WO2011063744A1

WO2011063744A1 - Method, system and device for identity authentication in extensible authentication protocol (eap) authentication

Info

Publication number: WO2011063744A1
Application number: PCT/CN2010/079067
Authority: WO
Inventors: 曹振; 刘大鹏; 邓辉
Original assignee: ***通信集团公司
Priority date: 2009-11-30
Filing date: 2010-11-24
Publication date: 2011-06-03
Also published as: CN102082665B; CN102082665A

Abstract

The embodiments of the present invention disclose a method, system and device for an identity authentication in the Extensible Authentication Protocol (EAP) authentication. The method includes: receiving an EAP message sent from a client, and obtaining the authentication identity, the random number, the public key and the signature information of the client which are carried in the EAP message; performing authentications for the authentication identity and the signature information of the client according to an authentication identity generation algorithm, the random number and the public key. By using the embodiments of the present invention, the stealing of the authentication identity can be prevented by utilizing the binding technique between the public key and the EAP authentication identity (ID), which thoroughly avoids that attackers filch or steal the authentication identities of other users.

Description

一种 EAP认证中的标识认证方法、 ***和设备技术领域 Identification method, system and device for identification in EAP authentication

本发明涉及通讯技术领域，尤其涉及一种 EAP认证中的标识认证方法、系统和设备。背景技术 The present invention relates to the field of communications technologies, and in particular, to an identity authentication method, system, and device in EAP authentication. Background technique

EAP ( Extensible Authentication Protocol, 可扩展认证协议 )是一种提供网 ^^入认证的可扩展框架，可以支持不同的认证方法。 EAP—般承栽在互联网二层协议之上，用户只有在完成 EAP规定的认证之后才能进行合法的网络通信，不能正确认证的用户则不能进行网络通信。许多网络都使用 EAP作为接入认证的标准协议，如 802.11、 WIMAX( Worldwide Interoperability for Microwave Access, 微波存取全球互通）等。 EAP是互联网安全认证的^ 5*，其包括三个实体 ·· 客户端，认证者， AAA ( Authentication I Authorization / Accounting, 认证 /授权 /计费）服务器。其原理如下：认证者向客户端发起一个 EAP认证请求 ( EAP Request/ID )，客户端通过 EAP响应（ EAP Response/ID ) 消息送回自己的认证标识，认证者把客户端的认证标识转发给务器， AAA^务器通过本地配置判断此客户端应该进行何种具体的认证方法（如 EAP-MD5 , EAP-TLS等），然后开始发起具体的认证过程。在认证过程中，认证者对 EAP 的认证消息在客户端和 AAAJ^务器之间进行透传 , 由于不执行具体的认证计算，认证者作为接入点不需要实现具体的认证方法；客户端和 AAA服务器进行认证相关的安全计算，因此保持了网络的可扩展性。 EAP (Extensible Authentication Protocol) is an extensible framework that provides network authentication and can support different authentication methods. EAP is generally based on the Internet Layer 2 protocol. Users can only conduct legitimate network communication after completing the EAP-defined authentication. Users who cannot be authenticated correctly cannot communicate with the network. Many networks use EAP as the standard protocol for access authentication, such as 802.11, WIMAX (Worldwide Interoperability for Microwave Access). EAP is the Internet security certification ^ 5*, which includes three entities · Client, Authenticator, AAA (Authentication I Authorization / Accounting) server. The principle is as follows: The Authenticator sends an EAP Request/ID to the client, and the client sends back its own authentication identifier through the EAP Response (ID) message. The Authenticator forwards the client's authentication identifier to the client. The AAA server determines the specific authentication method (such as EAP-MD5, EAP-TLS, etc.) that the client should perform through local configuration, and then starts the specific authentication process. During the authentication process, the Authenticator's EAP authentication message is transparently transmitted between the client and the AAA server. Since the specific authentication calculation is not performed, the Authenticator does not need to implement a specific authentication method as the access point. The security calculations associated with authentication by the AAA server thus maintain the scalability of the network.

不同的认证方法有不同的安全强度，比如说 EAP-MD5仅让服务器认证客户端，客户端没有能力认证服务器，而 EAP-TLS则能够支持服务器和客户端的双向认证，具有相对更高的安全强度。这样造成了伪造认证标识（本申请文件中，认证标识可以简称为 ID )的攻击形式，假设用户 A使用的是 EAP-MD5, 攻击者 M窃取了用户 A的认证标识向 AAA服务器发起认证， AAA服务器则会向攻击者 M发起 EAP-MD5的认证，使得攻击者 M较容易入侵网络。为了克服现有技术中存在的伪造认证标识的问题，现有技术中提供了以下解决方式。 Different authentication methods have different security strengths. For example, EAP-MD5 only allows the server to authenticate the client, the client does not have the ability to authenticate the server, and EAP-TLS can support two-way authentication between the server and the client, with relatively higher security strength. . The attack form of the forged authentication identifier (in this document, the authentication identifier can be abbreviated as ID) is assumed. Assume that user A uses EAP-MD5. Attacker M steals the authentication identifier of user A and initiates authentication to the AAA server. Server will EAP-MD5 authentication is initiated to attacker M, making it easier for attacker M to invade the network. In order to overcome the problem of forged authentication marks existing in the prior art, the following solutions are provided in the prior art.

