CN117675285A - An identity verification method, chip and device - Google Patents

Abstract

The invention relates to the technical field of communication security, and in particular to an identity verification method. The method includes: after establishing a connection with a server, obtaining an authentication message from the target response signal of a pre-stored physical unclonable function through the SM3 algorithm, and sending the authentication message Send to the server, so that the server can obtain the authentication passing message based on the authentication message; obtain the authentication passing message, verify the digital signature of the authentication passing message through the pre-stored server-side public key, and obtain the signature result; if the signature result is the verification result , then the session duration and session key parameters are obtained by decrypting the authentication message through the decryption algorithm of the SM4 algorithm, where the session key parameter is used to communicate with the server through the session key parameter within the session duration. This method ensures the authentication and communication requirements between the device and the server, resists classic attacks to a large extent, and improves the anti-counterfeiting capability and information security of the device.

Description

An identity verification method, chip and device

Technical field

The present invention relates to the field of communication security technology, and in particular to an identity verification method, chip and equipment.

Background technique

The Internet of Things can interconnect heterogeneous devices that are growing exponentially and reaching billions in scale. The goal of IoT is to enable computers/devices/nodes to collect, process and make decisions with no or minimal human input. As the complexity of IoT systems increases, the security of communication data between IoT devices is quite complicated. A study by HP found that 70% of IoT devices are vulnerable to various attacks when connected to the internet. There is also literature stating that more than 85% of organizations worldwide will utilize IoT devices in different ways, and about 90% of them are unsure about the security of their IoT devices. As a result, IoT faces pressing security challenges, including more vulnerabilities and security attacks.

In order to ensure the information security of IoT devices, security chips are usually used. Authentication methods through security chips can provide security functions such as secure configuration, data encryption, secure storage, key management, and digital signatures for IoT devices or systems. Security chips are also widely used in many information terminal equipment such as servers, communication terminals, smart cards and electronic labels.

The authentication methods of existing physical network devices usually use cryptographic operations such as hashing to prevent network attacks, disguise, or brute force cracking. However, there is still the risk of being easily breached by the network, causing the existing authentication methods to be less secure.

Contents of the invention

By providing an identity verification method, chip and equipment, the embodiments of this application solve the technical problems of low security in the existing technology, achieve the authentication and communication requirements between the equipment and the server, and largely resist the Classic attacks improve the anti-counterfeiting capabilities and information security of devices, provide high-level security mechanisms for massive IoT nodes, and ensure the data security of each node and other technical effects.

In a first aspect, an embodiment of the present invention provides an identity verification method, which is applied to the device side. The method includes:

After establishing a connection with the server, use the SM3 algorithm to obtain the authentication message from the target response signal of the pre-stored physical unclonable function, and send the authentication message to the server, so that the server can use the SM3 algorithm to obtain the authentication message according to the authentication message. Get the certification pass message;

Obtain the authentication passing message, verify the digital signature of the authentication passing message through the pre-stored server-side public key, and obtain a signature result;

If the signature result is a passing verification result, the authentication passing message is decrypted using the decryption algorithm of the SM4 algorithm to obtain the session duration and session key parameters, wherein the session key parameter is used to pass the authentication within the session duration. Session key parameters are communicated with the server side.

Preferably, before establishing a connection with the server, the method further includes:

In the secure channel, a registration request signal is sent to the server, so that the server sends an initial stimulus signal and the public key of the server according to the received registration request signal, wherein the registration request signal Includes the device number of the device, and the public key of the server is a public key encrypted by the SM2 algorithm;

Receive the initial excitation signal and the public key of the server, and obtain the target response signal based on the initial excitation signal and the physical unclonable function;

Store the target response signal and the public key of the server, and send the target response signal to the server, so that the server stores the target response signal and the device number.

Preferably, the SM3 algorithm is used to obtain the authentication message from the target response signal of the pre-stored physical unclonable function, including:

Process the target response signal and the current timestamp through the SM3 algorithm to obtain an authentication excitation signal, and then obtain an authentication response signal based on the physical unclonable function and the authentication excitation signal;

The authentication message is obtained according to the authentication stimulus signal, the authentication response signal, the target response signal, the current timestamp and the device number.

