CN113038465B - Revocable certificateless condition privacy protection authentication method in self-organizing network - Google Patents

Revocable certificateless condition privacy protection authentication method in self-organizing network Download PDF

Info

Publication number
CN113038465B
CN113038465B CN202110215530.8A CN202110215530A CN113038465B CN 113038465 B CN113038465 B CN 113038465B CN 202110215530 A CN202110215530 A CN 202110215530A CN 113038465 B CN113038465 B CN 113038465B
Authority
CN
China
Prior art keywords
client
application server
identity
key
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN202110215530.8A
Other languages
Chinese (zh)
Other versions
CN113038465A (en
Inventor
汪益民
丁玉莹
高琪娟
刘阳
朱军
张友华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Anhui Agricultural University AHAU
Original Assignee
Anhui Agricultural University AHAU
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Anhui Agricultural University AHAU filed Critical Anhui Agricultural University AHAU
Priority to CN202110215530.8A priority Critical patent/CN113038465B/en
Publication of CN113038465A publication Critical patent/CN113038465A/en
Application granted granted Critical
Publication of CN113038465B publication Critical patent/CN113038465B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/009Security arrangements; Authentication; Protecting privacy or anonymity specially adapted for networks, e.g. wireless sensor networks, ad-hoc networks, RFID networks or cloud networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/18Self-organising networks, e.g. ad-hoc networks or sensor networks
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Small-Scale Networks (AREA)

Abstract

The application discloses a revocable certificateless condition privacy protection authentication method in a self-organizing network, which comprises a system initialization stage, an authentication stage and a revocation stage between a client and an AP, wherein the system initialization stage comprises public parameter generation and user registration, public parameter production is used for generating system parameters through NM, so that data establishment is facilitated, the user registration is used for submitting real identity information and facilitating generation and sending of a public key and a private key, the authentication stage between the client and the AP comprises identity authentication and session key establishment, the identity authentication is used for authenticating whether the identity between the client and the AP is legal or not, the session key establishment is used for enhancing the confidentiality strength of body information of a patient, and the revocation stage comprises revealing the real identity of the user and revoking a malicious user. According to the scheme, the legality of the doctor and the patient is ensured, the authentication cost is reduced, and meanwhile the timely efficiency and the calculation efficiency of user revocation are improved.

