CN104270756A - Intra-domain mapping updating authenticating method in identity and position separation network - Google Patents

Intra-domain mapping updating authenticating method in identity and position separation network Download PDF

Info

Publication number
CN104270756A
CN104270756A CN201410577729.5A CN201410577729A CN104270756A CN 104270756 A CN104270756 A CN 104270756A CN 201410577729 A CN201410577729 A CN 201410577729A CN 104270756 A CN104270756 A CN 104270756A
Authority
CN
China
Prior art keywords
ims
oasr
message
nasr
switch router
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201410577729.5A
Other languages
Chinese (zh)
Inventor
郑丽娟
朴春慧
刘丹
赵永斌
祁建刚
郭丹
李昊阳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shijiazhuang Tiedao University
Original Assignee
Shijiazhuang Tiedao University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shijiazhuang Tiedao University filed Critical Shijiazhuang Tiedao University
Priority to CN201410577729.5A priority Critical patent/CN104270756A/en
Publication of CN104270756A publication Critical patent/CN104270756A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses an intra-domain mapping updating authenticating method in an identity and position separation network, and relates to the technical field of communication route or path selection. The method comprises the following steps: (1) constructing an intra-domain mapping updating authenticating model in the identity and position separation network; (2) performing registering; (3) carrying out an intra-domain mapping updating authenticating process in the identity and position separation network. According to the method, replay attack, man-in-the-middle attack, impersonation attack and the like can be effectively resisted, and the confidentiality of a mapping updating message is effectively guaranteed.