Preferably, the session duration and session key parameters are obtained by decrypting the authentication pass message through the SM4 algorithm, including:

Verify the authentication pass message to obtain the first random number and ciphertext;

Obtain the temporary key according to the first random number and the target response signal;

The ciphertext is decrypted using the SM4 algorithm and the temporary key to obtain the session duration and the session key parameters. The session key parameters include the session key and the second part of the ciphertext. random number.

Preferably, within the session duration, it also includes:

Obtain a session message according to the session key parameter and the SM4 algorithm, and send the session message to the server, so that the server can obtain a session feedback message according to the session message, which is used to implement the communication with the server. Describes communication between servers.

Based on the same inventive concept, in a second aspect, the present invention also provides an identity verification method, which is applied to the server side. The method includes:

After establishing a connection with the device, obtain the authentication message sent by the device;

Search for the pre-stored target response signal according to the device number of the authentication message, and obtain the target hash value based on the target response signal and the SM3 algorithm;

If the target hash value is consistent with the pre-stored hash value, an authentication pass message is obtained, and the authentication pass message is sent to the device.

Preferably, the obtaining the authentication pass message includes:

Get the session key, the first random number and the second random number;

Obtain a temporary key according to the target response signal, the first random number and the SM3 algorithm;

Encrypt the device number, the session key, the session duration and the second random number using the encryption algorithm of the SM4 algorithm to obtain ciphertext;

The current timestamp, the first random number and the ciphertext are digitally signed using the private key of the server to obtain a digital signature, and then the digital signature is obtained based on the current timestamp, the first random number and the digital Sign, and get the authentication passed message.

Preferably, after sending the authentication pass message to the device, the method further includes:

Within the session duration, obtain the session message sent by the device;

Decrypt the session message to obtain the message content and verification random value of the session message;

If the verification random value is consistent with the second random value, communication is performed with the device.

Based on the same inventive concept, in a third aspect, the present invention provides a chip, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor. When the processor executes the program, an identity verification method is implemented. A step of.

Based on the same inventive concept, in a fourth aspect, the present invention provides an electronic device including the above-mentioned chip.

One or more technical solutions in the embodiments of the present invention have at least the following technical effects or advantages:

In the embodiment of the present invention, after the device side establishes a connection with the server side, the device side uses the SM3 algorithm to obtain the authentication message from the target response signal of the pre-stored physical unclonable function, and sends the authentication message to the server side, so that the server side Obtain the authentication pass message according to the authentication message. Here, the device pre-stores a target response signal obtained through the physical unclonable function, obtains the authentication message through SM3 algorithm processing, and sends the authentication message to the server, so that the server can verify the identity of the device. The subsequent authentication process and session process between the device side and the server side are realized through the target response signal. There is no need to store a large number of PUF responses in advance, which reduces the calculation amount on the device side. It is more suitable for IoT devices and realizes lightweight communication between the device side and the server side. process. Combined with the SM3 algorithm, the security and confidentiality of the communication process on the device side are improved.

Then, obtain the authentication-passed message, verify the digital signature of the authentication-passed message through the pre-stored server-side public key, and obtain the signature result. If the signature result is a verification result, the SM4 algorithm is used to decrypt the authentication message to obtain the session duration and session key parameters. The session key parameter is used to communicate with the server through the session key parameter within the session duration. communication. Through the matching use of SM4 algorithm and session key, the device and the server first establish a secure shared session key through the network and then conduct confidential communication, ensuring the encryption and decryption efficiency and communication security of the communication between the device and the server. The device side has high resistance to differential attacks, can resist classic attacks to a large extent, and improves communication efficiency.

Description of drawings

Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are for the purpose of illustrating preferred embodiments only and are not to be construed as limiting the invention. Also throughout the drawings, the same reference figures are used to represent the same components. In the attached picture:

Figure 1 shows a schematic flowchart of the steps of the identity verification method applied to the device side in an embodiment of the present invention;

Figure 2 shows a schematic flow chart of the registration phase and authentication phase in the embodiment of the present invention;

Figure 3 shows a schematic flow chart of the key establishment phase in the embodiment of the present invention;

Figure 4a shows a schematic diagram of the speed at which the SM2 algorithm in the embodiment of the present invention performs functions such as generating public and private keys, private key signatures, public key signature verification, public key encryption, private key decryption, negotiation of session keys, and key exchange;