Description

Revocable certificateless condition privacy protection authentication method in self-organizing network
Technical Field
The application relates to the technical field of security privacy protection in modern medical care systems, in particular to a revocable certificateless condition privacy protection authentication method in an ad hoc network.
Background
As a part of modern medical systems, with the rapid development of wireless communication, sensors and network technologies, a wireless body area network was proposed as a part of a health care system in 1996, a WBAN is an ad hoc network formed of low power medical sensors worn around the body and embedded in the body, which can monitor biological information of blood pressure, heart rate, pulse, etc. of a patient in real time through the sensors and then transmit the information to a remote medical server through a mobile device, and a remote doctor or a specialist can provide a correct diagnosis plan for the patient according to the information.
As a basis of medical diagnosis, personal biometric information collected by WBANs, which are operated in a wireless communication environment, is very important and sensitive, and thus how to protect personal privacy and data security is an important problem to be solved, in recent years, many anonymous authentication schemes have been proposed to provide authentication and privacy protection while also ensuring confidentiality, integrity and non-repudiation by using a shared key, however, existing schemes generally have high authentication costs, many of which are not high in computational efficiency and revocation efficiency and do not revoke users from WBANs in time.
Disclosure of Invention
The main objective of the present application is to provide a revocable certificateless conditional privacy protection authentication method in an ad hoc network, so as to solve the problems that the existing schemes in the related art are high in authentication cost, and many schemes are low in computation efficiency and revocation efficiency, and cannot revoke users from WBANs in time.
In order to achieve the above object, the present application provides a revocable certificateless conditional privacy protection authentication method in an ad hoc network, which includes a system initialization phase, an authentication phase between a client and an application server AP, and a revocation phase.
The system initialization stage is connected with the authentication stage signal between the client and the application server AP, and the authentication stage between the client and the application server AP is connected with the revocation stage signal.
The system initialization stage comprises public parameter generation and user registration;
the public parameter production is used for generating system parameters through Network management, so that the data establishment is facilitated;
the user registration is used for submitting real identity information, so that a public key and a private key can be generated and sent conveniently;
the authentication stage between the client and the AP comprises identity authentication and session key establishment;
the identity authentication is used for authenticating whether the identity between the client and the application server AP is legal or not;
the establishment of the session key is used for enhancing the confidentiality strength of the body information of the patient and reducing the risk of information leakage;
the revocation phase comprises revealing the real identity of a user and revoking a malicious user;
the true identity of the user is used for verifying the true identity and the false identity of the user through Network management and revealing a malicious user;
and the malicious user revocation is used for revoking the legal identity of the malicious user.
In one embodiment of the present application, the system initialization phase includes the steps of:
s1, generating parameters, wherein the Network manager is responsible for generating system parameters;
and S2, registering the user, submitting the real identity to a Network management by the user (including the client C and the application server AP), and generating a public and private key pair after the Network management is verified to be legal, wherein the private key is sent to the user through a safety channel, and the public key is published to the outside.
In one embodiment of the present application, the parameter generation comprises the steps of:
s1, selecting two large elements p and q at random by Network manager, and defining one as y2=x3Nonsingular elliptic curve E of + ax + bmod (where a, b ∈ F)P) And in group GqRandomly selecting a generating element P;
s2, selecting Network manager randomly
Figure GDA0003553727100000031
As the system master key, the system public key P is calculatedpub=sNMP;
S3, selecting a plurality of safe hash functions by the Network manager:
Figure GDA0003553727100000032
s4, selecting one RC in the ith area randomly
Figure GDA0003553727100000033
