WO2019015387A1 - Group identity signature based pmipv6 anonymous access authentication system and method - Google Patents

Group identity signature based pmipv6 anonymous access authentication system and method Download PDF

Info

Publication number
WO2019015387A1
WO2019015387A1 PCT/CN2018/087570 CN2018087570W WO2019015387A1 WO 2019015387 A1 WO2019015387 A1 WO 2019015387A1 CN 2018087570 W CN2018087570 W CN 2018087570W WO 2019015387 A1 WO2019015387 A1 WO 2019015387A1
Authority
WO
WIPO (PCT)
Prior art keywords
mobile
mobile node
lma
access gateway
str
Prior art date
Application number
PCT/CN2018/087570
Other languages
French (fr)
Chinese (zh)
Inventor
高天寒
邓新洋
Original Assignee
东北大学
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 东北大学 filed Critical 东北大学
Publication of WO2019015387A1 publication Critical patent/WO2019015387A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3255Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Definitions

  • the invention belongs to the technical field of network security, and in particular relates to a PMIPV6 anonymous access authentication system and method based on identity group sign.
  • Mobile IPv6 ensures that mobile IPv6 nodes are always accessible regardless of where the mobile IPv6 device is located and whether other devices communicating with the mobile IPv6 device support Mobile IPv6.
  • Mobile IPv4 it has the advantages of larger address space, route optimization, ingress filtering and dynamic mobile agent discovery.
  • the proxy mobile IPv6 is characterized by simplifying the control of the network and reducing the user's participation in the mobility management process.
  • PMIPv6 has become a hot research topic.
  • the present invention provides a PMIPV6 anonymous access authentication system and method based on identity group sign.
  • An identity group-based PMIPV6 anonymous access authentication system includes: a third-party trust center STR and a plurality of PMIPv6 networks, each of which includes a local mobility anchor LMA, a plurality of mobile access gateways MAG, and PMIPv6 a plurality of mobile nodes MN moving within the network or between different PMIPv6 networks; the third-party trust center STR generates and issues public parameters;
  • the third-party trust center STR is trusted by all other entity members by default, accepts the registration request of the mobile node MN, the local mobility anchor LMA, and the mobile access gateway MAG, and issues public and private for the mobile access gateway MAG and the local mobility anchor LMA in the PMIPv6 network. Key pair, and as a group owner, issue a group member certificate for the mobile node MN;
  • the mobile access gateway MAG represents the group using the mobile node MN between the PMIPv6 network and the mobile node MN
  • the member certificate generates a group signature, and the common signature of the mobile access gateway MAG performs mutual authentication.
  • the mobile access gateway MAG sends the group membership certificate of the legitimate mobile node MN to the local mobile connected thereto.
  • the anchor LMA calculates the anonymous public key of the mobile node MN to ensure the handover access of the legitimate mobile node MN;
  • the mobile node MN When the mobile node MN switches between the mobile access gateways MAG in the same PMIPv6 network, the mobile node MN calculates the pseudonym and the private key of the mobile node MN according to the anonymous public key and the group member certificate issued by the local mobile anchor LMA, and The identity of the pseudonym is used to implement handover authentication within the PMIPv6 network.
  • the method for performing the identity group-based PMIPV6 anonymous access authentication by using the system includes:
  • Step 1 The third-party trust center STR generates and publishes public parameters
  • Step 2 The mobile node MN, the local mobility anchor LMA, and the mobile access gateway MAG apply for registration with the third-party trust center STR, and issue a public-private key pair for the mobile access gateway MAG and the local mobility anchor LMA in the PMIPv6 network, and serve as the group owner. Issue a group member certificate for the mobile node MN;
  • Step 3 Monitor the status of the mobile node MN in each PMIPv6 network: if the mobile node MN is in the initial state, that is, the state when the mobile node MN first accesses the PMIPv6 network, perform step 4; if the mobile node MN is in the same PMIPv6 network Move state, go to step 5;
  • Step 4 Initial access authentication between the mobile node MN and the mobile node MN when the mobile node MN first accesses the mobile access gateway MAG in the PMIPv6 network: the mobile access gateway MAG uses the mobile node between the PMIPv6 network and the mobile node MN The group member certificate of the MN generates a group signature, and the common signature of the mobile access gateway MAG performs mutual authentication. After the mobile access gateway MAG authentication is completed, the mobile access gateway MAG sends the group membership certificate of the legal mobile node MN to the connection.
  • the local mobile anchor LMA calculates the anonymous public key of the mobile node MN to ensure the handover access of the legitimate mobile node MN;
  • Step 5 When the mobile node MN switches between the mobile access gateways MAG in the same PMIPv6 network, the mobile node MN calculates the pseudonym and the private key of the mobile node MN according to the anonymous public key and the group member certificate issued by the local mobility anchor LMA.
  • the pseudo-name is used to implement the handover authentication in the PMIPv6 network.
  • the mobile node M applies for registration to the third party trust center STR as follows:
  • the mobile node MN sends the ciphertext C MN-STR to the third party trust center STR;
  • the third party trust center STR sends the ciphertext C STR-MN to the MN;
  • the mobile node MN decrypts the ciphertext C STR-MN and verifies the random number N 1 in the ciphertext C STR-MN , if the verification succeeds, The storage group member certificate Cert MN_i , at this time, the registration process of the mobile node MN is completed, and if the verification is unsuccessful, the registration fails.
  • the local mobile anchor LMA and the mobile access gateway MAG apply to the third party trust center STR for registration as follows:
  • the local mobility anchor LMA and the mobile access gateway MAG select a random number r MN/MAG ⁇ Z * q , a random number N 2 ⁇ Z * q , a local mobility anchor LMA, and a mobile access gateway MAG and a third-party trust center STR
  • the shared key K LMA/MAG-STR ; the local mobile anchor LMA and the mobile access gateway MAG calculate r MN/MAG P; and use the public key PK STR of the third-party trust center STR to connect the local mobile anchor LMA and mobile Shared key K LMA/MAG-STR , r LMA/MA GP, and random number N 2 between the identity identifier ID LMA/MAG of the gateway MAG, the local mobility anchor LMA, and the mobile access gateway MAG and the third party trust center STR Do encryption and get ciphertext C LMA/MAG-STR ;
  • the local mobility anchor LMA and the mobile access gateway MAG send the ciphertext C LMA/MAG-STR to the third party trust center STR;
  • the validity period of the private key SK LMA/MAG of the LMA and the mobile access gateway MAG; the ciphertext C STR-LMA/MAG is obtained by encrypting SK LMA/MAG with the shared key K MN-STR , EXP LMA/MAG and N 2 ;
  • the third party trust center STR sends the ciphertext C STR-LMA/MAG to the local mobility anchor LMA and the mobile access gateway MAG;
  • the local mobility anchor LMA and the mobile access gateway MAG decrypt the ciphertext C STR-MN and verify the randomness in the ciphertext C STR-MN .
  • the number N 2 if the verification is successful, stores the private key SK LMA/MAG of the local mobile anchor LMA and the mobile access gateway MAG and the expiration date EXPMA/MAG , at which time the registration process of the local mobility anchor LMA and the mobile access gateway MAG is completed. If the verification is unsuccessful, the registration fails.
  • the step 4 includes:
  • Step 4.1 The mobile node MN selects the random number N 3 , x i P, and generates the group signature Sign MN by the group member certificate Cert MN_i corresponding to N 3 and x i P with the time stamp T 1 ;
  • Step 4.2 The mobile node MN sends the group signature Sign MN , the group member certificate Cert MN_i , the timestamp T 1 and the random number N 3 to the mobile access gateway MAG1;
  • Step 4.3 The mobile access gateway MAG1 verifies the timestamp TS 1 sent by the mobile node MN: if the timestamp TS 1 is not fresh, the mobile access gateway MAG1 rejects the access request of the mobile node MN, otherwise the mobile access gateway MAG1 verifies group membership certificate sent by the mobile node MN Cert MN_i and group signature Sign MN: If not legal, the mobile access gateway MAG1 refuse the access request of the mobile node MN, otherwise step 4.4;
  • Step 4.4 The mobile access gateway MAG1 sends the group member certificate Cert MN_i of the mobile node MN to the local mobility anchor LMA;
  • Step 4.5 The local mobility anchor LMA calculates the anonymous public key of the mobile node MN by using the information in the mobile node MN group member certificate Cert MN_i And the shared key K LMA- MN between the local mobility anchor LMA and the mobile node MN, the local mobility anchor LMA uses the shared key K LMA-MN to calculate the ciphertext C LMA-MN containing the anonymous public key of the mobile node MN ; Mobile anchor LMA storage group member certificate Cert MN_i and corresponding shared key K LMA-MN ;
  • Step 4.6 The local mobility anchor LMA sends the ciphertext C LMA-MN and r LMA P back to the mobile access gateway MAG1;
  • Step 4.7 The mobile access gateway MAG1 first selects the random number N4, and then uses its own private key SK MAG1 to identify the identity ID of the mobile access gateway MAG1, MAG1 , the local mobility anchor LMA, the identity ID LMA , r MAG1 P, r LMA. P, the expiration date EXP MAG1 , the current timestamp T 2 is signed to obtain the signature Sign MAG1 , and then the shared key K MAG1-MN between the mobile node MN and the mobile access gateway MAG1 is calculated, and finally encrypted using the shared key K MAG1-MN
  • the ciphertext C MAG1-MN is obtained by random numbers N 3 and N 4 ;
  • Step 4.8 The mobile access gateway MAG1 sends the signature Sign MAG1 , the ciphertext C MAG1-MN , the C LMA-MN and the ID MAG1 , the ID LMA , the r MAG1 P, the r LMA P, the EXP MAG1 and the T 2 to the mobile node MN. ;
  • Step 4.9 The mobile node MN verifies the timestamp T 2 sent by the mobile access gateway MAG1: if the timestamp T 2 is not fresh, the mobile node MN stops the access request, otherwise the mobile node MN verifies the private key of the mobile access gateway MAG1 Validity period EXP MAG1 , if not within the validity period, the mobile node MN stops the access request, otherwise the mobile node MN verifies the validity of the mobile access gateway MAG1 signature Sign MAG1 , if not, the mobile node MN stops the access request, otherwise
  • the mobile node MN calculates the shared key K MN-MAG1 , K MN- LMA between the mobile access gateway MAG1 and the local mobility anchor LMA; decrypts the ciphertext C MAG1-MN using the shared key K MN-MAG1 to confirm the random number N 3 and obtain N 4 , decrypt the ciphertext C LMA-MN , obtain the anonymous public key of the mobile node MN And save a
  • Step 4.10 The mobile node MN sends the ciphertext C MN-MAG1 to the mobile access gateway MAG1;
  • Step 4.11 after receiving the ciphertext C MN-MAG1, first Mobile Access Gateway MAG1 using the shared key K MN-MAG1 decryption C MN-MAG1 obtains the random number, if the random number is equal to N 4, the authentication is successful, the mobile The authentication relationship between the access gateway MAG1 and the mobile node MN is established. Otherwise, the authentication fails, and the mobile access gateway MAG1 rejects the access request of the mobile node MN.
  • the step 5 includes:
  • Step 5.1 The mobile node MN randomly selects S MN ⁇ Z * q to calculate the pseudonym of the mobile node MN And the private key of the mobile node MN The mobile node MN selects the random number N 5 and applies the private key to the random number N 5 , the time stamp T 3 , and the group member certificate Cert MN_i The signature is signed by Sign MN ;
  • Step 5.2 The mobile node MN will sign Sign MN , pseudonym
  • the timestamp T 3 , the group member certificate Cert MN_i and the random number N 5 are sent together to the mobile access gateway MAG2;
  • Step 5.3 Mobile Access Gateway MAG2 to verify the time stamp T 3 sent by the mobile node MN, if the timestamp T 3 is not fresh, the Mobile Access Gateway MAG2 reject the access request of the mobile node MN, mobile access gateway or verification MAG2 Sign the mobile node MN MN signature transmitted, if not legal, the mobile access gateway MAG2 reject the access request of the mobile node MN, otherwise step 5.4;
  • Step 5.4 The mobile access gateway MAG2 sends the group member certificate Cert MN_i of the mobile node MN and the negotiation key parameter r MAG2 P of the mobile access gateway MAG2 to the local mobility anchor LMA;
  • Step 5.5 The local mobility anchor LMA takes the shared key K LMA-MN according to the group member certificate Cert MN_i , and encrypts the key negotiation parameter r MAG2 P of the mobile access gateway MAG2 by using the shared key to obtain the ciphertext C LMA-MN ;
  • Step 5.6 The local mobility anchor LMA sends the ciphertext C LMA-MN back to the mobile access gateway MAG2;
  • Step 5.7 The mobile access gateway MAG2 selects the random number N 6 , calculates the shared key K MAG2-MN , and encrypts the random number N 5 , N 6 and the time stamp T 4 using the shared key to obtain the ciphertext C MAG2-MN ;
  • Step 5.8 The mobile access gateway MAG2 sends the ciphertext C LMA-MN and the ciphertext C MAG2-MN to the mobile node MN;
  • Step 5.9 The mobile node MN decrypts the ciphertext C LMA- MN by using the shared key K MN-LMA to obtain the shared negotiation key of the mobile access gateway MAG2, and then the mobile node MN calculates the shared negotiation key according to the mobile access gateway MAG2.
  • the shared key K MN-MAG2 of the mobile node MN and the mobile access gateway MAG2 decrypts the ciphertext C MAG2-MN according to the shared key K MN-MAG2 to obtain random numbers N 5 , N 6 , if the random number N 5 If the verification fails, the mobile node MN stops the access request. Otherwise, the mobile node MN encrypts the random number N 6 using the shared key K MN-MAG2 to obtain the ciphertext C MN-MAG2 ;
  • Step 5.10 The mobile node MN sends the ciphertext C MN-MAG2 to the mobile access gateway MAG2;
  • Step 5.11 The mobile access gateway MAG2 decrypts the ciphertext C MN- MAG2 using the shared key K MN-MAG2 to obtain a random number. If the random number is equal to N 6 , the authentication is successful, and between the mobile access gateway MAG2 and the mobile node MN. The authentication relationship is established, otherwise the authentication fails, and the mobile access gateway MAG2 rejects the access request of the mobile node MN.
  • the invention applies the identity-based proxy signature scheme in the mobile management process of the PMIPv6 protocol, cancels the public key certificate based on the application of the identity group signature technology, reduces the storage and legality verification of the public key certificate, and realizes the mobile node.
  • MN's anonymity protects MN's privacy.
  • the hierarchical design ensures a clear division of labor between entities, reducing the computational and certification costs of STR and LMA. Our solution ensures both the security of the certification process and the high efficiency.
  • FIG. 1 is a structural diagram of an identity group-based PMIPv6 anonymous access authentication system according to an embodiment of the present invention
  • FIG. 2 is a schematic diagram of a process for applying for registration by a mobile node MN to a third-party trust center STR according to an embodiment of the present invention
  • FIG. 3 is a schematic diagram of a process for applying for registration by a local mobility anchor LMA or a mobile access gateway MAG to a third-party trust center STR according to an embodiment of the present invention
  • FIG. 4 is a schematic flowchart of a mobile node MN accessing a mobile access gateway MAG1 in a PMIPv6 network for the first time according to an embodiment of the present invention
  • FIG. 5 is a schematic flowchart of an intra-domain access authentication process according to an embodiment of the present invention.
  • the PMIPv6 anonymous access authentication system and method based on the identity group sign are applied to the PMIPv6 network access authentication link, and the user access authentication is fully protected, and the security and efficiency of the authentication process are fully protected.
  • the identity group-based PMIPv6 anonymous access authentication system shown in FIG. 1 includes: a third-party trust center STR and a plurality of PMIPv6 networks, each of which includes a Local Mobility Anchor (LMA) (LMA1).
  • LMA Local Mobility Anchor
  • LMA2 LMA2
  • MAGs mobile access gateways
  • MN moving between PMIPv6 networks or between different PMIPv6 networks
  • third-party trust centers STR through the network
  • the local mobility anchor LMA connection, the local mobility anchor LMA connects to the mobile access gateway MAG.
  • the architecture of the whole system is divided into four layers: the first layer is the System-trust root (STR), which acts as a third-party trust center and is trusted by default for all entity members in the PMIPv6 network; generates and publishes public parameters. The identity of all entities in the PMIPv6 network is reviewed, and public and private key pairs are issued for all entity members in the PMIPv6 network, and the third-party trust center uses the identity-based group signature mechanism as the group owner to issue group membership certificates to the legal mobile node MN to ensure The implementation of the subsequent anonymous access process of the mobile node MN; the second layer is the local mobility anchor LMA, which is respectively connected with the third-party trust center STR and the mobile access gateway MAG, and establishes a bidirectional tunnel with the mobile access gateway MAG to forward the data packet.
  • STR System-trust root
  • the third layer is the mobile access gateway MAG, instead of the mobile node MN Mobile state management, using the private key issued by the third-party trust center STR to calculate the signature of the PMIPv6 network in which the signature represents the mutual authentication with the mobile node MN, ensuring the access of the legitimate mobile node MN, and ensuring the local mobile anchor LMA and the mobile node MN.
  • the fourth layer is the mobile node MN, which is a mobile device that is switched from a subnet composed of one PMIPv6 network or mobile access gateway MAG to another subnet composed of PMIPv6 network or mobile access gateway MAG.
  • the network (the PMIPv6 network initially accessed by the mobile node MN) and the foreign network (the PMIPv6 network accessed by the subsequent mobile node MN) roam or switch between different mobile access gateways MAG, through mutual interaction with the mobile access gateway MAG Authentication to access the PMIPv6 network and exchange information to ensure the security and reliability between the two parties.
  • the mobile access gateway MAG represents the group using the mobile node MN between the PMIPv6 network and the mobile node MN
  • the member certificate generates a group signature
  • the common signature of the mobile access gateway MAG performs mutual authentication.
  • the mobile access gateway MAG sends the group membership certificate of the legitimate mobile node MN to the local mobile connected thereto.
  • the anchor LMA calculates the anonymous public key of the mobile node MN to ensure the handover access of the legitimate mobile node MN.
  • the mobile node MN When the mobile node MN switches between the mobile access gateways MAG in the same PMIPv6 network, the mobile node MN calculates the pseudonym and the private key of the mobile node MN according to the anonymous public key and the group member certificate issued by the local mobile anchor LMA, and The identity of the pseudonym is used to implement handover authentication within the PMIPv6 network.
  • IDGS scheme IDGS scheme
  • Dan Boneh Dan Boneh
  • Ben Lynn Hovav Shacham et al.
  • short signature scheme referred to as IBS
  • the identity-based encryption scheme proposed by Dan B, Franklin M et al. is referred to as the BF scheme and the AES symmetric encryption scheme currently in common use.
  • a PMIPV6 anonymous access authentication method based on identity group signing comprising:
  • Step 1 The third-party trust center STR generates and publishes public parameters
  • H 1 three secure hash functions H 1 are defined: ⁇ 0, 1 ⁇ * ⁇ G 1 -> Z * q , H 2 : ⁇ 0, 1 ⁇ * ⁇ G 1 -> G 1 , H 3 : ⁇ 0, 1 ⁇ * -> G 1 ;
  • Step 2 The mobile node MN, the local mobility anchor LMA, and the mobile access gateway MAG apply for registration with the third-party trust center STR, and issue a public-private key pair for the mobile access gateway MAG and the local mobility anchor LMA in the PMIPv6 network, and serve as the group owner. Issue a group member certificate for the mobile node MN;
  • the mobile node MN sends the ciphertext C MN-STR to the third party trust center STR;
  • the third party trust center STR sends the ciphertext C STR-MN to the MN;
  • the mobile node MN decrypts the ciphertext C STR-MN and verifies the random number N 1 in the ciphertext C STR-MN , if the verification succeeds, The storage group member certificate Cert MN_i , at this time, the registration process of the mobile node MN is completed, and if the verification is unsuccessful, the registration fails.
  • the local mobility anchor LMA and the mobile access gateway MAG select a random number r MN/MAG ⁇ Z * q , a random number N 2 ⁇ Z * q , a local mobility anchor LMA, and a mobile access gateway MAG and a third-party trust center STR
  • the shared key K LMA/MAG-STR ; the local mobile anchor LMA and the mobile access gateway MAG calculate r MN/MAG P; and utilize the public key PK STR of the third-party trust center STR, based on the design of Boneh D and Franklin
  • the local mobility anchor LMA and the mobile access gateway MAG send the ciphertext C LMA/MAG-STR to the third party trust center STR;
  • the third-party trust center STR After receiving the C LMA/MAG-STR , the third-party trust center STR decrypts the ciphertext C LMA/MAG-STR with its own private key SK STR and generates the private key SK LMA of the local mobile anchor LMA and the mobile access gateway MAG.
  • C STR-LMA/MAG Enc_AES_K STR-LMA/ using the EXP LMA/MAG and N 2 MAG ⁇ SK LMA/MAG , EXP LMA/MA , N 2 ⁇ ;
  • the third party trust center STR sends the ciphertext C STR-LMA/MAG to the local mobility anchor LMA and the mobile access gateway MAG;
  • the local mobility anchor LMA and the mobile access gateway MAG decrypt the ciphertext C STR-MN and verify the randomness in the ciphertext C STR-MN .
  • the number N 2 if the verification is successful, stores the private key SK LMA/MAG of the local mobile anchor LMA and the mobile access gateway MAG and the expiration date EXPMA/MAG , at which time the registration process of the local mobility anchor LMA and the mobile access gateway MAG is completed. If the verification is unsuccessful, the registration fails.
  • Step 3 Monitor the status of the mobile node MN in each PMIPv6 network: if the mobile node MN is in the initial state, that is, the state when the mobile node MN first accesses the PMIPv6 network, perform step 4; if the mobile node MN is in the same PMIPv6 network Move state, go to step 5;
  • Step 4 The mobile node MN first accesses the mobile access gateway MAG in the PMIPv6 network, and the initial access authentication between the mobile access gateway MAG and the mobile node MN;
  • the mobile terminal MN accesses the mobile access gateway MAG1 in the PMIPv6 network for the first time.
  • the step 4, as shown in FIG. 4, includes:
  • Step 4.2 The mobile node MN sends the group signature Sign MN , the certificate Cert MN_i , the timestamp T 1 and the random number N 3 to the mobile access gateway MAG1;
  • Step 4.3 The mobile access gateway MAG1 verifies the timestamp TS 1 sent by the mobile node MN: if the timestamp TS 1 is not fresh, the mobile access gateway MAG1 rejects the access request of the mobile node MN, otherwise the mobile access gateway MAG1 verifies certificate sent by the mobile node MN and group signature Cert MN_i Sign MN: if not valid, the mobile access gateway MAG1 reject the access request of the mobile node MN, otherwise step 4.4;
  • Step 4.4 The mobile access gateway MAG1 sends the certificate Cert MN_i of the mobile node MN to the local mobility anchor LMA;
  • Step 4.6 The local mobility anchor LMA sends the ciphertext C LMA-MN and r LMA P back to the mobile access gateway MAG1;
  • Step 4.7 After receiving the message from the local mobility anchor LMA, the mobile access gateway MAG1 first selects the random number N4, and then uses its own private key SK MAG1 to identify the identity ID MAG1 of the mobile access gateway MAG1 and the local mobility anchor LMA.
  • Step 4.8 The mobile access gateway MAG1 sends the signature Sign MAG1 , the ciphertext C MAG1-MN , the C LMA-MN and the ID MAG1 , the ID LMA , the r MAG1 P, the r LMA P, the EXP MAG1 and the T 2 to the mobile node MN. ;
  • Step 4.10 The mobile node MN sends the ciphertext C MN-MAG1 to the mobile access gateway MAG1;
  • Step 4.11 after receiving the ciphertext C MN-MAG1, first Mobile Access Gateway MAG1 using the shared key K MN-MAG1 decryption C MN-MAG1 obtains the random number, if the random number is equal to N 4, the authentication is successful, the mobile The authentication relationship between the access gateway MAG1 and the mobile node MN is established. Otherwise, the authentication fails, and the mobile access gateway MAG1 rejects the access request of the mobile node MN.
  • Step 5 The mobile access gateway MAG that is currently connected sends the shared key between itself and the mobile node MN to the mobile access gateway MAG to be accessed in the same PMIPv6 network, and performs handover authentication in the PMIPv6 network;
  • Step 5 includes:
  • Step 5.2 The mobile node MN will sign SignMN, pseudonym
  • the timestamp T 3 , the certificate Cert MN_i and the random number N 5 are sent together to the mobile access gateway MAG2;
  • Step 5.3 Mobile Access Gateway MAG2 to verify the time stamp T 3 sent by the mobile node MN, if the timestamp T 3 is not fresh, the Mobile Access Gateway MAG2 reject the access request of the mobile node MN, mobile access gateway or verification MAG2 Sign the mobile node MN MN signature transmitted, if not legal, the mobile access gateway MAG2 reject the access request of the mobile node MN, otherwise step 5.4;
  • Step 5.4 The mobile access gateway MAG2 sends the certificate Cert MN_i of the mobile node MN and the negotiation key parameter r MAG2 P of the mobile access gateway MAG2 to the local mobility anchor LMA;
  • Step 5.6 The local mobility anchor LMA sends the ciphertext C LMA-MN back to the mobile access gateway MAG2;
  • Step 5.8 The mobile access gateway MAG2 sends the ciphertext C LMA-MN and the ciphertext C MAG2-MN to the mobile node MN;
  • Step 5.9 The mobile node MN decrypts the ciphertext C LMA- MN by using the shared key K MN-LMA to obtain the shared negotiation key of the mobile access gateway MAG2, and then the mobile node MN calculates the shared negotiation key according to the mobile access gateway MAG2.
  • Step 5.10 The mobile node MN sends the ciphertext C MN-MAG2 to the mobile access gateway MAG2;
  • Step 5.11 The mobile access gateway MAG2 decrypts the ciphertext C MN- MAG2 using the shared key K MN-MAG2 to obtain a random number. If the random number is equal to N 6 , the authentication is successful, and between the mobile access gateway MAG2 and the mobile node MN. The authentication relationship is established, otherwise the authentication fails, and the mobile access gateway MAG2 rejects the access request of the mobile node MN.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention provides a group identity signature based PMIPV6 anonymous access authentication system and a method. The method comprises: accepting by a third-party trusted center applications for registration from mobile nodes, local mobility anchors and mobile access gateways, issuing public and private key pairs for the mobile access gateways in PMIPv6 networks and the local mobility anchors, and as a group owner, issuing group membership certificates for the mobile nodes; implementing initial access authentication on the mobile nodes when the mobile nodes access for the first time the mobile access gateways in the PMIPv6 networks; and when the mobile nodes are switched among the mobile access gateways in the same PMIPv6 network, calculating by the mobile nodes pseudonyms and private keys of the mobile nodes according to anonymous public keys issued by the local mobility anchors and the group membership certificates, and implementing switching authentication in the PMIPv6 network by an identity of the pseudonyms. According to the present invention, an identity-based agent signature solution is applied to the mobile management process of a PMIPv6 protocol, and a public key certificate is canceled by using a group identity signature technology, thus reducing the storage and the authentication of the legality of the public key certificate, achieving the anonymity of mobile nodes, and realizing privacy protection.