Figure 4b shows the memory used by the SM2 algorithm in the embodiment of the present invention to perform functions such as public and private keys, private key signatures, public key signature verification, public key encryption, private key decryption, negotiation of session keys, and key exchange. schematic diagram;

Figure 5 shows a schematic diagram of the speed at which the SM2 algorithm and the RAS algorithm perform corresponding functions respectively in the embodiment of the present invention;

Figure 6a shows a schematic diagram of the time it takes for the SM4 algorithm to execute algorithm modes such as ECB, CBC, CFB and OFB in the embodiment of the present invention;

Figure 6b shows a schematic diagram of the memory occupied by the SM4 algorithm in the embodiment of the present invention when executing algorithm modes such as ECB, CBC, CFB and OFB;

Figure 7 shows a schematic flowchart of the steps of the identity verification method applied to the server side in the embodiment of the present invention.

Detailed ways

Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be implemented in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided to provide a thorough understanding of the disclosure, and to fully convey the scope of the disclosure to those skilled in the art.

Embodiment 1

The first embodiment of the present invention provides an identity verification method, as shown in Figure 1, applied to the device side, including:

S101. After establishing a connection with the server, use the SM3 algorithm to obtain the authentication message from the target response signal of the pre-stored physical unclonable function, and send the authentication message to the server, so that the server can obtain the authentication pass message based on the authentication message;

S102, obtain the authentication passed message, verify the digital signature of the authentication passed message through the pre-stored server-side public key, and obtain the signature result;

S103. If the signature result is a verification result, the SM4 algorithm is used to decrypt the authentication message to obtain the session duration and session key parameters. The session key parameter is used to communicate with the server through the session key parameter within the session duration. to communicate.

The identity verification method in this embodiment is applied to the device side, and the device side is preferably Internet of Things equipment, such as smart home equipment, industrial sensor equipment, smart cars, smart cameras, medical/fitness equipment, etc.

Next, the specific implementation steps of the identity verification method provided in this embodiment will be introduced in detail with reference to Figure 1:

Before executing step S101, the device needs to register with the server. In the registration phase, in the secure channel, a registration request signal is sent to the server, so that the server sends an initial stimulus signal and the server's public key based on the received registration request signal, where the registration request signal includes the device number of the device, The public key on the server side is the public key encrypted by the SM2 algorithm. Receive the initial excitation signal and the server-side public key, and obtain the target response signal based on the initial excitation signal and the physical unclonable function. Store the target response signal and the public key of the server side, and send the target response signal to the server side, so that the server side stores the target response signal and the device number.

Specifically, as shown in Figure 2, in the secure channel, the device first initiates a registration request signal to the server, and the registration request signal includes the device number ID _A of the device. The device number can be the network address or MAC address of the device, or a number set according to actual needs. After receiving the registration request signal, the server side stores the device number ID _A , encrypts its own public key through the SM2 algorithm, and sends an initial stimulus signal C _A and the server side's own public key Pub_key _{SM2_B} to the device side. It should be noted that the parameters with subscript A all represent device-side parameters, and the parameters with subscript B all represent server-side parameters. The parameters with SM2 or SM3 or SM4 in the table below represent the SM2 algorithm or the SM3 algorithm or the SM4 respectively. Parameters processed by the algorithm, such as the server-side public key Pub_key _{SM2_B} is the public key encrypted through the SM2 algorithm. A secure channel is a channel that meets preset requirements. For example, a secure channel is a communication channel that can prevent attacks such as eavesdropping, data copying, data tampering, and man-in-the-middle attacks, and ensure the confidentiality, integrity, and authenticity of data transmission between communication devices. Preset requirements can be set according to actual needs.

The device side obtains the target response signal _RA based on the received initial excitation signal and the physical unclonable function PUF. That is, _RA = puf _A (C _A ). The device side will also send the target response signal _RA to the server side, so that the server side stores the target response signal _RA . Among them, a physical unclonable function (PUF) is a physical one-way function constructed from the unique nanostructure of a physical object (such as an integrated circuit, crystal, magnet, lens or solar cell) and its response to random events. PUF is a disordered physical system that generates a unique, unpredictable, and repeatable response R _i when an input excites C _i . The set of all possible stimuli and their corresponding responses is often called a challenge-response pair (CRP).