As the region private key, calculate the region public key Qi=siP;
S5, common parameter delta ═ { P, P of Network management broadcast systempub,Hi}。
In one embodiment of the present application, the user registration includes the following steps:
s1, selecting randomly by client C
Figure GDA0003553727100000034
As its own partial private key and by calculating XC=xCP gets the public key XCIdentify its true identity IDCAnd public key XCSubmitting to Network management, verifying identity validity through Network management, if verification is valid, generating another public key Y by Network managementCAnd another partial private key yCWherein the Network manager selects a random number
Figure GDA0003553727100000035
And calculates idC=H0(rC,IDC,XC),YC=rCP,yC=rAC+hCsNMWherein h isC=H1(IDC,XC,YC,Ppub) Wherein Y isCPublic issuing of private key y to the outsideCThe information is sent to the client C through the secure channel and informs the RC of the area where the client C is located, and the client C can check yCp=YC+hCppubTo carry outChecking for correctness, wherein hC=H1(IDC,XC,YC,Ppub) RC utilizes public key X of client CCEncryption zone private key SiAnd sending the data to the client C;
s2, randomly selecting application server AP
Figure GDA0003553727100000036
As its own partial private key, and obtaining public key X by calculationAPIdentify its true identity IDAPRegion of idAiAnd XAPSubmitting to Network manager, generating another public key Y after the Network manager is verified to be legalAPAnd another partial private key yAPWherein the public key YAPPublic issuing of private key y to the outsideAPAnd sending the data to the application server AP through a secure channel.
In an embodiment of the application, the client C sends a verification message to the application server AP to verify whether the application server AP is legal, and the application server AP sends the verification message to the client C to verify whether the application server AP is legal after the verification is legal, and if the application server AP and the client C successfully verify each other, the public session key can be obtained, and then the encrypted information can be transmitted.
In one embodiment of the present application, the identity authentication includes the following steps:
s1, client C uses its own partial private key XCWith part of the private key yCObtain the complete private key zC
S2, client C uses its private key zCAnd a region private key siSigning verification information, sending verification information to a target application server (AP), verifying the public key and the regional public key by the target application server (AP), if the verification is passed, indicating that the identity of the client terminal (C) is legal, repeating the behavior of the client terminal (C) by the application server (AP), sending the verification information to the target client terminal (C), and if the client terminal (C) passes the verification, indicating that the identity of the application server (AP) is legal.
In one embodiment of the present application, the establishment of the session key includes the following steps:
s1, after mutual authentication between the client C and the application server AP, the session Key Key can be obtainedi,Keyi=H3(idAP,idC,U′i) At this time, a trust mechanism is established between the client C and the application server AP;
s2, client C can match session Key KeyiThe encrypted body monitoring information is transmitted to the application server AP.
In an embodiment of the application, when a malicious user appears, the Network manager reveals the real identity of the user, notifies a revocation center RC of an area where the user is located, and revokes the legal identity of the user through the RC.
In one embodiment of the present application, said revealing the true identity of the user comprises the steps of:
s1, true identity ID of the userCGenerating pseudonym idsCTrue identity ID of application server APAPGenerating pseudonym idsAP,idAP=H0(rAP,IDAP,XAP) Therefore, the Network management can obtain the real identities of the client C and the application server AP by the pseudonym of the user, because both the client C and the application server AP need to submit their real identities to the Network management during the registration phase.
In an embodiment of the present application, the revoking of the malicious user includes the following steps:
s1, after receiving the information, RC will private key SiUpdated to a new private key S'iAnd corresponding public key Q'iBy broadcasting a new public key Q'iNew key after encryption with public key of each legal user in the area
Figure GDA0003553727100000051
After obtaining the information, the legal user uses the private key to decrypt and obtain the latest area private key S'iCarrying out signature;
s2, malicious user can not obtain new region private key S'iUsing only the original local private key SiA signature is made whose authentication cannot be verified.