方法一是忽略认证标识交互，由于现有技术中规定 EAP认证标识的交互是可选的，因此提出可以忽略 EAP认证开始时的认证标识交互，对所有的用户使用同一个初始的认证方法，在 EAP安全隧道建立起来之后再交换认证标识。因此其通过避免 EAP认证标识的交互过程来防止伪造认证标识的攻击。该方法存在的问题在于，其并不能作为一个通用的方案，因为目前艮多场景和认证方法都需要 AAA^务器获知客户端的认证标识。 The first method is to ignore the authentication identifier interaction. Since the interaction of the EAP authentication identifier is optional in the prior art, it is proposed to ignore the authentication identifier interaction when the EAP authentication starts, and use the same initial authentication method for all users. After the EAP security tunnel is established, the authentication identifier is exchanged. Therefore, it prevents the attack of forged authentication marks by avoiding the interaction process of the EAP authentication identifier. The problem with this method is that it cannot be used as a general solution because at present many scenarios and authentication methods require the AAA server to know the client's authentication identity.

方法二是通过交换一个匿名的方式来防止攻击者伪造认证标识，具体的，可以在 EAP认证开始时认证标识交换过程中使用一个省略认证标识的网络地址标识，如 "@example.net"来标识客户端；或在 EAP认证标识交互中使用 "匿名 +域名" 的方式来提供认证标识保护，如同一域（example.net ) 下的用户使用 "[email protected]" 作为统一的认证标 i只。由于 jltNAI ( Network Access Identifier, 网络访问标识符）信息中没有用户的认证标识，用户的认证标识不会被窃取。但是该方法存在的问题在于，虽然在 NAI信息中没有用户的认证标识，但是攻击者仍然能够轻易伪造此 NAI信息来进行认证标识欺骗，因此该方法只保护了用户的认证标识不在明文传输中泄露，不能防止伪造认证标识的攻击行为。发明内容 The second method is to prevent an attacker from forging an authentication identifier by exchanging an anonymous manner. Specifically, a network address identifier that omits the authentication identifier, such as "@example.net", may be used in the authentication identifier exchange process at the start of EAP authentication. Clients; or use the "anonymous + domain name" method in the EAP authentication identity interaction to provide authentication identity protection, such as the user in the same domain (example.net) using "[email protected]" as the unified authentication target i . Since there is no user's authentication identifier in the jltNAI (Network Access Identifier) information, the user's authentication identifier will not be stolen. However, the problem of the method is that although there is no user authentication identifier in the NAI information, the attacker can easily forge the NAI information to perform authentication identifier spoofing. Therefore, the method only protects the user's authentication identifier from being leaked in the plaintext transmission. , can not prevent the attack behavior of forged authentication marks. Summary of the invention

本发明的实施例提供一种 EAP认证中的标识认证方法、***和设备，用于防止攻击者窃取盗用其他用户的 EAP认证标识。 The embodiments of the present invention provide an identity authentication method, system, and device for EAP authentication, which are used to prevent an attacker from stealing an EAP authentication identifier of another user.

本发明的实施例提供了一种 EAP认证中的标识认证方法，包括：接收客户端发送的 EAP消息，获取所述 EAP消息中携带的所述客户端的认证标识、随机数、公钥以及签名信息； An embodiment of the present invention provides an identity authentication method in EAP authentication, including: receiving an EAP message sent by a client, and acquiring an authentication identifier, a random number, a public key, and a signature information of the client carried in the EAP message. ;

根据认证标识生成算法、以及所述随机数和公钥，对所述客户端的认证标识和签名信息进行认证。 Authentication of the client according to the authentication identifier generation algorithm, and the random number and the public key Identification and signature information for authentication.

其中，所述接》1 户端发送的 EAP消息前，还包括： Before the EAP message sent by the client, the method further includes:

所述客户端根据 RSA公钥算法生成公钥和私钥； The client generates a public key and a private key according to an RSA public key algorithm;

所述客户端根据所述公钥和认证标识生成算法，生成认证标识；所述客户端接收到 EAP认证请求时，生成随机数，并根据所述随机数和所述私钥生成签名信息； The client generates an authentication identifier according to the public key and the authentication identifier generation algorithm; when the client receives the EAP authentication request, generates a random number, and generates signature information according to the random number and the private key;

所述客户端向认证服务器发送 EAP消息，所述 EAP消息中携带所述客户端的认证标识、随机数、公钥以及签名信息。 The client sends an EAP message to the authentication server, where the EAP message carries the authentication identifier, the random number, the public key, and the signature information of the client.

其中，所述对所户端的认证标识和签名信息进行认证包括：根据认证标识生成算法以及所述公钥，生成认证标识；所述生成的认证标识与所述客户端发送的 ΕΑΡ消息中携带的认证标识相同时，对所述客户端的认证标识的认证成功并执行下一步，否则认证失败； The performing the authentication on the authentication identifier and the signature information of the client includes: generating an authentication identifier according to the authentication identifier generation algorithm and the public key; and the generated authentication identifier is carried in the ΕΑΡ message sent by the client If the authentication identifiers are the same, the authentication of the authentication identifier of the client is successful and the next step is performed, otherwise the authentication fails.

根据所述客户端的公钥和所述随机数，检查所述客户端发送的 ΕΑΡ消息中携带的签名信息是否正确，如果正确，则对所述客户端的认证标识和签名信息的认证通过，否则认证失败。 Checking, according to the public key of the client and the random number, whether the signature information carried in the 发送 message sent by the client is correct, and if yes, authenticating the authentication identifier and the signature information of the client, otherwise authenticating failure.