Description

一种基于身份群签的PMIPV6匿名接入认证系统及方法PMIPV6 anonymous access authentication system and method based on identity group signing 技术领域Technical field
本发明属于网络安全技术领域,特别涉及一种基于身份群签的PMIPV6匿名接入认证系统及方法。The invention belongs to the technical field of network security, and in particular relates to a PMIPV6 anonymous access authentication system and method based on identity group sign.
背景技术Background technique
近几年来,网络已经成为人们日常生活中非常重要的一部分。伴随着无线移动设备的快速成长,人们可以在任何时候任何地点借助移动设备实现网络的接入,体验不同类型的网络服务。移动IPv6保证了不论移动IPv6设备位于何处以及与移动IPv6设备通信的其他设备是否支持移动IPv6,都始终可以对移动IPv6节点进行访问。与移动IPv4相比其具有更大的地址空间,路由优化,入口过滤及动态移动代理发现等优点。代理移动IPv6作为移动IPv6的扩展,最大的特点是简化了网络端的控制,减少了用户参与移动性管理的过程。同时由于其较短的切换延迟与较低的信令开销,PMIPv6越来越成为人们研究的热点。In recent years, the Internet has become a very important part of people's daily lives. With the rapid growth of wireless mobile devices, people can access the network and experience different types of network services at any time and with the help of mobile devices. Mobile IPv6 ensures that mobile IPv6 nodes are always accessible regardless of where the mobile IPv6 device is located and whether other devices communicating with the mobile IPv6 device support Mobile IPv6. Compared with mobile IPv4, it has the advantages of larger address space, route optimization, ingress filtering and dynamic mobile agent discovery. As the extension of mobile IPv6, the proxy mobile IPv6 is characterized by simplifying the control of the network and reducing the user's participation in the mobility management process. At the same time, due to its short handover delay and low signaling overhead, PMIPv6 has become a hot research topic.
然而,为了使PMIPv6能够快速普及,其不得不面对诸如中间人攻击,重放攻击,拒绝服务攻击,伪装攻击等一系列安全威胁,如何保证该网络实体的隐私及通信安全则成为了其必须要面对的问题。为了解决这一问题,许多专家学者采用集中式认证方式来解决这一问题,所谓集中式认证,即每一次PMIPv6实体之间的相互认证,都要通过AAA服务器。这就加大了AAA服务器的认证压力,同时由于认证信息需要远距离传输,这就导致了实体等待确认时间过长;为了解决这个难题,无需AAA服务器直接参与的本地认证服务被提出,但在此过程中,为了证明实体身份的合法性,这些方案在认证过程中还要直接或间接的验证来自AAA服务器的证书的合法性,这不仅对证书的保存的安全性提出了要求,还造成了相对较高的计算代价。同时在上述方案中大多数方案移动实体的真实身份是完全暴露给对方的,利用被暴露的真实身份,敌手可以准确知晓合法移动实体的位置信息及移动状态,同时敌手更容易伪装成合法实体进行非法接入。However, in order to make PMIPv6 popular, it has to face a series of security threats such as man-in-the-middle attacks, replay attacks, denial of service attacks, and camouflage attacks. How to ensure the privacy and communication security of the network entity becomes a necessity. The problem facing. In order to solve this problem, many experts and scholars use a centralized authentication method to solve this problem. The so-called centralized authentication, that is, each mutual authentication between PMIPv6 entities, must pass through the AAA server. This increases the authentication pressure of the AAA server, and because the authentication information needs to be transmitted over long distances, this causes the entity to wait for the confirmation time to be too long; in order to solve this problem, the local authentication service without the direct participation of the AAA server is proposed, but In this process, in order to prove the legality of the entity identity, these schemes must directly or indirectly verify the validity of the certificate from the AAA server during the authentication process, which not only requires the security of the certificate to be preserved, but also causes A relatively high computational cost. At the same time, in most of the above schemes, the real identity of the mobile entity is completely exposed to the other party. With the exposed real identity, the adversary can accurately know the location information and the mobile state of the legal mobile entity, and the adversary is more likely to disguise as a legal entity. Illegal access.
发明内容Summary of the invention
针对现有技术存在的不足,本发明提供基于身份群签的PMIPV6匿名接入认证系统及方法。In view of the deficiencies of the prior art, the present invention provides a PMIPV6 anonymous access authentication system and method based on identity group sign.
本发明的技术方案如下:The technical solution of the present invention is as follows:
一种基于身份群签的PMIPV6匿名接入认证系统,包括:第三方信任中心STR和若干个PMIPv6网络,每个PMIPv6网络内包括一个本地移动锚LMA,若干个移动接入网关MAG, 以及在PMIPv6网络内或不同PMIPv6网络间移动的若干个移动节点MN;第三方信任中心STR生成并发布公共参数;An identity group-based PMIPV6 anonymous access authentication system includes: a third-party trust center STR and a plurality of PMIPv6 networks, each of which includes a local mobility anchor LMA, a plurality of mobile access gateways MAG, and PMIPv6 a plurality of mobile nodes MN moving within the network or between different PMIPv6 networks; the third-party trust center STR generates and issues public parameters;
第三方信任中心STR对于所有其他实体成员默认可信,接受移动节点MN、本地移动锚LMA和移动接入网关MAG的注册申请,为PMIPv6网络内的移动接入网关MAG、本地移动锚LMA颁发公私钥对,并且作为群主为移动节点MN颁发群成员证书;The third-party trust center STR is trusted by all other entity members by default, accepts the registration request of the mobile node MN, the local mobility anchor LMA, and the mobile access gateway MAG, and issues public and private for the mobile access gateway MAG and the local mobility anchor LMA in the PMIPv6 network. Key pair, and as a group owner, issue a group member certificate for the mobile node MN;
移动节点MN首次接入PMIPv6网络内的移动接入网关MAG时与移动节点MN之间初始接入认证:移动接入网关MAG代表其所在的PMIPv6网络与移动节点MN之间利用移动节点MN的群成员证书生成群签名,移动接入网关MAG的普通签名进行相互认证,在移动接入网关MAG认证完成后,移动接入网关MAG将合法的移动节点MN的群成员证书发送给与其连接的本地移动锚LMA计算移动节点MN的匿名公钥,保证合法的移动节点MN的切换接入;Initial access authentication between the mobile node MN and the mobile node MN when the mobile node MN first accesses the mobile access gateway MAG in the PMIPv6 network: the mobile access gateway MAG represents the group using the mobile node MN between the PMIPv6 network and the mobile node MN The member certificate generates a group signature, and the common signature of the mobile access gateway MAG performs mutual authentication. After the mobile access gateway MAG authentication is completed, the mobile access gateway MAG sends the group membership certificate of the legitimate mobile node MN to the local mobile connected thereto. The anchor LMA calculates the anonymous public key of the mobile node MN to ensure the handover access of the legitimate mobile node MN;
移动节点MN在同一PMIPv6网络内的移动接入网关MAG之间切换时,移动节点MN根据由本地移动锚LMA颁发的匿名公钥、群成员证书计算移动节点MN的假名和私钥,并以该假名的身份来实现PMIPv6网络内切换认证。When the mobile node MN switches between the mobile access gateways MAG in the same PMIPv6 network, the mobile node MN calculates the pseudonym and the private key of the mobile node MN according to the anonymous public key and the group member certificate issued by the local mobile anchor LMA, and The identity of the pseudonym is used to implement handover authentication within the PMIPv6 network.
采用所述的系统进行基于身份群签的PMIPV6匿名接入认证的方法,包括:The method for performing the identity group-based PMIPV6 anonymous access authentication by using the system includes:
步骤1:第三方信任中心STR生成并发布公共参数;Step 1: The third-party trust center STR generates and publishes public parameters;
步骤2:移动节点MN、本地移动锚LMA和移动接入网关MAG向第三方信任中心STR申请注册,为PMIPv6网络内的移动接入网关MAG、本地移动锚LMA颁发公私钥对,并且作为群主为移动节点MN颁发群成员证书;Step 2: The mobile node MN, the local mobility anchor LMA, and the mobile access gateway MAG apply for registration with the third-party trust center STR, and issue a public-private key pair for the mobile access gateway MAG and the local mobility anchor LMA in the PMIPv6 network, and serve as the group owner. Issue a group member certificate for the mobile node MN;
步骤3:监测各PMIPv6网络内移动节点MN所处的状态:如果移动节点MN处于初始状态即移动节点MN首次接入PMIPv6网络时的状态,则执行步骤4;如果移动节点MN处于同一PMIPv6网络内的移动状态,则执行步骤5;Step 3: Monitor the status of the mobile node MN in each PMIPv6 network: if the mobile node MN is in the initial state, that is, the state when the mobile node MN first accesses the PMIPv6 network, perform step 4; if the mobile node MN is in the same PMIPv6 network Move state, go to step 5;
步骤4:移动节点MN首次接入PMIPv6网络内的移动接入网关MAG时与移动节点MN之间初始接入认证:移动接入网关MAG代表其所在的PMIPv6网络与移动节点MN之间利用移动节点MN的群成员证书生成群签名,移动接入网关MAG的普通签名进行相互认证,在移动接入网关MAG认证完成后,移动接入网关MAG将合法的移动节点MN的群成员证书发送给与其连接的本地移动锚LMA计算移动节点MN的匿名公钥,保证合法的移动节点MN的切换接入;Step 4: Initial access authentication between the mobile node MN and the mobile node MN when the mobile node MN first accesses the mobile access gateway MAG in the PMIPv6 network: the mobile access gateway MAG uses the mobile node between the PMIPv6 network and the mobile node MN The group member certificate of the MN generates a group signature, and the common signature of the mobile access gateway MAG performs mutual authentication. After the mobile access gateway MAG authentication is completed, the mobile access gateway MAG sends the group membership certificate of the legal mobile node MN to the connection. The local mobile anchor LMA calculates the anonymous public key of the mobile node MN to ensure the handover access of the legitimate mobile node MN;
步骤5:移动节点MN在同一PMIPv6网络内的移动接入网关MAG之间切换时,移动节点MN根据由本地移动锚LMA颁发的匿名公钥、群成员证书计算移动节点MN的假名和私钥,并以该假名的身份来实现PMIPv6网络内切换认证。Step 5: When the mobile node MN switches between the mobile access gateways MAG in the same PMIPv6 network, the mobile node MN calculates the pseudonym and the private key of the mobile node MN according to the anonymous public key and the group member certificate issued by the local mobility anchor LMA. The pseudo-name is used to implement the handover authentication in the PMIPv6 network.
所述移动节点M向第三方信任中心STR申请注册如下:The mobile node M applies for registration to the third party trust center STR as follows:
首先,移动节点MN选择随机数r MN∈Z * q、随机数N 1∈Z * q、移动节点MN与第三方信任中心STR之间的共享密钥K MN-STR以及多个随机数x i∈Z * q(i=1…n);移动节点MN计算申请加入第三方信任中心STR作为群主的群变量M={r MNx iP,x iP,r MNP};移动节点MN利用第三方信任中心STR的公钥PK STR,将移动节点MN的身份标识ID MN、移动节点MN与第三方信任中心STR之间的共享密钥K MN-STR、群变量M以及随机数N 1做加密,得到密文C MN-STRFirst, the mobile node MN selects the random number r MN ∈Z * q , the random number N 1 ∈Z * q , the shared key K MN-STR between the mobile node MN and the third-party trust center STR, and a plurality of random numbers x i ∈Z * q (i=1...n); the mobile node MN calculates a group variable M={r MN x i P,x i P,r MN P} applied to join the third-party trust center STR as the group owner; the mobile node MN Using the public key PK STR of the third-party trust center STR, the shared key K MN-STR , the group variable M, and the random number N 1 between the identity ID MN of the mobile node MN, the mobile node MN, and the third-party trust center STR Do encryption and get ciphertext C MN-STR ;
然后,移动节点MN将密文C MN-STR发送给第三方信任中心STR; Then, the mobile node MN sends the ciphertext C MN-STR to the third party trust center STR;
第三方信任中心STR运用自己的私钥SK STR解密密文C MN-STR,并且生成移动节点MN作为群成员的多个群成员证书Cert MN_i={S i,EXP MN,r MNx iP}(i…n),其中S i=SK STRH 2(EXP MN,r MNx iP),EXP MN为群成员证书Cert MN_i的有效期;运用共享密钥K MN-STR加密N 1和Cert MN_i得到密文C STR-MNThe third-party trust center STR decrypts the ciphertext C MN- STR using its own private key SK STR and generates a plurality of group member certificates Cert MN_i = {S i , EXP MN , r MN x i P} of the mobile node MN as a group member (i...n), where S i =SK STR H 2 (EXP MN , r MN x i P), EXP MN is the validity period of the group member certificate Cert MN_i ; encrypting N 1 and Cert MN_i using the shared key K MN-STR Obtained ciphertext C STR-MN ;
然后,第三方信任中心STR将该密文C STR-MN发送给MN; Then, the third party trust center STR sends the ciphertext C STR-MN to the MN;
最后,移动节点MN在收到来自第三方信任中心STR的密文C STR-MN后,解密密文C STR-MN并验证密文C STR-MN中的随机数N 1,如果验证成功,则存储群成员证书Cert MN_i,此时移动节点MN的注册过程完成,如果验证不成功,则注册失败。 Finally, after receiving the ciphertext C STR-MN from the third-party trust center STR, the mobile node MN decrypts the ciphertext C STR-MN and verifies the random number N 1 in the ciphertext C STR-MN , if the verification succeeds, The storage group member certificate Cert MN_i , at this time, the registration process of the mobile node MN is completed, and if the verification is unsuccessful, the registration fails.
所述本地移动锚LMA和移动接入网关MAG向第三方信任中心STR申请注册如下:The local mobile anchor LMA and the mobile access gateway MAG apply to the third party trust center STR for registration as follows:
首先,本地移动锚LMA和移动接入网关MAG选择随机数r MN/MAG∈Z * q、随机数N 2∈Z * q、本地移动锚LMA和移动接入网关MAG与第三方信任中心STR之间的共享密钥K LMA/MAG-STR;本地移动锚LMA和移动接入网关MAG计算r MN/MAGP;并利用第三方信任中心STR的公钥PK STR,将本地移动锚LMA和移动接入网关MAG的身份标识ID LMA/MAG、本地移动锚LMA和移动接入网关MAG与第三方信任中心STR之间的共享密钥K LMA/MAG-STR、r LMA/MAGP以及随机数N 2做加密,得到密文C LMA/MAG-STRFirst, the local mobility anchor LMA and the mobile access gateway MAG select a random number r MN/MAG ∈Z * q , a random number N 2 ∈Z * q , a local mobility anchor LMA, and a mobile access gateway MAG and a third-party trust center STR The shared key K LMA/MAG-STR ; the local mobile anchor LMA and the mobile access gateway MAG calculate r MN/MAG P; and use the public key PK STR of the third-party trust center STR to connect the local mobile anchor LMA and mobile Shared key K LMA/MAG-STR , r LMA/MA GP, and random number N 2 between the identity identifier ID LMA/MAG of the gateway MAG, the local mobility anchor LMA, and the mobile access gateway MAG and the third party trust center STR Do encryption and get ciphertext C LMA/MAG-STR ;
然后,本地移动锚LMA和移动接入网关MAG将密文C LMA/MAG-STR发送给第三方信任中心STR; Then, the local mobility anchor LMA and the mobile access gateway MAG send the ciphertext C LMA/MAG-STR to the third party trust center STR;
第三方信任中心STR运用自己的私钥SK STR解密密文C LMA/MAG-STR,并且生成本地移动锚LMA和移动接入网关MAG的私钥SK LMA/MAG=SK STRPK LMA/MAG,其中公钥PK LMA/MAG=H 2(ID LMA/MAG||EXP LMA/MAG,r LMA/MAGP),H 2为第三方信任中心STR定义的哈希函数,EXP LMA/MAG表示本地移动锚LMA和移动接入网关MAG的私钥SK LMA/MAG的有效期;运用共享密钥K MN-STR加密SK LMA/MAG,EXP LMA/MAG和N 2得到密文C STR-LMA/MAGThe third-party trust center STR decrypts the ciphertext C LMA/MAG-STR with its own private key SK STR and generates the private key SK LMA/MAG =SK STR PK LMA/MAG of the local mobile anchor LMA and the mobile access gateway MAG , wherein Public key PK LMA/MAG =H 2 (ID LMA/MAG ||EXP LMA/MAG , r LMA/MA GP), H 2 is a hash function defined by the third-party trust center STR, and EXP LMA/MAG represents the local mobile anchor The validity period of the private key SK LMA/MAG of the LMA and the mobile access gateway MAG; the ciphertext C STR-LMA/MAG is obtained by encrypting SK LMA/MAG with the shared key K MN-STR , EXP LMA/MAG and N 2 ;
然后,第三方信任中心STR将该密文C STR-LMA/MAG发送给本地移动锚LMA和移动接入 网关MAG; Then, the third party trust center STR sends the ciphertext C STR-LMA/MAG to the local mobility anchor LMA and the mobile access gateway MAG;