Compared with the prior art, the beneficial effects of this application are: by the above-designed certificate-free condition privacy protection authentication method capable of being revoked in the self-organizing network, when the method is used, the scheme provides a safe mode for the WBAN, and meets the safety and privacy requirements of the WBAN, so that a doctor and a patient are ensured to be legal, through no bilinear pairing operation, the authentication process between the doctor and the patient is more timely, the authentication cost and the calculation cost are reduced, and meanwhile, malicious users are timely revoked through revocation centers set in a plurality of areas divided in an application program scene, so that the effect of quickly revoking the malicious users is realized.
Drawings
Fig. 1 is a system model diagram of a revocable certificateless conditional privacy protection authentication method in an ad hoc network according to an embodiment of the present application;
fig. 2 is a process diagram of a user registration phase of a revocable certificateless conditional privacy protection authentication method in an ad hoc network according to an embodiment of the present application;
fig. 3 is a process diagram of an identity verification and session key generation phase of a revocable certificateless conditional privacy preserving authentication method in an ad hoc network according to an embodiment of the present application;
fig. 4 is a process diagram of a revocation phase of a revocable certificateless conditional privacy protection authentication method in an ad hoc network according to an embodiment of the present application.
Detailed Description
In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only partial embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and claims of this application and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It should be understood that the data so used may be interchanged under appropriate circumstances such that embodiments of the application described herein may be used. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
In this application, the terms "upper", "lower", "left", "right", "front", "rear", "top", "bottom", "inner", "outer", "middle", "vertical", "horizontal", "lateral", "longitudinal", and the like indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings. These terms are used primarily to better describe the present application and its embodiments, and are not used to limit the indicated devices, elements or components to a particular orientation or to be constructed and operated in a particular orientation.
Moreover, some of the above terms may be used to indicate other meanings besides the orientation or positional relationship, for example, the term "on" may also be used to indicate some kind of attachment or connection relationship in some cases. The specific meaning of these terms in this application will be understood by those of ordinary skill in the art as appropriate.
In addition, the term "plurality" shall mean two as well as more than two.
It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict. The present application will be described in detail below with reference to the embodiments with reference to the attached drawings.
Example 1
Referring to fig. 1-4, the present application provides a revocable certificateless conditional privacy protection authentication method in an ad hoc network, including a system initialization phase, an authentication phase between a client and an application server AP, and a revocation phase, wherein the system mainly includes four participants, which are: a Network manager (Network manager), a Revocation Center (RC), an ad-hoc Network client (client C) and an application server (application server AP), wherein Network manager is a registry of application server AP and client C, which is considered to be fully trusted; one function of the Network manager is to generate system parameters and provide a part of a private key of the client C and a part of a private key of the application server AP, and the other function is to add a malicious user into a revocation list and notify an RC of a region where the malicious user is located when the malicious user is found; the RC has the main functions of updating the public key and the private key of the area and broadcasting the public key and the private key when receiving a Network management revocation notification; the client C is a mobile device and is used for acquiring biological information such as blood pressure, heart rate, pulse and the like of a patient in real time through a sensor and then sending the information to the remote application server AP; the application server AP is, for example, a medical system of a hospital or clinic, a doctor's medical office providing medical services.
The system initialization stage is connected with the authentication stage signal between the client and the application server AP, and the authentication stage between the client and the application server AP is connected with the revocation stage signal.