其中，所述对客户端的认证标识和签名信息进行认证前，还包括：确认接收到的 ΕΑΡ消息中携带的随机数的数值与记录的设定时间长度内出现的各随机数的数值不重复。 Before the authenticating the authentication identifier and the signature information of the client, the method further includes: confirming that the value of the random number carried in the received ΕΑΡ message does not overlap with the value of each random number that occurs within the set time length of the record.

其中，所述客户端发送的 ΕΑΡ消息为 ΕΑΡ响应消息。 The ΕΑΡ message sent by the client is a ΕΑΡ response message.

其中，所述认证标识生成算法为单向 Hash函数 SHA-1。 The authentication identifier generation algorithm is a one-way Hash function SHA-1.

其中，所述对客户端的认证标识和签名信息进行认证后，还包括：对所述客户端的认证标识和签名信息的认证通过后，根据配置的客户端的认证标识与 EAP认证方法之间的映射关系，确定所述 EAP消息中携带的所述客户端的认证标识对应的 EAP认证方法，对所述客户端进行 EAP认证。 After the authentication and the signature information of the client are authenticated, the method further includes: after the authentication of the authentication identifier and the signature information of the client is passed, the mapping relationship between the authentication identifier of the client and the EAP authentication method is configured. Determining an EAP authentication method corresponding to the authentication identifier of the client carried in the EAP message, and performing EAP authentication on the client.

本发明的实施例还提供了一种认证服务器，包括： An embodiment of the present invention further provides an authentication server, including:

获取单元，用于接收客户端发送的 EAP消息，获取所述 EAP消息中携带的所述客户端的认证标识、随机数、公钥以及签名信息；认证单元，用于根据认证标识生成算法、以及所述随机数和公钥，对所述客户端的认证标识和签名信息进行认证。 An acquiring unit, configured to receive an EAP message sent by the client, and obtain an authentication identifier, a random number, a public key, and signature information of the client carried in the EAP message; And an authentication unit, configured to authenticate the authentication identifier and the signature information of the client according to the authentication identifier generation algorithm, and the random number and the public key.

其中，所述认证单元具体用于： The authentication unit is specifically configured to:

根据认证标识生成算法以及所述公钥，生成认证标识；所述生成的认证标识与所述客户端发送的 EAP消息中携带的认证标识相同时，对所述客户端的认证标识的认证成功并执行下一步，否则认证失败； Generating an authentication identifier according to the authentication identifier generation algorithm and the public key. When the generated authentication identifier is the same as the authentication identifier carried in the EAP message sent by the client, the authentication of the authentication identifier of the client is successful and executed. Next, otherwise the authentication fails;

根据所述客户端的公钥和所述随机数，检查所述客户端发送的 EAP消息中携带的签名信息进行认证是否正确，如果正确，则对所述客户端的认证标识和签名信息的认证通过，否则认证失败。 Checking whether the authentication information carried in the EAP message sent by the client is correct according to the public key of the client and the random number, and if the authentication is correct, the authentication and signature information of the client is authenticated. Otherwise the authentication fails.

其中，还包括： Among them, it also includes:

配置单元，用于存储每一客户端认证标识对应的 EAP认证方法，并提供给所述认证单元； a configuration unit, configured to store an EAP authentication method corresponding to each client authentication identifier, and provide the authentication unit to the authentication unit;

所述认证单元 , 还用于对所述客户端的认证标识和签名信息的认证通过后，根据配置的客户端的认证标识与 EAP认证方法之间的映射关系，确定所述 EAP消息中携带的所述客户端的认证标识对应的 EAP认证方法 ,对所述客户端进行 EAP认证。 The authentication unit is further configured to determine, according to a mapping relationship between the configured authentication identifier of the client and the EAP authentication method, the identifier that is carried in the EAP message, after the authentication of the authentication identifier and the signature information of the client is passed. The EAP authentication method corresponding to the authentication identifier of the client performs EAP authentication on the client.

其中，所述认证单元，还用于记录设定时间长度内出现的各随机数，在对所述客户端的认证标识和签名信息进行认证之前，确认接收到的 EAP消息中携带的随机数的数值与记录的各随机数的数值不重复。 The authentication unit is further configured to record each random number that occurs in the set time length, and confirm the value of the random number carried in the received EAP message before authenticating the authentication identifier and the signature information of the client. The values of the random numbers recorded are not repeated.

本发明的实施例还提供了一种客户端，包括： An embodiment of the present invention further provides a client, including:

密钥生成单元，用于根据 RSA公钥算法生成公钥和私钥； a key generation unit, configured to generate a public key and a private key according to an RSA public key algorithm;

认证标识生成单元，用于根据所述公钥和认证标识生成算法，生成认证标识 An authentication identifier generating unit, configured to generate an authentication identifier according to the public key and the authentication identifier generation algorithm

签名信息生成单元，用于接收到 EAP认证请求时，生成随机数，并根据所述随机数和所述私钥生成签名信息； a signature information generating unit, configured to generate a random number when receiving the EAP authentication request, and generate signature information according to the random number and the private key;

EAP消息发送单元，用于向认证服务器发送 EAP消息，所述 EAP消息中携带所述客户端的认证标识、随机数、公钥以及签名信息。本发明的实施例还提供了一种 EAP认证***，包括： The EAP message sending unit is configured to send an EAP message to the authentication server, where the EAP message carries the authentication identifier, the random number, the public key, and the signature information of the client. An embodiment of the present invention further provides an EAP authentication system, including:

客户端，用于向认证服务器发送 EAP消息，所述 EAP消息中携带所述客户端的认证标识、随机数、公钥以及签名信息； The client is configured to send an EAP message to the authentication server, where the EAP message carries the authentication identifier, the random number, the public key, and the signature information of the client.