最后,本地移动锚LMA和移动接入网关MAG在收到来自第三方信任中心STR的密文C STR-LMA/MAG后,解密密文C STR-MN并验证密文C STR-MN中的随机数N 2,如果验证成功,则存储本地移动锚LMA和移动接入网关MAG的私钥SK LMA/MAG和有效期EXP LMA/MAG,此时本地移动锚LMA和移动接入网关MAG的注册过程完成,如果验证不成功,则注册失败。 Finally, after receiving the ciphertext C STR-LMA/MAG from the third-party trust center STR, the local mobility anchor LMA and the mobile access gateway MAG decrypt the ciphertext C STR-MN and verify the randomness in the ciphertext C STR-MN . The number N 2 , if the verification is successful, stores the private key SK LMA/MAG of the local mobile anchor LMA and the mobile access gateway MAG and the expiration date EXPMA/MAG , at which time the registration process of the local mobility anchor LMA and the mobile access gateway MAG is completed. If the verification is unsuccessful, the registration fails.
所述步骤4,包括:The step 4 includes:
步骤4.1:移动节点MN选择随机数N 3、x iP,并将N 3、x iP对应的群成员证书Cert MN_i同时间戳T 1生成群签名Sign MNStep 4.1: The mobile node MN selects the random number N 3 , x i P, and generates the group signature Sign MN by the group member certificate Cert MN_i corresponding to N 3 and x i P with the time stamp T 1 ;
步骤4.2:移动节点MN将群签名Sign MN、群成员证书Cert MN_i、时间戳T 1和随机数N 3发送给移动接入网关MAG1; Step 4.2: The mobile node MN sends the group signature Sign MN , the group member certificate Cert MN_i , the timestamp T 1 and the random number N 3 to the mobile access gateway MAG1;
步骤4.3:移动接入网关MAG1验证移动节点MN发送的时间戳TS 1:若该时间戳TS 1不新鲜,则移动接入网关MAG1拒绝移动节点MN的接入请求,否则移动接入网关MAG1验证移动节点MN发送的群成员证书Cert MN_i及群签名Sign MN:如果不合法,则移动接入网关MAG1拒绝移动节点MN的接入请求,否则执行步骤4.4; Step 4.3: The mobile access gateway MAG1 verifies the timestamp TS 1 sent by the mobile node MN: if the timestamp TS 1 is not fresh, the mobile access gateway MAG1 rejects the access request of the mobile node MN, otherwise the mobile access gateway MAG1 verifies group membership certificate sent by the mobile node MN Cert MN_i and group signature Sign MN: If not legal, the mobile access gateway MAG1 refuse the access request of the mobile node MN, otherwise step 4.4;
步骤4.4:移动接入网关MAG1将移动节点MN的群成员证书Cert MN_i发送给本地移动锚LMA; Step 4.4: The mobile access gateway MAG1 sends the group member certificate Cert MN_i of the mobile node MN to the local mobility anchor LMA;
步骤4.5:本地移动锚LMA通过移动节点MN群成员证书Cert MN_i内的信息计算移动节点MN的匿名公钥
Figure PCTCN2018087570-appb-000001
和本地移动锚LMA与移动节点MN之间的共享密钥K LMA-MN,本地移动锚LMA利用该共享密钥K LMA-MN计算包含移动节点MN匿名公钥的密文C LMA-MN;本地移动锚LMA存储群成员证书Cert MN_i和对应的共享密钥K LMA-MNStep 4.5: The local mobility anchor LMA calculates the anonymous public key of the mobile node MN by using the information in the mobile node MN group member certificate Cert MN_i
Figure PCTCN2018087570-appb-000001
And the shared key K LMA- MN between the local mobility anchor LMA and the mobile node MN, the local mobility anchor LMA uses the shared key K LMA-MN to calculate the ciphertext C LMA-MN containing the anonymous public key of the mobile node MN ; Mobile anchor LMA storage group member certificate Cert MN_i and corresponding shared key K LMA-MN ;
步骤4.6:本地移动锚LMA将密文C LMA-MN和r LMAP发送回移动接入网关MAG1; Step 4.6: The local mobility anchor LMA sends the ciphertext C LMA-MN and r LMA P back to the mobile access gateway MAG1;
步骤4.7:移动接入网关MAG1首先选择随机数N4,然后利用自己的私钥SK MAG1将移动接入网关MAG1的身份标识ID MAG1、本地移动锚LMA的身份标识ID LMA、r MAG1P、r LMAP、有效期EXP MAG1、当前时间戳T 2进行签名得到签名Sign MAG1,然后计算移动节点MN与移动接入网关MAG1之间的共享密钥K MAG1-MN,最后运用共享密钥K MAG1-MN加密随机数N 3、N 4,得到密文C MAG1-MNStep 4.7: The mobile access gateway MAG1 first selects the random number N4, and then uses its own private key SK MAG1 to identify the identity ID of the mobile access gateway MAG1, MAG1 , the local mobility anchor LMA, the identity ID LMA , r MAG1 P, r LMA. P, the expiration date EXP MAG1 , the current timestamp T 2 is signed to obtain the signature Sign MAG1 , and then the shared key K MAG1-MN between the mobile node MN and the mobile access gateway MAG1 is calculated, and finally encrypted using the shared key K MAG1-MN The ciphertext C MAG1-MN is obtained by random numbers N 3 and N 4 ;
步骤4.8:移动接入网关MAG1将签名Sign MAG1、密文C MAG1-MN、C LMA-MN及ID MAG1、ID LMA、r MAG1P、r LMAP、EXP MAG1、T 2一起发送给移动节点MN; Step 4.8: The mobile access gateway MAG1 sends the signature Sign MAG1 , the ciphertext C MAG1-MN , the C LMA-MN and the ID MAG1 , the ID LMA , the r MAG1 P, the r LMA P, the EXP MAG1 and the T 2 to the mobile node MN. ;
步骤4.9:移动节点MN验证移动接入网关MAG1发送的时间戳T 2:若该时间戳T 2不新鲜,则移动节点MN停止接入请求,否则移动节点MN验证移动接入网关MAG1私钥的有效 期EXP MAG1,如果不在有效期范围内,则移动节点MN停止接入请求,否则移动节点MN验证移动接入网关MAG1签名Sign MAG1的有效性,如果不合法,则移动节点MN停止接入请求,否则移动节点MN计算与移动接入网关MAG1、本地移动锚LMA之间的共享密钥K MN-MAG1,K MN-LMA;运用共享密钥K MN-MAG1解密密文C MAG1-MN,确认随机数N 3并获得N 4,解密密文C LMA-MN,获得移动节点MN的匿名公钥
Figure PCTCN2018087570-appb-000002
并保存本地移动锚LMA的身份标识ID LMA和移动节点MN的匿名公钥
Figure PCTCN2018087570-appb-000003
利用移动节点MN与移动接入网关MAG1之间的共享密钥K MN-MAG1将随机数N 4做加密得到密文C MN-MAG1Step 4.9: The mobile node MN verifies the timestamp T 2 sent by the mobile access gateway MAG1: if the timestamp T 2 is not fresh, the mobile node MN stops the access request, otherwise the mobile node MN verifies the private key of the mobile access gateway MAG1 Validity period EXP MAG1 , if not within the validity period, the mobile node MN stops the access request, otherwise the mobile node MN verifies the validity of the mobile access gateway MAG1 signature Sign MAG1 , if not, the mobile node MN stops the access request, otherwise The mobile node MN calculates the shared key K MN-MAG1 , K MN- LMA between the mobile access gateway MAG1 and the local mobility anchor LMA; decrypts the ciphertext C MAG1-MN using the shared key K MN-MAG1 to confirm the random number N 3 and obtain N 4 , decrypt the ciphertext C LMA-MN , obtain the anonymous public key of the mobile node MN
Figure PCTCN2018087570-appb-000002
And save a local mobility anchor LMA identity ID LMA and the mobile node MN anonymous public key
Figure PCTCN2018087570-appb-000003
The ciphertext C MN-MAG1 is obtained by encrypting the random number N 4 by using the shared key K MN- MAG1 between the mobile node MN and the mobile access gateway MAG1 ;
步骤4.10:移动节点MN将密文C MN-MAG1发送给移动接入网关MAG1; Step 4.10: The mobile node MN sends the ciphertext C MN-MAG1 to the mobile access gateway MAG1;
步骤4.11:在收到密文C MN-MAG1后,移动接入网关MAG1首先运用共享密钥K MN-MAG1解密C MN-MAG1获得随机数,若该随机数等于N 4,则认证成功,移动接入网关MAG1与移动节点MN之间的认证关系被建立,否则认证失败,移动接入网关MAG1拒绝移动节点MN的接入请求。 Step 4.11: after receiving the ciphertext C MN-MAG1, first Mobile Access Gateway MAG1 using the shared key K MN-MAG1 decryption C MN-MAG1 obtains the random number, if the random number is equal to N 4, the authentication is successful, the mobile The authentication relationship between the access gateway MAG1 and the mobile node MN is established. Otherwise, the authentication fails, and the mobile access gateway MAG1 rejects the access request of the mobile node MN.
所述步骤5,包括:The step 5 includes:
步骤5.1:移动节点MN随机选择S MN∈Z * q,计算移动节点MN的假名
Figure PCTCN2018087570-appb-000004
和移动节点MN的私钥
Figure PCTCN2018087570-appb-000005
移动节点MN选择随机数N 5,并对该随机数N 5、时间戳T 3,以及群成员证书Cert MN_i运用私钥
Figure PCTCN2018087570-appb-000006
签名得到签名Sign MNStep 5.1: The mobile node MN randomly selects S MN ∈Z * q to calculate the pseudonym of the mobile node MN
Figure PCTCN2018087570-appb-000004
And the private key of the mobile node MN
Figure PCTCN2018087570-appb-000005
The mobile node MN selects the random number N 5 and applies the private key to the random number N 5 , the time stamp T 3 , and the group member certificate Cert MN_i
Figure PCTCN2018087570-appb-000006
The signature is signed by Sign MN ;
步骤5.2:移动节点MN将签名Sign MN、假名
Figure PCTCN2018087570-appb-000007
时间戳T 3、群成员证书Cert MN_i以及随机数N 5一起发送给移动接入网关MAG2; Step 5.2: The mobile node MN will sign Sign MN , pseudonym
Figure PCTCN2018087570-appb-000007
The timestamp T 3 , the group member certificate Cert MN_i and the random number N 5 are sent together to the mobile access gateway MAG2;
步骤5.3:移动接入网关MAG2验证移动节点MN发送的时间戳T 3,若该时间戳T 3不新鲜,则移动接入网关MAG2拒绝移动节点MN的接入请求,否则移动接入网关MAG2验证移动节点MN发送的签名Sign MN,如果不合法,则移动接入网关MAG2拒绝移动节点MN的接入请求,否则执行步骤5.4; Step 5.3: Mobile Access Gateway MAG2 to verify the time stamp T 3 sent by the mobile node MN, if the timestamp T 3 is not fresh, the Mobile Access Gateway MAG2 reject the access request of the mobile node MN, mobile access gateway or verification MAG2 Sign the mobile node MN MN signature transmitted, if not legal, the mobile access gateway MAG2 reject the access request of the mobile node MN, otherwise step 5.4;
步骤5.4:移动接入网关MAG2将移动节点MN的群成员证书Cert MN_i以及移动接入网关MAG2的协商密钥参数r MAG2P发送给本地移动锚LMA; Step 5.4: The mobile access gateway MAG2 sends the group member certificate Cert MN_i of the mobile node MN and the negotiation key parameter r MAG2 P of the mobile access gateway MAG2 to the local mobility anchor LMA;
步骤5.5:本地移动锚LMA根据群成员证书Cert MN_i取出共享密钥K LMA-MN,并利用该共享密钥加密移动接入网关MAG2的密钥协商参数r MAG2P得到密文C LMA-MNStep 5.5: The local mobility anchor LMA takes the shared key K LMA-MN according to the group member certificate Cert MN_i , and encrypts the key negotiation parameter r MAG2 P of the mobile access gateway MAG2 by using the shared key to obtain the ciphertext C LMA-MN ;
步骤5.6:本地移动锚LMA将密文C LMA-MN发送回移动接入网关MAG2; Step 5.6: The local mobility anchor LMA sends the ciphertext C LMA-MN back to the mobile access gateway MAG2;
步骤5.7:移动接入网关MAG2选择随机数N 6,计算共享密钥K MAG2-MN,并利用该共享密钥加密随机数N 5、N 6,以及时间戳T 4获得密文C MAG2-MNStep 5.7: The mobile access gateway MAG2 selects the random number N 6 , calculates the shared key K MAG2-MN , and encrypts the random number N 5 , N 6 and the time stamp T 4 using the shared key to obtain the ciphertext C MAG2-MN ;
步骤5.8:移动接入网关MAG2将密文C LMA-MN、密文C MAG2-MN发送给移动节点MN; Step 5.8: The mobile access gateway MAG2 sends the ciphertext C LMA-MN and the ciphertext C MAG2-MN to the mobile node MN;
步骤5.9:移动节点MN运用共享密钥K MN-LMA解密密文C LMA-MN,获得移动接入网关MAG2的共享协商密钥,然后移动节点MN根据移动接入网关MAG2的共享协商密钥计算移动节点MN与移动接入网关MAG2的共享密钥K MN-MAG2,并根据该共享密钥K MN-MAG2解密密文C MAG2-MN,获得随机数N 5、N 6,若随机数N 5验证不通过则移动节点MN停止接入请求,否则,移动节点MN运用共享密钥K MN-MAG2加密随机数N 6得到密文C MN-MAG2Step 5.9: The mobile node MN decrypts the ciphertext C LMA- MN by using the shared key K MN-LMA to obtain the shared negotiation key of the mobile access gateway MAG2, and then the mobile node MN calculates the shared negotiation key according to the mobile access gateway MAG2. The shared key K MN-MAG2 of the mobile node MN and the mobile access gateway MAG2, and decrypts the ciphertext C MAG2-MN according to the shared key K MN-MAG2 to obtain random numbers N 5 , N 6 , if the random number N 5 If the verification fails, the mobile node MN stops the access request. Otherwise, the mobile node MN encrypts the random number N 6 using the shared key K MN-MAG2 to obtain the ciphertext C MN-MAG2 ;
步骤5.10:移动节点MN将密文C MN-MAG2发送给移动接入网关MAG2; Step 5.10: The mobile node MN sends the ciphertext C MN-MAG2 to the mobile access gateway MAG2;
步骤5.11:移动接入网关MAG2运用共享密钥K MN-MAG2解密密文C MN-MAG2获得随机数,若该随机数等于N 6,则认证成功,移动接入网关MAG2与移动节点MN之间的认证关系被建立,否则认证失败,移动接入网关MAG2拒绝移动节点MN的接入请求。 Step 5.11: The mobile access gateway MAG2 decrypts the ciphertext C MN- MAG2 using the shared key K MN-MAG2 to obtain a random number. If the random number is equal to N 6 , the authentication is successful, and between the mobile access gateway MAG2 and the mobile node MN. The authentication relationship is established, otherwise the authentication fails, and the mobile access gateway MAG2 rejects the access request of the mobile node MN.
有益效果:Beneficial effects:
本发明将基于身份的代理签名方案,应用在PMIPv6协议的移动管理过程当中,基于身份群签名技术的运用取消了公钥证书,减少了公钥证书的存储和合法性验证,同时实现了移动节点MN的匿名,保护了MN的隐私。层次化的设计保证了各实体之间的分工明确,减少了STR与LMA的计算及认证代价。我们的方案既保证了认证过程的安全性又拥有较高的效率。The invention applies the identity-based proxy signature scheme in the mobile management process of the PMIPv6 protocol, cancels the public key certificate based on the application of the identity group signature technology, reduces the storage and legality verification of the public key certificate, and realizes the mobile node. MN's anonymity protects MN's privacy. The hierarchical design ensures a clear division of labor between entities, reducing the computational and certification costs of STR and LMA. Our solution ensures both the security of the certification process and the high efficiency.
附图说明DRAWINGS
图1为本发明具体实施方式的基于身份群签的PMIPv6匿名接入认证系统架构图;1 is a structural diagram of an identity group-based PMIPv6 anonymous access authentication system according to an embodiment of the present invention;
图2为本发明具体实施方式的移动节点MN向第三方信任中心STR申请注册流程示意图;2 is a schematic diagram of a process for applying for registration by a mobile node MN to a third-party trust center STR according to an embodiment of the present invention;
图3为本发明具体实施方式的本地移动锚LMA或移动接入网关MAG向第三方信任中心STR申请注册流程示意图;3 is a schematic diagram of a process for applying for registration by a local mobility anchor LMA or a mobile access gateway MAG to a third-party trust center STR according to an embodiment of the present invention;
图4为本发明具体实施方式的移动节点MN首次接入PMIPv6网络内的移动接入网关MAG1的流程示意图;4 is a schematic flowchart of a mobile node MN accessing a mobile access gateway MAG1 in a PMIPv6 network for the first time according to an embodiment of the present invention;
图5为本发明具体实施方式的域内接入认证过程的流程示意图。FIG. 5 is a schematic flowchart of an intra-domain access authentication process according to an embodiment of the present invention.
具体实施方式Detailed ways
下面结合附图对本发明的具体实施方式做详细说明。The specific embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
本实施方式是将基于身份群签的PMIPv6匿名接入认证系统及方法应用到PMIPv6网络接入认证环节,在实现用户接入认证的同时,充分保护认证过程的安全性和效率。如图1所示的基于身份群签的PMIPv6匿名接入认证系统包括:第三方信任中心STR和若干个PMIPv6网络,每个PMIPv6网络内包括一个本地移动锚LMA(Local Mobility Anchor,LMA) (LMA1,LMA2),若干个移动接入网关MAG(Mobile Access Gateway,MAG)(MAG1~MAG4),以及在PMIPv6网络内或不同PMIPv6网络间移动的若干个移动节点MN;第三方信任中心STR通过网络与本地移动锚LMA连接,本地移动锚LMA连接移动接入网关MAG。In this embodiment, the PMIPv6 anonymous access authentication system and method based on the identity group sign are applied to the PMIPv6 network access authentication link, and the user access authentication is fully protected, and the security and efficiency of the authentication process are fully protected. The identity group-based PMIPv6 anonymous access authentication system shown in FIG. 1 includes: a third-party trust center STR and a plurality of PMIPv6 networks, each of which includes a Local Mobility Anchor (LMA) (LMA1). , LMA2), several mobile access gateways (MAGs) (MAG1 to MAG4), and several mobile nodes MN moving between PMIPv6 networks or between different PMIPv6 networks; third-party trust centers STR through the network The local mobility anchor LMA connection, the local mobility anchor LMA connects to the mobile access gateway MAG.
