Anonymous bidirectional authentication method based on identity
Technical field
The present invention relates to a kind of anonymous bidirectional authentication method, relate in particular to anonymous bidirectional authentication method based on identity.
Background technology
Confidentiality for sensitive nodes identity in the protecting network in safety certification; The anonymous bidirectional authentication has become a kind of important research means in the cryptography, and its advantage is to prevent that the assailant from utilizing the identity information of sensitive nodes to initiate denial of service various attacks such as (DoS).
Document " Anonymous handshakes in mobile ad hoc networks.2004 IEEE MilitaryCommunications Conference; 31 October--03 November 2004; Monterey, CA.p1193-1199 " discloses a kind of anonymous authentication method based on bilinear mappings that utilizes pseudo-name collection.This method was the pseudo-name set of each network node preassignment before carrying out anonymous authentication; When authentication, each node carries out authentication from the pseudo-name of the concentrated picked at random of pseudo-name of oneself with other node, hides its true identity through the method for the pseudo-name of continuous conversion.But the method is used the preallocated pseudo-name set of static state, has some safety defects, and in a single day the assailant invades certain node success, then can be based on the true identity of all communication nodes of communications records discovery in the past.In addition, this method autgmentability is not strong, needs the manual in advance pseudo-name collection that pre-sets, and each node needs safety to preserve the pseudo-name information of a plurality of nodes, and the safe storage burden is big, causes assailant's attack easily.
Summary of the invention
In order to overcome the deficiency of prior art owing to the poor stability that uses static pseudo-name collection to cause; The present invention provides a kind of anonymous bidirectional authentication method based on identity; Adopt the method for the pseudo-name of picked at random; Puppet name and other node through selected carry out two-way authentication, make network node the pseudo-name of preassignment to collect, and also need not the pseudo-name of safety preservation and collect; And after node is invaded, can not obtain its true identity information through following the tracks of method for communicating, can improve the fail safe in the network use.
The technical solution adopted for the present invention to solve the technical problems: a kind of anonymous bidirectional authentication method based on identity is characterized in may further comprise the steps:
(a) node initializing: the TTP of trusted third party sets up system parameters and is authentication both sides node: node A and Node B are distributed private key, and this system parameters comprises: the cyclic group (G on two q rank
1,+) and (G
2); P is G
1Generator; Make that e is G
1And G
2On bilinear transformation, i.e. e:G
1* G
1→ G
2The private key of the TTP of trusted third party picked at random oneself
Its corresponding PKI is Q
TTP=S
TTPP ∈ G
1H (x) representes an one-way hash function; The TTP of trusted third party is that node A and Node B distribute the method for private key to be: the identity ID of node A and Node B
1And ID
2Be respectively its PKI, its private key is respectively S
1=S
TTPID
1And S
2=S
TTPID
2
(b) authentication activates: send authentication by Node B and activate grouping to node A;
This authentication activates packet content and comprises: PID
2Field,
Wherein:
PID
2Field: the pseudo-identity that Node B is current, its computational methods are: Node B is temporary private that only is used for this authentication and key agreement process of picked at random at first
Calculate PID then
2=bID
2
(c) authentication request: after node A received that authentication activates grouping, structure also sent authentication request and divides into groups to Node B;
This authentication request packet content comprises: PID
2Field, PID
1Field, TKM
1Field and MIC
