and Compared with the corresponding VCE entries, if equal, the one-way hash value of the mobile terminal node is distributed by the AR. The AR responds to the mobile terminal node message, carries the Vi 1 option, and encrypts with the shared key. If the unequal or M does not query the corresponding VCE strip according to the MAC of the mobile terminal node, the AR responds to the mobile terminal node message without carrying any I option.
移动终端节点用 Ks对路由代理通告解密, 提取 V】 1, 验证 Vi 1是否等 于 F (vn。 如果相等则实现相互认证, 如杲不等则移动终端节点删除相应的 The mobile terminal node decrypts the routing agent advertisement with Ks, extracts V] 1, and verifies whether Vi 1 is equal to F (vn. If equal, mutual authentication is implemented, and if the mobile terminal node does not wait, the mobile terminal node deletes the corresponding
MCE緩存列表条目 若代理路由通告中不带 Π 】,则移动终端节点要删除 相应条目、 按照以上认证流程重新向 AR发起切换, MCE cache list entry If there is no Π 】 in the proxy route advertisement, the mobile terminal node deletes the corresponding entry and initiates a handover to the AR according to the above authentication process.
如果根据 BSID查询 MCE, 没有查到相应的条目, 则按照以上认证流程重 新向 M发起切 -涣,,  If the MCE is queried according to the BSID and the corresponding entry is not found, the M-initiation is initiated according to the above authentication process.
图 4示出了根据本发明实施^的反应模式快速认证流程 注意 KKS选项 包含 NAR新生成的共享密钥材料, 其过程如下:  Figure 4 shows the reactive mode fast authentication process in accordance with the implementation of the present invention. Note that the KKS option contains the newly generated shared key material of the NAR, and the process is as follows:
步骤 2 , 3同预测模式快速切换认证步骤;  Steps 2 and 3 quickly switch the authentication step with the prediction mode;
4 , 移动终端节点向 NAR发送 FNA消息, 嵌套 F腿消息, 并用共享密钥仅 对 FBI!消息中 11E0选项加密, FBU消息中包含 UE0选项和 RSA公钥材料  4, the mobile terminal node sends an FNA message to the NAR, nests the F leg message, and encrypts only the 11E0 option in the FBI! message with the shared key, and the FBU message includes the UE0 option and the RSA public key material.
5、 NAR对新的转交地址进行 DAD检測,如果新的转交地址没有 MD冲突, 则从 FNA提取 FfiU直接发送给 PAR , 同时提取 RSA公钥材料, 存储在 H本 地 PAR对 HB0选项解密, 按照预测模式认证方法计算 \Ί., 检查本地 VCE.是 否存在(Mae, s , Vi ) , 如果存在, 則对 FBU消息认证成功  5. The NAR performs DAD detection on the new care-of address. If the new care-of address has no MD conflict, the FFI is extracted from the FNA and sent directly to the PAR. At the same time, the RSA public key material is extracted, and the H-local PAR is decrypted to the HB0 option. The mode authentication method calculates \Ί., checks whether the local VCE. exists (Mae, s, Vi). If it exists, the FBU message is successfully authenticated.
6 , PAR对 FMJ认£成功后, 对 TA0逸项用共享密钥 Ks加密通过 FBAek 消息发送给 NAR„  6 . After the PAR successfully recognizes the FMJ, the TA0 escape item is sent to the NAR through the FBAek message with the shared key Ks encryption.