认证服务器，用于接收所述客户端发送的 EAP消息，获取所述 EAP消息中携带的所述客户端的认证标识、随机数、公钥以及签名信息；根据认证标识生成算法、以及所述随机数和公钥，对所述客户端的认证标识和签名信息进行认证。 An authentication server, configured to receive an EAP message sent by the client, obtain an authentication identifier, a random number, a public key, and signature information of the client carried in the EAP message; generate an algorithm according to the authentication identifier, and the random number And the public key, the authentication identifier and the signature information of the client are authenticated.

与现有技术相比，本发明的实施例具有以下优点： Embodiments of the present invention have the following advantages over the prior art:

本发明的实施例中，利用公开密钥和 EAP认证标识（ID ) 的绑定技术来防止认证标识被盗用，彻底的防止了攻击者窃取盗用其他用户认证标识，而现有的相关的技术没有解决这个问题；另夕卜，其支持不同的 EAP认证方法，不需要修改已有的 EAP认证协议，属于通用的解决方法。附图说明 In the embodiment of the present invention, the binding technology of the public key and the EAP authentication identifier (ID) is used to prevent the authentication identifier from being stolen, and the attacker is completely prevented from stealing other user authentication identifiers, but the existing related technologies are not To solve this problem; in addition, it supports different EAP authentication methods, and does not need to modify the existing EAP authentication protocol, which is a general solution. DRAWINGS

为了更清楚地说明本发明实施例或现有技术中的技术方案，下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍，显而易见地，下面描述中的附图仅仅是本发明的一些实施例，对于本领域普通技术人员来讲，在不付出创造性劳动性的前提下，还可以根据这些附图获得其他的附图。 In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the description of the prior art will be briefly described below. Obviously, the drawings in the following description are only It is a certain embodiment of the present invention, and other drawings can be obtained from those skilled in the art without any inventive labor.

图 1 是本发明实施例中提供的 EAP认证中的标识认证方法流程图；图 2是本发明实施例的应用场景中提供的 EAP认证中的标识认证方法流程图； 1 is a flowchart of an identity authentication method in EAP authentication provided in an embodiment of the present invention; FIG. 2 is a flow chart of an identity authentication method in EAP authentication provided in an application scenario according to an embodiment of the present invention;

图 3是本发明实施例的应用场景中 EAP Response消息的结构示意图；图 4是本发明实施例中提供的认证服务器的结构示意图； 3 is a schematic structural diagram of an EAP Response message in an application scenario according to an embodiment of the present invention; FIG. 4 is a schematic structural diagram of an authentication server provided in an embodiment of the present invention;

图 5是本发明实施例中提供的客户端的结构示意图。具体实施方式 FIG. 5 is a schematic structural diagram of a client provided in an embodiment of the present invention. detailed description

下面将结合本发明实施例中的附图，对本发明实施例中的技术方案进行清楚、完整地描述，显然，所描述的实施例仅是本发明一部分实施例，而不是全部的实施例。基于本发明中的实施例，本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例，都属于本发明保护的范围。 The technical solution in the embodiment of the present invention will be described below with reference to the accompanying drawings in the embodiments of the present invention. It is clear that the described embodiments are only a part of the embodiments of the invention, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without departing from the inventive scope are the scope of the present invention.

本发明的实施例提供了一种 EAP认证中的标识认证方法，如图 1所示，包括： An embodiment of the present invention provides a method for authenticating an identifier in EAP authentication. As shown in FIG. 1, the method includes:

步骤 sl01、接收客户端发送的 EAP消息，获取 EAP消息中携带的客户端的认证标识、随机数、公钥以及签名信息； Step sl01: Receive an EAP message sent by the client, and obtain an authentication identifier, a random number, a public key, and signature information of the client carried in the EAP message.

步骤 sl02、根据认证标识生成算法、以及随机数和公钥，对客户端的认证标识和签名信息进行认证。 Step sl02: Authenticate the authentication identifier and signature information of the client according to the authentication identifier generation algorithm, and the random number and the public key.

本发明的实施例提供了一个具体的应用场景，描述本发明提供的 EAP认证中的标识认证方法的具体实施方式。 The embodiment of the present invention provides a specific application scenario, and describes a specific implementation manner of the identity authentication method in the EAP authentication provided by the present invention.

本发明的应用场景中，客户端生成 RSA公钥算法下对应的公钥 PK和私钥 SK，利用 PK和认证标识生成算法生成自己对应的认证标识，例如采用单向 Hash (哈希）函数 SHA-1 ( SHA: Secure Hash Algorithm, 安全散列算法）作为认证标识生成算法，则 ID=SHA-1 ( PK )o 公钥算法的性质保证了通过公钥 ΡΚ无法推导出私钥 SK, 而没有私钥 SK也无法伪造签名信息；单向函数的性质保证了无法根据另外一个 ΡΚ，映射到同样一个 ID。 In the application scenario of the present invention, the client generates a public key PK and a private key SK corresponding to the RSA public key algorithm, and generates a corresponding authentication identifier by using the PK and the authentication identifier generation algorithm, for example, adopting a one-way hash function SHA. -1 (SHA: Secure Hash Algorithm) As the authentication ID generation algorithm, ID=SHA-1 ( PK )o The nature of the public key algorithm guarantees that the private key SK cannot be derived through the public key. The private key SK also cannot forge signature information; the nature of the one-way function guarantees that it cannot be mapped to the same ID according to another trick.

