WO2023077280A1 - Authentification sans certificat et communication sécurisée - Google Patents

Authentification sans certificat et communication sécurisée Download PDF

Info

Publication number
WO2023077280A1
WO2023077280A1 PCT/CN2021/128264 CN2021128264W WO2023077280A1 WO 2023077280 A1 WO2023077280 A1 WO 2023077280A1 CN 2021128264 W CN2021128264 W CN 2021128264W WO 2023077280 A1 WO2023077280 A1 WO 2023077280A1
Authority
WO
WIPO (PCT)
Prior art keywords
client
server
client device
message
key
Prior art date
Application number
PCT/CN2021/128264
Other languages
English (en)
Inventor
Yong Li
Ji Li
Wenyuan TIAN
Xinping Chen
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Priority to PCT/CN2021/128264 priority Critical patent/WO2023077280A1/fr
Priority to CN202180100645.0A priority patent/CN117643010A/zh
Publication of WO2023077280A1 publication Critical patent/WO2023077280A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords

Definitions

  • the present disclosure relates generally to the field of network security and more specifically, to a client device and a method for certificate-less authentication and secure communication therefor.
  • certificate-based authentication and communication techniques have been employed.
  • the certificate-based authenticated communication technique is a generic technology with good compatibility due to its wide spread acceptance.
  • the certificate-based authenticated communication technique may need to maintain a complex public key infrastructure (PKI) system and has inefficient performance due to the use of certificates. Due to the complexity of the certificate system, the PKI system cannot be deployed in many execute environment, and as a result, entity authentication is difficult in such environments.
  • PKI public key infrastructure
  • identity-based solution Another conventional technique that has been widely adapted in network security systems is identity-based solution.
  • an identification (ID) is used as a public key of an entity, which is comparatively efficient to the discussed certificate-based authentication.
  • the system architecture employed in case of the identity-based solution is also comparatively simple.
  • a secret key for each entity is required to be generated entirely by a server, such as a mutually trusted key generation centre (KGC) service. If such server may have been affected, the entire system may be compromised.
  • KGC mutually trusted key generation centre
  • the network security systems employing the identity-based solution also suffers from many key escrow issues.
  • the present disclosure seeks to provide a client device and a method for authenticating a client device having a client secret key.
  • the present disclosure seeks to provide a solution to the existing problem of needing complex public key infrastructure (PKI) system.
  • PKI public key infrastructure
  • An aim of the present disclosure is to provide a solution that overcomes at least partially the problems encountered in prior art, and provides an improved method for authenticating the client device having the client secret key.
  • the present disclosure provides a client device comprising: a processor; a communication module; and a memory configured to store a client secret key, and instructions which cause the processor to: generate a client ID and authentication value based on the client secret key, send the client ID and authentication value to a key generating server using the communication module; receive one or more system parameters for secure communication from the server through the communication module; generate a first message based on the client secret key, and the received system parameters, send the first message to the server using the communication module; receive, from the server through the communication module, a second message generated based on a secret server key and the system parameters, and an authenticated credential generated based on the first message, a server secret key, a server public key, and the client ID; and compute a valid secret key/public key pair based on the first message and second messages, the authenticated credential, the client secret key, and the server public key.
  • the client device of the present disclosure provides secure communication without need of using certificates. Therefore, compared to traditional certificate-based solutions, the present client device may provide light and secure communication without much computational complexity. Thereby, the present client devices may be more compatible and may have friendly integration environment.
  • generating the authentication value is further based on status information of the client device.
  • the authentication value is generated based on the status information of the client device in order to obtain a unique value at a particular instant, which helps with secure communication.
  • generating the authentication value includes generating a first cryptographic hash function based on the client secret key.
  • the first cryptographic hash function may help to maintain authenticity and integrity of the authentication value.
  • sending the client ID and authentication value to the server comprises concatenating the client ID and authentication value and encrypting using a client public key.
  • the concatenation may link the client ID and authentication value so that both the client ID and authentication value may be sent at once. Further, the encryption of the client ID and authentication value may prevent hackers from gaining access to the client ID and authentication value.
  • the parameters for secure communication include one or more of a mapping function, a hash function and an encryption algorithm.
  • mapping function the hash function and the encryption algorithm in the parameters may ensure that compatible mapping functions, hash functions and encryption algorithms are implemented on both the client device and the key generating server to enable establishing secure communication.
  • generating the first message comprises generating a second cryptographic hash function based on the client secret key, and encrypting using a server public key.
  • the second cryptographic hash function may convert the first message of any size to a binary array of fixed size, which in turn may help with transmission, and thereby with enabling communication, and further the use of encryption may help to prevent hackers from gaining access to the first message.
  • encrypting includes concatenating the second cryptographic hash function with a first randomly generated value and the client ID.
  • the concatenation of the second cryptographic hash function with the first randomly generated value and the client ID may link the second cryptographic hash function value and the client ID in order to send both the second cryptographic hash function value and the client ID at once.
  • the second message is generated by decrypting the first message using the server secret key and verifying the authentication value.
  • the key generating server is able to decrypt the first message received from the client device, which is further verified using the authentication value.
  • the authenticated credential is generated by generating a third cryptographic hash function based on the client ID, a server ID and a second randomly generated value, and multiplying the third cryptographic function by the server secret key.