7、 MAR提取 TA0选项和 选项, 同时根据内部机制生成新的共享密钥 ls , 用 RS 公钥加密, 将 T O, Ks以及新的 KKs通过 R tAdv消息发送给移动 终端节点 然后建立该移动终端节点的 VCE列表条目„  7. The MAR extracts the TA0 option and option, and generates a new shared key ls according to the internal mechanism, encrypts with the RS public key, sends the TO, Ks and the new KKs to the mobile terminal node through the R tAdv message and then establishes the mobile terminal node. VCE list entry „
移动终端节点对 R tAdv消息解密,根据新的转交地址计算 TA0,并与 R tMv 消息中 TAO比较, 如杲相等, 则整个认证成功。 同时提取 s , 建立关于 R 的 MCE緩存列表条目。  The mobile terminal node decrypts the R tAdv message, calculates TA0 according to the new care-of address, and compares it with the TAO in the R tMv message. If 杲 is equal, the entire authentication is successful. Simultaneously extract s and establish an MCE cache list entry for R.
从以上的描述中, 可以看出, 本发明实现了如下技术效杲:  From the above description, it can be seen that the present invention achieves the following technical effects:
1 , 应用 SEND协议产生共享密钥, 利用密钥体制对信令传输进行加密保 护, 增强了信令传输的安全性; 1. Apply the SEND protocol to generate a shared key, and use the key system to encrypt the signaling transmission. Protection, enhance the security of signaling transmission;
1、 由 PAR生成单向哈希链, 减少了终端的能量消耗, 且对单向哈希值的 长度不加限制, 生成更加容易;  1. A one-way hash chain is generated by PAR, which reduces the energy consumption of the terminal, and the length of the one-way hash value is not limited, and the generation is easier;
3、 由 PAR生成单向哈希链,. 且移动终端节点和 AR分別生成缓存列表, 从¾避免了移动终 ¾节点需要重新生成一新的哈希链, 这有利于移动终端节 点对各个 AR的跟踪和认证, 以及移动终端节点和 的相互认证 , 提高了移 动终端节点和 AR切换时相互认证效率。  3. A one-way hash chain is generated by the PAR, and the mobile terminal node and the AR respectively generate a cache list, and the mobile terminal node is prevented from re-generating a new hash chain, which is beneficial to the mobile terminal node to each AR. Tracking and authentication, and mutual authentication of mobile terminal nodes, improve the mutual authentication efficiency of mobile terminal nodes and AR handover.
最后应说明的是: 以上实施 ^仅用以说明本发明的枝术方案 而非对 其限制; 尽管参照前述实施例对本发明进行了详细的说明, 本领域的普通 技术人员应当理解: 其依然可以对前迷各实施例所记载的技术方案进行修 改, 或者对其中部分技术特征进行等同替换; 而这些修改或者替换, 并不 使相应技术方案的本质脱离本发明各实施例技术方案的精神和范围。  Finally, it should be noted that the above embodiments are only used to illustrate the invention and not to limit the invention; although the invention has been described in detail with reference to the foregoing embodiments, those skilled in the art will understand that The technical solutions described in the foregoing embodiments are modified, or some of the technical features are equivalently replaced; and the modifications or substitutions do not deviate from the spirit and scope of the technical solutions of the embodiments of the present invention. .
S.0 S.0