1Field,
Wherein:
PID
2Field: its value activates the PID in dividing into groups with authentication
2Field value is identical;
PID
1Field: the pseudo-identity that node A is current, its computational methods are: node A is temporary private that only is used for this authentication and key agreement process of picked at random at first
Calculate PID then
1=aID
1
TKM
1Field: the interim public key information that node A chooses, its computational methods are: TKM
1=aP;
MIC
1Field: the message integrity check sign indicating number that node A calculates all fields before this field, its computational methods are: MIC
1=h (PID
2, PID
1, TKM
1, e (PID
2, aS
1));
(d) authentication response: after Node B receives that authentication request is divided into groups, Node B checking PID
2Whether be the pseudo-identity of oneself choosing; If not, then abandon this grouping, otherwise, recomputate MIC
1=h (PID
2, PID
1, TKM
1, e (PID
1, bS
2)) and with the MIC that receives
1Compare; If unequal, then abandon this grouping, if equate, structure also sends authentication response and divides into groups to node A;
This authentication response packet content comprises: PID
1Field, TKM
2Field and MIC
2Field,
Wherein:
PID
1Field: the PID during its value is divided into groups with authentication request
1Field value is identical;
TKM
2Field: the interim public key information that Node B is chosen, its computational methods are: TKM
2=bP;
MIC
2Field: the message integrity check sign indicating number that Node B is calculated all fields before this field, its computational methods are: MIC
2=h (PID
1, TKM
1, TKM
2, e (PID
1, bS
2), bTKM
1);
(e) key confirmation: after node A received that authentication response divides into groups, node A verified PID
1Whether be the pseudo-identity of oneself choosing, if not, then abandon this grouping, otherwise, checking TKM
1Whether be the interim public key information of oneself choosing; If not, then abandon this grouping, otherwise, recomputate MIC
2=h (PID
1, TKM
1, TKM
2, e (PID
2, aS
1), aTKM
2) and with the MIC that receives
2Compare; If unequal, then abandon this grouping, if equate, structure also sends key confirmation and divides into groups to Node B; Node A accomplishes the anonymous authentication to Node B, and obtains master key MK=aTKM
2=abP;
This authentication response packet content comprises: PID
1Field, TKM
2Field and MIC
2Field,
Wherein:
PID
1Field: the PID during its value is divided into groups with authentication request
1Field value is identical;
TKM
2Field: the interim public key information that Node B is chosen, its computational methods are: TKM
2=bP;
MIC
2Field: the message integrity check sign indicating number that Node B is calculated all fields before this field, its computational methods are: MIC
2=h (PID
1, TKM
1, TKM
2, e (PID
1, bS
2), bTKM
1);
After Node B receives that key confirmation divides into groups, Node B checking TKM
2Whether be the interim public key information of oneself choosing; If not, then abandon this grouping, otherwise, recomputate MIC
3=h (TKM
2, bTKM
1) and with the MIC that receives
3Compare; If unequal, then abandon this grouping, if equate, anonymous bidirectional authentication and key agreement process success; Node B is accomplished the anonymous authentication to node A, and obtains master key MK=bTKM
1=abP.
The invention has the beneficial effects as follows: because the pseudo-name that adopts dynamic random to choose, each node need not the pseudo-name collection of prior preassignment, also need not safety and preserves pseudo-name information; Pseudo-name according to picked at random is carried out authentication, and the assailant can't obtain node true identity information through following the tracks of method for communicating, thereby has guaranteed the anonymity of node identity in the verification process, has improved the fail safe in the network use.
Below in conjunction with accompanying drawing and embodiment the present invention is elaborated.
Description of drawings
Accompanying drawing is the flow chart that the present invention is based on the anonymous bidirectional authentication method of identity.