整个系统的架构分为四层:第一层为系统信任根(System-trust Root,STR),作为第三方信任中心,对于PMIPv6网络内的所有实体成员默认可信;生成并发布公共参数,对所有PMIPv6网络中实体身份进行审查,为PMIPv6网络内的所有实体成员颁布公私钥对,并且第三方信任中心作为群主运用基于身份的群签名机制为合法的移动节点MN颁发群成员证书,以保证移动节点MN后续匿名接入过程的实现;第二层为本地移动锚LMA,分别与第三方信任中心STR、移动接入网关MAG连接,建立与移动接入网关MAG双向隧道来转发数据包,在负责管理移动节点MN绑定状态的基础上,协助合法的移动节点MN生成可变的假名;为移动接入网关MAG颁发证书,为合法的移动节点MN计算匿名公钥,参与PMIPv6网络内切换认证为合法的移动节点MN计算匿名公钥;第三层为移动接入网关MAG,代替移动节点MN进行移动状态管理,利用第三方信任中心STR颁发的私钥计算签名代表所在的PMIPv6网络直接与移动节点MN进行相互认证,确保合法的移动节点MN接入,保证本地移动锚LMA与移动节点MN之间进行安全通信;第四层为移动节点MN,作为从一个PMIPv6网络或移动接入网关MAG构成的子网切换到另一个PMIPv6网络或移动接入网关MAG构成的子网的移动设备,在家乡网络(移动节点MN初始接入的PMIPv6网络)和外地网络(后续移动节点MN接入的PMIPv6网络)之间漫游或在不同移动接入网关MAG之间切换移动,通过与移动接入网关MAG相互认证来实现PMIPv6网络的接入,并进行信息交流,保证认证双方之间的安全性与可靠性。The architecture of the whole system is divided into four layers: the first layer is the System-trust root (STR), which acts as a third-party trust center and is trusted by default for all entity members in the PMIPv6 network; generates and publishes public parameters. The identity of all entities in the PMIPv6 network is reviewed, and public and private key pairs are issued for all entity members in the PMIPv6 network, and the third-party trust center uses the identity-based group signature mechanism as the group owner to issue group membership certificates to the legal mobile node MN to ensure The implementation of the subsequent anonymous access process of the mobile node MN; the second layer is the local mobility anchor LMA, which is respectively connected with the third-party trust center STR and the mobile access gateway MAG, and establishes a bidirectional tunnel with the mobile access gateway MAG to forward the data packet. Responsible for managing the binding state of the mobile node MN, assisting the legitimate mobile node MN to generate a variable pseudonym; issuing a certificate for the mobile access gateway MAG, calculating an anonymous public key for the legitimate mobile node MN, and participating in the handover authentication in the PMIPv6 network Calculate the anonymous public key for the legitimate mobile node MN; the third layer is the mobile access gateway MAG, instead of the mobile node MN Mobile state management, using the private key issued by the third-party trust center STR to calculate the signature of the PMIPv6 network in which the signature represents the mutual authentication with the mobile node MN, ensuring the access of the legitimate mobile node MN, and ensuring the local mobile anchor LMA and the mobile node MN. Secure communication; the fourth layer is the mobile node MN, which is a mobile device that is switched from a subnet composed of one PMIPv6 network or mobile access gateway MAG to another subnet composed of PMIPv6 network or mobile access gateway MAG. The network (the PMIPv6 network initially accessed by the mobile node MN) and the foreign network (the PMIPv6 network accessed by the subsequent mobile node MN) roam or switch between different mobile access gateways MAG, through mutual interaction with the mobile access gateway MAG Authentication to access the PMIPv6 network and exchange information to ensure the security and reliability between the two parties.
移动节点MN首次接入PMIPv6网络内的移动接入网关MAG时与移动节点MN之间初始接入认证:移动接入网关MAG代表其所在的PMIPv6网络与移动节点MN之间利用移动节点MN的群成员证书生成群签名,移动接入网关MAG的普通签名进行相互认证,在移动接入网关MAG认证完成后,移动接入网关MAG将合法的移动节点MN的群成员证书发送给与其连接的本地移动锚LMA计算移动节点MN的匿名公钥,保证合法的移动节点MN的切换接入。移动节点MN在同一PMIPv6网络内的移动接入网关MAG之间切换时,移动节点MN根据由本地移动锚LMA颁发的匿名公钥、群成员证书计算移动节点MN的假名和私钥,并以该假名的身份来实现PMIPv6网络内切换认证。Initial access authentication between the mobile node MN and the mobile node MN when the mobile node MN first accesses the mobile access gateway MAG in the PMIPv6 network: the mobile access gateway MAG represents the group using the mobile node MN between the PMIPv6 network and the mobile node MN The member certificate generates a group signature, and the common signature of the mobile access gateway MAG performs mutual authentication. After the mobile access gateway MAG authentication is completed, the mobile access gateway MAG sends the group membership certificate of the legitimate mobile node MN to the local mobile connected thereto. The anchor LMA calculates the anonymous public key of the mobile node MN to ensure the handover access of the legitimate mobile node MN. When the mobile node MN switches between the mobile access gateways MAG in the same PMIPv6 network, the mobile node MN calculates the pseudonym and the private key of the mobile node MN according to the anonymous public key and the group member certificate issued by the local mobile anchor LMA, and The identity of the pseudonym is used to implement handover authentication within the PMIPv6 network.
为方便后续描述,给出如表1所示的标识及说明。For the convenience of the subsequent description, the identification and description as shown in Table 1 are given.
表1 相关标识及说明Table 1 Related signs and descriptions
Figure PCTCN2018087570-appb-000008
Figure PCTCN2018087570-appb-000008
Figure PCTCN2018087570-appb-000009
Figure PCTCN2018087570-appb-000009
在本实施方式中运用Chen X,Zhang F,Konidala D M等人提出的基于身份的群签名方案,简称为IDGS方案,Dan Boneh,Ben Lynn,Hovav Shacham等人提出的短签名方案,简称为IBS方案,同时本发明中还会运用Dan B,Franklin M等人提出的基于身份的加密方案简称BF方案以及现在普遍使用的AES对称加密方案。In this embodiment, an identity-based group signature scheme proposed by Chen X, Zhang F, Konidala D M et al., referred to as IDGS scheme, Dan Boneh, Ben Lynn, Hovav Shacham et al., short signature scheme, referred to as IBS, is used. At the same time, in the present invention, the identity-based encryption scheme proposed by Dan B, Franklin M et al. is referred to as the BF scheme and the AES symmetric encryption scheme currently in common use.
一种基于身份群签的PMIPV6匿名接入认证方法,包括:A PMIPV6 anonymous access authentication method based on identity group signing, comprising:
步骤1:第三方信任中心STR生成并发布公共参数;Step 1: The third-party trust center STR generates and publishes public parameters;
生成并发布公共参数的过程如下:The process of generating and publishing public parameters is as follows:
首先,生成一个q阶的加法循环群G 1、一个同样阶为q的乘法循环群G T和一个双线性对e:G 1×G 1→G TFirst, a q-order addition cycle group G 1 , a multiplication cycle group G T of the same order q, and a bilinear pair e: G 1 × G 1 → G T are generated;
之后,选择一个生成元P∈G 1和第三方信任中心STR的私钥
Figure PCTCN2018087570-appb-000010
其中的
Figure PCTCN2018087570-appb-000011
为1到q-1范围的正整数; After that, select a private key of the generating element P∈G 1 and the third-party trust center STR.
Figure PCTCN2018087570-appb-000010
one of them
Figure PCTCN2018087570-appb-000011
a positive integer ranging from 1 to q-1;
然后,计算第三方信任中心STR的公钥P pub=SK STRP; Then, calculate the public key P pub =SK STR P of the third-party trust center STR;
另外,定义三个安全哈希函数H 1:{0,1} *×G 1->Z * q,H 2:{0,1} *×G 1->G 1,H 3:{0,1} *->G 1In addition, three secure hash functions H 1 are defined: {0, 1} * × G 1 -> Z * q , H 2 : {0, 1} * × G 1 -> G 1 , H 3 : {0, 1} * -> G 1 ;
最后,生成并发布公共参数Para={G 1,G T,q,e,P,P Pub,H 1,H 2,H 3}。 Finally, the public parameters Para={G 1 , G T , q, e, P, P Pub , H 1 , H 2 , H 3 } are generated and published.
步骤2:移动节点MN、本地移动锚LMA和移动接入网关MAG向第三方信任中心STR申请注册,为PMIPv6网络内的移动接入网关MAG、本地移动锚LMA颁发公私钥对,并且作为群主为移动节点MN颁发群成员证书;Step 2: The mobile node MN, the local mobility anchor LMA, and the mobile access gateway MAG apply for registration with the third-party trust center STR, and issue a public-private key pair for the mobile access gateway MAG and the local mobility anchor LMA in the PMIPv6 network, and serve as the group owner. Issue a group member certificate for the mobile node MN;
如图2所示的移动节点MN向第三方信任中心STR申请注册的过程如下:The process of applying for registration by the mobile node MN as shown in FIG. 2 to the third-party trust center STR is as follows:
首先,移动节点MN选择随机数r MN∈Z * q、随机数N 1∈Z * q、移动节点MN与第三方信任中心STR之间的共享密钥K MN-STR以及多个随机数x i∈Z * q(i=1…n);移动节点MN计算申请加入第三方信任中心STR作为群主的群变量M={r MNx iP,x iP,r MNP};移动节点MN利用第三方信任中心STR的公钥PK STR,利用Boneh D和Franklin设计的基于身份的BF加密算法,将移动节点MN的身份标识ID MN、移动节点MN与第三方信任中心STR之间的共享密钥K MN-STR、群变量M以及随机数N 1做加密,得到密文C MN-STR=Enc_BF_PK STR={ID MN,K MN-STR,M,N 1}; First, the mobile node MN selects the random number r MN ∈Z * q , the random number N 1 ∈Z * q , the shared key K MN-STR between the mobile node MN and the third-party trust center STR, and a plurality of random numbers x i ∈Z * q (i=1...n); the mobile node MN calculates a group variable M={r MN x i P,x i P,r MN P} applied to join the third-party trust center STR as the group owner; the mobile node MN Using the public key PK STR of the third-party trust center STR, using the identity-based BF encryption algorithm designed by Boneh D and Franklin, the shared secret between the identity ID MN of the mobile node MN, the mobile node MN and the third-party trust center STR Key K MN-STR , group variable M and random number N 1 are encrypted to obtain ciphertext C MN-STR = Enc_BF_PK STR = {ID MN , K MN-STR , M, N 1 };
然后,移动节点MN将密文C MN-STR发送给第三方信任中心STR; Then, the mobile node MN sends the ciphertext C MN-STR to the third party trust center STR;
在收到密文C MN-STR后,第三方信任中心STR运用自己的私钥SK STR解密密文C MN-STR,并且生成移动节点MN作为群成员的多个证书Cert MN_i={S i,EXP MN,r MNx iP}(i…n),其中S i=SK STRH 2(EXP MN,r MNx iP),EXP MN为证书Cert MN_i的有效期;运用共享密钥K MN-STR加密N 1和Cert MN_i得到密文C STR-MN=Enc_AES_K STR-MN{N 1,Cert MN_i}; Upon receipt of the ciphertext C MN-STR, a trusted third party to use his private key center STR STR SK to decrypt the ciphertext C MN-STR, and generates a plurality of the mobile node MN as a group member certificate Cert MN_i = {S i, EXP MN , r MN x i P}(i...n), where S i =SK STR H 2 (EXP MN , r MN x i P), EXP MN is the validity period of the certificate Cert MN_i ; using the shared key K MN- STR encryption N 1 and Cert MN_i get ciphertext C STR-MN = Enc_AES_K STR-MN {N 1 , Cert MN_i };
然后,第三方信任中心STR将该密文C STR-MN发送给MN; Then, the third party trust center STR sends the ciphertext C STR-MN to the MN;
最后,移动节点MN在收到来自第三方信任中心STR的密文C STR-MN后,解密密文C STR-MN并验证密文C STR-MN中的随机数N 1,如果验证成功,则存储群成员证书Cert MN_i,此时移动节点MN的注册过程完成,如果验证不成功,则注册失败。 Finally, after receiving the ciphertext C STR-MN from the third-party trust center STR, the mobile node MN decrypts the ciphertext C STR-MN and verifies the random number N 1 in the ciphertext C STR-MN , if the verification succeeds, The storage group member certificate Cert MN_i , at this time, the registration process of the mobile node MN is completed, and if the verification is unsuccessful, the registration fails.
如图3所示的本地移动锚LMA或移动接入网关MAG向第三方信任中心STR申请注册的过程如下:The process of applying for registration by the local mobile anchor LMA or the mobile access gateway MAG as shown in FIG. 3 to the third-party trust center STR is as follows:
首先,本地移动锚LMA和移动接入网关MAG选择随机数r MN/MAG∈Z * q、随机数N 2∈Z * q、本地移动锚LMA和移动接入网关MAG与第三方信任中心STR之间的共享密钥K LMA/MAG-STR;本地移动锚LMA和移动接入网关MAG计算r MN/MAGP;并利用第三方信任中心STR的公钥PK STR,采用Boneh D和Franklin设计的基于身份的BF加密算法,将本地移动锚LMA和移动接入网关MAG的身份标识ID LMA/MAG、本地移动锚LMA和移动接入网关MAG与第三方信任中心STR之间的共享密钥K LMA/MAG-STR、r LMA/MAGP以及随机数N 2做加密,得到密文C LMA/MAG-STR=Enc_BF_PK STR{ID LMA/MAG,K LMA/MAG-STR,r LMA/MAGP,N 2}; First, the local mobility anchor LMA and the mobile access gateway MAG select a random number r MN/MAG ∈Z * q , a random number N 2 ∈Z * q , a local mobility anchor LMA, and a mobile access gateway MAG and a third-party trust center STR The shared key K LMA/MAG-STR ; the local mobile anchor LMA and the mobile access gateway MAG calculate r MN/MAG P; and utilize the public key PK STR of the third-party trust center STR, based on the design of Boneh D and Franklin The BF encryption algorithm of the identity, the shared key K LMA/ between the local mobile anchor LMA and the mobile access gateway MAG identity ID LMA/MAG , the local mobility anchor LMA and the mobile access gateway MAG and the third party trust center STR MAG-STR , r LMA/MA GP and random number N 2 are encrypted to obtain ciphertext C LMA/MAG-STR = Enc_BF_PK STR {ID LMA/MAG , K LMA/MAG-STR , r LMA/MAG P, N 2 };
然后,本地移动锚LMA和移动接入网关MAG将密文C LMA/MAG-STR发送给第三方信任中心STR; Then, the local mobility anchor LMA and the mobile access gateway MAG send the ciphertext C LMA/MAG-STR to the third party trust center STR;
在收到C LMA/MAG-STR后,第三方信任中心STR运用自己的私钥SK STR解密密文C LMA/MAG-STR,并且生成本地移动锚LMA和移动接入网关MAG的私钥SK LMA/MAG=SK STRPK LMA/MAG,其中公钥PK LMA/MAG=H 2(ID LMA/MAG||EXP LMA/MAG,r LMA/MAGP), EXP LMA/MAG表示本地移动锚LMA和移动接入网关MAG的私钥SK LMA/MAG的有效期;运用共享密钥K MN-STR加密SK LMA/MAG,EXP LMA/MAG和N 2得到密文C STR-LMA/MAG=Enc_AES_K STR-LMA/MAG{SK LMA/MAG,EXP LMA/MA,N 2}; After receiving the C LMA/MAG-STR , the third-party trust center STR decrypts the ciphertext C LMA/MAG-STR with its own private key SK STR and generates the private key SK LMA of the local mobile anchor LMA and the mobile access gateway MAG. /MAG =SK ST RPK LMA/MAG , where public key PK LMA/MAG =H 2 (ID LMA/MAG ||EXP LMA/MAG , r LMA/MAG P), EXP LMA/MAG represents local mobile anchor LMA and mobile The validity period of the private key SK LMA/MAG of the access gateway MAG; encrypting SK LMA/MAG with the shared key K MN-STR , and obtaining the ciphertext C STR-LMA/MAG = Enc_AES_K STR-LMA/ using the EXP LMA/MAG and N 2 MAG {SK LMA/MAG , EXP LMA/MA , N 2 };
然后,第三方信任中心STR将该密文C STR-LMA/MAG发送给本地移动锚LMA和移动接入网关MAG; Then, the third party trust center STR sends the ciphertext C STR-LMA/MAG to the local mobility anchor LMA and the mobile access gateway MAG;
最后,本地移动锚LMA和移动接入网关MAG在收到来自第三方信任中心STR的密文C STR-LMA/MAG后,解密密文C STR-MN并验证密文C STR-MN中的随机数N 2,如果验证成功,则存储本地移动锚LMA和移动接入网关MAG的私钥SK LMA/MAG和有效期EXP LMA/MAG,此时本地移动锚LMA和移动接入网关MAG的注册过程完成,如果验证不成功,则注册失败。 Finally, after receiving the ciphertext C STR-LMA/MAG from the third-party trust center STR, the local mobility anchor LMA and the mobile access gateway MAG decrypt the ciphertext C STR-MN and verify the randomness in the ciphertext C STR-MN . The number N 2 , if the verification is successful, stores the private key SK LMA/MAG of the local mobile anchor LMA and the mobile access gateway MAG and the expiration date EXPMA/MAG , at which time the registration process of the local mobility anchor LMA and the mobile access gateway MAG is completed. If the verification is unsuccessful, the registration fails.