另外，作为认证服务器的 AAA服务器根据客户端生成的认证标识 ID在本地对客户端配置相应的 EAP认证方法。如客户端 A使用的认证方法为 EAP-MD5, 则 AAA服务器在配置中，对于客户端 A的 ID和 EAP-MD5方法之间建立映射关系；如用户 B所使用的认证方法为 EAP-TLS, 则 AAA服务器在配置中，对于客户端 B的 ID和 EAP-TLS方法之间建立映射关系。 In addition, the AAA server acting as the authentication server locally configures the corresponding EAP authentication method to the client according to the authentication identifier ID generated by the client. If the authentication method used by the client A is EAP-MD5, the AAA server is configured to establish a mapping relationship between the ID of the client A and the EAP-MD5 method. For example, the authentication method used by the user B is EAP-TLS. Then, in the configuration, the AAA server establishes a mapping relationship between the ID of the client B and the EAP-TLS method.

本发明提供的实施例中， EAP认证中的标识认证方法如图 2所示，包括以下步骤： In the embodiment provided by the present invention, the identifier authentication method in EAP authentication is as shown in FIG. 2, and includes the following steps:

步骤 s201、认证者（Authenticator )发起 EAP认证，向客户端 A( EAP Peer A )发送 EAP Request/ID ( EAP认证请求）。其中认证者可以为网络接入服务器。步骤 s202、客户端 A生成签名信息，附加公钥信息。 In step s201, the Authenticator initiates EAP authentication, and sends an EAP Request/ID to the client A (EAP Peer A). The certifier can be a network access server. Step s202: Client A generates signature information and attaches public key information.

具体的，客户端 A生成随机数（Radomn, 简称 Ra )，并根据私钥 SK和 RSA签名算法生成签名信息。 Specifically, the client A generates a random number (Radomn, abbreviated as Ra), and generates signature information according to the private key SK and the RSA signature algorithm.

步骤 s203、客户端 A返回 EAP Response/ID ( EAP响应）消息，在该消息中携带客户端 A的认证标识 ID, 随机数 Ra，公钥 PK，以及签名信息。 Step s203: The client A returns an EAP Response/ID (EAP Response) message, where the message carries the authentication identifier ID of the client A, the random number Ra, the public key PK, and the signature information.

其中，客户端 Α在发送的 EAP Response/ID中，添加预先生成的认证标识假设为 ID-A, 除了响应 ID信息之外，还在 EAP Response/ID消息中附加自己的公钥 PK-A, 随机数 Ra, 以及利用 RSA签名算法和私钥 SK-A计算的签名信息。本发明的实施例中，修改后的 EAP Response/ID的消息格式的一种可用形式可以如图 3所示。 The client 添加 adds the pre-generated authentication identifier to the ID-A in the EAP Response/ID sent, and adds its own public key PK-A in the EAP Response/ID message in addition to the response ID information. The random number Ra, and signature information calculated using the RSA signature algorithm and the private key SK-A. In an embodiment of the present invention, a usable form of the modified EAP Response/ID message format may be as shown in FIG.

步骤 s204、 EAP认证标识的认证过程。 Step s204: The authentication process of the EAP authentication identifier.

其中， AAA服务器接收到客户端 A返回的认证标识后，计算确认此客户端 A是否为该认证标识 ID-A的合法拥有者。以认证标识生成算法为单向 Hash 函数 SHA-1为例，则 AAA服务器首先检查公式 ID=SHA-1 ( PK )是否成立，如果成立，则再利用公钥 PK和随机数 Ra检查 EAP Response/ID消息中包含的签名信息是否正确，如果正确， AAA服务器则确认此客户端 A的确是此认证标识 ID-A的拥有者，也就表明对所述客户端的认证标识和签名信息的认证通过，随后发起相应的 EAP认证过程。 After receiving the authentication identifier returned by the client A, the AAA server calculates whether the client A is the legal owner of the authentication identifier ID-A. Taking the authentication identifier generation algorithm as the one-way hash function SHA-1 as an example, the AAA server first checks whether the formula ID=SHA-1 (PK) is established. If it is established, the public key PK and the random number Ra are used to check the EAP Response/ Whether the signature information contained in the ID message is correct. If it is correct, the AAA server confirms that the client A is indeed the owner of the authentication identifier ID-A, and indicates that the authentication and signature information of the client is authenticated. The corresponding EAP authentication process is then initiated.

通过上述流程，攻击者无法进行伪造认证标识的攻击。首先，虽然攻击者能够窃听到客户端明文传输的认证标识 ID和公钥 PK, 但是攻击者无法通过公钥推导出私钥，也就不能伪造出对应的签名信息。其次，攻击者不能通过另外一个公钥来得到相同的 ID，由于 ID是由公钥 PK通过单向函数 SHA-1 计算出来的，攻击者不能通过另外一个 PK，来得到相同的 ID。 Through the above process, an attacker cannot attack the forged authentication identifier. First, although the attacker can steal the authentication ID and the public key PK of the client's plaintext transmission, the attacker cannot derive the private key through the public key, and the corresponding signature information cannot be forged. Second, the attacker cannot obtain the same ID through another public key. Since the ID is calculated by the public key PK through the one-way function SHA-1, the attacker cannot obtain the same ID through another PK.