Through the above registration process, the application registration from the device side to the server side is completed. In the registration phase, the device does not need to pre-store a large number of PUF response signals to the stimulus signals sent by the server. It is only necessary to store a target response signal during the registration process, so that the session key negotiation process and communication process between the device side and the server side can be realized through the target response signal, which reduces the calculation amount on the device side and is more suitable for Internet of Things devices to ensure Security and confidentiality of the session key negotiation process.

Moreover, during the registration phase, the device needs to send a message to the server to ensure that only the server can read it correctly. Then, the target response signal R _A needs to be encrypted by relying on the public key on the server side to ensure that only the communicating party with the correct private key can decrypt it. Therefore, an appropriate asymmetric encryption algorithm must be selected at this stage. Compared with the classic RSA algorithm, the national secret algorithm SM2 algorithm provides the same level of security, and the key size is relatively smaller and requires less storage space. It can better complete encryption and signature operations in resource-constrained environments, and is very suitable for IoT devices to improve information security. At the same time, the application of national secret algorithms can help protect national and personal information security and reduce reliance on foreign algorithms.

After completing the registration process on the device side, step S101 is executed. After establishing a connection with the server side, the target response signal of the pre-stored physical unclonable function is used to obtain the authentication message through the SM3 algorithm, and the authentication message is sent to the server side, so that the server The terminal obtains the authentication pass message based on the authentication message.

Specifically, after completing the registration process on the device side, each time communication is established between the device side and the server side, the device side needs to authenticate to the server side, that is, verify the identity. As shown in Figure 2, A represents the device side and B represents the server side. In the authentication phase, whether under secure channel conditions or unsafe channel conditions, the device processes the target response signal R _A and the current timestamp T ₁ through the SM3 algorithm H _SM3 () to obtain the authentication excitation signal C' _A , that is C' _A =H _SM3 (T ₁ || _RA ). Then, based on the physical unclonable function PUF and the authentication excitation signal C' _A , the authentication response signal R' _A is obtained, that is, R' _A =puf _A (C' _A ).

The authentication message is obtained according to the authentication excitation signal C' _A , the authentication response signal R' _A , the target response signal _RA , the current timestamp T ₁ and the device number ID _A . Specifically, the device side obtains the authentication message M ₁ =(ID _A ,T ₁ ,τ,σ), where the first hash value τ=H _SM3 (C' _A ||R' _A ) and the second hash value Both the first hash value and the second hash value are intermediate calculated values.

After getting the authentication message, the device sends the authentication message to the server. After receiving the authentication message M ₁ = (ID _A , T ₁ , τ, σ), the server searches for the pre-stored target response signal _RA according to the device number ID _A of the authentication message. According to the target response signal _RA and SM3 algorithm H _SM3 (), get the target hash value.

Specifically, the server decrypts the authentication message and obtains the authentication ciphertext H _SM3 (Pub_key _{SM2_B} ( _RA )|| _RA ), the authentication excitation signal C' _A =H _SM3 (T ₁ ||RA ₎ , and the first Hash value τ=H _SM3 (C' _A ||R' _A ) and the second hash value According to the second hash value Get authentication response signal The server side obtains the target hash value τ' based on the authentication stimulus signal C' _A and the authentication response signal R' _A , that is, τ' = H _SM3 (C' _A ||R' _A ).

After obtaining the target hash value, the target hash value needs to be judged to determine whether the authentication message has been tampered with. If the target hash value τ' is consistent with the pre-stored hash value τ, it means that the authentication message has not been tampered with and was sent by a legitimate device, then the authentication pass message is obtained and the authentication pass message is sent to the device. If the target hash value τ' is not consistent with the pre-stored hash value τ, it means that the authentication message has been tampered with or sent by an illegal device, and the server will disconnect from the device.

In the authentication phase, the authentication message needs to be compressed and the data format fixed. Therefore, a hash function is needed to create a "fingerprint" of the message. SM3 is a cryptographic hash function used for digest computation of data. It uses nonlinear replacement and substitution operations, combined with complex operations such as elliptic curves, and has high collision resistance and attack resistance. It is a cryptographic hashing algorithm that is widely recognized as safe and reliable. It is designed taking into account the needs of hardware implementation and software optimization, and is suitable for data summary calculations on various platforms and devices. SM3 has become a cryptographic application standard in many fields at home and abroad, including digital certificates, electronic signatures, identity authentication, data integrity verification, etc. Using SM3 can meet the security needs of cryptographic applications and be compatible and interoperable with other systems and devices. Moreover, through the process of verifying the identity of the device in the authentication phase, the anti-counterfeiting capabilities and information security of the device are further improved, providing a high-level security mechanism.