The system initialization stage comprises public parameter generation and user registration;
the public parameter production is used for generating system parameters through Network management, so that the data establishment is facilitated;
the user registration is used for submitting real identity information, so that a public key and a private key can be generated and sent conveniently;
the authentication stage between the client and the AP comprises identity authentication and session key establishment;
the identity authentication is used for authenticating whether the identity between the client and the application server AP is legal or not;
the establishment of the session key is used for enhancing the confidentiality strength of the body information of the patient and reducing the risk of information leakage;
the revocation phase comprises revealing the real identity of a user and revoking a malicious user;
the true identity of the user is used for verifying the true identity and the false identity of the user through Network management and revealing a malicious user;
and the revocation malicious user is used for revoking the legal identity of the malicious user.
The system initialization phase comprises the following steps:
s1, generating parameters, wherein the Network manager is responsible for generating system parameters;
and S2, registering the user, submitting the real identity to a Network management by the user (including the client C and the application server AP), and generating a public and private key pair after the Network management is verified to be legal, wherein the private key is sent to the user through a safety channel, and the public key is published to the outside.
The parameter generation comprises the following steps:
s1, selecting two large elements p and q at random by Network manager, and defining one as y2=x3Nonsingular elliptic curve E of + ax + bmod (where a, b ∈ F)P) And in group GqRandomly selecting a generating element P;
s2, selecting Network manager randomly
Figure GDA0003553727100000081
As the system master key, calculate the system public key Ppub=sNMP;
S3, selecting a plurality of safe hash functions by the Network manager:
Figure GDA0003553727100000082
s4, selecting one RC in the ith area randomly
Figure GDA0003553727100000083
As the region private key, calculate the region public key Qi=siP;
S5 public of Network management broadcast systemParameter Δ ═ P, Ppub,Hi}。
The user registration comprises the following steps:
s1, selecting randomly by client C
Figure GDA0003553727100000091
As its own partial private key and by calculating XC=xCP gets the public key XCIdentify its true identity IDCAnd public key XCSubmitting to Network management, verifying identity validity through Network management, if verification is valid, generating another public key Y by Network managementCAnd another partial private key yCWherein the Network manager selects a random number
Figure GDA0003553727100000092
And calculates idC=H0(rC,IDC,XC),YC=rCP,yC=rAC+hCsNMWherein h isC=H1(IDC,XC,YC,Ppub) Wherein Y isCPublic issuing of private key y to the outsideCThe information is sent to the client C through the secure channel and informs the RC of the area where the client C is located, and the client C can check yCp=YC+hCppubChecking for correctness is carried out, where hC=H1(IDC,XC,YC,Ppub) RC utilizes public key X of client CCEncryption zone private key SiAnd sending the data to the client C;
s2, randomly selecting application server AP
Figure GDA0003553727100000093
As its own partial private key, and obtaining public key X by calculationAPIdentify its true identity IDAPRegion of idAiAnd XAPSubmitting to Network manager, generating another public key Y after the Network manager is verified to be legalAPAnd another partial private key yAPWherein the public key YAPPublic issuing of private key y to the outsideAPAnd sending the data to the application server AP through a secure channel.
The client C sends a verification message to the application server AP to verify whether the verification is legal or not, the application server AP sends the verification message to the client C again to verify whether the verification is legal or not after the verification is legal, if the mutual verification between the application server AP and the client C is successful, a public session key can be obtained, and at the moment, a trust mechanism is established between the client C and the application server AP, so that the transmission of encrypted information can be carried out.
The identity authentication comprises the following steps:
s1, client C uses its own partial private key XCWith part of the private key yCObtain the complete private key zC
S2, client C uses its private key zCAnd a region private key siSigning verification information, sending verification information to a target application server (AP), verifying the target application server (AP) through a public key and a regional public key, if the verification is passed, indicating that the identity of a client terminal (C) is legal, repeating the behavior of the client terminal (C) by the application server (AP), sending the verification information to the target client terminal (C), and if the client terminal (C) passes the verification, indicating that the identity of the application server (AP) is legal;