Description

Map updating authentication method in territory in identity and locator separation network
Technical field
The present invention relates to communication lines by or routing technique field, particularly relate to map updating authentication method in the territory in a kind of identity and locator separation network.
Background technology
In identity and locator separation network, after mobile node MN (Mobile Node) is mobile in same management domain, new access switch router nASR (new Access Switch Router) first carries out authentication to it.NASR redistributes Route Distinguisher RID (Routing IDentifier) by the mobile node of authentication, the identify label ID (IDentifier) of new Route Distinguisher and mobile node is made into new identity map relation, stored in local user's mapping table, new access switch router nASR is by the new logo mapping relations of mobile node notice mapping server IMS (Identifier Mapping Server).Mapping server is worked in coordination with and these new mapping relations is notified old access switch router oASR (old Access Switch Router), new switching-routing identifier is set to and forwards mark temporarily by old access switch router, the data issuing mobile node are mail to new access switch router, is transmitted to mobile node with this.
In the process, new access switch router is by the new logo mapping relations of mobile node notice mapping server, new logo mapping relations, following mapping server notifies that old access switch router is the key of whole process, the notice of these mapping relations is map updating.Communication Security Problem when being directly connected to node motion to the certification of map updating, if do not adopt safety measure, so may be faced with the full spectrum of threats such as Replay Attack, man-in-the-middle attack in the process of map updating.
Secure binding update mechanism in legacy network as Bake/2 Binding Update process, return routability testing mechanism and can not effectively resist network interception and man-in-the-middle attack; CAM-DH authentication mechanism can not resist man-in-the-middle attack, and such scheme all exists certain defect in fail safe.
Summary of the invention
Technical problem to be solved by this invention is to provide map updating authentication method in the territory in a kind of identity and locator separation network, described method can resist Replay Attack, man-in-the-middle attack, impersonation attack etc. effectively, effectively ensures the confidentiality of map updating message.
For solving the problems of the technologies described above, the technical solution used in the present invention is: map updating authentication method in the territory in a kind of identity and locator separation network, is characterized in that comprising the following steps:
1) mobile node MN be moved after new access switch router nASR be that the mobile node MN of new access distributes Route Distinguisher, generate encrypting messages and timestamp, send to mapping server IMS to verify together with oneself public key certificate and signature;
2) mapping server IMS verifies certificate and the timestamp of new access switch router nASR, and the message of enabling decryption of encrypted, judges whether message is tampered, if find that message is tampered, then terminates verification process; If find that message is not tampered, mapping server IMS upgrades mapping relations, following mapping server IMS generates the message of encryption, sends to mobile node MN not move the old access switch router oASR at front place together with the certificate of mapping server IMS, timestamp and signature;
3) old access switch router oASR verifies certificate and the timestamp of mapping server IMS, and the message of enabling decryption of encrypted, judges whether message is tampered, if find that message is tampered, then terminates verification process; If find that message is not tampered, old access switch router oASR upgrades mapping relations, following old access switch router oASR generates the message of encryption, sends to mapping server IMS together with the certificate of old access switch router oASR, timestamp and signature;
4) mapping server IMS verifies the certificate of old access switch router oASR and timestamp, whether judge that message is not tampered from oASR, if not, then stop verification process, otherwise it is effective that mapping server IMS marks new mapping relations, following mapping server IMS generates encrypting messages and signature information, together with mapping server IMS public key certificate, old access switch router oASR public key certificate and timestamp send to new access switch router nASR to verify;
5) new access switch router nASR verifies the message that IMS sends, if checking is not passed through, certification terminates, map updating procedure failure, otherwise certification is passed through, it is effective that new access switch router nASR marks new mapping relations, and whole map updating verification process terminates.
Further technical scheme is, described step 1) be specially: for mobile node MN distributes Route Distinguisher RID after new access switch router nASR receives mobile node MN access request mN, new access switch router nASR produces random number R n1and R n, and calculate and cryptographic Hash g n: the n power representing g, g is the generator of finite multiplicative group G, and new access switch router nASR sends message (1) to mapping server IMS: wherein, ID mNrepresent the identify label of MN, K nASR, oASRfor newly accessing the shared key of switch router nASR and old access switch router oASR, k nASR, IMSfor newly accessing the shared key between switch router nASR and mapping server IMS, enclose the public key certificate Cert of nASR simultaneously nASRso that mapping server IMS obtains the PKI of nASR, T nASRfor the timestamp that nASR produces, and as the signature of new access switch router nASR, h (X): represent the cryptographic Hash calculating message X with hash function h.
Further technical scheme is, described step 2) be specially: mapping server IMS, after the message (1) receiving new access switch router nASR, first verifies nASR public key certificate Cert in message (1) nASRlegitimacy, check the time stamp T of nASR afterwards nASRwhether be within zone of reasonableness with the error of present system time, afterwards again from public key certificate Cert nASRthe PKI of middle acquisition nASR and in conjunction with the private key SK of mapping server IMS iMS, calculate the shared key between nASR and mapping server IMS message in order to encryption section in decrypt (1): then by deciphering gained get cryptographic Hash, and not encrypt in message (1) whether comparison is seen consistent, after above checking and comparison are all passed through, description messages be sent by nASR and be not tampered, if comparison finds that result is inconsistent, then description messages is tampered, and terminates verification process; If message is not tampered, mapping server IMS is by map updating relation (ID mN, RID mN) stored in mapping relations table, then mapping server IMS produces random number R i, calculate and cryptographic Hash and by (ID mN, RID mN), one reinstates the shared key K between mapping server IMS and old access switch router oASR iMS, oASRencryption, mapping server IMS sends message (2) to old access switch router oASR: wherein random number R iand time stamp T iMScan be used for pre-anti-replay-attack, as the signature of mapping server IMS, old access server oASR can from the certificate Cert of mapping server IMS iMSobtain the PKI of IMS