As shown in Figure 3, after the server-side authentication passes the device side, that is, after the authentication message is authenticated, the session key negotiation phase is entered. At this stage, the server side obtains the session key k _s , the first random number r ₁ and the second random number r ₂ . According to the pre-stored target response signal _RA , the first random number r ₁ and the SM3 algorithm H _SM3 (), the temporary key k _t is obtained, that is, k _t =H _SM3 (r ₁ ||RA ₎ . Among them, the session key k _s , the first random number r ₁ and the second random number r ₂ can be set randomly, such as generated by a random function on the server side, or can be set according to actual needs.

The device number ID _A , the session key k _s , the session duration ΔT and the second random number r ₂ are encrypted through the encryption algorithm E _{SM4_k} () of the SM4 algorithm to obtain the ciphertext E _{SM4_kt} (ID _A ||k _s ||ΔT ||r ₂ ). Among them, the session duration ΔT is the effective time of the session key k _s , and is also the effective communication time between the device and the server. Among them, the encryption algorithm of the SM4 algorithm can select the corresponding encryption mode for encryption according to actual needs.

The server uses the server's private key Pri_key _{SM2_B} to digitally sign the current timestamp T ₁ , the first random number r ₁ and the ciphertext E _{SM4_kt} (ID _A ||k _s ||ΔT||r ₂ ) to obtain a digital signature Sig _B =Pri_key _{SM2_B} (T ₁ ||r ₁ ||E _{SM4_kt} (ID _A ||k _s ||ΔT||r ₂ )). Then based on the current timestamp T ₁ , the first random number r ₁ and the digital signature Sig _B =Pri_key _{SM2_B} (T ₁ ||r ₁ ||E _{SM4_kt} (ID _A ||k _s ||ΔT||r ₂ )), The authentication passing message M ₂ =(T ₁ , r ₁ , Sig _B ) is obtained. And the server sends the authentication message to the device.

In the session key negotiation phase, after the server sends the authentication pass message to the device, step S102 is performed to obtain the authentication pass message, and the digital signature of the authentication pass message is verified using the pre-stored server-side public key to obtain the signature result.

Specifically, after the device receives the authentication message M ₂ = (T ₁ , r ₁ , Sig _B ), it uses the pre-stored server-side public key Pub_key _{SM2_B} to match M ₂ = (T ₁ , r ₁ , Sig _B ). The digital signature on the server side is verified and the signature result is obtained. After obtaining the signature result, it is necessary to judge the signature result to ensure that the device side receives parameters such as the session key, to ensure normal communication between the device side and the server point, and to improve the information security of the device side.

Next, step S103 is executed. If the signature result is a verification result, indicating that the digital signature in the authentication passed message M ₂ =(T ₁ , r ₁ , Sig _B ) is correct, the authentication passed message is decrypted through the decryption algorithm of the SM4 algorithm. Get the session duration and session key parameters, where the session key parameter is used to communicate with the server through the session key parameter within the session duration.

Specifically, under the condition that the signature result is a verification result, the device verifies the authentication passing message M ₂ = (T ₁ , r ₁ , Sig _B ), and obtains the first random number r ₁ and the ciphertext E _{SM4_kt} ( ID _A ||k _s ||ΔT||r ₂ ). According to the first random number r ₁ and the target response signal _RA , the temporary key k _t is obtained. Decrypt the ciphertext E _{SM4_kt} (ID _A ||k _s ||ΔT||r ₂ ) through the decryption algorithm D _{SM4_k} () of the SM4 algorithm and the temporary key k _t to obtain the device number, session duration ΔT and session key Parameters, the session key parameter includes the session key k _s and the second random number r ₂ of the ciphertext. In this way, the identity authentication process between the device and the server is completed.

If the signature result is a verification result, it means that the digital signature in the authentication passed message M ₂ = (T ₁ , r ₁ , Sig _B ) is wrong, and the device may encounter a man-in-the-middle attack, that is, someone pretends to be the server to communicate with the device, then The device discards the authentication pass message, which means that the device no longer communicates with the man-in-the-middle attacker. The device waits for the authentication pass message sent again by the server or the device resends the authentication message to the server.