具体实施中，为了防止恶意入侵者发起的重放攻击，认证服务器（例如 AAA服务器）可以记录设定时间长度（例如 1小时）内出现的各随机数，如果接收到的 EAP消息中携带的随机数 Ra的数值与记录的各随机数的数值不重复，才执行 EAP认证标识的认证过程；如果接收到的 EAP消息中携带的随机数 Ra的数值与记录的各随机数的数值相重复，则拒绝接受该 EAP消息。本发明的实施例提供的方法中，利用公开密钥和 EAP认证标识（ID )的绑定技术来防止认证标识被盗用，彻底的防止了攻击者窃取盗用其他用户认证标识，而现有的相关的技术没有解决这个问题；另外，其支持不同的 EAP 认证方法，不需要修改已有的 EAP认证协议，属于通用的解决方法。 In a specific implementation, in order to prevent a replay attack initiated by a malicious intruder, an authentication server (for example, an AAA server) may record each random number that occurs within a set time length (for example, 1 hour), if the received EAP message carries random The value of the number Ra is not the same as the value of each random number recorded, and the authentication process of the EAP authentication identifier is performed; if the received EAP message carries If the value of the number Ra of the machine overlaps with the value of each of the recorded random numbers, the EAP message is rejected. In the method provided by the embodiment of the present invention, the binding technology of the public key and the EAP authentication identifier (ID) is used to prevent the authentication identifier from being stolen, and the attacker is completely prevented from stealing other user authentication identifiers, and the existing correlation is The technology does not solve this problem; in addition, it supports different EAP authentication methods, and does not need to modify the existing EAP authentication protocol, which is a general solution.

本发明的实施例提供了一种 EAP认证***，包括： An embodiment of the present invention provides an EAP authentication system, including:

客户端，用于向认证服务器发送 EAP消息， EAP消息中携带客户端的认证标识、随机数、公钥以及签名信息； The client is configured to send an EAP message to the authentication server, where the EAP message carries the authentication identifier, the random number, the public key, and the signature information of the client.

认证服务器，用于接收客户端发送的 EAP消息，获取 EAP消息中携带的客户端的认证标识、随机数、公钥以及签名信息；根据认证标识生成算法、以及随机数和公钥，对客户端的认证标识和签名信息进行认证。 The authentication server is configured to receive an EAP message sent by the client, obtain an authentication identifier, a random number, a public key, and a signature information of the client carried in the EAP message, and perform authentication on the client according to the authentication identifier generation algorithm, and the random number and the public key. Identification and signature information for authentication.

本发明的实施例提供的认证服务器中，其结构如图 4所示，包括：获取单元 10, 用于接收客户端发送的 EAP消息，获取 EAP消息中携带的客户端的认证标识、随机数、公钥以及签名信息； The authentication server provided by the embodiment of the present invention is configured as shown in FIG. 4, and includes: an obtaining unit 10, configured to receive an EAP message sent by a client, and obtain an authentication identifier, a random number, and a publicity of the client carried in the EAP message. Key and signature information;

认证单元 20，用于根据认证标识生成算法、以及随机数和公钥，对客户端的认证标识和签名信息进行认证。 The authentication unit 20 is configured to authenticate the authentication identifier and the signature information of the client according to the authentication identifier generation algorithm, and the random number and the public key.

该认证单元 20具体用于： The authentication unit 20 is specifically configured to:

根据认证标识生成算法以及公钥，生成认证标识；生成的认证标识与客户端发送的 EAP消息中携带的认证标识相同时，对客户端的认证标识的认证成功并执行下一步，否则认证失败；根据客户端的公钥和随机数，检查客户端发送的 EAP消息中携带的签名信息是否正确，如果正确，则对所述客户端的认证标识和签名信息的认证通过，否则认证失败。 The authentication identifier is generated according to the authentication identifier generation algorithm and the public key. When the generated authentication identifier is the same as the authentication identifier carried in the EAP message sent by the client, the authentication of the client's authentication identifier is successful and the next step is performed, otherwise the authentication fails; The public key and the random number of the client are checked whether the signature information carried in the EAP message sent by the client is correct. If the authentication is correct, the authentication and signature information of the client is authenticated. Otherwise, the authentication fails.

该认证服务器还可以包括：配置单元 30, 用于存储每一客户端认证标识对应的 EAP认证方法，并提供给认证单元 20。 The authentication server may further include: a configuration unit 30, configured to store an EAP authentication method corresponding to each client authentication identifier, and provide the authentication method to the authentication unit 20.

认证单元 20，还用于对客户端的认证标识和签名信息的认证通过后，根据配置的客户端的认证标识与 EAP认证方法之间的映射关系，确定所述 EAP 消息中携带的客户端的认证标识对应的 EAP认证方法，对该客户端进行 EAP 认证。 The authentication unit 20 is further configured to determine, after the authentication of the authentication identifier and the signature information of the client, the mapping between the authentication identifier of the client and the EAP authentication method, and determine the authentication identifier of the client carried in the EAP message. EAP authentication method, EAP for the client Certification.