Further technical scheme is, described step 3) be specially: first old access switch router oASR verifies the public key certificate Cert in message (2) after receiving the message (2) that mapping server IMS sends iMSwhether be legal, reexamine the time stamp T of mapping server IMS afterwards iMSwhether with present system time error within zone of reasonableness, old access switch router oASR is from the public key certificate Cert of mapping server IMS iMSthe identity information of middle acquisition IMS and PKI thereof and in conjunction with the private key SK of oASR oASRcalculate the shared key between old access switch router oASR and mapping server IMS and then use shared key K iMS, oASRencrypting messages part in decrypt (2): obtain (ID mN, RID mN), cert nASR; By wherein get cryptographic Hash, and with message (2) in not encrypt relatively see whether both are identical, if comparison finds that result is inconsistent, then description messages is tampered, terminate verification process, after above checking and contrast are all passed through, illustrate that this message is sent by mapping server IMS really, and this message is not tampered, old access switch router oASR verifies the certificate Cert of new access switch router nASR more afterwards nASRif be verified, then can obtain the PKI of nASR from certificate in conjunction with the private key SK of old access switch router oASR oASR, calculate shared key deciphering obtains last by the mapping relations (ID in message (2) mN, RID mN), can be from in draw by wherein get cryptographic Hash, and with message (2) in there is no encryption section relatively, if both results are consistent, description messages can be tampered, then obtain the identification identifier ID of mobile node MN after decryption mN, oASR inquires about relevant ID in the mapping relations table of oneself mNmapping relations, if exist, then confirm this ID mNlegal;
The mapping relations of mobile node MN are updated to (ID by old access switch router oASR mN, RID mN), these mapping relations are set to forward mark simultaneously temporarily, and produce two random number R o1and R o2, calculate simultaneously with then the shared key be used for sending message encryption use is calculated and use key K oASR, nASRencrypting messages iD mN, then the ciphertext will obtained with one reinstates key K oASR, IMSencryption, finally encloses cert oASR, T oASRwith together, by message (3) send to mapping server IMS, wherein Cert oASRfor the certificate of old access switch router oASR, so that mapping server IMS verifies the identity of oASR and obtains PKI t oASRfor the timestamp that oASR produces, as the signature of old access switch router oASR.
Further technical scheme is, described step 4) be specially: mapping server IMS, after receiving the message (3) of old access switch router oASR, first verifies in message (3) the public key certificate Cert of the old access switch router oASR not having encryption section oASR, and stab T Check-Out Time oASRwhether with the error of present system time within zone of reasonableness, mapping server IMS obtains the identity of oASR and the PKI of oASR from the certificate of oASR afterwards shared key is generated in conjunction with the random number R I previously produced by mapping server IMS use shared key K oASR, IMSencryption section in decrypt (3): obtain with by wherein get cryptographic Hash and encryption section in itself and message (3), will not had contrast, if above checking and contrast are all passed through, illustrate that this message really sends for old access switch router oASR and is not tampered, mapping server IMS is by mapping relations (ID mN, RID mN) be labeled as effectively, then mapping server IMS is in conjunction with private key SK iMSwith by obtain in message (1) generate the shared key between new IMS mapping server and nASR and produce random number R i1, and by message (3) and the certificate Cert of old access switch router oASR oASRtogether, add with newly-generated shared key K iMS, nASRencryption, encloses the certificate Cert of mapping server IMS simultaneously iMSwith new time stamp T ' iMS, as message (4) send to new access switch router nASR together, and as the signature of mapping server IMS.
Further technical scheme is, described step 5) be specially: after new access switch router nASR receives the message (4) sent by mapping server IMS, first check the public key certificate Cert in message (4) iMSwhether legal, then check time stamp T ' iMSwith the error of present system time whether in a rational scope, then newly access switch router nASR from certificate Cert iMSthe identity of middle acquisition mapping server IMS and key, and in conjunction with random number R ngenerate shared key re-use key K iMS, nASRencryption section in decrypt (4): obtain then verify cryptographic Hash and message (4) in there is no encryption section whether equal, next, new access switch router nASR verifies the certificate Cert of old access switch router oASR oASRlegitimacy, from certificate, obtain identity and the PKI of oASR after being verified the shared key calculating old access switch router oASR and newly access between switch router nASR in order to deciphering to obtain after deciphering again to get in cryptographic Hash and message (4) and to encrypt relatively, deciphering obtains with by the random number R newly accessing switch router nASR and produce n1calculating gets relatively, if check and more all pass through, description messages is not tampered and is sent, finally according to ID through mapping server IMS by old access switch router oASR mNby mapping relations (ID mN, RID mN) be labeled as effectively, so far, in whole territory, map updating verification process terminates.
The beneficial effect adopting technique scheme to produce is: (1) provides data confidentiality: in this method except timestamp and public key certificate are expressly transmission, and all the elements are encrypted transmission or are cryptographic Hash transmission.Assailant cannot analyze message content from the message of transmission, thus ensure that the confidentiality of data.
(2) access control: all shared keys are the power of the PKI of both sides in message (1) and message (2), that is, only have sender or recipient's ability decrypt of corresponding message, just can know message content, gain access.And the shared key in message (3) and message (4) is the PKI of transmitting terminal and the random number of receiving terminal jointly calculates and obtain, so also only have transmitting terminal and receiving terminal could according to secret key decryption message, obtain message content, also reach the effect of access control thus.
(3) non repudiation: in each step of method, transmit leg has all done a signature by the cryptographic Hash of private key to random number of oneself, and this signature also only has transmit leg to decipher, therefore can not deny that this message is not that transmit leg sends to transmit leg.And message content all uses shared key encipherment protection; except transmit leg, only have recipient just can know message content; shared key in message (3) and message (4) is that the random number in message (1) and message (2) is calculated, if so recipient have issued message (3) and message (4), illustrate that recipient have received message.
(4) Replay Attack is resisted: hypothesize attack side intercepts and captures the message of transmit leg, again message is sent to recipient after a period of time, namely initiates Replay Attack to recipient.But in the method, except containing except the value relevant with random number in encrypted content, go back plaintext transmission timestamp, if recipient receives identical timestamp or the value relevant with random number already, then the message received afterwards is lost, thus can Replay Attack be resisted.