步骤3:监测各PMIPv6网络内移动节点MN所处的状态:如果移动节点MN处于初始状态即移动节点MN首次接入PMIPv6网络时的状态,则执行步骤4;如果移动节点MN处于同一PMIPv6网络内的移动状态,则执行步骤5;Step 3: Monitor the status of the mobile node MN in each PMIPv6 network: if the mobile node MN is in the initial state, that is, the state when the mobile node MN first accesses the PMIPv6 network, perform step 4; if the mobile node MN is in the same PMIPv6 network Move state, go to step 5;
步骤4:移动节点MN首次接入PMIPv6网络内的移动接入网关MAG,移动接入网关MAG与移动节点MN之间初始接入认证;Step 4: The mobile node MN first accesses the mobile access gateway MAG in the PMIPv6 network, and the initial access authentication between the mobile access gateway MAG and the mobile node MN;
以移动节点MN首次接入PMIPv6网络内的移动接入网关MAG1为例,所述步骤4,如图4所示,包括:For example, the mobile terminal MN accesses the mobile access gateway MAG1 in the PMIPv6 network for the first time. The step 4, as shown in FIG. 4, includes:
步骤4.1:移动节点MN选择随机数N 3、x iP,并将N 3、x iP对应的证书Cert MN_i同时间戳T 1利用IDGS算法(由Chaum和van Heijst设计的基于身份的群签算法)生成群签名Sign MN=GroupSign_IDGS_x iP{Cert MN_i,T 1,N 3}; Step 4.1: The mobile node MN selects the random number N 3 , x i P, and the certificate Cert MN_i corresponding to N 3 , x i P is the same as the time stamp T 1 using the IDGS algorithm (identity-based group sign designed by Chaum and van Heijst) Algorithm) generating a group signature Sign MN = GroupSign_IDGS_x i P{Cert MN_i , T 1 , N 3 };
步骤4.2:移动节点MN将群签名Sign MN、证书Cert MN_i、时间戳T 1和随机数N 3发送给移动接入网关MAG1; Step 4.2: The mobile node MN sends the group signature Sign MN , the certificate Cert MN_i , the timestamp T 1 and the random number N 3 to the mobile access gateway MAG1;
步骤4.3:移动接入网关MAG1验证移动节点MN发送的时间戳TS 1:若该时间戳TS 1不新鲜,则移动接入网关MAG1拒绝移动节点MN的接入请求,否则移动接入网关MAG1验证移动节点MN发送的证书Cert MN_i及群签名Sign MN:如果不合法,则移动接入网关MAG1拒绝移动节点MN的接入请求,否则执行步骤4.4; Step 4.3: The mobile access gateway MAG1 verifies the timestamp TS 1 sent by the mobile node MN: if the timestamp TS 1 is not fresh, the mobile access gateway MAG1 rejects the access request of the mobile node MN, otherwise the mobile access gateway MAG1 verifies certificate sent by the mobile node MN and group signature Cert MN_i Sign MN: if not valid, the mobile access gateway MAG1 reject the access request of the mobile node MN, otherwise step 4.4;
步骤4.4:移动接入网关MAG1将移动节点MN的证书Cert MN_i发送给本地移动锚LMA; Step 4.4: The mobile access gateway MAG1 sends the certificate Cert MN_i of the mobile node MN to the local mobility anchor LMA;
步骤4.5:本地移动锚LMA通过移动节点MN证书Cert MN_i内的Si计算移动节点MN的匿名公钥
Figure PCTCN2018087570-appb-000012
同时利用证书Cert MN_i内的r MNx iP计算本地移动锚LMA与移动节点MN之间的共享密钥K LMA-MN=r LMAr MNx iP,该共享密钥K LMA-MN是根据DH密钥交换算法将移动节点MN的会话密钥协商参数及本地移动锚LMA的私钥进行计算得到的秘密值, 本地移动锚LMA利用该共享密钥K LMA-MN计算包含移动节点MN匿名公钥的密文
Figure PCTCN2018087570-appb-000013
Figure PCTCN2018087570-appb-000014
本地移动锚LMA存储证书Cert MN_i和对应的共享密钥K LMA-MNStep 4.5: The local mobility anchor LMA calculates the anonymous public key of the mobile node MN through the Si in the mobile node MN certificate Cert MN_i
Figure PCTCN2018087570-appb-000012
At the same time, using the r MN x i P in the certificate Cert MN_i , the shared key K LMA-MN = r LMA r MN x i P between the local mobility anchor LMA and the mobile node MN is calculated, and the shared key K LMA-MN is based on The DH key exchange algorithm calculates the secret value of the session key negotiation parameter of the mobile node MN and the private key of the local mobility anchor LMA, and the local mobility anchor LMA uses the shared key K LMA-MN to calculate the anonymous node including the mobile node MN. Key ciphertext
Figure PCTCN2018087570-appb-000013
Figure PCTCN2018087570-appb-000014
Local mobile anchor LMA storage certificate Cert MN_i and corresponding shared key K LMA-MN ;
步骤4.6:本地移动锚LMA将密文C LMA-MN和r LMAP发送回移动接入网关MAG1; Step 4.6: The local mobility anchor LMA sends the ciphertext C LMA-MN and r LMA P back to the mobile access gateway MAG1;
步骤4.7:在收到来自本地移动锚LMA的消息后,移动接入网关MAG1首先选择随机数N4,然后利用自己的私钥SK MAG1将移动接入网关MAG1的身份标识ID MAG1、本地移动锚LMA的身份标识ID LMA、r MAG1P、r LMAP、有效期EXP MAG1、当前时间戳T 2进行签名得到签名Sign MAG1=Sign_IBS_SK MAG1{ID MAG1,ID LMA,r MAG1P,r LMAP,EXP MAG1,T 2},其中IBS为由Chaum和van Heijst设计的基于身份的签名算法,然后计算移动节点MN与移动接入网关MAG1之间的共享密钥K MAG1-MN=r MAG1r MNx iP,共享密钥K MAG1-MN是根据DH密钥交换算法将移动节点MN的会话密钥协商参数及移动接入网关MAG1的私钥进行计算得到的秘密值,最后运用共享密钥K MAG1-MN加密随机数N 3、N 4,得到密文C MAG1-MN=Enc_AES_K MAG1-MN{N 3,N 4}; Step 4.7: After receiving the message from the local mobility anchor LMA, the mobile access gateway MAG1 first selects the random number N4, and then uses its own private key SK MAG1 to identify the identity ID MAG1 of the mobile access gateway MAG1 and the local mobility anchor LMA. identity ID LMA, r MAG1 P, r LMA P, validity EXP MAG1, the current timestamp T 2 obtained signed signature Sign MAG1 = Sign_IBS_SK MAG1 {ID MAG1 , ID LMA, r MAG1 P, r LMA P, EXP MAG1, T 2 }, where IBS is an identity-based signature algorithm designed by Chaum and van Heijst, and then calculates a shared key K MAG1-MN =r MAG1 r MN x i P between the mobile node MN and the mobile access gateway MAG1, The shared key K MAG1-MN is a secret value obtained by calculating the session key negotiation parameter of the mobile node MN and the private key of the mobile access gateway MAG1 according to the DH key exchange algorithm, and finally encrypting by using the shared key K MAG1-MN Random numbers N 3 , N 4 , to obtain ciphertext C MAG1-MN = Enc_AES_K MAG1 -MN {N 3 , N 4 };
步骤4.8:移动接入网关MAG1将签名Sign MAG1、密文C MAG1-MN、C LMA-MN及ID MAG1、ID LMA、r MAG1P、r LMAP、EXP MAG1、T 2一起发送给移动节点MN; Step 4.8: The mobile access gateway MAG1 sends the signature Sign MAG1 , the ciphertext C MAG1-MN , the C LMA-MN and the ID MAG1 , the ID LMA , the r MAG1 P, the r LMA P, the EXP MAG1 and the T 2 to the mobile node MN. ;
步骤4.9:移动节点MN验证移动接入网关MAG1发送的时间戳T 2:若该时间戳T 2不新鲜,则移动节点MN停止接入请求,否则移动节点MN验证移动接入网关MAG1私钥的有效期EXP MAG1,如果不在有效期范围内,则移动节点MN停止接入请求,否则移动节点MN验证移动接入网关MAG1签名Sign MAG1的有效性,如果不合法,则移动节点MN停止接入请求,否则移动节点MN计算与移动接入网关MAG1、本地移动锚LMA之间的共享密钥K MN-MAG1=r MNx ir MAG1P,K MN-LMA=r MNx ir LMAP;运用共享密钥K MN-MAG1解密密文C MAG1-MN,确认随机数N 3并获得N 4,解密密文C LMA-MN,获得移动节点MN的匿名公钥
Figure PCTCN2018087570-appb-000015
并保存本地移动锚LMA的身份标识ID LMA和移动节点MN的匿名公钥
Figure PCTCN2018087570-appb-000016
利用移动节点MN与移动接入网关MAG1之间的共享密钥K MN-MAG1将随机数N 4做加密得到密文C MN-MAG1=Enc_AES_K MN-MAG1{N 4}; Step 4.9: The mobile node MN verifies the timestamp T 2 sent by the mobile access gateway MAG1: if the timestamp T 2 is not fresh, the mobile node MN stops the access request, otherwise the mobile node MN verifies the private key of the mobile access gateway MAG1 Validity period EXP MAG1 , if not within the validity period, the mobile node MN stops the access request, otherwise the mobile node MN verifies the validity of the mobile access gateway MAG1 signature Sign MAG1 , if not, the mobile node MN stops the access request, otherwise The mobile node MN calculates a shared key K MN-MAG1 = r MN x i r MAG1 P, K MN-LMA = r MN x i r LMA P between the mobile access gateway MAG1 and the local mobility anchor LMA; The key K MN-MAG1 decrypts the ciphertext C MAG1-MN , confirms the random number N 3 and obtains N 4 , decrypts the ciphertext C LMA-MN , and obtains the anonymous public key of the mobile node MN.
Figure PCTCN2018087570-appb-000015
And save a local mobility anchor LMA identity ID LMA and the mobile node MN anonymous public key
Figure PCTCN2018087570-appb-000016
Using the shared key K MN- MAG1 between the mobile node MN and the mobile access gateway MAG1 to encrypt the random number N 4 to obtain the ciphertext C MN- MAG1 =Enc_AES_K MN-MAG1 {N 4 };
步骤4.10:移动节点MN将密文C MN-MAG1发送给移动接入网关MAG1; Step 4.10: The mobile node MN sends the ciphertext C MN-MAG1 to the mobile access gateway MAG1;
步骤4.11:在收到密文C MN-MAG1后,移动接入网关MAG1首先运用共享密钥K MN-MAG1解密C MN-MAG1获得随机数,若该随机数等于N 4,则认证成功,移动接入网关MAG1与移动节点MN之间的认证关系被建立,否则认证失败,移动接入网关MAG1拒绝移动节点MN的接入请求。 Step 4.11: after receiving the ciphertext C MN-MAG1, first Mobile Access Gateway MAG1 using the shared key K MN-MAG1 decryption C MN-MAG1 obtains the random number, if the random number is equal to N 4, the authentication is successful, the mobile The authentication relationship between the access gateway MAG1 and the mobile node MN is established. Otherwise, the authentication fails, and the mobile access gateway MAG1 rejects the access request of the mobile node MN.
步骤5:当前正在连接的移动接入网关MAG将自己与移动节点MN之间的共享密钥发 送给同一PMIPv6网络内待接入的移动接入网关MAG,执行PMIPv6网络内切换认证;Step 5: The mobile access gateway MAG that is currently connected sends the shared key between itself and the mobile node MN to the mobile access gateway MAG to be accessed in the same PMIPv6 network, and performs handover authentication in the PMIPv6 network;
以移动节点MN在当前接入的PMIPv6网络内从移动接入网关MAG1切换到移动接入网关MAG2为例,如图5所示,步骤5包括:For example, as shown in FIG. 5, the mobile node MN switches from the mobile access gateway MAG1 to the mobile access gateway MAG2 in the currently accessed PMIPv6 network. Step 5 includes:
步骤5.1:移动节点MN随机选择S MN∈Z * q,计算移动节点MN的假名
Figure PCTCN2018087570-appb-000017
和移动节点MN的私钥
Figure PCTCN2018087570-appb-000018
S i=SK STRH 2(EXP MN,r MNx iP),EXP MN为移动节点MN作为群成员的有效期,r MNx iP为第三方信任中心STR从移动节点MN处获得的群变量M中的值;
Figure PCTCN2018087570-appb-000019
为移动节点MN的匿名公钥;移动节点MN选择随机数N 5,并对该随机数N 5、时间戳T 3,以及证书Cert MN_i运用私钥
Figure PCTCN2018087570-appb-000020
签名得到签名
Figure PCTCN2018087570-appb-000021
Figure PCTCN2018087570-appb-000022
Step 5.1: The mobile node MN randomly selects S MN ∈Z * q to calculate the pseudonym of the mobile node MN
Figure PCTCN2018087570-appb-000017
And the private key of the mobile node MN
Figure PCTCN2018087570-appb-000018
S i =SK STR H 2 (EXP MN , r MN x i P), EXP MN is the validity period of the mobile node MN as a group member, and r MN x i P is the group variable obtained by the third party trust center STR from the mobile node MN The value in M;
Figure PCTCN2018087570-appb-000019
An anonymous public key for the mobile node MN; the mobile node MN selects the random number N 5 and applies the private key to the random number N 5 , the time stamp T 3 , and the certificate Cert MN_i
Figure PCTCN2018087570-appb-000020
Signature is signed
Figure PCTCN2018087570-appb-000021
Figure PCTCN2018087570-appb-000022
步骤5.2:移动节点MN将签名SignMN、假名
Figure PCTCN2018087570-appb-000023
时间戳T 3、证书Cert MN_i以及随机数N 5一起发送给移动接入网关MAG2; Step 5.2: The mobile node MN will sign SignMN, pseudonym
Figure PCTCN2018087570-appb-000023
The timestamp T 3 , the certificate Cert MN_i and the random number N 5 are sent together to the mobile access gateway MAG2;
步骤5.3:移动接入网关MAG2验证移动节点MN发送的时间戳T 3,若该时间戳T 3不新鲜,则移动接入网关MAG2拒绝移动节点MN的接入请求,否则移动接入网关MAG2验证移动节点MN发送的签名Sign MN,如果不合法,则移动接入网关MAG2拒绝移动节点MN的接入请求,否则执行步骤5.4; Step 5.3: Mobile Access Gateway MAG2 to verify the time stamp T 3 sent by the mobile node MN, if the timestamp T 3 is not fresh, the Mobile Access Gateway MAG2 reject the access request of the mobile node MN, mobile access gateway or verification MAG2 Sign the mobile node MN MN signature transmitted, if not legal, the mobile access gateway MAG2 reject the access request of the mobile node MN, otherwise step 5.4;
步骤5.4:移动接入网关MAG2将移动节点MN的证书Cert MN_i以及移动接入网关MAG2的协商密钥参数r MAG2P发送给本地移动锚LMA; Step 5.4: The mobile access gateway MAG2 sends the certificate Cert MN_i of the mobile node MN and the negotiation key parameter r MAG2 P of the mobile access gateway MAG2 to the local mobility anchor LMA;
步骤5.5:本地移动锚LMA根据证书Cert MN_i取出共享密钥K LMA-MN,并利用该共享密钥加密移动接入网关MAG2的密钥协商参数r MAG2P得到密文C LMA-MN=Enc_AES_K LMA-MN{r MAG2P}; Step 5.5: The local mobility anchor LMA takes out the shared key K LMA-MN according to the certificate Cert MN_i , and encrypts the key negotiation parameter r MAG2 P of the mobile access gateway MAG2 with the shared key to obtain the ciphertext C LMA-MN =Enc_AES_K LMA -MN {r MAG2 P};
步骤5.6:本地移动锚LMA将密文C LMA-MN发送回移动接入网关MAG2; Step 5.6: The local mobility anchor LMA sends the ciphertext C LMA-MN back to the mobile access gateway MAG2;
步骤5.7:移动接入网关MAG2选择随机数N 6,计算共享密钥K MAG2-MN,并利用该共享密钥加密随机数N 5、N 6,以及时间戳T 4获得密文C MAG2-MN=Enc_AES_K LMA-MN{N 5,N 6}; Step 5.7: The mobile access gateway MAG2 selects the random number N 6 , calculates the shared key K MAG2-MN , and encrypts the random number N 5 , N 6 and the time stamp T 4 using the shared key to obtain the ciphertext C MAG2-MN =Enc_AES_K LMA-MN {N 5 ,N 6 };
步骤5.8:移动接入网关MAG2将密文C LMA-MN、密文C MAG2-MN发送给移动节点MN; Step 5.8: The mobile access gateway MAG2 sends the ciphertext C LMA-MN and the ciphertext C MAG2-MN to the mobile node MN;
步骤5.9:移动节点MN运用共享密钥K MN-LMA解密密文C LMA-MN,获得移动接入网关MAG2的共享协商密钥,然后移动节点MN根据移动接入网关MAG2的共享协商密钥计算移动节点MN与移动接入网关MAG2的共享密钥K MN-MAG2,并根据该共享密钥K MN-MAG2解密密文C MAG2-MN,获得随机数N 5、N 6,若随机数N 5验证不通过则移动节点MN停止接入请求,否则,移动节点MN运用共享密钥K MN-MAG2加密随机数N 6得到密文C MN-MAG2=Enc_AES_ K MN-MAG2{N 6}; Step 5.9: The mobile node MN decrypts the ciphertext C LMA- MN by using the shared key K MN-LMA to obtain the shared negotiation key of the mobile access gateway MAG2, and then the mobile node MN calculates the shared negotiation key according to the mobile access gateway MAG2. The shared key K MN-MAG2 of the mobile node MN and the mobile access gateway MAG2, and decrypts the ciphertext C MAG2-MN according to the shared key K MN-MAG2 to obtain random numbers N 5 , N 6 , if the random number N 5 If the verification fails, the mobile node MN stops the access request. Otherwise, the mobile node MN encrypts the random number N 6 using the shared key K MN-MAG2 to obtain the ciphertext C MN-MAG2 =Enc_AES_ K MN-MAG2 {N 6 };
步骤5.10:移动节点MN将密文C MN-MAG2发送给移动接入网关MAG2; Step 5.10: The mobile node MN sends the ciphertext C MN-MAG2 to the mobile access gateway MAG2;
步骤5.11:移动接入网关MAG2运用共享密钥K MN-MAG2解密密文C MN-MAG2获得随机数,若该随机数等于N 6,则认证成功,移动接入网关MAG2与移动节点MN之间的认证关系被建立,否则认证失败,移动接入网关MAG2拒绝移动节点MN的接入请求。 Step 5.11: The mobile access gateway MAG2 decrypts the ciphertext C MN- MAG2 using the shared key K MN-MAG2 to obtain a random number. If the random number is equal to N 6 , the authentication is successful, and between the mobile access gateway MAG2 and the mobile node MN. The authentication relationship is established, otherwise the authentication fails, and the mobile access gateway MAG2 rejects the access request of the mobile node MN.