  • the implementation of the third cryptographic hash function may help in converting the authenticated credential of any size to the binary array of fixed size, which in turn may help with transmission, and thereby with enabling communication.
  • the second randomly generated value is based on one or more components of the first message.
  • the second randomly generated value being based on the first message which is encrypted, may prevent hackers in establishing communication with the key generating server even if hackers may be able to gain access to the server secret key.
  • the client device further comprises sending a connection message to a second client device based on the valid secret key/public key pair and the system parameters and, based on a response from the second client device, computing one or more session keys for secure communication with the second client device.
  • the secure communication is established between the client device and the second client device for exchanging information between both the devices.
  • sending the connection message further comprises verifying a public key and identity of the second client device with a public key revocation list provided by the server.
  • verification of the public key and identity of the second client device with the public key revocation list provided by the server may help in performing a two-way verification in order to ensure that the secure communication is established.
  • the present disclosure provides a method for authenticating a client device having a client secret key.
  • the method comprises generating a client ID and authentication value based on the client secret key, sending the client ID and authentication value to a key generating server; receiving one or more system parameters for secure communication from the server; generating a first message based on the client secret key, and the received system parameters, sending the first message to the server.
  • the method further comprises receiving, from the server, a second message generated based on a secret server key and the system parameters, and further receiving an authenticated credential generated based on the first message, a server secret key, a server public key, and the client ID.
  • the method further comprises determining a valid secret key and a valid public key, wherein the valid secret key and the valid public key are based on the first message and second messages, the authenticated credential, the client secret key, and the server public key.
  • the method of the present disclosure provides secure communication without need of using certificates. Therefore, compared to traditional certificate-based solutions, the present method may provide light and secure communication without much computational complexity; and thereby, the present method may be more compatible and may have friendly integration environment.
  • generating the authentication value is further based on status information of the client device.
  • the authentication value is generated based on the status information of the client device in order to obtain a unique value at a particular instant, which helps with secure communication.
  • generating the authentication value includes generating a first cryptographic hash function based on the client secret key.
  • the first cryptographic hash function may help to maintain authenticity and integrity of the authentication value.
  • sending the client ID and authentication value to the server comprises concatenating the client ID and authentication value and encrypting using a client public key.
  • the concatenation may link the client ID and authentication value so that both the client ID and authentication value may be sent at once. Further, the encryption of the client ID and authentication value may prevent hackers from gaining access to the client ID and authentication value.
  • the parameters for secure communication include one or more of a mapping function, a hash function and an encryption algorithm.
  • mapping function the hash function and the encryption algorithm in the parameters may ensure that compatible mapping functions, hash functions and encryption algorithms are implemented on both the client device and the key generating server to enable establishing secure communication.
  • generating the first message comprises generating a second cryptographic hash function based on the client secret key, and encrypting using a server public key.
  • the second cryptographic hash function may convert the first message of any size to a binary array of fixed size, which in turn may help with transmission, and thereby with enabling communication, and further the use of encryption may help to prevent hackers from gaining access to the first message.
  • encrypting includes concatenating the second cryptographic hash function with a first randomly generated value and the client ID.
  • the concatenation of the second cryptographic hash function with the first randomly generated value and the client ID may link the second cryptographic hash function value and the client ID in order to send both the second cryptographic hash function value and the client ID at once.
  • the second message is generated by decrypting the first message using the server secret key and verifying the authentication value.
  • the key generating server is able to decrypt the first message received from the client device, which is further verified using the authentication value.
  • the authenticated credential is generated by generating a third cryptographic hash function based on the client ID, a server ID and a second randomly generated value, and multiplying the third cryptographic function by the server secret key.
  • the implementation of the third cryptographic hash function may help in converting the authenticated credential of any size to the binary array of fixed size, which in turn may help with transmission, and thereby with enabling communication.
  • the second randomly generated value is based on one or more components of the first message.
  • the second randomly generated value being based on the first message which is encrypted, may prevent hackers in establishing communication with the key generating server even if hackers may be able to gain access to the server secret key.
  • the method further comprises sending a connection message to a second client device, wherein the connection message is based on the valid secret key and valid public key and the system parameters, receiving a response from the second client device, wherein the response is based on the system parameters and a valid secret key and a public key of the second client device, and computing, based on the response from the second client device, one or more session keys for secure communication with the second client device.
  • the secure communication is established between the client device and the second client device for exchanging information between both the devices.
  • sending the connection message further comprises verifying a public key and identity of the second client device with a public key revocation list provided by the server.