(5) man-in-the-middle attack is resisted: the shared key in the message (3) and message (4) of method is that the random number of nASR and IMS and the PKI of IMS and oASR calculate gained jointly, if go-between has intercepted message (1) or message (2), then be sent to receiving terminal by internuncial random number, synthesize key by the random number of internuncial PKI and transmit leg simultaneously.Recipient synthesizes key by internuncial random number, then replys message with this secret key encryption.Go-between is with the generating random number PKI of oneself, palm off into the PKI of transmit leg and the PKI of recipient, send to recipient and transmit leg respectively, and synthesize shared key decrypt communication both sides with recipient together with the PKI of transmit leg and send to message each other, again by the message that the secret key encryption from synthesis is sent by recipient, and sending to transmitting terminal, go-between can obtain arbitrarily or revise with transmit leg and recipient's two shared keys the content that two square tubes believe thus.
Occur to prevent this situation, when transmit leg sends random number, just the secret key encryption random number that the PKI of transmit leg and recipient synthesizes has been used, such go-between cannot obtain the private key of two sides, just can not obtain the random number of transmit leg, just cannot synthesize key with transmit leg, institute is can resist man-in-the-middle attack.
(6) impersonation attack is resisted: the certificate that expressly have sent transmit leg in this method, if assailant is for personation transmit leg, then also can only obtain the PKI of transmit leg from certificate, and the key of encrypting messages must could be calculated by the private key of the private key of transmit leg or recipient and be obtained.If recipient is with by the key synthesized from the PKI in certificate and the private key of oneself, but but can not by this secret key decryption message, then and description messages is personation, therefore will abandon this message.
(7) Anti-DoS attack: when assailant palms off new access switch router nASR to the map updating message of mapping server IMS initiation mobile node MN, make the new RID of this map updating message be the RID of target of attack C.If map updating success, then all message mailing to mobile node all will be sent to target of attack C.If all map updatings sent by assailant are all successful, then will a large amount of message be had all to send to target of attack C, C cannot be communicated normally.This attack is called DoS attack.
In the method, owing to all addition of the certificate of transmit leg in each step, when recipient receives message, the thing first will done is exactly verify the certificate in message.If certification authentication found that message is not that the transmit leg claimed of message sends, then think that this message is false and abandons.Because the certificate of assailant and enable acquisition nASR, but but cannot learn the private key SK of nASR nASR, thus the shared key of nASR and IMS or the shared key of nASR and oASR cannot be synthesized in order to decrypt messages.So assailant cannot carry out DoS attack to this method.
Accompanying drawing explanation
Below in conjunction with the drawings and specific embodiments, the present invention is further detailed explanation.
Fig. 1 is map updating authentication model figure in territory in the present invention;
Fig. 2 is map updating verification process in the territory in the present invention in identity and locator separation network.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only a part of embodiment of the present invention, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
Set forth a lot of detail in the following description so that fully understand the present invention, but the present invention can also adopt other to be different from alternate manner described here to implement, those skilled in the art can when without prejudice to doing similar popularization when intension of the present invention, therefore the present invention is by the restriction of following public specific embodiment.
Can use some english abbreviations in the present invention, specific explanations is as follows
ID mN: the identify label representing MN;
RID mN: the Route Distinguisher representing MN;
A → B:X: represent that A sends message X to B;
PK a/ SK a: the public/private keys pair representing A, wherein
K a,B: represent the shared key between A and B;
[X] k: the ciphertext that expression key K obtains after using symmetric encipherment algorithm encryption to message X;
the private key SK of expression A athe signing messages obtained after Digital Signature Algorithm signature is used to message X;
G n: the n power representing g, g is the generator of finite multiplicative group G;
Cert a: the public key certificate representing A;
OASR: represent that mobile node MN does not move the old access switch router at front place;
NASR: the new access switch router after expression mobile node MN is moved;
MN: represent mobile node;
IMS: represent mapping server;
T a: represent the timestamp produced by A;
H: represent HASH function;
H (X): represent the cryptographic Hash calculating message X with hash function h.
The invention discloses map updating authentication method in the territory in a kind of identity and locator separation network, comprise the following steps:
(1) map updating authentication model in the territory in identity and locator separation network: in concrete territory, map updating authentication model as shown in Figure 1, in this model, MN (Mobile Node) is mobile node, IMS (Identifier Mapping Server) is mapping server, be used for storing the mapping relations of this territory interior nodes, AC (Authentication Center) is responsible for the identity of checking access switch router ASR (Access Switch Router) and mapping server etc., and be that access switch router and mapping server sign and issue public key certificate.In local domain, MN is by ASR access network.
Suppose that mobile node MN moves to nASR (new Access Switch Router) from oASR (old Access Switch Router), nASR can distribute new mapping relations pair for MN, in order to ensure the communication that mobile node is follow-up, need to carry out map updating, new access switch router is by the new logo mapping relations of mobile node notice mapping server, following mapping server notifies old access switch router new logo mapping relations, specifically as shown in phantom in Figure 1.
(2) registration process: mapping server IMS (Identifier Mapping Server), oASR and nASR register, authentication center AC (Authentication Center) verifies that its identity is credible, after being verified, generate public key certificate Cert corresponding to IMS, oASR and nASR by AC iMS, Cert oASR, Cert nASR.
(3) map updating verification process in the territory in identity and locator separation network:
In territory in identity and locator separation network, map updating verification process is as described below, be illustrated in figure 2 the signal flow graph of map updating verification process in the territory in identity and locator separation network, upgrade authentication method general procedure as follows: nASR produces message (1) and message (1) is sent to IMS; IMS receipt message (1) is also decrypted checking generation message (2) to message (1), and message (2) is sent to oASR; OASR receipt message (2) is also decrypted checking to message (2), produces message (3), and message (3) is sent to IMS; IMS receipt message (3) is also decrypted checking to message (3), produces message (4) and message (4) is sent to nASR; NASR receipt message (4) is also decrypted checking to it, completes whole map updating verification process.
(1)
(2)
(3)
(4)
Specifically comprise following sub-step:
Sub-step 1): the new access switch router nASR after mobile node MN is moved is that the mobile node MN of new access distributes Route Distinguisher, generate encrypting messages and timestamp, send to mapping server IMS to verify together with oneself public key certificate and signature.
Detailed step is as follows:
For mobile node MN distributes Route Distinguisher RID after new access switch router nASR receives mobile node MN access request mN, new access switch router nASR produces random number R n1and R n, and calculate and cryptographic Hash g n: the n power representing g, g is the generator of finite multiplicative group G, and new access switch router nASR sends message (1) to mapping server IMS: wherein, ID mNrepresent the identify label of MN, K nASR, oASRfor newly accessing the shared key of switch router nASR and old access switch router oASR, k nASR, IMSfor newly accessing the shared key between switch router nASR and mapping server IMS, enclose the public key certificate Cert of nASR simultaneously nASRso that mapping server IMS obtains the PKI of nASR, T nASRfor the timestamp that nASR produces, and as the signature of new access switch router nASR, h (X): represent the cryptographic Hash calculating message X with hash function h.
Sub-step 2): mapping server IMS verifies certificate and the timestamp of new access switch router nASR, and the message of enabling decryption of encrypted, judges whether message is tampered, if find that message is tampered, then terminates verification process; If find that message is not tampered, mapping server IMS upgrades mapping relations, following mapping server IMS generates the message of encryption, sends to mobile node MN not move the old access switch router oASR at front place together with the certificate of mapping server IMS, timestamp and signature;
Detailed step is as follows:
Mapping server IMS, after the message (1) receiving new access switch router nASR, first verifies nASR public key certificate Cert in message (1) nASRlegitimacy, check the time stamp T of nASR afterwards nASRwhether be within zone of reasonableness with the error of present system time, afterwards again from public key certificate Cert nASRthe PKI of middle acquisition nASR and in conjunction with the private key SK of mapping server IMS iMS, calculate the shared key between nASR and mapping server IMS message in order to encryption section in decrypt (1): then by deciphering gained get cryptographic Hash, and not encrypt in message (1) whether comparison is seen consistent, after above checking and comparison are all passed through, description messages be sent by nASR and be not tampered, if comparison finds that result is inconsistent, then description messages is tampered, and terminates verification process; If message is not tampered, mapping server IMS is by map updating relation (ID mN, RID mN) stored in mapping relations table, then mapping server IMS produces random number R i, calculate and cryptographic Hash and by (ID mN, RID mN), one reinstates the shared key K between mapping server IMS and old access switch router oASR iMS, oASRencryption, mapping server IMS sends message (2) to old access switch router oASR: wherein random number R iand time stamp T iMScan be used for pre-anti-replay-attack, as the signature of mapping server IMS, old access server oASR can from the certificate Cert of mapping server IMS iMSobtain the PKI of IMS
Sub-step 3): old access switch router oASR verifies certificate and the timestamp of mapping server IMS, and the message of enabling decryption of encrypted, judges whether message is tampered, if find that message is tampered, then terminates verification process; If find that message is not tampered, old access switch router oASR upgrades mapping relations, and following old access switch router oASR generates the message of encryption, and together with the certificate of old access switch router oASR, timestamp and signature send to mapping server IMS.
Detailed step is as follows:
First old access switch router oASR verifies the public key certificate Cert in message (2) after receiving the message (2) that mapping server IMS sends iMSwhether be legal, reexamine the time stamp T of mapping server IMS afterwards iMSwhether with present system time error within zone of reasonableness, old access switch router oASR is from the public key certificate Cert of mapping server IMS iMSthe identity information of middle acquisition IMS and PKI thereof and in conjunction with the private key SK of oASR oASRcalculate the shared key between old access switch router oASR and mapping server IMS and then use shared key K iMS, oASRencrypting messages part in decrypt (2): obtain cert nASR; By wherein get cryptographic Hash, and with message (2) in not encrypt relatively see whether both are identical, if comparison finds that result is inconsistent, then description messages is tampered, terminate verification process, after above checking and contrast are all passed through, illustrate that this message is sent by mapping server IMS really, and this message is not tampered, old access switch router oASR verifies the certificate Cert of new access switch router nASR more afterwards nASRif be verified, then can obtain the PKI of nASR from certificate in conjunction with the private key SK of old access switch router oASR oASR, calculate shared key deciphering obtains last by the mapping relations (ID in message (2) mN, RID mN), can be from in draw by wherein get cryptographic Hash, and with message (2) in there is no encryption section relatively, if both results are consistent, description messages can be tampered, then obtain the identification identifier ID of mobile node MN after decryption mN, oASR inquires about relevant ID in the mapping relations table of oneself mNmapping relations, if exist, then confirm this ID mNlegal.
The mapping relations of mobile node MN are updated to (ID by old access switch router oASR mN, RID mN), these mapping relations are set to forward mark simultaneously temporarily, and produce two random number R o1and R o2, calculate simultaneously with then the shared key be used for sending message encryption use is calculated and use key K oASR, nASRencrypting messages then the ciphertext will obtained with one reinstates key K oASR, IMSencryption, finally encloses with together, by message (3) send to mapping server IMS, wherein Cert oASRfor the certificate of old access switch router oASR, so that mapping server IMS verifies the identity of oASR and obtains PKI for the timestamp that oASR produces, as the signature of old access switch router oASR.
Sub-step 4): mapping server IMS verifies the certificate of old access switch router oASR and timestamp, whether judge that message is not tampered from oASR, if not, then stop verification process, otherwise it is effective that mapping server IMS marks new mapping relations, following mapping server IMS generates encrypting messages and signature information, together with mapping server IMS public key certificate, old access switch router oASR public key certificate and timestamp send to new access switch router nASR to verify.
Detailed step is as follows:
Mapping server IMS, after receiving the message (3) of old access switch router oASR, first verifies in message (3) the public key certificate Cert of the old access switch router oASR not having encryption section oASR, and stab T Check-Out Time oASRwhether with the error of present system time within zone of reasonableness, mapping server IMS obtains the identity of oASR and the PKI of oASR from the certificate of oASR afterwards in conjunction with the random number R previously produced by mapping server IMS igenerate shared key use shared key K oASR, IMSencryption section in decrypt (3): obtain with by wherein get cryptographic Hash and encryption section in itself and message (3), will not had contrast, if above checking and contrast are all passed through, illustrate that this message really sends for old access switch router oASR and is not tampered, mapping server IMS is by mapping relations (ID mN, RID mN) be labeled as effectively, then mapping server IMS is in conjunction with private key SK iMSwith by obtain in message (1) generate the shared key between new IMS mapping server and nASR and produce random number R i1, and by message (3) and the certificate Cert of old access switch router oASR oASRtogether, add with newly-generated shared key K iMS, nASRencryption, encloses the certificate Cert of mapping server IMS simultaneously iMSwith new time stamp T ' iMS, as message (4) send to new access switch router nASR together, and as the signature of mapping server IMS.