Moreover, within the session duration ΔT, when the device communicates with the server, the device obtains the session message based on the session key parameters and the SM4 algorithm, that is, using the session key k _s , the session encrypts the session message through the encryption algorithm of the SM4 algorithm. The content message and the second random value r ₂ are used to obtain the session message M ₃ =E _{SM4_ks} (message||r ₂ ). The device sends the session message M ₃ =E _{SM4_ks} (message||r ₂ ) to the server, so that the server can obtain the session feedback message based on the session message for communication with the server.

After receiving the session message M ₃ =E _{SM4_ks} (message||r ₂ ), the server decrypts the session message through the SM4 algorithm, obtains the session content message of the session message and the session random value r ₂ ^* , and verifies the session random value r ₂ ^* is consistent with the second random value r ₂ . If the verification session random value r ₂ ^* is consistent/equal with the second random value r ₂ , it indicates that the session key negotiation between the device side and the server side has been completed, and within the session duration ΔT, the device side communicates with the server side, or the device Establish a new session key between the client and the server. If the verification session random value r ₂ ^* is not consistent/equal to the second random value r ₂ , it indicates that the session message may have been forged or tampered with, or the server is subject to a denial of service attack, the server will discard the session message to ensure communication. Security, improve data security.

In the session key negotiation phase, the temporary key is calculated based on the target response signal _RA known by both the device side and the server side during the communication process. Therefore, as long as the server side sends the first random value r ₁ to the device side, the device side can calculate the temporary key through r ₁ and _RA , thereby obtaining the session key. In the authentication phase, the device only proves its identity to the server. After the server sends an authentication pass message to the device, the device obtains the temporary key through the first random value r ₁ and decrypts the temporary key to obtain the device number ID _A , session key k _s , session duration ΔT and the second random The identity of the server can be verified only after receiving several r ₂ and other information. Therefore, the temporary key cannot be used directly as the session key. If a temporary key is used as the session key, the device may receive a fake signature and a false random value generated by the attacker through the server's public key, thereby generating an invalid session key.

Therefore, the session key is obtained through the temporary key, and the device side and the server side communicate with the session key, which improves the security level of the session key, resists classic attacks to a large extent, and improves the anti-counterfeiting capability and information security of the device. , providing a high-level security mechanism for massive IoT nodes to ensure the data security of each node.

The session key is used for normal communication between the device and the server within the session duration to avoid network attacks, information camouflage, etc. in the communication between the device and the server. It also ensures the communication security between the two, further provides a high-level security mechanism for the device side, and ensures the data security of each node.

During the conversation process between the device side and the server side, and during the communication process between the actual device side (especially IoT devices) and the server side, in order to ensure the efficiency of encryption and decryption, a symmetric encryption algorithm should be used. As a type of symmetric encryption algorithm, the SM4 algorithm uses complex S-box transformation and 32 rounds of iterative design, and has high resistance to differential attacks. A differential attack is a cryptanalysis method that deduces key information by observing the behavior of an encryption algorithm under different input differences. The design of the SM4 algorithm takes into account the need to resist differential attacks and enhances the security of the algorithm. The key length of SM4 is 128 bits, which provides sufficient security. The 128-bit key space is large enough to make it difficult to carry out key attacks through brute force cracking methods such as exhaustive search. Therefore, the device and server use the SM4 algorithm for encryption and decryption during the key negotiation phase and session process, which further ensures communication security and data security on the device, resists classic attacks to a large extent, and improves communication efficiency.

Next, the test process and test results of the device-side identity verification method in this embodiment are described:

The device-side authentication method written in Golang language in this embodiment includes a device-side registration process executed on a secure channel and a communication process between the device side and the server side on a public channel. The testing process mainly revolves around the efficiency of communication on public channels.

During the test, the test device was a personal computer. The implementation process of the SM2 algorithm, SM3 algorithm and SM4 algorithm is to write SM2, SM3 and SM4 algorithm implementations for the protocol we proposed based on the national secret algorithm library implemented by the github open source project gmsm.

Communication implementation: In order to realize mutual communication between the test equipment side and the server side, the portable network I/O interface provided by the Golang standard library "net" is used to perform access to network primitives, based on the Dial, Listen and Accept functions Provides a basic interface for establishing network connections.