  • verification of the public key and identity of the second client device with the public key revocation list provided by the server may help in performing a two-way verification in order to ensure that the secure communication is established.
  • the present disclosure provides a computer-readable medium comprising instructions which, when executed by a processor, cause the processor to perform the method as described above.
  • FIG. 1 is a flowchart of method for authenticating a client device having a client secret key, in accordance with an embodiment of the present disclosure
  • FIG. 2A is a schematic of a process flow for registering the client device onto a key generating server, in accordance with an embodiment of the present disclosure
  • FIG. 2B is a table listing exemplary registration information stored in the key generating server of FIG. 2A, in accordance with an embodiment of the present disclosure
  • FIG. 2C is a schematic of a process flow for determining a valid secret key and a valid public key after registration of a first client device on the key generating server, in accordance with an embodiment of the present disclosure
  • FIG. 3 is a block diagram of the client device, in accordance with an embodiment of the present disclosure.
  • FIG. 4A is a block diagram depicting implementation of the key generating server for establishing secure communication between the client device and a second client device, in accordance with various embodiments of the present disclosure.
  • FIG. 4B is a block diagram depicting implementation of the key generating server for establishing secure communication between a plurality of client devices, in accordance with various embodiments of the present disclosure.
  • an underlined number is employed to represent an item over which the underlined number is positioned or an item to which the underlined number is adjacent.
  • a non-underlined number relates to an item identified by a line linking the non-underlined number to the item. When a number is non-underlined and accompanied by an associated arrow, the non-underlined number is used to identify a general item at which the arrow is pointing.
  • communication parties may want to communicate with authentication, integrity and confidentiality for the exchanging messages.
  • the communication parties due to lack of certificate needed for the communication parties, the communication parties implement certificate-less technique for authentication and secure communication.
  • the present disclosure utilizes contributive implicit identity-based authentication and efficient authenticated key exchange protocol to implement certificate-less party’s authentication and secure communication.
  • FIG. 1 is a flowchart of a method for authenticating a client device having a client secret key, in accordance with an embodiment of the present disclosure.
  • a method 100 for authenticating a client device having a client secret key The method 100 introduces an efficient method for authenticating the client device having the client secret key.
  • the client device may be a computing device such as, but not limited to, a laptop, a palmtop, a computer, and a mobile phone.
  • the client secret key may be secret to the client device and possibly be known to an application and an authorization server as may be required as per the implementation, but generally not be known to the public.
  • the method 100 includes steps 102 to 114, which have been described in detail in the proceeding paragraphs.
  • the method 100 comprises generating a client ID and authentication value based on the client secret key.
  • the client ID may be an identification for identifying the respective client device.
  • client ID means information by which a client can be uniquely identified.
  • a user ID identifies a user of a device while a device ID identifies the device itself; and one or both of the user ID and device ID may be used, and the term client ID will refer to one or both of the user ID and device ID.
  • the authentication value may be also used to verify an identity of a user of the client device.
  • authentication value which may also be referred to as authentication code, is used to authenticate the user.
  • the authentication value may be a known datum of the user alone (in general, a personal identification number or PIN-Personal Identifier Number) , deduced from a biometric characteristic of the user (for example, voice, fingerprint, heat ... ) or resulting from an action that only the user can perform (for example, signature) .
  • the client ID and the authentication value of a client device ‘i’ has been represented by ‘ID_i’ and ‘AuthenValue_i’ , respectively.
  • generating the authentication value includes generating a first cryptographic hash function based on the client secret key.
  • the hash function may be used to protect authenticity of the input data. It will be appreciated that a given hash function may convert an input data of any size to a binary array of fixed size, which in turn may help with transmission, and thereby with enabling communication.
  • the first cryptographic hash function may be used to generate the authentication value which may involve the process as described hereinafter.
  • the client device At a beginning of a registration phase, the client device generates the client secret key (say, K) . Then, the client ID and the authentication value are generated by using the client secret key K and the first cryptographic hash function.
  • the first cryptographic hash function may be a cryptographic pseudo-random function (PRF) .
  • PRF cryptographic pseudo-random function
  • the cryptographic pseudo-random function (PRF) may be implemented to provide “randomness” which in turn may employ equations (1) , (2) , and (3) for generating the authentication value, as provided below:
  • ID_i PRF (K, Nonce i ) (1)
  • n_i PRF (K, ID i ) (2)
  • ID_i is the client ID of the client device ‘i’ ; Nonce_i is a nonce number used for the client device ‘i’ ; n_i is an intermediate value generated in the process as implemented for the client device ‘i’ ; and PRF is the first cryptographic hash function.
  • the nonce also known as ‘number once’ or ‘number only used once; may be a pseudo-random number generated to be used only once for a specific use. The nonce may ensure that any of the old communication is not used for replay attacks once an attacker has access to the client secret key. It may be noted that once the ID_i is generated, the ID_i and the client secret key K may be stored locally on the client device ‘i’ .
  • generating the authentication value is further based on status information of the client device.
  • the status information may provide data related to an active state of the client device.
  • the status information may provide an IP address of the client device, a media access control (MAC) address of the client device, a current time, a number of pixels activated, and a central processing unit (CPU) load when the authentication value is being generated.
  • the authentication value, as generated may thus be unique depending on the status information of the client device at a particular instant. Thereby, each time there would be a unique authentication value that is generated, and any of the prior-used authentication value may not needed to be re-used for the purpose of establishing secure communication.