Claims

权 利 要 求 书  Claims
1 , —种认证方法, 用于对移动终端节点从第一基站的接入路由器切换到 第二基站的接入路由器进行认证, 其特征在于, 包括以下步骤:  An authentication method is used for authenticating a mobile terminal node from an access router of a first base station to an access router of a second base station, and the method includes the following steps:
所述第一基站的接入路由器接收所述移动终端节点的认证请求, 所迷认 证请求中包括第一哈希值和所述移动终端节点的媒体访问控制地址, 所述第 —哈希值由所述移动终端节点根据所述第二基站的基站标识查询本地预设的 移动緩存列表获得,所迷移动緩存列表包括所述第一哈希值和所迷基站标识; 所迷接入路由器根据所述媒体访问控制地址查询本地预设的访问缓存列 表以得到所述第二哈希值, 将从所述认证请求中获取的所迷第一哈希值与所 述第二哈希值进行比较, 如果相等则认证成功, 其中, 所述访问緩存列表包 括所述第二哈希值和所述媒体访问控制地址„  The access router of the first base station receives the authentication request of the mobile terminal node, where the authentication request includes a first hash value and a media access control address of the mobile terminal node, where the first hash value is The mobile terminal node obtains a locally preset mobile cache list according to the base station identifier of the second base station, where the mobile cache list includes the first hash value and the base station identifier; The media access control address queries the locally preset access cache list to obtain the second hash value, and compares the first hash value obtained from the authentication request with the second hash value. If the authentication is equal, the authentication succeeds, where the access cache list includes the second hash value and the media access control address „
2 , 根椐权利要求 1所述的认证方法, 其特征在于, 所述认证请求是快速 绑定更新消息。  The authentication method according to claim 1, wherein the authentication request is a fast binding update message.
3, 根据权利要求 i所述的认证方法, 其特征在于 认证成功后还包括, 所述接入路由器通知所述移动终端节点认证成功 s 3. The authentication method according to claim i, characterized in that the authentication is successful further comprises a terminal access router notifies the mobile node authentication is successful s
4 , 根据权利要求 1所述的认证方法, 其特征在于还包括  4. The authentication method according to claim 1, further comprising:
当所述第一哈希值与所述第二哈希值不相等时, 或者所述接入路由器根 据所述移动终端节点的媒体访问控制地址没有查询到所述访问緩存条目时, 则认证失败。  When the first hash value is not equal to the second hash value, or the access router does not query the access cache entry according to the media access control address of the mobile terminal node, the authentication fails. .
5、 根据权利要求】所述的认证方法, 其特征在于, 所述移动緩存列表和 所述访问緩存列表还包括共享密钥, 所迷移动终端节点利用所迷共享密钥加 密所述快速绑定更新消息, 所迷接入路由器利用所迷共享密钥解密所述快速 绑定更新消息。  The authentication method according to claim, wherein the mobile cache list and the access cache list further comprise a shared key, and the mobile terminal node encrypts the fast binding by using the shared key. Update message, the access router decrypts the fast binding update message by using the shared key.
6、 # 1权利要求〗所述的认证方法, 其特征在于, 通过以下步骤建立所 迷移动缓存列表和所迷访问緩存列表:  6. The authentication method according to the #1 claim, characterized in that the mobile cache list and the access cache list are established by the following steps:
所述换入路由器生成多个哈希值, 并发送给所述移动终端节点; 所述移动终端节点将所述哈希值作为所述第一哈希值, 生成随机数作为 前綴; The switching router generates a plurality of hash values and sends the hash values to the mobile terminal node; The mobile terminal node uses the hash value as the first hash value, and generates a random number as a prefix;