Claims (6)

  1. 一种基于身份群签的PMIPV6匿名接入认证系统,包括:第三方信任中心STR和若干个PMIPv6网络,每个PMIPv6网络内包括一个本地移动锚LMA,若干个移动接入网关MAG,以及在PMIPv6网络内或不同PMIPv6网络间移动的若干个移动节点MN;第三方信任中心STR生成并发布公共参数;其特征在于,An identity group-based PMIPV6 anonymous access authentication system includes: a third-party trust center STR and a plurality of PMIPv6 networks, each of which includes a local mobility anchor LMA, a plurality of mobile access gateways MAG, and PMIPv6 a plurality of mobile nodes MN moving within the network or between different PMIPv6 networks; the third-party trust center STR generates and issues public parameters;
    第三方信任中心STR对于所有其他实体成员默认可信,接受移动节点MN、本地移动锚LMA和移动接入网关MAG的注册申请,为PMIPv6网络内的移动接入网关MAG、本地移动锚LMA颁发公私钥对,并且作为群主为移动节点MN颁发群成员证书;The third-party trust center STR is trusted by all other entity members by default, accepts the registration request of the mobile node MN, the local mobility anchor LMA, and the mobile access gateway MAG, and issues public and private for the mobile access gateway MAG and the local mobility anchor LMA in the PMIPv6 network. Key pair, and as a group owner, issue a group member certificate for the mobile node MN;
    移动节点MN首次接入PMIPv6网络内的移动接入网关MAG时与移动节点MN之间初始接入认证:移动接入网关MAG代表其所在的PMIPv6网络与移动节点MN之间利用移动节点MN的群成员证书生成群签名,移动接入网关MAG的普通签名进行相互认证,在移动接入网关MAG认证完成后,移动接入网关MAG将合法的移动节点MN的群成员证书发送给与其连接的本地移动锚LMA计算移动节点MN的匿名公钥,保证合法的移动节点MN的切换接入;Initial access authentication between the mobile node MN and the mobile node MN when the mobile node MN first accesses the mobile access gateway MAG in the PMIPv6 network: the mobile access gateway MAG represents the group using the mobile node MN between the PMIPv6 network and the mobile node MN The member certificate generates a group signature, and the common signature of the mobile access gateway MAG performs mutual authentication. After the mobile access gateway MAG authentication is completed, the mobile access gateway MAG sends the group membership certificate of the legitimate mobile node MN to the local mobile connected thereto. The anchor LMA calculates the anonymous public key of the mobile node MN to ensure the handover access of the legitimate mobile node MN;
    移动节点MN在同一PMIPv6网络内的移动接入网关MAG之间切换时,移动节点MN根据由本地移动锚LMA颁发的匿名公钥、群成员证书计算移动节点MN的假名和私钥,并以该假名的身份来实现PMIPv6网络内切换认证。When the mobile node MN switches between the mobile access gateways MAG in the same PMIPv6 network, the mobile node MN calculates the pseudonym and the private key of the mobile node MN according to the anonymous public key and the group member certificate issued by the local mobile anchor LMA, and The identity of the pseudonym is used to implement handover authentication within the PMIPv6 network.
  2. 采用权利要求1所述的系统进行基于身份群签的PMIPV6匿名接入认证的方法,其特征在于,包括:The method for performing the identity group-based PMIPV6 anonymous access authentication by using the system of claim 1 is characterized in that it comprises:
    步骤1:第三方信任中心STR生成并发布公共参数;Step 1: The third-party trust center STR generates and publishes public parameters;
    步骤2:移动节点MN、本地移动锚LMA和移动接入网关MAG向第三方信任中心STR申请注册,为PMIPv6网络内的移动接入网关MAG、本地移动锚LMA颁发公私钥对,并且作为群主为移动节点MN颁发群成员证书;Step 2: The mobile node MN, the local mobility anchor LMA, and the mobile access gateway MAG apply for registration with the third-party trust center STR, and issue a public-private key pair for the mobile access gateway MAG and the local mobility anchor LMA in the PMIPv6 network, and serve as the group owner. Issue a group member certificate for the mobile node MN;
    步骤3:监测各PMIPv6网络内移动节点MN所处的状态:如果移动节点MN处于初始状态即移动节点MN首次接入PMIPv6网络时的状态,则执行步骤4;如果移动节点MN处于同一PMIPv6网络内的移动状态,则执行步骤5;Step 3: Monitor the status of the mobile node MN in each PMIPv6 network: if the mobile node MN is in the initial state, that is, the state when the mobile node MN first accesses the PMIPv6 network, perform step 4; if the mobile node MN is in the same PMIPv6 network Move state, go to step 5;
    步骤4:移动节点MN首次接入PMIPv6网络内的移动接入网关MAG时与移动节点MN之间初始接入认证:移动接入网关MAG代表其所在的PMIPv6网络与移动节点MN之间利用移动节点MN的群成员证书生成群签名,移动接入网关MAG的普通签名进行相互认证,在移动接入网关MAG认证完成后,移动接入网关MAG将合法的移动节点MN的群成员证书发送给与其连接的本地移动锚LMA计算移动节点MN的匿名公钥,保证合法的移动节点MN的切换接入;Step 4: Initial access authentication between the mobile node MN and the mobile node MN when the mobile node MN first accesses the mobile access gateway MAG in the PMIPv6 network: the mobile access gateway MAG uses the mobile node between the PMIPv6 network and the mobile node MN The group member certificate of the MN generates a group signature, and the common signature of the mobile access gateway MAG performs mutual authentication. After the mobile access gateway MAG authentication is completed, the mobile access gateway MAG sends the group membership certificate of the legal mobile node MN to the connection. The local mobile anchor LMA calculates the anonymous public key of the mobile node MN to ensure the handover access of the legitimate mobile node MN;
    步骤5:移动节点MN在同一PMIPv6网络内的移动接入网关MAG之间切换时,移动节点MN根据由本地移动锚LMA颁发的匿名公钥、群成员证书计算移动节点MN的假名和私钥,并以该假名的身份来实现PMIPv6网络内切换认证。Step 5: When the mobile node MN switches between the mobile access gateways MAG in the same PMIPv6 network, the mobile node MN calculates the pseudonym and the private key of the mobile node MN according to the anonymous public key and the group member certificate issued by the local mobility anchor LMA. The pseudo-name is used to implement the handover authentication in the PMIPv6 network.
  3. 根据权利要求2所述的方法,其特征在于,所述移动节点M向第三方信任中心STR申请注册如下:The method according to claim 2, wherein the mobile node M applies for registration to a third-party trust center STR as follows:
    首先,移动节点MN选择随机数r MN∈Z * q、随机数N 1∈Z * q、移动节点MN与第三方信任中心STR之间的共享密钥K MN-STR以及多个随机数x i∈Z * q(i=1…n);移动节点MN计算申请加入第三方信任中心STR作为群主的群变量M={r MNx iP,x iP,r MNP};移动节点MN利用第三方信任中心STR的公钥PK STR,将移动节点MN的身份标识ID MN、移动节点MN与第三方信任中心STR之间的共享密钥K MN-STR、群变量M以及随机数N 1做加密,得到密文C MN-STRFirst, the mobile node MN selects the random number r MN ∈Z * q , the random number N 1 ∈Z * q , the shared key K MN-STR between the mobile node MN and the third-party trust center STR, and a plurality of random numbers x i ∈Z * q (i=1...n); the mobile node MN calculates a group variable M={r MN x i P,x i P,r MN P} applied to join the third-party trust center STR as the group owner; the mobile node MN Using the public key PK STR of the third-party trust center STR, the shared key K MN-STR , the group variable M, and the random number N 1 between the identity ID MN of the mobile node MN, the mobile node MN, and the third-party trust center STR Do encryption and get ciphertext C MN-STR ;
    然后,移动节点MN将密文C MN-STR发送给第三方信任中心STR; Then, the mobile node MN sends the ciphertext C MN-STR to the third party trust center STR;
    第三方信任中心STR运用自己的私钥SK STR解密密文C MN-STR,并且生成移动节点MN作为群成员的多个群成员证书Cert MN_i={S i,EXP MN,r MNx iP}(i…n),其中S i=SK STRH 2(EXP MN,r MNx iP),EXP MN为群成员证书Cert MN_i的有效期;运用共享密钥K MN-STR加密N 1和Cert MN_i得到密文C STR-MNThe third-party trust center STR decrypts the ciphertext C MN- STR using its own private key SK STR and generates a plurality of group member certificates Cert MN_i = {S i , EXP MN , r MN x i P} of the mobile node MN as a group member (i...n), where S i =SK STR H 2 (EXP MN , r MN x i P), EXP MN is the validity period of the group member certificate Cert MN_i ; encrypting N 1 and Cert MN_i using the shared key K MN-STR Obtained ciphertext C STR-MN ;
    然后,第三方信任中心STR将该密文C STR-MN发送给MN; Then, the third party trust center STR sends the ciphertext C STR-MN to the MN;
    最后,移动节点MN在收到来自第三方信任中心STR的密文C STR-MN后,解密密文C STR-MN并验证密文C STR-MN中的随机数N 1,如果验证成功,则存储群成员证书Cert MN_i,此时移动节点MN的注册过程完成,如果验证不成功,则注册失败。 Finally, after receiving the ciphertext C STR-MN from the third-party trust center STR, the mobile node MN decrypts the ciphertext C STR-MN and verifies the random number N 1 in the ciphertext C STR-MN , if the verification succeeds, The storage group member certificate Cert MN_i , at this time, the registration process of the mobile node MN is completed, and if the verification is unsuccessful, the registration fails.
  4. 根据权利要求2所述的方法,其特征在于,所述本地移动锚LMA和移动接入网关MAG向第三方信任中心STR申请注册如下:The method of claim 2, wherein the local mobility anchor LMA and the mobile access gateway MAG apply to the third party trust center STR for registration as follows:
    首先,本地移动锚LMA和移动接入网关MAG选择随机数r MN/MAG∈Z * q、随机数N 2∈Z * q、本地移动锚LMA和移动接入网关MAG与第三方信任中心STR之间的共享密钥K LMA/MAG-STR;本地移动锚LMA和移动接入网关MAG计算r MN/MAGP;并利用第三方信任中心STR的公钥PK STR,将本地移动锚LMA和移动接入网关MAG的身份标识ID LMA/MAG、本地移动锚LMA和移动接入网关MAG与第三方信任中心STR之间的共享密钥K LMA/MAG-STR、r LMA/MAGP以及随机数N 2做加密,得到密文C LMA/MAG-STRFirst, the local mobility anchor LMA and the mobile access gateway MAG select a random number r MN/MAG ∈Z * q , a random number N 2 ∈Z * q , a local mobility anchor LMA, and a mobile access gateway MAG and a third-party trust center STR The shared key K LMA/MAG-STR ; the local mobile anchor LMA and the mobile access gateway MAG calculate r MN/MAG P; and use the public key PK STR of the third-party trust center STR to connect the local mobile anchor LMA and mobile Shared key K LMA/MAG-STR , r LMA/MAG P and random number N 2 between the identity identifier ID LMA/MAG of the gateway MAG, the local mobility anchor LMA and the mobile access gateway MAG and the third party trust center STR Do encryption and get ciphertext C LMA/MAG-STR ;
    然后,本地移动锚LMA和移动接入网关MAG将密文C LMA/MAG-STR发送给第三方信任中心STR; Then, the local mobility anchor LMA and the mobile access gateway MAG send the ciphertext C LMA/MAG-STR to the third party trust center STR;
    第三方信任中心STR运用自己的私钥SK STR解密密文C LMA/MAG-STR,并且生成本地移动 锚LMA和移动接入网关MAG的私钥SK LMA/MAG=SK STRPK LMA/MAG,其中公钥PK LMA/MAG=H 2(ID LMA/MAG||EXP LMA/MAG,r LMA/MAGP),H 2为第三方信任中心STR定义的哈希函数,EXP LMA/MAG表示本地移动锚LMA和移动接入网关MAG的私钥SK LMA/MAG的有效期;运用共享密钥K MN-STR加密SK LMA/MAG,EXP LMA/MAG和N 2得到密文C STR-LMA/MAGThe third-party trust center STR decrypts the ciphertext C LMA/MAG-STR with its own private key SK STR and generates the private key SK LMA/MAG =SK STR PK LMA/MAG of the local mobile anchor LMA and the mobile access gateway MAG , wherein Public key PK LMA/MAG =H 2 (ID LMA/MAG ||EXP LMA/MAG , r LMA/MAG P), H 2 is a hash function defined by the third-party trust center STR, and EXP LMA/MAG represents the local mobile anchor The validity period of the private key SK LMA/MAG of the LMA and the mobile access gateway MAG; the ciphertext C STR-LMA/MAG is obtained by encrypting SK LMA/MAG with the shared key K MN-STR , EXP LMA/MAG and N 2 ;
    然后,第三方信任中心STR将该密文C STR-LMA/MAG发送给本地移动锚LMA和移动接入网关MAG; Then, the third party trust center STR sends the ciphertext C STR-LMA/MAG to the local mobility anchor LMA and the mobile access gateway MAG;
    最后,本地移动锚LMA和移动接入网关MAG在收到来自第三方信任中心STR的密文C STR-LMA/MAG后,解密密文C STR-MN并验证密文C STR-MN中的随机数N 2,如果验证成功,则存储本地移动锚LMA和移动接入网关MAG的私钥SK LMA/MAG和有效期EXP LMA/MAG,此时本地移动锚LMA和移动接入网关MAG的注册过程完成,如果验证不成功,则注册失败。 Finally, after receiving the ciphertext C STR-LMA/MAG from the third-party trust center STR, the local mobility anchor LMA and the mobile access gateway MAG decrypt the ciphertext C STR-MN and verify the randomness in the ciphertext C STR-MN . The number N 2 , if the verification is successful, stores the private key SK LMA/MAG of the local mobile anchor LMA and the mobile access gateway MAG and the expiration date EXPMA/MAG , at which time the registration process of the local mobility anchor LMA and the mobile access gateway MAG is completed. If the verification is unsuccessful, the registration fails.