Embodiment
With reference to accompanying drawing, present embodiment is chosen two network node A and the B in the network arbitrarily, supposes that A and B will carry out the anonymous bidirectional authentication.Concrete steps are following:
At first, the TTP of trusted third party need set up system parameters and be node A and Node B distribution private key, and this system parameters comprises: the cyclic group (G on two q rank
1,+) and (G
2); P is G
1Generator; Make that e is G
1And G
2On bilinear transformation, i.e. e:G
1* G
1→ G
2The private key of the TTP of trusted third party picked at random oneself
Its corresponding PKI is Q
TTP=S
TTPP ∈ G
1H (x) representes an one-way hash function.The TTP of trusted third party is that node A and Node B distribute the method for private key to be: the identity ID of node A and Node B
1And ID
2Be respectively its PKI, its private key is respectively S
1=S
TTPID
1And S
2=S
TTPID
2This step is only used when node initializing.Verification process is following:
The first step, the authentication of Node B structure activates divides into groups to send to node A.Authentication activates packet content and comprises:
Wherein:
PID
2Field: the pseudo-identity that Node B is current, its computational methods are: B is temporary private that only is used for this authentication and key agreement process of picked at random at first
Calculate PID then
2=bID
2
Second step, receive that authentication activate to be divided into groups after, node A structure also sends authentication request and divides into groups to Node B.The authentication request packet content comprises:
Wherein:
PID
2Field: its value activates the PID in dividing into groups with authentication
2Field value is identical;
PID
1Field: the pseudo-identity that node A is current, its computational methods are: A is temporary private that only is used for this authentication and key agreement process of picked at random at first
Calculate PID then
1=aID
1
TKM
1Field: the interim public key information that node A chooses, its computational methods are: TKM
1=aP.
MIC
1Field: the message integrity check sign indicating number that node A calculates all fields before this field, its computational methods are: MIC
1=h (PID
2, PID
1, TKM
1, e (PID
2, aS
1)).
The 3rd step, receive that authentication request is divided into groups after, Node B checking PID
2Whether be the pseudo-identity of oneself choosing.If not, then abandon this grouping, otherwise, recomputate MIC
1=h (PID
2, PID
1, TKM
1, e (PID
1, bS
2)) and with the MIC that receives
1Compare.If unequal, then abandon this grouping, if equate, structure also sends authentication response and divides into groups to node A.The key request packet content comprises:
PID
1 |
?TKM
1 |
?TKM
2 |
?MIC
2 |
Wherein:
PID
1Field: the PID during its value is divided into groups with authentication request
1Field value is identical;
TKM
2Field: the interim public key information that Node B is chosen, its computational methods are: TKM
2=bP.
MIC
2Field: the message integrity check sign indicating number that Node B is calculated all fields before this field, its computational methods are: MIC
2=h (PID
1, TKM
1, TKM
2, e (PID
1, bS
2), bTKM
1).
The 4th step, receive that authentication response divides into groups after, node A verifies PID
1Whether be the pseudo-identity of oneself choosing, if not, then abandon this grouping, otherwise, checking TKM
1Whether be the interim public key information of oneself choosing.If not, then abandon this grouping, otherwise, recomputate MIC
2=h (PID
1, TKM
1, TKM
2, e (PID
2, aS
1), aTKM
2) and with the MIC that receives
2Compare.If unequal, then abandon this grouping, if equate, structure also sends key confirmation and divides into groups to Node B.Node A accomplishes the anonymous authentication to B, and obtains master key MK=aTKM
2=abP.The key confirmation packet content comprises:
Wherein:
TKM
2Field: the TKM during its value is divided into groups with authentication response
2Field value is identical;
MIC
3Field: the completeness check code that node A calculates all fields before this field, i.e. MIC
3=h (TKM
2, aTKM
2).
The 5th step, receive that key confirmation divides into groups after, Node B checking TKM
2Whether be the interim public key information of oneself choosing.If not, then abandon this grouping, otherwise, recomputate MIC
3=h (TKM
2, bTKM
1) and with the MIC that receives
3Compare.If unequal, then abandon this grouping, if equate, anonymous bidirectional authentication and key agreement process success.Node B is accomplished the anonymous authentication to A, and obtains master key MK=bTKM
1=abP.
Through said process, node A and Node B have realized the anonymous bidirectional authentication, and consult master key MK, and this key can be used to encrypting messages or carry out the message integrity computing.
Wherein, ID
1It is the identity of node A; ID
2It is the identity of Node B; PID
1It is the pseudo-identity that node A chooses; PID
2It is the pseudo-identity that Node B is chosen; TKM
1It is the interim PKI that node A chooses; TKM
2It is the interim PKI that Node B is chosen; MIC is the message integrity check sign indicating number.