in this embodiment, before the authentication stage, the RC issues the encrypted local private key s according to the revocation list and using the public key of the valid user in the areaiAnd broadcasts the region public key QiThen the user can obtain s through own private keyiLet the private key of the client C region be siThe public key is QiThe private key of the AP area of the application server is sjThe public key of the AP area of the application server is Qj(ii) a To access the target application server AP, client C obtains the application server AP area public key QjAnd public key X of application server APAPAnd selecting a random number
Figure GDA0003553727100000101
Calculate hi=H2(Vi,Qi,XC,YC,tti),ki=H3(Vi,Ui,tti) Encrypted to obtain
Figure GDA0003553727100000102
ttiVi=aiP,Ui=aiXAP,vi=αi+yC+hi(si+xC) Setting the time stamp as the current time stamp, setting E as the encryption function of symmetric encryption, and finally sending verification information { Wi,Vi,ttiGiving AP to an application server; upon receipt of the signed message Wi,Vi,ttiWhen it is judged that the application server AP calculates Ui=xAPVi,ki=H3(Vi,Ui,tti) Decrypted to obtain vi
Figure GDA0003553727100000103
D is a decryption function of symmetric encryption, and h is calculatedC=H1(idC,XC,YC,Ppub),hi=H2(Vi,Qi,XC,YC,tti) And checks equation (1) v by application server APiP=Vi+hiXC+YC+hCPpub+hiQiIf (1) is true, the application server AP selects a random number
Figure GDA0003553727100000104
And calculating V'i=βiP,U′i=βiVi,v′i=β′i+yAP+h′i(xAP+sj) Wherein h'i=H2(V′i,Qi,XAP,YAP,tti),k′i=H3(V′i,U′i,tti),
Figure GDA0003553727100000105
Then { W'i,V′i,ttiSending the Key to the client C, wherein the session Key is the Key between the application server AP and the client Ci=H3(idAP,idC,Ui) (ii) a Receiving signature information { W'i,V′i,ttiIn time, client C calculates U'iiVi′,k′i=H3(V′i,U′i,tti) To give v'j
Figure GDA0003553727100000111
And calculate hAP=H1(idAP,XAP,YAP,Ppub),h′i=H2(V′i,Qj,XAP,YAP,tti) Checking equation (2) v 'by client C'iP=Vi′+h′iXC+YC+hCPpub+h′iQjAnd if yes, carrying out the next step.
The establishment of the session key comprises the following steps:
s1, after mutual authentication between the client C and the application server AP, the session Key Key can be obtainedi,Keyi=H3(idAP,idC,Ui) At this time, a trust mechanism is established between the client C and the application server AP;
s2, client C can match session Key KeyiThe encrypted body monitoring information is transmitted to the application server AP.
When a malicious user appears, the Network manager reveals the real identity of the user, informs a revocation center RC of an area where the user is located, and revokes the legal identity of the user through the RC.
The revealing of the true identity of the user comprises the following steps:
s1, true identity ID of the userCGenerating pseudonym idsCTrue identity ID of application server APAPGenerating pseudonym idsAP,idAP=H0(rAP,IDAP,XAP) Therefore, the Network management can obtain the real identities of the client C and the application server AP by the pseudonym of the user, because both the client C and the application server AP need to submit their real identities to the Network management during the registration phase.
The method for revoking the malicious user comprises the following steps:
s1, after receiving the information, RC will private key SiUpdated to a new private key S'iAnd corresponding public key Q'iBy broadcasting a new public key Q'iNew key after encryption with public key of each legal user in the area
Figure GDA0003553727100000112
After obtaining the information, the legal user uses the private key to decrypt and obtain the latest area private key S'iCarrying out signature;
s2, malicious user can not obtain new region private key S'iUsing only the original local private key SiA signature is made whose authentication cannot be verified.
Specifically, the working principle of the revocable certificateless conditional privacy protection authentication method in the ad hoc network is as follows: when the method is used, a safe mode is provided for the WBAN, the safety and privacy requirements of the WBAN are met, so that a doctor and a patient are ensured to be legal, the authentication process between the doctor and the patient is more timely by no bilinear pairing operation, the authentication cost and the calculation cost are reduced, and meanwhile, malicious users are timely cancelled through cancellation centers set in a plurality of areas divided in an application program scene, so that the effect of quickly cancelling the malicious users is realized.
The above description is only a preferred embodiment of the present application and is not intended to limit the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.