Sub-step 5): new access switch router nASR verifies the message that IMS sends, if checking is not passed through, certification terminates, map updating procedure failure, otherwise certification is passed through, it is effective that new access switch router nASR marks new mapping relations, and whole map updating verification process terminates.
Detailed step is as follows:
First new access switch router nASR checks the public key certificate Cert in message (4) after receiving the message (4) sent by mapping server IMS iMSwhether legal, then check time stamp T ' iMSwith the error of present system time whether in a rational scope, then newly access switch router nASR from certificate Cert iMSthe identity of middle acquisition mapping server IMS and key, and in conjunction with random number R ngenerate shared key re-use key K iMS, nASRencryption section in decrypt (4): obtain then verify cryptographic Hash and message (4) in there is no encryption section whether equal, next, new access switch router nASR verifies the certificate Cert of old access switch router oASR oASRlegitimacy, from certificate, obtain identity and the PKI of oASR after being verified the shared key calculating old access switch router oASR and newly access between switch router nASR in order to deciphering to obtain after deciphering again to get in cryptographic Hash and message (4) and to encrypt relatively, deciphering obtains with by the random number R newly accessing switch router nASR and produce n1calculating gets relatively, if check and more all pass through, description messages is not tampered and is sent, finally according to ID through mapping server IMS by old access switch router oASR mNby mapping relations (ID mN, RID mN) be labeled as effectively, so far, in whole territory, map updating verification process terminates.
Compared with prior art, the present invention has following beneficial effect:
(1) provide data confidentiality: in this method except timestamp and public key certificate are expressly transmission, all the elements are encrypted transmission or are cryptographic Hash transmission.Assailant cannot analyze message content from the message of transmission, thus ensure that the confidentiality of data.
(2) access control: all shared keys are the power of the PKI of both sides in message (1) and message (2), that is, only have sender or recipient's ability decrypt of corresponding message, just can know message content, gain access.And the shared key in message (3) and message (4) is the PKI of transmitting terminal and the random number of receiving terminal jointly calculates and obtain, so also only have transmitting terminal and receiving terminal could according to secret key decryption message, obtain message content, also reach the effect of access control thus.
(3) non repudiation: in each step of method, transmit leg has all done a signature by the cryptographic Hash of private key to random number of oneself, and this signature also only has transmit leg to decipher, therefore can not deny that this message is not that transmit leg sends to transmit leg.And message content all uses shared key encipherment protection; except transmit leg, only have recipient just can know message content; shared key in message (3) and message (4) is that the random number in message (1) and message (2) is calculated, if so recipient have issued message (3) and message (4), illustrate that recipient have received message.
(4) Replay Attack is resisted: hypothesize attack side intercepts and captures the message of transmit leg, again message is sent to recipient after a period of time, namely initiates Replay Attack to recipient.But in the method, except containing except the value relevant with random number in encrypted content, go back plaintext transmission timestamp, if recipient receives identical timestamp or the value relevant with random number already, then the message received afterwards is lost, thus can Replay Attack be resisted.
(5) man-in-the-middle attack is resisted: the shared key in the message (3) and message (4) of method is that the random number of nASR and IMS and the PKI of IMS and oASR calculate gained jointly, if go-between has intercepted message (1) or message (2), then be sent to receiving terminal by internuncial random number, synthesize key by the random number of internuncial PKI and transmit leg simultaneously.Recipient synthesizes key by internuncial random number, then replys message with this secret key encryption.Go-between is with the generating random number PKI of oneself, palm off into the PKI of transmit leg and the PKI of recipient, send to recipient and transmit leg respectively, and synthesize shared key decrypt communication both sides with recipient together with the PKI of transmit leg and send to message each other, again by the message that the secret key encryption from synthesis is sent by recipient, and sending to transmitting terminal, go-between can obtain arbitrarily or revise with transmit leg and recipient's two shared keys the content that two square tubes believe thus.
Occur to prevent this situation, when transmit leg sends random number, just the secret key encryption random number that the PKI of transmit leg and recipient synthesizes has been used, such go-between cannot obtain the private key of two sides, just can not obtain the random number of transmit leg, just cannot synthesize key with transmit leg, institute is can resist man-in-the-middle attack.
(6) impersonation attack is resisted: the certificate that expressly have sent transmit leg in this method, if assailant is for personation transmit leg, then also can only obtain the PKI of transmit leg from certificate, and the key of encrypting messages must could be calculated by the private key of the private key of transmit leg or recipient and be obtained.If recipient is with by the key synthesized from the PKI in certificate and the private key of oneself, but but can not by this secret key decryption message, then and description messages is personation, therefore will abandon this message.
(7) Anti-DoS attack: when assailant palms off new access switch router nASR to the map updating message of mapping server IMS initiation mobile node MN, make the new RID of this map updating message be the RID of target of attack C.If map updating success, then all message mailing to mobile node all will be sent to target of attack C.If all map updatings sent by assailant are all successful, then will a large amount of message be had all to send to target of attack C, C cannot be communicated normally.This attack is called DoS attack.
In the method, owing to all addition of the certificate of transmit leg in each step, when recipient receives message, the thing first will done is exactly verify the certificate in message.If certification authentication found that message is not that the transmit leg claimed of message sends, then think that this message is false and abandons.Because the certificate of assailant and enable acquisition nASR, but but cannot learn the private key SK of nASR nASR, thus the shared key of nASR and IMS or the shared key of nASR and oASR cannot be synthesized in order to decrypt messages, so assailant cannot carry out DoS attack to this method.