所迷移动终端节点利用所述前綴和所迷哈希值获得所述基站标识, 所述 第一哈希值和所述基站标识构成访问緩存条目, 建立所述访问緩存列表; 所述接入路由器将所述哈希值作为所述第二哈希值, 与所述媒体访问控 制地址构成移动緩存条 ϋ, 建立所迷移动緩存列表。  The mobile terminal node obtains the base station identifier by using the prefix and the hash value, where the first hash value and the base station identifier constitute an access cache entry, and the access cache list is established; the access router The hash value is used as the second hash value, and the media access control address forms a mobile cache bar, and the mobile cache list is established.
7 , 根据权利要求 6所述的认证方法, 其特征在于, 所迷接入路由器生成 多个哈希值具体包括:所述接入路由器基于单向哈希函数踏成多个所述哈希 值 … , . ίζ, 且满足 ( K  The authentication method according to claim 6, wherein the generating, by the access router, the plurality of hash values comprises: the access router stepping into the plurality of hash values based on the one-way hash function ... , . ίζ, and meet ( K
8、 根据权利要求 6所述的认证方法, 其特征在于, 所迷接入路由器利用 代理路由通告消息将所迷哈希值发送给所述移动终端节点。  8. The authentication method according to claim 6, wherein the access router transmits the hash value to the mobile terminal node by using a proxy route advertisement message.
9 , 根据权利要求 8所述的认证方法, 其特征在于, 所述接入路由器对所 述代理路由通告消息进行加密, 具体包括以下步骤:  The authentication method according to claim 8, wherein the access router encrypts the proxy route advertisement message, and specifically includes the following steps:
所述移动终端节点生成公私钥对, 将所迷公钥通过代理路由请求消息发 送给所述接入路由器;  The mobile terminal node generates a public-private key pair, and sends the public key to the access router through a proxy routing request message;
所迷接入路由器生成共享密钥,利用所述公钥加密所述代理路由通告消 息并发送给所述移动终端节点,所述代理路由通告消息中包括所述共享密钥; 所述移动终端节点应用与所述公钥对应的私钥, 对所迷代理路由通告消 息进行解密,提取所述共享密钥。  The access router generates a shared key, encrypts the proxy route advertisement message by using the public key, and sends the proxy route advertisement message to the mobile terminal node, where the proxy route advertisement message includes the shared key; Applying a private key corresponding to the public key, decrypting the proxy route advertisement message, and extracting the shared key.
1 0、 一种认证系统, 其特征在于, 包括:  1 0. An authentication system, comprising:
移动终端节点, 其用于当从第一基站的接入路由器切换到第二基站的接 入路由器时, 根据所述第二基站的基站标识查询本地预设的移动緩存列表以 得到第一哈希值, 将所迷第一哈希值和所述移动终端节点的媒体访问控制地 址封装在认证请求中发送.给所述第一基站的接入路由器, 其中, 所述移动緩 存列表包括所述第一哈希值和所述基站标识;  a mobile terminal node, configured to query a locally preset mobile cache list according to a base station identifier of the second base station to obtain a first hash when switching from an access router of the first base station to an access router of the second base station a value, the first hash value and the media access control address of the mobile terminal node are encapsulated in an authentication request and sent to the access router of the first base station, where the mobile cache list includes the a hash value and the base station identifier;
所述接入路由器, 其用于根据所述媒体访问控制地址查询本地预设的访 问緩存列表以得到所述第二哈希值, 将从所述认证请求中获取的所述第一哈 希值与所述第二哈希值进行比较, 如果相等則认证成功, 其中, 所迷访问緩 存列表包括所述笫二哈希值和所述媒体访问控制地址。 The access router is configured to query a local preset visit according to the media access control address Querying the cache list to obtain the second hash value, comparing the first hash value obtained from the authentication request with the second hash value, and if equal, the authentication succeeds, wherein the The access cache list includes the second hash value and the media access control address.
PCT/CN2007/071224 2007-05-08 2007-12-12 Authentication method and authentication system WO2008134918A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200710101747.6A CN101304365B (en) 2007-05-08 2007-05-08 Authentication method and authentication system
CN200710101747.6 2007-05-08