  5. 根据权利要求2所述的方法,其特征在于,所述步骤4,包括:The method of claim 2, wherein the step 4 comprises:
    步骤4.1:移动节点MN选择随机数N 3、x iP,并将N 3、x iP对应的群成员证书Cert MN_i同时间戳T 1生成群签名Sign MNStep 4.1: The mobile node MN selects the random number N 3 , x i P, and generates the group signature Sign MN by the group member certificate Cert MN_i corresponding to N 3 and x i P with the time stamp T 1 ;
    步骤4.2:移动节点MN将群签名Sign MN、群成员证书Cert MN_i、时间戳T 1和随机数N 3发送给移动接入网关MAG1; Step 4.2: The mobile node MN sends the group signature Sign MN , the group member certificate Cert MN_i , the timestamp T 1 and the random number N 3 to the mobile access gateway MAG1;
    步骤4.3:移动接入网关MAG1验证移动节点MN发送的时间戳TS 1:若该时间戳TS 1不新鲜,则移动接入网关MAG1拒绝移动节点MN的接入请求,否则移动接入网关MAG1验证移动节点MN发送的群成员证书Cert MN_i及群签名Sign MN:如果不合法,则移动接入网关MAG1拒绝移动节点MN的接入请求,否则执行步骤4.4; Step 4.3: The mobile access gateway MAG1 verifies the timestamp TS 1 sent by the mobile node MN: if the timestamp TS 1 is not fresh, the mobile access gateway MAG1 rejects the access request of the mobile node MN, otherwise the mobile access gateway MAG1 verifies group membership certificate sent by the mobile node MN Cert MN_i and group signature Sign MN: If not legal, the mobile access gateway MAG1 refuse the access request of the mobile node MN, otherwise step 4.4;
    步骤4.4:移动接入网关MAG1将移动节点MN的群成员证书Cert MN_i发送给本地移动锚LMA; Step 4.4: The mobile access gateway MAG1 sends the group member certificate Cert MN_i of the mobile node MN to the local mobility anchor LMA;
    步骤4.5:本地移动锚LMA通过移动节点MN群成员证书Cert MN_i内的信息计算移动节点MN的匿名公钥
    Figure PCTCN2018087570-appb-100001
    本地移动锚LMA与移动节点MN之间的共享密钥K LMA-MN;本地移动锚LMA利用该共享密钥K LMA-MN计算包含移动节点MN匿名公钥的密文C LMA-MN;本地移动锚LMA存储群成员证书Cert MN_i和对应的共享密钥K LMA-MN    Step 4.5: The local mobility anchor LMA calculates the anonymous public key of the mobile node MN by using the information in the mobile node MN group member certificate Cert MN_i
    Figure PCTCN2018087570-appb-100001
    The shared key K LMA- MN between the local mobility anchor LMA and the mobile node MN; the local mobility anchor LMA uses the shared key K LMA-MN to calculate the ciphertext C LMA-MN containing the anonymous public key of the mobile node MN ; local mobile Anchor LMA storage group member certificate Cert MN_i and corresponding shared key K LMA-MN ;
    步骤4.6:本地移动锚LMA将密文C LMA-MN和r LMAP发送回移动接入网关MAG1; Step 4.6: The local mobility anchor LMA sends the ciphertext C LMA-MN and r LMA P back to the mobile access gateway MAG1;
    步骤4.7:移动接入网关MAG1首先选择随机数N 4,然后利用自己的私钥SK MAG1将移动接入网关MAG1的身份标识ID MAG1、本地移动锚LMA的身份标识ID LMA、r MAG1P、r LMAP、有效期EXP MAG1、当前时间戳T 2进行签名得到签名Sign MAG1,然后计算移动节点MN与移动接入网关MAG1之间的共享密钥K MAG1-MN,最后运用共享密钥K MAG1-MN加密随机数N 3、N 4, 得到密文C MAG1-MNStep 4.7: Select the first Mobile Access Gateway MAG1 random number N 4, and then use their private key SK to the mobile access gateway MAG1 MAG1 identity ID MAG1, the Local Mobility Anchor LMA identity ID LMA, r MAG1 P, r The LMA P, the expiration date EXP MAG1 , the current timestamp T 2 are signed to obtain the signature Sign MAG1 , then the shared key K MAG1-MN between the mobile node MN and the mobile access gateway MAG1 is calculated, and finally the shared key K MAG1-MN is used. Encrypting random numbers N 3 and N 4 to obtain ciphertext C MAG1-MN ;
    步骤4.8:移动接入网关MAG1将签名Sign MAG1、密文C MAG1-MN、C LMA-MN及ID MAG1、ID LMA、r MAG1P、r LMAP、EXP MAG1、T 2一起发送给移动节点MN; Step 4.8: The mobile access gateway MAG1 sends the signature Sign MAG1 , the ciphertext C MAG1-MN , the C LMA-MN and the ID MAG1 , the ID LMA , the r MAG1 P, the r LMA P, the EXP MAG1 and the T 2 to the mobile node MN. ;
    步骤4.9:移动节点MN验证移动接入网关MAG1发送的时间戳T 2:若该时间戳T 2不新鲜,则移动节点MN停止接入请求,否则移动节点MN验证移动接入网关MAG1私钥的有效期EXP MAG1,如果不在有效期范围内,则移动节点MN停止接入请求,否则移动节点MN验证移动接入网关MAG1签名Sign MAG1的有效性,如果不合法,则移动节点MN停止接入请求,否则移动节点MN计算与移动接入网关MAG1、本地移动锚LMA之间的共享密钥K MN-MAG1,K MN-LMA;运用共享密钥K MN-MAG1解密密文C MAG1-MN,确认随机数N 3并获得N 4,解密密文CLMA-MN,获得移动节点MN的匿名公钥
    Figure PCTCN2018087570-appb-100002
    并保存本地移动锚LMA的身份标识IDLMA和移动节点MN的匿名公钥
    Figure PCTCN2018087570-appb-100003
    利用移动节点MN与移动接入网关MAG1之间的共享密钥K MN-MAG1将随机数N 4做加密得到密文C MN-MAG1    Step 4.9: The mobile node MN verifies the timestamp T 2 sent by the mobile access gateway MAG1: if the timestamp T 2 is not fresh, the mobile node MN stops the access request, otherwise the mobile node MN verifies the private key of the mobile access gateway MAG1 Validity period EXP MAG1 , if not within the validity period, the mobile node MN stops the access request, otherwise the mobile node MN verifies the validity of the mobile access gateway MAG1 signature Sign MAG1 , if not, the mobile node MN stops the access request, otherwise The mobile node MN calculates the shared key K MN-MAG1 , K MN- LMA between the mobile access gateway MAG1 and the local mobility anchor LMA; decrypts the ciphertext C MAG1-MN using the shared key K MN-MAG1 to confirm the random number N 3 and obtain N 4 , decrypt the ciphertext CLMA-MN, obtain the anonymous public key of the mobile node MN
    Figure PCTCN2018087570-appb-100002
    And save the identity of the local mobile anchor LMA IDLMA and the anonymous public key of the mobile node MN
    Figure PCTCN2018087570-appb-100003
    The ciphertext C MN-MAG1 is obtained by encrypting the random number N 4 by using the shared key K MN- MAG1 between the mobile node MN and the mobile access gateway MAG1 ;
    步骤4.10:移动节点MN将密文C MN-MAG1发送给移动接入网关MAG1; Step 4.10: The mobile node MN sends the ciphertext C MN-MAG1 to the mobile access gateway MAG1;
    步骤4.11:在收到密文C MN-MAG1后,移动接入网关MAG1首先运用共享密钥K MN-MAG1解密C MN-MAG1获得随机数,若该随机数等于N 4,则认证成功,移动接入网关MAG1与移动节点MN之间的认证关系被建立,否则认证失败,移动接入网关MAG1拒绝移动节点MN的接入请求。 Step 4.11: after receiving the ciphertext C MN-MAG1, first Mobile Access Gateway MAG1 using the shared key K MN-MAG1 decryption C MN-MAG1 obtains the random number, if the random number is equal to N 4, the authentication is successful, the mobile The authentication relationship between the access gateway MAG1 and the mobile node MN is established. Otherwise, the authentication fails, and the mobile access gateway MAG1 rejects the access request of the mobile node MN.
  6. 根据权利要求2所述的方法,其特征在于,所述步骤5,包括:The method of claim 2, wherein the step 5 comprises:
    步骤5.1:移动节点MN随机选择S MN∈Z * q,计算移动节点MN的假名
    Figure PCTCN2018087570-appb-100004
    和移动节点MN的私钥
    Figure PCTCN2018087570-appb-100005
    移动节点MN选择随机数N 5,并对该随机数N 5、时间戳T 3,以及群成员证书Cert MN_i运用私钥
    Figure PCTCN2018087570-appb-100006
    签名得到签名Sign MN    Step 5.1: The mobile node MN randomly selects S MN ∈Z * q to calculate the pseudonym of the mobile node MN
    Figure PCTCN2018087570-appb-100004
    And the private key of the mobile node MN
    Figure PCTCN2018087570-appb-100005
    The mobile node MN selects the random number N 5 and applies the private key to the random number N 5 , the time stamp T 3 , and the group member certificate Cert MN_i
    Figure PCTCN2018087570-appb-100006
    The signature is signed by Sign MN ;
    步骤5.2:移动节点MN将签名SignMN、假名
    Figure PCTCN2018087570-appb-100007
    时间戳T 3、群成员证书Cert MN_i以及随机数N 5一起发送给移动接入网关MAG2;     Step 5.2: The mobile node MN will sign SignMN, pseudonym
    Figure PCTCN2018087570-appb-100007
    The timestamp T 3 , the group member certificate Cert MN_i and the random number N 5 are sent together to the mobile access gateway MAG2;
    步骤5.3:移动接入网关MAG2验证移动节点MN发送的时间戳T 3,若该时间戳T 3不新鲜,则移动接入网关MAG2拒绝移动节点MN的接入请求,否则移动接入网关MAG2验证移动节点MN发送的签名Sign MN,如果不合法,则移动接入网关MAG2拒绝移动节点MN的接入请求,否则执行步骤5.4; Step 5.3: Mobile Access Gateway MAG2 to verify the time stamp T 3 sent by the mobile node MN, if the timestamp T 3 is not fresh, the Mobile Access Gateway MAG2 reject the access request of the mobile node MN, mobile access gateway or verification MAG2 Sign the mobile node MN MN signature transmitted, if not legal, the mobile access gateway MAG2 reject the access request of the mobile node MN, otherwise step 5.4;
    步骤5.4:移动接入网关MAG2将移动节点MN的群成员证书Cert MN_i以及移动接入网关MAG2的协商密钥参数r MAG2P发送给本地移动锚LMA; Step 5.4: The mobile access gateway MAG2 sends the group member certificate Cert MN_i of the mobile node MN and the negotiation key parameter r MAG2 P of the mobile access gateway MAG2 to the local mobility anchor LMA;
    步骤5.5:本地移动锚LMA根据群成员证书Cert MN_i取出共享密钥K LMA-MN,并利用该共享密钥加密移动接入网关MAG2的密钥协商参数r MAG2P得到密文C LMA-MNStep 5.5: The local mobility anchor LMA takes the shared key K LMA-MN according to the group member certificate Cert MN_i , and encrypts the key negotiation parameter r MAG2 P of the mobile access gateway MAG2 by using the shared key to obtain the ciphertext C LMA-MN ;
    步骤5.6:本地移动锚LMA将密文C LMA-MN发送回移动接入网关MAG2; Step 5.6: The local mobility anchor LMA sends the ciphertext C LMA-MN back to the mobile access gateway MAG2;
    步骤5.7:移动接入网关MAG2选择随机数N 6,计算共享密钥K MAG2-MN,并利用该共享密钥加密随机数N 5、N 6,以及时间戳T 4获得密文C MAG2-MNStep 5.7: The mobile access gateway MAG2 selects the random number N 6 , calculates the shared key K MAG2-MN , and encrypts the random number N 5 , N 6 and the time stamp T 4 using the shared key to obtain the ciphertext C MAG2-MN ;
    步骤5.8:移动接入网关MAG2将密文C LMA-MN、密文C MAG2-MN发送给移动节点MN; Step 5.8: The mobile access gateway MAG2 sends the ciphertext C LMA-MN and the ciphertext C MAG2-MN to the mobile node MN;
    步骤5.9:移动节点MN运用共享密钥K MN-LMA解密密文C LMA-MN,获得移动接入网关MAG2的共享协商密钥,然后移动节点MN根据移动接入网关MAG2的共享协商密钥计算移动节点MN与移动接入网关MAG2的共享密钥K MN-MAG2,并根据该共享密钥K MN-MAG2解密密文C MAG2-MN,获得随机数N 5、N 6,若随机数N 5验证不通过则移动节点MN停止接入请求,否则,移动节点MN运用共享密钥K MN-MAG2加密随机数N 6得到密文C MN-MAG2Step 5.9: The mobile node MN decrypts the ciphertext C LMA- MN by using the shared key K MN-LMA to obtain the shared negotiation key of the mobile access gateway MAG2, and then the mobile node MN calculates the shared negotiation key according to the mobile access gateway MAG2. The shared key K MN-MAG2 of the mobile node MN and the mobile access gateway MAG2, and decrypts the ciphertext C MAG2-MN according to the shared key K MN-MAG2 to obtain random numbers N 5 , N 6 , if the random number N 5 If the verification fails, the mobile node MN stops the access request. Otherwise, the mobile node MN encrypts the random number N 6 using the shared key K MN-MAG2 to obtain the ciphertext C MN-MAG2 ;
    步骤5.10:移动节点MN将密文C MN-MAG2发送给移动接入网关MAG2; Step 5.10: The mobile node MN sends the ciphertext C MN-MAG2 to the mobile access gateway MAG2;
    步骤5.11:移动接入网关MAG2运用共享密钥K MN-MAG2解密密文C MN-MAG2获得随机数,若该随机数等于N 6,则认证成功,移动接入网关MAG2与移动节点MN之间的认证关系被建立,否则认证失败,移动接入网关MAG2拒绝移动节点MN的接入请求。 Step 5.11: The mobile access gateway MAG2 decrypts the ciphertext C MN- MAG2 using the shared key K MN-MAG2 to obtain a random number. If the random number is equal to N 6 , the authentication is successful, and between the mobile access gateway MAG2 and the mobile node MN. The authentication relationship is established, otherwise the authentication fails, and the mobile access gateway MAG2 rejects the access request of the mobile node MN.
PCT/CN2018/087570 2017-07-18 2018-05-18 Group identity signature based pmipv6 anonymous access authentication system and method WO2019015387A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710584037.7A CN107493570B (en) 2017-07-18 2017-07-18 A kind of the PMIPV6 anonymous access authentication system and method for identity-based group label
CN201710584037.7 2017-07-18