  • the method 100 further comprises sending the client ID and authentication value to a key generating server.
  • the key generating server also referred to as a key generating center (KGC) may be implemented in the present method 100 to generate another pair of secret and public key to be provided to the client device.
  • KGC key generating center
  • the authentication value and the client ID may be stored on the key generating server.
  • sending the client ID and authentication value to the server comprises concatenating the client ID and authentication value and encrypting using a client public key.
  • the client public key may be a large numerical value that is used to encrypt data, and such key is generated by a software program, but more often, it is provided by a trusted, designated authority and made available to everyone through a publicly accessible repository or directory.
  • Concatenating the client ID and authentication value may refer to linking the client ID and authentication value together so that they may be sent at once, which may aid with transmission.
  • the client ID and authentication value may be encrypted using the client public key so that a hacker may not be able to access the client ID and authentication value.
  • encryption may be process of converting an input data to a secret code that may help in hiding an information of the input data. Any known suitable encryption technique may be implemented for the given process without any limitations.
  • FIG. 2A is a schematic of a process flow 200A for registering a client device 202 onto a key generating server 204, in accordance with an embodiment of the present disclosure.
  • the client ID and the authentication value for the client device 202 is ‘ID_i’ and ‘AuthenValue_i’ , respectively.
  • the key generating server 204 has server secret key and server public key as ‘SK’ and ‘PK’ respectively.
  • the client device 202 sends the client ID and the authentication value (ID_i, AuthenValue_i) to the key generating server 204.
  • the key generating server 204 stores registration information locally.
  • FIG. 2B is a table 200B listing exemplary registration information stored in the key generating server 204 of FIG. 2A, in accordance with an embodiment of the present disclosure. As shown, in the table 200B, the client IDs with the respective authentication values are stored.
  • the method 100 further comprises receiving one or more system parameters for secure communication from the key generating server.
  • the one or more system parameters may be an information sent to the client device so that both the key generating server and the client device are one same page.
  • the one or more system parameters for secure communication include one or more of a mapping function, a hash function and an encryption algorithm.
  • the mapping function may be used to transform an input data to an output data based on a defined relation.
  • the hash function as discussed, may convert the input data of any size to the binary array of fixed size.
  • the encryption algorithm may help in transforming the input data into the secret code.
  • the one or more system parameters may be received from the key generating server in order to ensure that the same mapping function, the same hash function or the same encryption algorithm are used on both the key generating server and the client device for compatibility purposes, and thereby for enabling establishing the secure communication therebetween.
  • the key generating server 204 sends the one or more system parameters to the client device 202.
  • the key generating server 204 sends elliptic curve (EC) group G, generator g, the hash function, the encryption algorithm, and the server public key PK to the client device 202.
  • EC elliptic curve
  • the method 100 further comprises generating a first message based on the client secret key, and the received system parameters.
  • the first message may be a data generated by linking the nonce, the client secret key, and the received system parameters.
  • generating the first message comprises generating a second cryptographic hash function based on the client secret key, and encrypting using a server public key.
  • the second cryptographic hash function may take the nonce, the client secret key, and the received system parameters as the input data and may convert those to the secret code which is the first message.
  • the server public key may be known to the public and may be used for encryption purposes so that apart from the key generating server, no other entity may be able to decipher information of the first message.
  • FIG. 2C is a schematic of a process flow for determining a valid secret key and a valid public key after registration of a first client device 206 on the key generating server 204, in accordance with an embodiment of the present disclosure.
  • the first client device 206 has the client ID as ‘ID1’ .
  • the first message may be generated by the first client device 206 using equation (4) as provided below:
  • m1 F1 (sk1, nonce1, system parameters) (4)
  • ‘m1’ is the first message
  • ‘sk1’ is the client secret key of the first client device 206
  • ‘nonce1’ is the nonce of the first client device 206
  • ‘system parameters’ are the one or more system parameters received by the first client device 206.
  • encrypting includes concatenating the second cryptographic hash function with a first randomly generated value and the client ID.
  • the first randomly generated value may be a random number (which may not be truly random) that may be generated using a random number generator.
  • the random number generator may be a computer algorithm as known in the art. The random number generator may mimic selection of the first randomly generated value so as to be approximately similar to the truly random.
  • the second cryptographic hash function may be linked with the first randomly generated value and the client ID for encryption.
  • an intermediate value ‘n1’ for the first client device are determined by taking the cryptographic pseudo-random function (PRF) algorithm on the client secret key ‘K’ and the client ID ‘ID_i’ by equation (5) as provided below:
  • PRF cryptographic pseudo-random function
  • n1 PRF (K, ID_i) (5)
  • the first randomly generated value is determined based on point multiplication of a first random variable a1 by the generator g, using an equation:
  • ‘A1’ is the first randomly generated value and ‘g’ is the generator of an elliptic curve (EC) group (G) .
  • the generator ‘g’ may also be referred to as the generator of base point (may also be represented as ‘G’ ) .
  • ‘G (+, . ) represents a point addition and a point multiplication, respectively.
  • the first message may be generated by encrypting the server public key, the client ID, the intermediate value and the first randomly generated value by equation (7) as provided below:
  • ‘C1’ is the first message and ‘PK’ is the server public key.
  • the KGC may encrypt ⁇ ID_i, n1, A1 ⁇ .
  • the method 100 further comprises sending the first message to the server (i.e., the key generating server or KGC) .
  • the first message is sent over a secure channel to the key generating server from the client device.