Claims (6)

1. a map updating authentication method in the territory in identity and locator separation network, is characterized in that comprising the following steps:
1) mobile node MN be moved after new access switch router nASR be that the mobile node MN of new access distributes Route Distinguisher, generate encrypting messages and timestamp, send to mapping server IMS to verify together with oneself public key certificate and signature;
2) mapping server IMS verifies certificate and the timestamp of new access switch router nASR, and the message of enabling decryption of encrypted, judges whether message is tampered, if find that message is tampered, then terminates verification process; If find that message is not tampered, mapping server IMS upgrades mapping relations, following mapping server IMS generates the message of encryption, sends to mobile node MN not move the old access switch router oASR at front place together with the certificate of mapping server IMS, timestamp and signature;
3) old access switch router oASR verifies certificate and the timestamp of mapping server IMS, and the message of enabling decryption of encrypted, judges whether message is tampered, if find that message is tampered, then terminates verification process; If find that message is not tampered, old access switch router oASR upgrades mapping relations, following old access switch router oASR generates the message of encryption, sends to mapping server IMS together with the certificate of old access switch router oASR, timestamp and signature;
4) mapping server IMS verifies the certificate of old access switch router oASR and timestamp, whether judge that message is not tampered from oASR, if not, then stop verification process, otherwise it is effective that mapping server IMS marks new mapping relations, following mapping server IMS generates encrypting messages and signature information, together with mapping server IMS public key certificate, old access switch router oASR public key certificate and timestamp send to new access switch router nASR to verify;
5) new access switch router nASR verifies the message that IMS sends, if checking is not passed through, certification terminates, map updating procedure failure, otherwise certification is passed through, it is effective that new access switch router nASR marks new mapping relations, and whole map updating verification process terminates.
2. map updating authentication method in the territory in identity according to claim 1 and locator separation network, is characterized in that, described step 1) be specially:
For mobile node MN distributes Route Distinguisher RID after new access switch router nASR receives mobile node MN access request mN, new access switch router nASR produces random number R n1and R n, and calculate and cryptographic Hash g n: the n power representing g, g is the generator of finite multiplicative group G, and new access switch router nASR sends message (1) to mapping server IMS: cert nASR, T nASR, wherein, ID mNrepresent the identify label of MN, K nASR, oASRfor newly accessing the shared key of switch router nASR and old access switch router oASR, k nASR, IMSfor newly accessing the shared key between switch router nASR and mapping server IMS, enclose the public key certificate Cert of nASR simultaneously nASRso that mapping server IMS obtains the PKI of nASR, T nASRfor the timestamp that nASR produces, and as the signature of new access switch router nASR, h (X): represent the cryptographic Hash calculating message X with hash function h.
3. map updating authentication method in the territory in identity according to claim 1 and locator separation network, is characterized in that, described step 2) be specially:
Mapping server IMS, after the message (1) receiving new access switch router nASR, first verifies nASR public key certificate Cert in message (1) nASRlegitimacy, check the time stamp T of nASR afterwards nASRwhether be within zone of reasonableness with the error of present system time, afterwards again from public key certificate Cert nASRthe PKI of middle acquisition nASR and in conjunction with the private key SK of mapping server IMS iMS, calculate the shared key between nASR and mapping server IMS message in order to encryption section in decrypt (1): then by deciphering gained get cryptographic Hash, and not encrypt in message (1) whether comparison is seen consistent, after above checking and comparison are all passed through, description messages be sent by nASR and be not tampered, if comparison finds that result is inconsistent, then description messages is tampered, and terminates verification process; If message is not tampered, mapping server IMS is by map updating relation (ID mN, RID mN) stored in mapping relations table, then mapping server IMS produces random number R i, calculate and cryptographic Hash and by (ID mN, RID mN), one reinstates the shared key K between mapping server IMS and old access switch router oASR iMS, oASRencryption, mapping server IMS sends message (2) to old access switch router oASR: cert iMS, T iMS, wherein K IMS , oASR = g ( SK IMS * SK oASR ) , Random number R iand time stamp T iMScan be used for pre-anti-replay-attack, as the signature of mapping server IMS, old access server oASR can from the certificate Cert of mapping server IMS iMSobtain the PKI of IMS PK IMS = g SK IMS .
4. map updating authentication method in the territory in identity according to claim 1 and locator separation network, is characterized in that, described step 3) be specially:
First old access switch router oASR verifies the public key certificate Cert in message (2) after receiving the message (2) that mapping server IMS sends iMSwhether be legal, reexamine the time stamp T of mapping server IMS afterwards iMSwhether with present system time error within zone of reasonableness, old access switch router oASR is from the public key certificate Cert of mapping server IMS iMSthe identity information of middle acquisition IMS and PKI thereof and in conjunction with the private key SK of oASR oASRcalculate the shared key between old access switch router oASR and mapping server IMS and then use shared key K iMS, oASRencrypting messages part in decrypt (2): obtain (ID mN, RID mN), cert nASR; By wherein get cryptographic Hash, and with message (2) in not encrypt relatively see whether both are identical, if comparison finds that result is inconsistent, then description messages is tampered, terminate verification process, after above checking and contrast are all passed through, illustrate that this message is sent by mapping server IMS really, and this message is not tampered, old access switch router oASR verifies the certificate Cert of new access switch router nASR more afterwards nASRif be verified, then can obtain the PKI of nASR from certificate in conjunction with the private key SK of old access switch router oASR oASR, calculate shared key deciphering obtains last by the mapping relations (ID in message (2) mN, RID mN), can be from in draw by wherein get cryptographic Hash, and with message (2) in there is no encryption section relatively, if both results are consistent, description messages can be tampered, then obtain the identification identifier ID of mobile node MN after decryption mN, oASR inquires about relevant ID in the mapping relations table of oneself mNmapping relations, if exist, then confirm this ID mNlegal;
The mapping relations of mobile node MN are updated to (ID by old access switch router oASR mN, RID mN), these mapping relations are set to forward mark simultaneously temporarily, and produce two random number R o1and R o2, calculate simultaneously with then the shared key be used for sending message encryption use is calculated K oASR , nASR = g ( R N 1 * SK oASR ) And K oASR , IMS = g ( R I * SK oASR ) , Use key K oASR, nASRencrypting messages iD mN, then the ciphertext will obtained with one reinstates key K oASR, IMSencryption, finally encloses cert oASR, T oASRwith together, by message (3) cert oASR, T oASR, send to mapping server IMS, wherein Cert oASRfor the certificate of old access switch router oASR, so that mapping server IMS verifies the identity of oASR and obtains PKI t oASRfor the timestamp that oASR produces, as the signature of old access switch router oASR.
5. map updating authentication method in the territory in identity according to claim 1 and locator separation network, is characterized in that, described step 4) be specially:
Mapping server IMS, after receiving the message (3) of old access switch router oASR, first verifies in message (3) the public key certificate Cert of the old access switch router oASR not having encryption section oASR, and stab T Check-Out Time oASRwhether with the error of present system time within zone of reasonableness, mapping server IMS obtains the identity of oASR and the PKI of oASR from the certificate of oASR afterwards in conjunction with the random number R previously produced by mapping server IMS igenerate shared key use shared key K oASR, IMSencryption section in decrypt (3): obtain with by wherein get cryptographic Hash and encryption section in itself and message (3), will not had contrast, if above checking and contrast are all passed through, illustrate that this message really sends for old access switch router oASR and is not tampered, mapping server IMS is by mapping relations (ID mN, RID mN) be labeled as effectively, then mapping server IMS is in conjunction with private key SK iMSwith by obtain in message (1) generate the shared key between new IMS mapping server and nASR K IMS , nASR = g ( R N * SK IMS ) , And produce random number R i1, and by message (3) and the certificate Cert of old access switch router oASR oASRtogether, add with newly-generated shared key K iMS, nASRencryption, encloses the certificate Cert of mapping server IMS simultaneously iMSwith new time stamp T ' iMS, as message (4) cert iMS, T ' iMS, send to new access switch router nASR together, and as the signature of mapping server IMS.
6. map updating authentication method in the territory in identity according to claim 1 and locator separation network, is characterized in that, described step 5) be specially:
First new access switch router nASR checks the public key certificate Cert in message (4) after receiving the message (4) sent by mapping server IMS iMSwhether legal, then check time stamp T ' iMSwith the error of present system time whether in a rational scope, then newly access switch router nASR from certificate Cert iMSthe identity of middle acquisition mapping server IMS and key, and in conjunction with random number R ngenerate shared key K IMS , nASR = g ( R N * SK IMS ) , Re-use key K iMS, nASRencryption section in decrypt (4): obtain cert oASR, then verify cryptographic Hash and message (4) in there is no encryption section whether equal, next, new access switch router nASR verifies the certificate Cert of old access switch router oASR oASRlegitimacy, from certificate, obtain identity and the PKI of oASR after being verified the shared key calculating old access switch router oASR and newly access between switch router nASR K oASR , nASR = g ( R N 1 * SK oASR ) , In order to deciphering to obtain after deciphering again to get in cryptographic Hash and message (4) and to encrypt relatively, deciphering obtains with by the random number R newly accessing switch router nASR and produce n1calculating gets relatively, if check and more all pass through, description messages is not tampered and is sent, finally according to ID through mapping server IMS by old access switch router oASR mNby mapping relations (ID mN, RID mN) be labeled as effectively, so far, in whole territory, map updating verification process terminates.
CN201410577729.5A 2014-10-24 2014-10-24 Intra-domain mapping updating authenticating method in identity and position separation network Pending CN104270756A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410577729.5A CN104270756A (en) 2014-10-24 2014-10-24 Intra-domain mapping updating authenticating method in identity and position separation network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410577729.5A CN104270756A (en) 2014-10-24 2014-10-24 Intra-domain mapping updating authenticating method in identity and position separation network