Publications (1)

Publication Number Publication Date
WO2019015387A1 true WO2019015387A1 (en) 2019-01-24

Family

ID=60644552

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/087570 WO2019015387A1 (en) 2017-07-18 2018-05-18 Group identity signature based pmipv6 anonymous access authentication system and method

Country Status (2)

Country Link
CN (1) CN107493570B (en)
WO (1) WO2019015387A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114389916A (en) * 2022-01-20 2022-04-22 迈普通信技术股份有限公司 Networking communication method, device, system and network equipment
CN114978540A (en) * 2022-05-19 2022-08-30 广西电网有限责任公司电力科学研究院 PMU (phasor measurement Unit) system authentication method based on SM2 algorithm

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107493570B (en) * 2017-07-18 2019-10-11 东北大学 A kind of the PMIPV6 anonymous access authentication system and method for identity-based group label
CN110035037B (en) * 2018-01-11 2021-09-17 华为技术有限公司 Security authentication method, related equipment and system
CN109743172B (en) * 2018-12-06 2021-10-15 国网山东省电力公司电力科学研究院 Cross-domain network authentication method based on alliance block chain V2G and information data processing terminal
CN109640299B (en) * 2019-01-31 2021-09-21 浙江工商大学 Aggregation method and system for ensuring M2M communication integrity and fault tolerance
CN111786797B (en) * 2020-07-03 2022-10-18 四川阵风科技有限公司 Time effectiveness verification method for three-party communication
CN114448714B (en) * 2022-02-25 2024-02-13 百果园技术(新加坡)有限公司 Data encryption and decryption method, device, equipment and storage medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101772000A (en) * 2008-12-31 2010-07-07 华为技术有限公司 Method, system and device for activating, tracking and controlling PMIPv6 (Proxy Mobile Internet Protocol Version 6) network
US20100214982A1 (en) * 2007-10-05 2010-08-26 Panasonic Corporation Communication control method, network node, and mobile terminal
CN102256236A (en) * 2011-06-08 2011-11-23 北京交通大学 System and method for mobility management under separate mapping mechanism
CN102547890A (en) * 2012-01-11 2012-07-04 中山大学 Intra-domain switching method for proxy mobile IPv6 (Internet protocol version 6) based on AAA server
CN106507355A (en) * 2016-12-07 2017-03-15 东北大学 A kind of PMIPv6 Verification Systems of identity-based allograph and method
CN107181597A (en) * 2017-06-30 2017-09-19 东北大学 A kind of identity-based acts on behalf of the PMIPv6 Verification Systems and method of group ranking
CN107493570A (en) * 2017-07-18 2017-12-19 东北大学 A kind of the PMIPV6 anonymous access authentication systems and method of identity-based group label

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102036242B (en) * 2009-09-29 2014-11-05 中兴通讯股份有限公司 Access authentication method and system in mobile communication network

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100214982A1 (en) * 2007-10-05 2010-08-26 Panasonic Corporation Communication control method, network node, and mobile terminal
CN101772000A (en) * 2008-12-31 2010-07-07 华为技术有限公司 Method, system and device for activating, tracking and controlling PMIPv6 (Proxy Mobile Internet Protocol Version 6) network
CN102256236A (en) * 2011-06-08 2011-11-23 北京交通大学 System and method for mobility management under separate mapping mechanism
CN102547890A (en) * 2012-01-11 2012-07-04 中山大学 Intra-domain switching method for proxy mobile IPv6 (Internet protocol version 6) based on AAA server
CN106507355A (en) * 2016-12-07 2017-03-15 东北大学 A kind of PMIPv6 Verification Systems of identity-based allograph and method
CN107181597A (en) * 2017-06-30 2017-09-19 东北大学 A kind of identity-based acts on behalf of the PMIPv6 Verification Systems and method of group ranking
CN107493570A (en) * 2017-07-18 2017-12-19 东北大学 A kind of the PMIPV6 anonymous access authentication systems and method of identity-based group label

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ZHOU, HUACHUN ET AL.: "An Authentication Protocol for Proxy Mobile IPv6", ACTA ELECTRONICA SINICA, no. 10, 31 October 2008 (2008-10-31) *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114389916A (en) * 2022-01-20 2022-04-22 迈普通信技术股份有限公司 Networking communication method, device, system and network equipment
CN114389916B (en) * 2022-01-20 2023-12-15 迈普通信技术股份有限公司 Networking communication method, device, system and network equipment
CN114978540A (en) * 2022-05-19 2022-08-30 广西电网有限责任公司电力科学研究院 PMU (phasor measurement Unit) system authentication method based on SM2 algorithm

Also Published As

Publication number Publication date
CN107493570A (en) 2017-12-19
CN107493570B (en) 2019-10-11

Similar Documents

Publication Publication Date Title
Yang et al. Efficient handover authentication with user anonymity and untraceability for mobile cloud computing
WO2019015387A1 (en) Group identity signature based pmipv6 anonymous access authentication system and method
US9705856B2 (en) Secure session for a group of network nodes
Yang et al. Anonymous and authenticated key exchange for roaming networks
Zhang et al. A location privacy preserving authentication scheme in vehicular networks
US20060023887A1 (en) Threshold and identity-based key management and authentication for wireless ad hoc networks
CN107181597B (en) PMIPv6 authentication system and method based on identity agent group signature
Kim et al. SFRIC: a secure fast roaming scheme in wireless LAN using ID-based cryptography
Li et al. A lightweight roaming authentication protocol for anonymous wireless communication
Amadeo et al. Securing the mobile edge through named data networking
Yang et al. A trust and privacy preserving handover authentication protocol for wireless networks
Wan et al. Anonymous user communication for privacy protection in wireless metropolitan mesh networks
Køien et al. Location privacy for cellular systems; analysis and solution
Wang et al. An anonymous data access scheme for VANET using pseudonym-based cryptography
Zhu et al. How to secure multi-domain wireless mesh networks
CN105119832B (en) The MIPv6 safety movings management system and mobile authentication method of ID-based cryptosystem
Wan et al. Identity based security for authentication and mobility in future ID oriented networks
Kumar et al. A secure seamless handover authentication technique for wireless LAN
Liu et al. Lightweight handover authentication with location privacy-preserving in mobile wireless networks
Zhang et al. Ticket-based authentication for fast handover in wireless mesh networks
Liu et al. Privacy-preserving quick authentication in fast roaming networks
Dao et al. Prefetched asymmetric authentication for infrastructureless D2D communications: feasibility study and analysis
Zemmoudj et al. Securing D2D Therapeutic Hiking Group in 5G Networks for Partial Coverage Scenario
CN1996838A (en) AAA certification and optimization method for multi-host WiMAX system
Tewari et al. Lightweight AAA for Cellular IP

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18835167

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18835167

Country of ref document: EP

Kind code of ref document: A1