  • the first client device 206 sends the first message to the key generating server 204.
  • the method 100 further comprises receiving, from the server, a second message generated based on a secret server key and the system parameters, and further receiving an authenticated credential generated based on the first message, a server secret key, a server public key, and the client ID.
  • the secret server key may be a secret code known to the key generating server, and which may not be generally known to the public.
  • the second message may be generated by the key generating server based on the secret server key and the system parameters.
  • the authenticated credential may be also generated by verifying an integrity and identity of the first message. Further, the first message and the authenticated credential may be sent to the client device.
  • the key generating server performs a contributive key exchange with implicit authentication, computes the second message and generates the authenticated credential.
  • the key generating server 204 generates the second message and the authenticated credential using equations (8) and (9) as provided below:
  • ‘m2’ is the second message
  • ‘sk2’ is the secret server key
  • ‘nonce2’ is the nonce of the KGC
  • ‘system parameters’ are the one or more system parameters received by the first client device
  • ‘S’ is the authenticated credential
  • ‘SK’ is the server secret key
  • ‘pk2’ is the server public key
  • ‘ID1’ is the client ID.
  • the key generating server 204 sends the second message ‘m2’ , and the authenticated credential ‘S’ to the first client device 206.
  • the second message is generated by decrypting the first message using the server secret key and verifying the authentication value.
  • the first message may be decrypted by a decryption algorithm.
  • the authentication value may be verified to check the identity of the client device.
  • the authentication value may be first determined by using the client ID and the intermediate value obtained by decrypting the first message.
  • the determined authentication value may be compared to the authentication value as stored in the key generating server initially during the registration process. If the determined authentication value is same as the stored authentication value, the communication over the secured channel is established by accepting the first message, else the communication is aborted and a request for communication is rejected. That is, referring back to equations (5) , (6) , and (7) once the first message ‘C1’ is received by the KGC, a decryption of the first message may be achieved according to equation (10) as provided below:
  • ‘SK’ is the server secret key.
  • the authentication value may be determined according to equation (11) as provided below:
  • the ‘AuthenValue_i*’ is the determined authentication value of the client device ‘i’ . If ‘AuthenValue_i*’ is equal to ‘AuthenValue_i’ , then request for communication is accepted; otherwise, it is rejected. It may be understood that, herein, the ‘AuthenValue_i’ is the authentication value of the client device ‘i’s tored in the KGC at the time of registration.
  • the authenticated credential is generated by generating a third cryptographic hash function based on the client ID, a server ID and a second randomly generated value, and multiplying the third cryptographic function by the server secret key.
  • the third cryptographic hash function may convert the input data of any size to the binary array of fixed size, with the input data being the client ID, the server ID and the second randomly generated value.
  • the server ID may be an identification used to recognize the KGC.
  • the second randomly generated value may be the random number that may be generated using computer algorithms such as, the random number generator.
  • the second randomly generated value is based on one or more components of the first message.
  • the second randomly generated value may be calculated using the first randomly generated value according to equation (12) as provided below:
  • ‘B_i’ is the second randomly generated value
  • ‘b1’ is a second random variable
  • ‘g’ is the generator
  • ‘A1’ is the first randomly generated value
  • the authenticated credential is generated according to equation (13) as provided below:
  • ‘S_i’ is the authenticated credential
  • ‘F2’ is the third cryptographic hash function
  • ‘ID_KGC’ is the server ID
  • the authenticated credential ‘S_i’ , the second randomly generated number, in this case, ‘B_1’ , and the server ID ‘ID_KGC’ may be sent to the client device.
  • the method 100 further comprises, determining a valid secret key and a valid public key, wherein the valid secret key and the valid public key are based on the first message and second messages, the authenticated credential, the client secret key, and the server public key.
  • the valid secret key and the valid public key may be determined according to equation (14) as provided below:
  • sk_ID1/pk_ID1 F3 (sk1, m1, m2, S, PK) (14)
  • ‘sk_ID1’ is the valid secret key
  • ‘pk_ID1’ is the valid public key
  • ‘sk1’ is the client secret key
  • ‘m1’ is the first message
  • ‘m2’ is the second message
  • ‘S’ is the authenticated credential
  • ‘PK’ is the server public key.
  • the public/secret keys may be computed by using S_i, B_i, a1, ID_i, ID_KDC.
  • the valid secret key and the valid public key may be determined according to equations (15) , (16) , and (17) as provided below:
  • ‘pk1’ is the valid public key
  • ‘sk1’ is the valid secret key
  • ‘a1’ is the first random variable
  • ‘B_i’ is the second randomly generated value
  • ‘ID_i’ is the client ID
  • ‘ID_KDC’ is the server ID.
  • the method 100 further comprises sending a connection message to a second client device, wherein the connection message is based on the valid secret key and valid public key and the system parameters, receiving a response from the second client device, wherein the response is based on the system parameters and a valid secret key and a public key of the second client device, and computing, based on the response from the second client device, one or more session keys for secure communication with the second client device.
  • the client device may be referred as a first client device, and the first client device and the second client device may establish secure communication therebetween.
  • the connection message may be determined by the first client device according to equation (18) as provided below:
  • ‘sk1’ is valid secret key of the first client device and ‘pk1’ is the valid public key of the first client device.
  • the first device sends the client ID ‘ID1’ thereof, the authenticated credential ‘S1’ thereof, and the valid public key ‘pk1’ thereof.
  • the second device sends the client ID ‘ID2’ thereof, the authenticated credential ‘S2’ thereof, and the valid public key ‘pk2’ thereof.
  • the first client device and the second client device may verify their respective communication partners, that is the second client device and the first client device, respectively.
  • the first client device may verify the second client device by calculating the public key of the second client device according to equation (19) as provided below:
  • ‘pk ID2 ’ is the calculated public key of the second client device.