为了防止恶意入侵者发起的重放攻击，认证单元 20，还用于记录设定时间长度内出现的各随机数，在对所述客户端的认证标识和签名信息进行认证之前，确认接收到的 EAP消息中携带的随机数的数值与记录的各随机数的数值不重复。 In order to prevent the replay attack initiated by the malicious intruder, the authentication unit 20 is further configured to record each random number that occurs within the set time length, and confirm the received EAP before authenticating the authentication identifier and the signature information of the client. The value of the random number carried in the message does not overlap with the value of each random number recorded.

本发明的实施例提供的客户端中，其结构如图 5所示，包括： The client provided by the embodiment of the present invention has a structure as shown in FIG. 5, and includes:

密钥生成单元 50，用于根据 RSA公钥算法生成公钥和私钥； a key generation unit 50, configured to generate a public key and a private key according to an RSA public key algorithm;

认证标识生成单元 60，用于根据公钥和认证标识生成算法，生成认证标识； The authentication identifier generating unit 60 is configured to generate an authentication identifier according to the public key and the authentication identifier generating algorithm;

签名信息生成单元 70，用于接收到 EAP认证请求时，生成随机数，并根据随机数和密钥生成单元 50生成的私钥生成签名信息； The signature information generating unit 70 is configured to generate a random number when receiving the EAP authentication request, and generate signature information according to the random number and the private key generated by the key generating unit 50;

EAP消息发送单元 80，用于向认证服务器发送 EAP消息， EAP消息中携带认证标识生成单元 60生成的认证标识、密钥生成单元 50生成的公钥以及签名信息生成单元 70生成的随机数和签名信息。 The EAP message sending unit 80 is configured to send an EAP message to the authentication server, where the EAP message carries the authentication identifier generated by the authentication identifier generating unit 60, the public key generated by the key generating unit 50, and the random number and signature generated by the signature information generating unit 70. information.

本发明的实施例提供的***和设备中 ,利用公开密钥和 EAP认证标识 ID 的绑定技术来防止认证标识被盗用 , 彻底的防止了攻击者窃取盗用其他用户认证标识，而现有的相关的技术没有解决这个问题；另夕卜，其支持不同的 EAP 认证方法，不需要修改已有的 EAP认证协议，属于通用的解决方法。 In the system and device provided by the embodiment of the present invention, the binding technology of the public key and the EAP authentication identifier ID is used to prevent the authentication identifier from being stolen, and the attacker is completely prevented from stealing other user authentication identifiers, and the existing correlation is The technology does not solve this problem; in addition, it supports different EAP authentication methods, and does not need to modify the existing EAP authentication protocol, which is a general solution.

通过以上的实施方式的描述，本领域的技术人员可以清楚地了解到本发明可以通过硬件实现，也可以借助软件加必要的通用硬件平台的方式来实现。基于这样的理解，本发明的技术方案可以以软件产品的形式体现出来，该软件产品可以存储在一个非易失性存储介质（可以是 CD-ROM, U盘，移动硬盘等）中，包括若干指令用以使得一台计算机设备（可以是个人计算机，服务器，或者网络设备等）执行本发明各个实施例所述的方法。 Through the description of the above embodiments, those skilled in the art can clearly understand that the present invention can be implemented by hardware, or by software plus necessary general hardware platform. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a USB flash drive, a mobile hard disk, etc.), including several The instructions are for causing a computer device (which may be a personal computer, server, or network device, etc.) to perform the methods described in various embodiments of the present invention.

本领域技术人员可以理解附图只是一个优选实施例的示意图，附图中的单元或流程并不一定是实施本发明所必须的。进行分布于实施例的装置中，也可以进行相应变化位于不同于本实施例的一个或多个装置中。上述实施例的单元可以合并为一个单元，也可以进一步拆分成多个子单元。 A person skilled in the art can understand that the drawings are only a schematic diagram of a preferred embodiment, and the units or processes in the drawings are not necessarily required to implement the invention. Performing the distribution in the apparatus of the embodiment, it is also possible to make corresponding changes in one or more apparatuses different from the embodiment. The units of the above embodiments may be combined into one unit, or may be further split into a plurality of sub-units.

上述本发明实施例序号仅仅为了描述，不代表实施例的优劣。 The serial numbers of the embodiments of the present invention are merely for the description, and do not represent the advantages and disadvantages of the embodiments.

显然，本领域的技术人员可以对本发明进行各种改动和变型而不脱离本发明的精神和范围。这样，倘若本发明的这些修改和变型属于本发明权利要求及其等同技术的范围之内，则本发明也意图包含这些改动和变型在内。 It is apparent that those skilled in the art can make various modifications and variations to the invention without departing from the spirit and scope of the invention. Thus, it is intended that the present invention cover the modifications and variations of the inventions

Claims

权利要求 Rights request

1、一种可扩展认证协议 EAP认证中的标识认证方法，其特征在于，包括：接收客户端发送的 EAP消息，获取所述 EAP消息中携带的所述客户端的认证标识、随机数、公钥以及签名信息； An identity authentication method in an EAP authentication of an extensible authentication protocol, comprising: receiving an EAP message sent by a client, and acquiring an authentication identifier, a random number, and a public key of the client carried in the EAP message. And signature information;

根据认证标识生成算法、以及所述随机数和公钥，对所述客户端的认证标识和签名信息进行认证。 And authenticating the authentication identifier and the signature information of the client according to the authentication identifier generation algorithm and the random number and the public key.