Claims (4)

1. A revocable certificateless condition privacy protection authentication method in an ad hoc network is characterized by comprising a system initialization stage, an authentication stage and a revocation stage between a client C and an application server AP;
the system initialization stage is connected with an authentication stage signal between the client C and the application server AP, and the authentication stage between the client C and the application server AP is connected with the revocation stage signal;
the system initialization stage comprises public parameter generation and user registration;
the public parameter production is used for generating system parameters through a Network manager, so that the data can be conveniently established;
the user registration is used for submitting real identity information, so that a public key and a private key can be generated and sent conveniently, and the user comprises a client C and an application server AP;
the authentication stage between the client C and the application server AP comprises identity authentication and session key establishment;
the identity authentication is used for authenticating whether the identity between the client C and the application server AP is legal or not;
the establishment of the session key is used for enhancing the confidentiality strength of the body information of the patient and reducing the risk of information leakage;
the revocation phase comprises revealing the real identity of a user and revoking a malicious user;
the true identity of the user is used for verifying the true identity and the false identity of the user through a Network manager, and the malicious user is disclosed;
the revocation malicious user is used for revoking the legal identity of the malicious user;
the system initialization phase comprises the following steps:
s1, generating parameters, wherein the Network manager is responsible for generating system parameters;
s2, registering the user, submitting the real identity to a Network manager, generating a public and private key pair after the Network manager verifies that the identity is legal, wherein the private key is sent to the user through a safety channel, and the public key is published to the outside;
the client C sends a verification message to the application server AP to verify whether the verification is legal or not, the application server AP sends the verification message to the client C again to verify whether the verification is legal or not after the verification is legal, if the mutual verification between the application server AP and the client C is successful, a public session key can be obtained, and at the moment, a trust mechanism is established between the client C and the application server AP, so that the transmission of encrypted information can be carried out;
the identity authentication comprises the following steps:
s1, client C uses its own partial private key XCWith part of the private key yCObtain the complete private key zC
S2, client C uses its private key zCAnd a region private key siSigning verification information, sending verification information to a target application server (AP), verifying the target application server (AP) through a public key and a regional public key, if the verification is passed, indicating that the identity of a client terminal (C) is legal, repeating the behavior of the client terminal (C) by the application server (AP), sending the verification information to the target client terminal (C), and if the target client terminal (C) passes the verification, indicating that the identity of the application server (AP) is legal;
when a malicious user appears, the Network manager reveals the real identity of the user, informs a revocation center RC of an area where the user is located, and revokes the legal identity of the user through the RC;
the revealing of the true identity of the user comprises the following steps: true identity ID of the client CCGenerating pseudonym idsCTrue identity ID of application server APAPGenerating pseudonym idsAP,idAP=H0(rAP,IDAP,XAP) Therefore, the Network manager can obtain the real identities of the client C and the application server AP through the pseudonym of the user, because the client C and the application server AP both need to submit their real identities to the Network manager in the registration stage;
the method for revoking the malicious user comprises the following steps:
s1, after receiving the information, RC will private key SiUpdated to a new private key S'iAndcorresponding public key Q'iBy broadcasting a new public key Q'iNew key after encryption with public key of each legal user in the area
Figure FDA0003553727090000031
After obtaining the information, the legal user uses the private key to decrypt and obtain the latest area private key S'iCarrying out signature;
s2, the malicious user cannot obtain the new region private key S'iUsing only the original local private key SiA signature is made whose authentication cannot be verified.
2. The method of revocable certificateless conditional privacy-preserving certification in an ad-hoc network of claim 1, wherein the parameter generation comprises the steps of:
s1, selecting two large elements p and q at random by Network manager, and defining one as y2=x3Nonsingular elliptic curves E of + ax + b mod q, where a, b ∈ FPAnd in group GqRandomly selecting a generating element P;
s2, selecting randomly by Network manager
Figure FDA0003553727090000032
As the system master key, calculate the system public key Ppub=sNMP;
S3, selecting a plurality of safe hash functions by the Network manager:
Figure FDA0003553727090000033
s4, selecting one RC in the ith area randomly
Figure FDA0003553727090000034
As the region private key, calculate the region public key Qi=siP;
S5, common parameter delta of Network manager broadcast system ═ { P, P ═pub,Hi}。
3. The certificateless conditional privacy-preserving certification method revocable in an ad hoc network according to claim 2, wherein the user registration comprises the steps of:
s1, selecting randomly by client C
Figure FDA0003553727090000035
As its own partial private key and by calculating XC=xCP gets the public key XCIdentify its true identity IDCAnd public key XCSubmitting the public key to a Network manager, verifying the validity of the identity through the Network manager, and if the identity is verified to be valid, generating another public key Y by the Network managerCAnd another partial private key yCWherein the Network manager selects a random number
Figure FDA0003553727090000041
And calculates idC=H0(rC,IDC,XC),YC=rCP,yC=rC+hCsNMWherein h isC=H1(IDC,XC,YC,Ppub) Wherein Y isCPublic issuing of private key y to the outsideCSending the information to the client C through the secure channel, and informing the RC of the area where the client C is located, wherein the client C can check yCp=YC+hCppubChecking for correctness is carried out, where hC=H1(IDC,XC,YC,Ppub) RC utilizes public key X of client CCEncryption zone private key SiAnd sending the data to the client C;
s2, randomly selecting application server AP
Figure FDA0003553727090000042
As its own partial private key, and obtaining public key X by calculationAPIdentify its true identity IDAPRegion of idAiAnd XAPSubmitting the data to a Network manager, and generating another public key Y after the Network manager verifies the validityAPAnd another partial private key yAPWherein the public key YAPPublic issuing of private key y to the outsideAPAnd sending the data to the application server AP through a secure channel.
4. The method of revocable certifiess conditional privacy preserving certification in an ad hoc network of claim 2, wherein the establishment of the session key comprises the steps of:
s1, after mutual authentication between the client C and the application server AP, the session Key Key can be obtainediAt this time, a trust mechanism is established between the client C and the application server AP;
s2, client C session Key KeyiThe encrypted body monitoring information is transmitted to the application server AP.
CN202110215530.8A 2021-02-25 2021-02-25 Revocable certificateless condition privacy protection authentication method in self-organizing network Expired - Fee Related CN113038465B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110215530.8A CN113038465B (en) 2021-02-25 2021-02-25 Revocable certificateless condition privacy protection authentication method in self-organizing network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110215530.8A CN113038465B (en) 2021-02-25 2021-02-25 Revocable certificateless condition privacy protection authentication method in self-organizing network