  • the first client device may compute session key ‘K Auth
  • the second client device may verify the first client device by calculating the public key of the first client device according to equation (21) as provided below:
  • ‘pk ID1 ’ is the calculated public key of the first client device.
  • the second client device may compute session key ‘K Auth
  • K Auth KeyGen2 (PK ID1 , Sk ID1 , sk2, pk1) (22)
  • the first client device may have the client ID as ‘ID_1’ , and the authenticated credential as ‘S1’ .
  • the second client device may have the client ID as ‘ID_2’ , and the authenticated credential as ‘S2’ .
  • the first client device may generate a random function ‘X’ by point multiplication of a random variable with the generator according to equation (23) as provided below:
  • the first client device may then send ‘X’ , ‘ID_1’ and ‘S1’ to the second client device.
  • the second client device may generate a random function ‘Y’ by point multiplication of a random variable ‘y’ with the generator ‘G’ according to equation (24) as provided below:
  • the second client device may then send ‘Y’ , ‘ID_2’ and ‘S2’ to the first client device.
  • the first client device may verify validation of (ID_2, B 2 , Y) ; and upon validation, the first client device may compute a valid public key ‘PK ID2 ’ according to equation (25) as provided below:
  • K Encn may be computed according to equations (26) , (27) and (28) as provided below:
  • MK Hash (PK ID2 , SK ID1 , x, Y) (26)
  • the second client device may verify validation of (ID_1, B 1 , X) ; and upon validation, the first client device may compute a valid public key ‘pk ID2 ’ according to equation (29) as provided below:
  • K Encn may be computed according to equations (30) , (31) and (32) as provided below:
  • MK Hash (PK ID1 , Sk ID2 , X, y) (30)
  • connection message further comprises verifying a public key and identity of the second client device with a public key revocation list provided by the server.
  • the public key revocation list may be a list of public keys stored in the server.
  • the public key revocation list may be used for establishing a secondary check in order to assist the client device in establishing the secure commination channel.
  • the present disclosure also relates to a client device as described above.
  • the various embodiments and variants disclosed above apply mutatis mutandis to the present client device without any limitations.
  • FIG. 3 is a block diagram of a client device 300, in accordance with an embodiment of the present disclosure.
  • the client device 300 comprises a processor 302, a communication module 304, and a memory 306.
  • the “processor” refers to a structure and/or module that include programmable and/or non-programmable components configured to store, process and/or share information for translating a source text of a first language to a second language.
  • the processor includes any arrangement of physical or virtual computational entities capable of enhancing information to perform various computational tasks.
  • the processor refers to a computational element that is operable to respond to and processes instructions to perform the operations) for translating a source text of a first language to a second language.
  • the processor includes, but is not limited to, a microprocessor, a microcontroller, a complex instruction set computing (CISC) microprocessor, a reduced instruction set (RISC) microprocessor, a very long instruction word (VLIW) microprocessor, or any other type of processing circuit, for example as aforementioned.
  • the processor is arranged in various architectures for responding to and processing the instructions for translating a source text of a first language to a second language in the system.
  • at least one processor may be implemented as a hardware processor and/or plurality of hardware processors operating in a parallel or in a distributed architecture.
  • the processors in the processor are supplemented with additional computation methods, such as neural networks, and hierarchical clusters of pseudo-analog variable state machines implementing artificial intelligence algorithms.
  • the processor may include components such as a memory, a data communication interface, a network adapter, and the like, to store, process and/or share information with other computing devices, such as the user device, translation memories.
  • the processor is implemented as a computer program that provides various services (such as database service) to other devices, modules, or apparatus.
  • the “communication module” relates to an arrangement of interconnected, programmable and/or non-programmable components that, when in operation, facilitate data communication between one or more computation devices and/or databases.
  • the communication module allows for communication among the interacting computation devices (such as, the user device, or the translation memory, etc. ) .
  • the user device the translation memory is capable of communicating with other computation devices (such as the at least one processor) via the communication module.
  • the communication module includes, but is not limited to, a peer-to-peer (P2P) network, ring communication networks, a hybrid peer-to-peer network, local area networks (LANs) , radio access networks (RANs) , metropolitan area networks (MANs) , wide area networks (WANs) , all of or a portion of a public network such as global computer network known as the a private network, a cellular network, and any other communication system.
  • P2P peer-to-peer
  • ring communication networks a hybrid peer-to-peer network
  • LANs local area networks
  • RANs radio access networks
  • MANs metropolitan area networks
  • WANs wide area networks
  • the communication module employs wired or wireless communication that can be carried out via one or more known protocols, including, but not limited to, Internet Protocol (IP) , Wireless Access Protocol (WAP) , Frame Relay, or Asynchronous Transfer Mode (ATM) , and the like.
  • IP Internet Protocol
  • WAP Wireless Access Protocol
  • ATM Asynchronous Transfer Mode
  • any other suitable protocols using voice, video, data, or combinations thereof, can also be employed, for example, VoIP.
  • the term “memory” means a device where information can be stored and retrieved.
  • the term memory includes internal and external storage devices and includes magnetic and optical disks, magnetic tape, compact disc, as well as random access memory (RAM) and read only memory (ROM) .
  • the memory 306 is configured to store a client secret key 308, and instructions for the processor 302.
  • the instructions cause the processor 302 to generate a client ID and authentication value based on the client secret key 308.
  • generating the authentication value is further based on status information of the client device 300.
  • generating the authentication value includes generating a first cryptographic hash function based on the client secret key 308.
  • the instructions cause the processor 302 to send the client ID and authentication value to a key generating server using the communication module 304.
  • sending the client ID and authentication value to the server comprises concatenating the client ID and authentication value and encrypting using a client public key.