2、如权利要求 1所述的方法，其特征在于，所述接收客户端发送的 EAP 消息前，还包括： 2. The method according to claim 1, wherein before the receiving the EAP message sent by the client, the method further includes:

3、如权利要求 1所述的方法，其特征在于，所述对所述客户端的认证标识和签名信息进行认证包括： 3. The method according to claim 1, wherein the authenticating the authentication identifier and the signature information of the client comprises:

根据所述客户端的公钥和所述随机数，检查所述客户端发送的 EAP消息中携带的签名信息是否正确，如果正确，则对所述客户端的认证标识和签名信息的认证通过，否则认证失败。 Checking whether the signature information carried in the EAP message sent by the client is correct according to the public key of the client and the random number. If the authentication is correct, the authentication of the authentication identifier and the signature information of the client is passed, otherwise, the authentication is performed. failure.

4、如权利要求 1所述的方法，其特征在于，所述对客户端的认证标识和签名信息进行认证前，还包括： The method according to claim 1, wherein before the authenticating the authentication identifier and the signature information of the client, the method further includes:

确认接收到的 EAP消息中携带的随机数的数值与记录的设定时间长度内出现的各随机数的数值不重复。 It is confirmed that the value of the random number carried in the received EAP message does not overlap with the value of each random number that appears within the set time length of the record.

5、如权利要求 1至 4中任一项所述的方法，其特征在于，所述客户端发送的 EAP消息为 EAP响应消息。 The method according to any one of claims 1 to 4, wherein the EAP message sent by the client is an EAP response message.

6、如权利要求 1至 4中任一项所述的方法，其特征在于，所述认证标识生成算法为单向 Hash函数 SHA-L The method according to any one of claims 1 to 4, wherein the authentication identifier generation algorithm is a one-way Hash function SHA-L

7、如权利要求 1所述的方法，其特征在于，所述对客户端的认证标识和签名信息进行认证后，还包括： The method according to claim 1, wherein after the authenticating the authentication identifier and the signature information of the client, the method further includes:

对所述客户端的认证标识和签名信息的认证通过后， >据配置的客户端的认证标识与 EAP认证方法之间的映射关系，确定所述 EAP消息中携带的所述客户端的认证标识对应的 EAP认证方法，对所述客户端进行 EAP认证。 After the authentication of the authentication identifier and the signature information of the client is passed, the mapping between the authentication identifier of the client and the EAP authentication method is determined, and the EAP corresponding to the authentication identifier of the client carried in the EAP message is determined. The authentication method performs EAP authentication on the client.

8、一种认证服务器，其特征在于，包括： 8. An authentication server, comprising:

获取单元，用于接收客户端发送的 EAP消息，获取所述 EAP消息中携带的所述客户端的认证标识、随机数、公钥以及签名信息； An obtaining unit, configured to receive an EAP message sent by the client, and obtain an authentication identifier, a random number, a public key, and signature information of the client carried in the EAP message;

认证单元，用于根据认证标识生成算法、以及所述随机数和公钥，对所述客户端的认证标识和签名信息进行认证。 And an authentication unit, configured to authenticate the authentication identifier and the signature information of the client according to the authentication identifier generation algorithm and the random number and the public key.

9、如权利要求 8所述的认证服务器，其特征在于，所述认证单元具体用于： The authentication server according to claim 8, wherein the authentication unit is specifically configured to:

10、如权利要求 8所述的认证服务器，其特征在于，还包括： The authentication server according to claim 8, further comprising:

所述认证单元，还用于对所述客户端的认证标识和签名信息的认证通过后，根据配置的客户端的认证标识与 EAP认证方法之间的映射关系，确定所述 EAP消息中携带的所述客户端的认证标识对应的 EAP认证方法，对所述客户端进行 EAP认证。 The authentication unit is further configured to: after the authentication of the authentication identifier and the signature information of the client is passed, determine the mapping relationship between the authentication identifier of the client and the EAP authentication method. An EAP authentication method corresponding to the authentication identifier of the client carried in the EAP message, and performing EAP authentication on the client.

11、如权利要求 8所述的认证服务器，其特征在于， 11. The authentication server of claim 8 wherein:

所述认证单元，还用于记录设定时间长度内出现的各随机数，在对所述客户端的认证标识和签名信息进行认证之前，确认接收到的 EAP消息中携带的随机数的数值与记录的各随机数的数值不重复。 The authentication unit is further configured to record each random number that occurs in the set time length, and confirm the value and record of the random number carried in the received EAP message before authenticating the authentication identifier and the signature information of the client. The values of each random number are not repeated.

12、一种客户端，其特征在于，包括： 12. A client, characterized in that:

认证标识生成单元，用于根据所述公钥和认证标识生成算法，生成认证标识； An authentication identifier generating unit, configured to generate an authentication identifier according to the public key and the authentication identifier generating algorithm;

EAP消息发送单元，用于向认证服务器发送 EAP消息，所述 EAP消息中携带所述客户端的认证标识、随机数、公钥以及签名信息。 The EAP message sending unit is configured to send an EAP message to the authentication server, where the EAP message carries the authentication identifier, the random number, the public key, and the signature information of the client.

13、一种 EAP认证***，其特征在于，包括： 13. An EAP authentication system, comprising:

客户端，用于向认证服务器发送 EAP消息，所述 EAP消息中携带所述客户端的认证标识、随机数、公钥以及签名信息； The client is configured to send an EAP message to the authentication server, where the EAP message carries the authentication identifier, the random number, the public key, and the signature information of the client;