Publications (2)

Publication Number Publication Date
CN113038465A CN113038465A (en) 2021-06-25
CN113038465B true CN113038465B (en) 2022-05-17

Family

ID=76461606

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110215530.8A Expired - Fee Related CN113038465B (en) 2021-02-25 2021-02-25 Revocable certificateless condition privacy protection authentication method in self-organizing network

Country Status (1)

Country Link
CN (1) CN113038465B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018119670A1 (en) * 2016-12-27 2018-07-05 深圳大学 Method and device for certificateless partially blind signature
CN109067525A (en) * 2018-08-01 2018-12-21 安徽大学 Message authentication method based on half credible administrative center in car networking

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104901931B (en) * 2014-03-05 2018-10-12 财团法人工业技术研究院 certificate management method and device
WO2017049222A1 (en) * 2015-09-18 2017-03-23 Olympus Sky Technologies, S.A. Secure communications using organically derived synchronized processes
CN107947932B (en) * 2018-01-09 2020-09-01 重庆邮电大学 Vehicle ad hoc network authentication method based on non-bilinear mapping certificateless signature
CN109831296A (en) * 2019-04-04 2019-05-31 郑州师范学院 A kind of car networking privacy-protection certification method based on group ranking
CN111917550A (en) * 2020-06-17 2020-11-10 中山大学 Certificateless cluster signature bilinear-free authentication method and system
CN112243234A (en) * 2020-07-21 2021-01-19 丹阳市威鼎汽配有限公司 Identity-based privacy security protection method for Internet of vehicles

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018119670A1 (en) * 2016-12-27 2018-07-05 深圳大学 Method and device for certificateless partially blind signature
CN109067525A (en) * 2018-08-01 2018-12-21 安徽大学 Message authentication method based on half credible administrative center in car networking

Also Published As

Publication number Publication date
CN113038465A (en) 2021-06-25

Similar Documents

Publication Publication Date Title
Vijayakumar et al. Efficient and secure anonymous authentication with location privacy for IoT-based WBANs
Hathaliya et al. Securing electronics healthcare records in healthcare 4.0: A biometric-based approach
Deebak et al. Smart mutual authentication protocol for cloud based medical healthcare systems using internet of medical things
Xiong Cost-effective scalable and anonymous certificateless remote authentication protocol
Son et al. Design of secure authentication protocol for cloud-assisted telecare medical information system using blockchain
Masdari et al. A survey and taxonomy of the authentication schemes in Telecare Medicine Information Systems
CN112954675B (en) Multi-gateway authentication method, system, storage medium, computer device and terminal
JP6014585B2 (en) Attribute-based digital signature system
Liang et al. PEC: A privacy-preserving emergency call scheme for mobile healthcare social networks
RU2536362C2 (en) Network operation method, system control device, network and computer programme for said control
Le et al. An efficient mutual authentication and access control scheme for wireless sensor networks in healthcare
Masdari et al. Key management in wireless body area network: Challenges and issues
Jiang et al. A bilinear pairing based anonymous authentication scheme in wireless body area networks for mHealth
Omala et al. An efficient remote authentication scheme for wireless body area network
Zhang et al. Identity-based proxy-oriented outsourcing with public auditing in cloud-based medical cyber–physical systems
Verma et al. PFCBAS: Pairing free and provable certificate-based aggregate signature scheme for the e-healthcare monitoring system
CN105978918B (en) Bilinear identity authentication method suitable for wireless body area network communication access
CN114095276B (en) Intelligent home security authentication method based on Internet of things
Peng et al. Efficient certificateless online/offline signature scheme for wireless body area networks
Deebak et al. Chaotic-map based authenticated security framework with privacy preservation for remote point-of-care
CN108959873B (en) Authentication method for remote medical system
CN110752024A (en) Online medical diagnosis service system based on privacy protection
Almuhaideb Re-AuTh: Lightweight re-authentication with practical key management for wireless body area networks
Marin et al. A privacy-preserving remote healthcare system offering end-to-end security
CN103618593B (en) Enhanced sensor safe attachment and key management method in body area network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20220517

CF01 Termination of patent right due to non-payment of annual fee