  • the instructions cause the processor 302 to receive one or more system parameters for secure communication from the server through the communication module 304.
  • the parameters for secure communication include one or more of: a mapping functions, a hash function and an encryption algorithm.
  • the instructions cause the processor 302 to generate a first message based on the client secret key, and the received system parameters.
  • generating the first message comprises generating a second cryptographic hash function based on the client secret key 308, and encrypting using a server public key.
  • encrypting includes concatenating the second cryptographic hash function with a first randomly generated value and the client ID.
  • the instructions further cause the processor 302 to send the first message to the server using the communication module 304.
  • the instructions further cause the processor 302 to receive, from the server through the communication module 304, a second message generated based on a secret server key and the system parameters, and an authenticated credential generated based on the first message, a server secret key, a server public key, and the client ID.
  • the second message is generated by decrypting the first message using the server secret key and verifying the authentication value.
  • the authenticated credential is generated by generating a third cryptographic hash function based on the client ID, a server ID and a second randomly generated value, and multiplying the third cryptographic function by the server secret key.
  • the second randomly generated value is based on one or more components of the first message.
  • the instructions cause the processor 302 to compute a valid secret key/public key pair based on the first message and second messages, the authenticated credential, the client secret key 308, and the server public key.
  • FIG. 4A is a block diagram depicting implementation of the key generating server 204 for establishing secure communication between the client device 300 and a second client device 400, in accordance with various embodiments of the present disclosure.
  • the client device 300 sends a connection message to the second client device 400 based on the valid secret key/public key pair and the system parameters. Based on a response from the second client device 400, the client device 300 computes one or more session keys for secure communication with the second client device 400.
  • the connection message further comprises verifying a public key and identity of the second client device 400 with a public key revocation list provided by the key generating server 204.
  • a secure channel 402 is established for facilitating secured communication between the client device 200, the second client device 400, and the key generating server 204.
  • FIG. 4B is a block diagram depicting implementation of the key generating server 204 for establishing secure communication between a plurality of client devices, in accordance with various embodiments of the present disclosure.
  • the plurality of client devices includes ‘n’ number of client devices.
  • a first client device 404 has the client ID as ‘ID_1’
  • a second client device 406 has the client ID as ‘ID_2’
  • an ith client device 408 has the client ‘ID as ID_i’
  • a nth client device 410 has the client ID as ‘ID_n’ .
  • the key generating server 204 has the server secret key ‘SK’ and the public server key ‘PK’ .
  • the secure channel 402 is established for communication between client devices of the plurality of client devices ID_1, ID_2, ...ID_i, ..., ID_n.
  • the secure channel 402 is also used communication between one or more client devices of the plurality of client devices and the the key generating server 204.
  • the present disclosure further provides a computer-readable medium comprising instructions which, when executed by the processor 302, cause the processor 302 to perform the method 100.
  • the processor (or the one or more processors) of the client device 300 is configured to execute the method 100.
  • the computer-readable medium may direct a computerized device, other programmable data processing apparatus, or other interacting computation devices to function in a particular manner, such that the instructions stored in the non-transitory computer-readable storage medium cause a series of steps to implement the function specified in a flowchart corresponding to the instructions.
  • non-transitory computer-readable storage medium examples include, but is not limited to, Electrically Erasable Programmable Read-Only Memory (EEPROM) , Random Access Memory (RAM) , Read Only Memory (ROM) , Hard Disk Drive (HDD) , Flash memory, a Secure Digital (SD) card, Solid-State Drive (SSD) , and/or CPU cache memory.
  • EEPROM Electrically Erasable Programmable Read-Only Memory
  • RAM Random Access Memory
  • ROM Read Only Memory
  • HDD Hard Disk Drive
  • Flash memory Flash memory
  • SD Secure Digital
  • SSD Solid-State Drive
  • CPU cache memory examples include, but is not limited to, an electronic storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any suitable combination of the foregoing.
  • the client device and methods of the present disclosure provides secure communication without needing certificates. That is, herein, parties, such as the client device, and the key generating server or the second client device may perform public key based secure and authenticated communication without needing certificates.
  • the client device and methods provide high security by providing message authentication, and maintaining integrity and confidentiality. Moreover, the client device and methods do not suffer from key escrow problems. Further, the client device and the methods of the present disclosure are resistant against ephemeral key leakage attacks. Furthermore, compared with traditional certificate-based solutions, the client device and methods provide extremely light secure communication and have limited computational complexity. Thus, the methods are more compatible. Also, the client device and methods have friendly integration environment.
  • the proposed solution as per the embodiments of the present disclosure may require only about 168 Bytes.
  • the said EC based TLS1.3 protocol involves 1 sign operation + 1 verify operation + 2 EC Point-Multiplication + 3 PRF operations + 1 MAC operation for completing the computation; whereas, the proposed solution as per the embodiments of the present disclosure may only require 2 EC Point-Multiplication + 3 Hash operations.
  • proposed solution as per the embodiments of the present disclosure may meet the necessary security requirements as provided by the conventional EC based TLS1.3 protocol including confidentiality, authentication, resistance against reply attack, resistance against MITM attack, perfect forward secrecy (PFS) , resistance against Unknown key Share (UKS) attack, as well as resistance against Key Compromise Impersonation (KCI) attack.
  • proposed solution as per the embodiments of the present disclosure may also provide resistance against Ephermal Key Leakage (also known as Ephermal Secret Leakage (ESL) ) attack which may not be feasible with conventional EC based TLS1.3 protocol.
  • Ephermal Key Leakage also known as Ephermal Secret Leakage (ESL)

