Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Wireless network lightweight class authentication key negotiation protocol based on digital certificate

An authentication key agreement and lightweight authentication technology, which is applied in the field of lightweight authentication key agreement in wireless Internet, can solve the problems of insufficient anti-attack capability, small calculation overhead, and excessive communication calculation overhead, etc., to achieve Satisfy the effect of fewer communication times, less computational overhead, and perfect forward secrecy

Inactive Publication Date: 2012-12-19
BEIJING UNIV OF POSTS & TELECOMM
View PDF2 Cites 14 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Famous protocols such as the Needham-Schroeder protocol, Woo-Lam protocol, Denning-Sacco protocol, and Fiat-Shamir authentication protocol proposed in the early days were later found to be insecure under replay attacks or known key attacks
In 2002, Kim et al. (Kim M, Kim K.A New Identification Scheme Based on the Bilinear Diffie-Hellman Group[C].In Information security and privacy: 7th Australasian Conference, ACISP 2002 Melbourne. Australia, July 3-5, 2002: 362-378.) An authentication protocol is proposed based on the difficulty of BDHP, but the interaction process of the protocol is complicated and there are security holes
In 2003, China launched its own national standard for wireless LAN GB 15629.11 (Information technology-Telecommunications and information exchange between systems-Local and metropolitan area networks-Specific requirements-Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications.GB 15629.11-2003.(in Chinese)), the standard includes wireless authentication and confidentiality infrastructure WAPI mechanism, but the protocol lacks private key verification in the authentication link, and the key negotiation link does not have security attributes such as forward security. Resists attacks such as replay attacks and key asynchronization
In 2004, the IEEE standard approved the 802.11i security specification (IEEE P802.11i / D3.0, Specification for Enhanced Security[OL], http: / / standards.ieee.org / reading / ieee / std / lanman / rafts / P802. 11i.pdf), since the "EAP-Success" message sent by the AP is transmitted in plain text, it is easy to be forged by an attacker to carry out a man-in-the-middle attack
In the same year, PoPescu (Popescu, C.A secure authenticated key agreement protocol. Electrotechnical Conference, 2004. MELECON 2004. Proceedings of the 12th IEEE Mediterranean. 12-15 May 2004(2): 783-786.) proposed an authenticated key agreement protocol , the security and execution efficiency of the protocol are good, but because the confirmation of the parameters is completely dependent on the long-term shared key of the protocol participants, it does not have key leakage security
In 2005, Sui et al. (Sui A, Hui L, Yiu S, Chow K, Tsang W, Chong C, et al. An improved authenticated key agreement protocol with perfect forward secrecy for wireless mobile communication. In IEEE wireless and communications and networking conference (WCNC 2005), 2005: 2088-93.) proposed a password-based elliptic curve authentication protocol. Although the protocol has a small computational overhead, it cannot resist offline password brute force attacks
2007. Feng et al. (Feng Dengguo, Chen Weidong. Modular design and analysis of password-based security protocols [J]. Chinese Science Series E, 2007, 37(2): 223-237.) proposed a password-based modularization Authentication protocol, but because the protocol has a large communication and computing overhead, it is not suitable for wireless Internet networks
In 2012, Jonathan et al. (Jonathan Katz, Philip MacKenzie, Gelareh Taban, Virgil Gligor. Two-server password-only authenticated key exchange[J]. Journal of Computer and System Sciences, March 2012, 78(2): 651-669 ) designed a two-server authenticated key agreement protocol, but the above protocols are not suitable for wireless networks due to their excessive communication calculation overhead or insufficient anti-attack capabilities

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Wireless network lightweight class authentication key negotiation protocol based on digital certificate
  • Wireless network lightweight class authentication key negotiation protocol based on digital certificate
  • Wireless network lightweight class authentication key negotiation protocol based on digital certificate

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0019] (1) Implementation steps

[0020] The protocol includes three stages: identity authentication, key negotiation, and key update. The specific interaction process between users Alice and Bob in the protocol is described as follows:

[0021] 1. Alice sends a Hello message to Bob to initiate a session, and attaches Alice's digital certificate and session ID after the Hello message, calculates the message digest and encrypts it with A's private key to generate a digital signature. Note that when the session ID is non-zero, it means that the user wants to restore the parameters of the previous session, and the saved k of the previous session is used when calculating the new key.

[0022] 2. After receiving A's Hello message, Bob checks the validity of A's digital certificate, performs identity authentication, extracts Alice's public key, verifies A's digital signature, checks the integrity of the message, and proves that A is indeed holding the session for this session. Ther...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a wireless network lightweight class authentication key negotiation protocol based on a digital certificate. A user identity is subjected to dual authentication through a 'certificate private key and protection key' dual authentication system and a 'protection key' dynamic negotiation mechanism by sharing a dynamic protection key according to a public key password; a user proves the session holdness and the private key owning property by exchanging the certificate according to a private key signature, so that primary authentication is executed; and due to protection key sharing, secondary authentication is executed. Important parameters are protected by two parties through the protection key after the last session is finished; the correctness of the key is confirmed through a new protection key calculated at the session; during each communication, when the parameters are exchanged, the correctness can be checked. Negotiation for key groups and parameter exchange adopt simple bit computation; and the key updating is confirmed by Finished messages. According to the protocol, a dynamic ID is set to dynamically select whether the shared old parameters are used for calculating the key of the session; and safety and high efficiency are guaranteed, and the flexibility of the protocol is improved.

Description

technical field [0001] The invention relates to a lightweight authentication key negotiation protocol applicable to wireless Internet, which utilizes a "certificate private key-protection key" dual authentication system and a "protection key" dynamic negotiation mechanism, and adopts a new and old protection key phase The combined method protects the exchange of important parameters, the operation of the session key uses ultra-lightweight operators, and finally combines the BAN logic and informal analysis methods to analyze the security of the protocol, proving that it can reach the first-level belief and the second-level Faith also has security properties such as two-way entity authentication and perfect forward secrecy. This protocol only needs two communications to complete the parameter exchange in the key negotiation phase. The calculation of the session key group uses bit operations with a small amount of calculation, which has the characteristics of efficient transmissi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04W12/04H04W12/06H04W12/0431H04W12/069
Inventor 贾庆轩郜盼盼高欣赵兵翟峰王鑫
Owner BEIJING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products