Publications (1)

Publication Number Publication Date
WO2008134918A1 true WO2008134918A1 (en) 2008-11-13

Family

ID=39943103

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2007/071224 WO2008134918A1 (en) 2007-05-08 2007-12-12 Authentication method and authentication system

Country Status (2)

Country Link
CN (1) CN101304365B (en)
WO (1) WO2008134918A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101739540B (en) * 2008-11-20 2013-01-16 北京大学深圳研究生院 Label reader-writer and data communication method and system of radio frequency label

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4687808B2 (en) * 2009-03-31 2011-05-25 ブラザー工業株式会社 Image transmission system
CN101888630B (en) * 2009-05-11 2014-06-11 华为终端有限公司 Authentication Method, system and device for switching access networks
CN103813324B (en) * 2012-11-07 2017-02-22 中国移动通信集团公司 Node signature method and mobile node access method of hierarchical MIPv6
CN106789996A (en) * 2016-12-12 2017-05-31 墨宝股份有限公司 A kind of smart power grid user access mandate control method
CN108282551B (en) * 2018-03-07 2021-04-09 成都众网行科技有限公司 Message identification processing method and device, monitoring equipment and readable storage medium
US11838428B2 (en) * 2021-12-20 2023-12-05 Nokia Technologies Oy Certificate-based local UE authentication
CN114844687B (en) * 2022-04-15 2024-07-09 深圳成谷科技有限公司 Authentication method, electronic equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1514657A (en) * 2002-12-31 2004-07-21 中国科学技术大学 Fast switching method between subnetworks used on MIPV6
CN1705285A (en) * 2004-05-31 2005-12-07 中国科学院声学研究所 Tunnel based mobile IPv6 quick switching method
CN1799241A (en) * 2003-06-03 2006-07-05 艾利森电话股份有限公司 IP mobility
CN1823545A (en) * 2003-06-27 2006-08-23 诺基亚公司 Enhanced fast handover procedures

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1514657A (en) * 2002-12-31 2004-07-21 中国科学技术大学 Fast switching method between subnetworks used on MIPV6
CN1799241A (en) * 2003-06-03 2006-07-05 艾利森电话股份有限公司 IP mobility
CN1823545A (en) * 2003-06-27 2006-08-23 诺基亚公司 Enhanced fast handover procedures
CN1705285A (en) * 2004-05-31 2005-12-07 中国科学院声学研究所 Tunnel based mobile IPv6 quick switching method

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101739540B (en) * 2008-11-20 2013-01-16 北京大学深圳研究生院 Label reader-writer and data communication method and system of radio frequency label

Also Published As

Publication number Publication date
CN101304365A (en) 2008-11-12
CN101304365B (en) 2012-12-12

Similar Documents

Publication Publication Date Title
US8738913B2 (en) Method of deriving and updating traffic encryption key
JP5597676B2 (en) Key material exchange
JP4682250B2 (en) Wireless router assisted security handoff (WRASH) in multi-hop wireless networks
WO2008134918A1 (en) Authentication method and authentication system
US20100281249A1 (en) Media independent handover protocol security
BRPI0716621A2 (en) AD-HOC NETWORK KEY MANAGEMENT
CN107181597B (en) PMIPv6 authentication system and method based on identity agent group signature
WO2010115326A1 (en) Wireless local area network terminal pre-authentication method and wireless local area network system
US20130196708A1 (en) Propagation of Leveled Key to Neighborhood Network Devices
WO2009097789A1 (en) Method and communication system for establishing security association
Hur et al. Security considerations for handover schemes in mobile WiMAX networks
WO2011120249A1 (en) Multicast key negotiation method suitable for group calling system and a system thereof
WO2007022727A1 (en) A method and system for transmitting authorization key context information
WO2011015060A1 (en) Extensible authentication protocol authentication method, base station and authentication server thereof
WO2011072513A1 (en) Method and system for establishing security connection between switch equipments
WO2012040949A1 (en) Method for fast handing over extensible authentication protocol (eap) authentication in mobile worldwide interoperability for microwave access (wimax) network
Park Two-way Handshake protocol for improved security in IEEE 802.11 wireless LANs
Sun et al. Efficient authentication schemes for handover in mobile WiMAX
Nguyen et al. An pre-authentication protocol with symmetric keys for secure handover in mobile WiMAX networks
Cao et al. Unified handover authentication between heterogeneous access systems in LTE networks
Taha et al. Formal analysis of the handover schemes in mobile WiMAX networks
Zheng et al. A dual authentication protocol for IEEE 802.11 wireless LANs
JP5015324B2 (en) Protection method and apparatus during mobile IPV6 fast handover
Soliman et al. An efficient application of a dynamic crypto system in mobile wireless security
Zhou et al. A symmetric key-based pre-authentication protocol for secure handover in mobile WiMAX networks

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07846065

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07846065

Country of ref document: EP

Kind code of ref document: A1