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Computer And Data Communications (AREA)

Abstract

La présente invention concerne un dispositif client (202, 206, 300, 400, 404, 406, 408, 410) et un procédé (100) d'authentification du dispositif client ayant une clé secrète de client (308). Le procédé comprend la génération d'un ID de client et d'une valeur d'authentification, l'envoi de l'ID de client et de la valeur d'authentification à un serveur de génération de clé (204), la réception d'un ou de plusieurs paramètres système, la génération d'un premier message, l'envoi du premier message au serveur, la réception d'un second message et en outre la réception d'un justificatif d'identification authentifié. Le procédé comprend en outre la détermination d'une clé secrète valide et d'une clé publique valide, la clé secrète valide et la clé publique valide étant basées sur le premier message et des seconds messages, le justificatif d'identification authentifié, la clé secrète de client et la clé publique de serveur.
PCT/CN2021/128264 2021-11-02 2021-11-02 Authentification sans certificat et communication sécurisée WO2023077280A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2021/128264 WO2023077280A1 (fr) 2021-11-02 2021-11-02 Authentification sans certificat et communication sécurisée
CN202180100645.0A CN117643010A (zh) 2021-11-02 2021-11-02 无证书认证和安全通信

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2021/128264 WO2023077280A1 (fr) 2021-11-02 2021-11-02 Authentification sans certificat et communication sécurisée

Publications (1)

Publication Number Publication Date
WO2023077280A1 true WO2023077280A1 (fr) 2023-05-11

Family

ID=86240481

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/128264 WO2023077280A1 (fr) 2021-11-02 2021-11-02 Authentification sans certificat et communication sécurisée

Country Status (2)

Country Link
CN (1) CN117643010A (fr)
WO (1) WO2023077280A1 (fr)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103795534A (zh) * 2012-10-31 2014-05-14 三星Sds株式会社 基于口令的认证方法及用于执行该方法的装置
US20160072775A1 (en) * 2014-09-05 2016-03-10 Samsung Sds Co., Ltd. System and method for key exchange based on authentication information
CN106664554A (zh) * 2014-08-18 2017-05-10 高通股份有限公司 认证凭证的安全配置
CN110176989A (zh) * 2019-05-15 2019-08-27 如般量子科技有限公司 基于非对称密钥池的量子通信服务站身份认证方法和系统
CN110505055A (zh) * 2019-07-12 2019-11-26 如般量子科技有限公司 基于非对称密钥池对和密钥卡的外网接入身份认证方法和系统
CN112087428A (zh) * 2020-08-06 2020-12-15 如般量子科技有限公司 一种基于数字证书的抗量子计算身份认证系统及方法

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103795534A (zh) * 2012-10-31 2014-05-14 三星Sds株式会社 基于口令的认证方法及用于执行该方法的装置
CN106664554A (zh) * 2014-08-18 2017-05-10 高通股份有限公司 认证凭证的安全配置
US20160072775A1 (en) * 2014-09-05 2016-03-10 Samsung Sds Co., Ltd. System and method for key exchange based on authentication information
CN110176989A (zh) * 2019-05-15 2019-08-27 如般量子科技有限公司 基于非对称密钥池的量子通信服务站身份认证方法和系统
CN110505055A (zh) * 2019-07-12 2019-11-26 如般量子科技有限公司 基于非对称密钥池对和密钥卡的外网接入身份认证方法和系统
CN112087428A (zh) * 2020-08-06 2020-12-15 如般量子科技有限公司 一种基于数字证书的抗量子计算身份认证系统及方法

Also Published As

Publication number Publication date
CN117643010A (zh) 2024-03-01

Similar Documents

Publication Publication Date Title
JP7119040B2 (ja) データ伝送方法、装置およびシステム
Zhang et al. SMAKA: Secure many-to-many authentication and key agreement scheme for vehicular networks
Zhang et al. A privacy-aware PUFs-based multiserver authentication protocol in cloud-edge IoT systems using blockchain
Nikravan et al. A multi-factor user authentication and key agreement protocol based on bilinear pairing for the internet of things
US9065637B2 (en) System and method for securing private keys issued from distributed private key generator (D-PKG) nodes
US8464058B1 (en) Password-based cryptographic method and apparatus
US9219722B2 (en) Unclonable ID based chip-to-chip communication
Zhang et al. Efficient and privacy-preserving blockchain-based multifactor device authentication protocol for cross-domain IIoT
JP2023500570A (ja) コールドウォレットを用いたデジタルシグニチャ生成
Mishra Design and analysis of a provably secure multi-server authentication scheme
Gupta et al. Hash based multi-server key exchange protocol using smart card
CN111783136A (zh) 一种数据保护方法、装置、设备和存储介质
De Smet et al. Lightweight PUF based authentication scheme for fog architecture
Djellali et al. User authentication scheme preserving anonymity for ubiquitous devices
Shakiba Security analysis for chaotic maps-based mutual authentication and key agreement using smart cards for wireless networks
Khan et al. A brief review on cloud computing authentication frameworks
Duan et al. Design of anonymous authentication scheme for vehicle fog services using blockchain
Liou et al. T-auth: A novel authentication mechanism for the IoT based on smart contracts and PUFs
Chen et al. Provable secure group key establishment scheme for fog computing
Wang et al. AP-CDE: Cost-efficient authentication protocol for cross-domain data exchange in IIoT
Shmuel et al. 3D from an image sequence-occlusions and perspective
Hölzl et al. Bridging the gap in privacy-preserving revocation: practical and scalable revocation of mobile eIDs
Hena et al. A three-tier authentication scheme for kerberized hadoop environment
WO2023077280A1 (fr) Authentification sans certificat et communication sécurisée
CN110572788B (zh) 基于非对称密钥池和隐式证书的无线传感器通信方法和系统

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21962800

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 202180100645.0

Country of ref document: CN