Publications (1)

Publication Number Publication Date
CN104270756A true CN104270756A (en) 2015-01-07

Family

ID=52162227

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410577729.5A Pending CN104270756A (en) 2014-10-24 2014-10-24 Intra-domain mapping updating authenticating method in identity and position separation network

Country Status (1)

Country Link
CN (1) CN104270756A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106850207A (en) * 2017-02-28 2017-06-13 南方电网科学研究院有限责任公司 Identity identifying method and system without CA
WO2017113404A1 (en) * 2015-12-31 2017-07-06 华为技术有限公司 Network node, packet transmission method and network
CN108352982A (en) * 2015-10-23 2018-07-31 Kddi株式会社 Communication device, communication means and computer program
CN109450641A (en) * 2018-10-25 2019-03-08 烟台市奥境数字科技有限公司 A kind of high-end die information management system access control method
CN110138734A (en) * 2019-04-10 2019-08-16 天津大学 The safety enhancing system and method for confrontation man-in-the-middle attack based on tls protocol

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101667916A (en) * 2009-09-28 2010-03-10 北京交通大学 Method of identifying user identity by digital certificate based on separating mapping network
CN102355663A (en) * 2011-06-30 2012-02-15 北京交通大学 Credible inter-domain rapid authentication method on basis of separation mechanism network
CN103139218A (en) * 2013-02-27 2013-06-05 石家庄铁道大学 Mapping updating authentication method among credible regions in separation mechanism networks

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101667916A (en) * 2009-09-28 2010-03-10 北京交通大学 Method of identifying user identity by digital certificate based on separating mapping network
CN102355663A (en) * 2011-06-30 2012-02-15 北京交通大学 Credible inter-domain rapid authentication method on basis of separation mechanism network
CN103139218A (en) * 2013-02-27 2013-06-05 石家庄铁道大学 Mapping updating authentication method among credible regions in separation mechanism networks

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
郑丽娟 等: "映射更新认证协议的设计", 《2010 3RD INTERNATIONAL SYMPOSIUM ON KNOWLEDGE ACQUISITION AND MODELING》 *
郑丽娟: "身份与位置分离网络中认证协议的研究与设计", 《中国博士学位论文全文数据库 信息科技辑》 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108352982A (en) * 2015-10-23 2018-07-31 Kddi株式会社 Communication device, communication means and computer program
CN108352982B (en) * 2015-10-23 2021-06-04 Kddi株式会社 Communication device, communication method, and recording medium
WO2017113404A1 (en) * 2015-12-31 2017-07-06 华为技术有限公司 Network node, packet transmission method and network
CN106850207A (en) * 2017-02-28 2017-06-13 南方电网科学研究院有限责任公司 Identity identifying method and system without CA
CN109450641A (en) * 2018-10-25 2019-03-08 烟台市奥境数字科技有限公司 A kind of high-end die information management system access control method
CN110138734A (en) * 2019-04-10 2019-08-16 天津大学 The safety enhancing system and method for confrontation man-in-the-middle attack based on tls protocol

Similar Documents

Publication Publication Date Title
Cui et al. HCPA-GKA: A hash function-based conditional privacy-preserving authentication and group-key agreement scheme for VANETs
JP5432999B2 (en) Encryption key distribution system
CN102594558B (en) Anonymous digital certificate system and verification method of trustable computing environment
CN102647461B (en) Communication means based on HTTP, server, terminal
CN102036242B (en) Access authentication method and system in mobile communication network
CN110971415A (en) Space-ground integrated space information network anonymous access authentication method and system
CN108683501B (en) Multiple identity authentication system and method with timestamp as random number based on quantum communication network
CN102355663B (en) Credible inter-domain rapid authentication method on basis of separation mechanism network
CN104735068A (en) SIP security authentication method based on commercial passwords
CN103118363B (en) A kind of method of mutual biography secret information, system, terminal unit and platform device
CN101808142B (en) Method and device for realizing trusted network connection through router or switch
CN106027239A (en) Multi-receiver signcryption method based on keyless trusteeship problem of elliptic curve
CN103763356A (en) Establishment method, device and system for connection of secure sockets layers
CN105049401A (en) Secure communication method based on intelligent vehicle
CN104270756A (en) Intra-domain mapping updating authenticating method in identity and position separation network
CN105681470A (en) Communication method, server and terminal based on hypertext transfer protocol
CN101378320A (en) Authentication method and system
CN103929745A (en) Wireless MESH network access authentication system and method based on privacy protection
Wang et al. Improving the security of LTE-R for high-speed railway: from the access authentication view
CN105681362A (en) Client and server communication method capable of protecting geographic position privacy
Wang et al. ARPLR: An all-round and highly privacy-preserving location-based routing scheme for VANETs
Mäurer et al. Advancing the Security of LDACS
CN114154125A (en) Certificateless identity authentication scheme of blockchain under cloud computing environment
Luring et al. Analysis of security features in DLMS/COSEM: Vulnerabilities and countermeasures
CN106209384B (en) Use the client terminal of security mechanism and the communication authentication method of charging unit

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20150107