Protocol implementation: First, the protocol of the identity authentication phase and session key negotiation phase proposed by this invention is implemented through Golang. Then use the Visual Studio Code compilation protocol to complete the test by writing device-side and server-side code to issue authentication requests and key agreement requests.

Execution time and memory usage: Use the Golang standard library "testing" package to provide support for automated testing of Go packages to write test suites and feedback information such as test execution time and memory usage.

Test process: In order to ensure the credibility of the test results, a total of 15 rounds of tests were conducted. The length of the encrypted data in the test was all 512 bytes, and the public and private keys, common key length and group length were all 128 bits.

The test results are as follows:

Figure 4a is a schematic diagram of the speed at which the SM2 algorithm performs functions such as public and private key generation, private key signature, public key signature verification, public key encryption, private key decryption, negotiated session key and key exchange under 15 rounds of testing. The horizontal The coordinates are rounds, and the ordinate is speed, unit (thousand times per second). In Figure 4a, the public and private key generation is represented by a datum column filled with a diagonal underline pattern, the key exchange is represented by a datum bar filled with a vertical line pattern, the private key signature is represented by a datum bar without a filled pattern, and the public key signature verification is represented by a filled datum bar. The datum bar is represented by a horizontal line pattern, public key encryption is represented by a datum bar filled with a black and white grid pattern, and private key encryption is represented by a datum bar filled with a crosshatch pattern. Figure 4b is a schematic diagram of the memory used by the SM2 algorithm to perform functions such as public and private key generation, private key signature, public key signature verification, public key encryption, private key decryption, negotiation of session keys and key exchange under 15 rounds of testing. , unit (KB/op). It can be seen from Figure 4a and Figure 4b that basic operations such as key generation and private key signature based on the SM2 algorithm are much faster than operations such as public key signature verification, public key encryption, and private key decryption. Compared with other operations, Performing private key signing operations takes up a lot of memory.

Figure 5 is a schematic diagram of the speed at which the SM2 algorithm and the RAS algorithm perform corresponding functions respectively. The speed at which the SM2 algorithm and the RSA algorithm perform functions such as signature & verification, encryption & decryption respectively, and both are tested a total of 15 times. In Figure 5, SM2 signature & verification are represented by reference bars filled with white dot patterns on a black background, SM2 encryption & decryption are represented by reference bars filled with horizontal lines, and RSA signature & verification are represented by reference bars without filled patterns. RSA encryption & decryption are represented by reference bars filled with a black dot pattern on a white background. As can be seen from Figure 5, SM2’s signature & verification speed and encryption and decryption speed are faster than RSA. This is because the SM2 algorithm is implemented based on ECC (Elliptic Curve Cryptography, elliptic curve cryptography based on discrete logarithms). Under the same security strength, ECC has smaller key bit length and smaller system parameters than RSA, that is, it requires smaller storage space, lower transmission bandwidth requirements, and the number of logic gates in the logic circuit required to implement ECC in hardware is smaller. There are also fewer RSAs and lower power consumption.

Figure 6a shows the SM4 (packet data) algorithm executing ECB (Electronic Codebook, electronic codebook), CBC (Cipher-block chaining, cipher block chaining), CFB (Cipher feedback, ciphertext feedback) and OFB (output feedback, output feedback) Illustration of time spent waiting for algorithm mode. The abscissa in Figure 6a is the rounds, with a total of 15 rounds of testing. The ordinate of Figure 6a is the execution time, unit: us. Figure 6b is a schematic diagram of the memory occupied by the SM4 algorithm when executing algorithm modes such as ECB, CBC, CFB and OFB. Unit: Byte/op, a total of 15 rounds of testing. In Figure 6a, ECB is represented by a reference column filled with a black dot pattern on a white background, CFB is represented by a reference column filled with a horizontal line pattern, OFB is represented by a reference column filled with a diagonal pattern, and CBC is represented by a reference column without a pattern filled.

It can be seen from Figure 6a and Figure 6b that the execution time of the SM4 algorithm in different block cipher modes is that the encrypted and decrypted information is the common key negotiated between the device and the server, that is, the session key, with a length of 128 bits. Among them, the CBC mode takes longer to run and consumes more memory than the other three modes. The memory occupied by OFB mode operation is the same as the memory occupied by CFB mode operation. In specific practice, you can choose according to the situation on the device side. Because there are differences between the encryption and decryption processes of different encryption modes, this will lead to differences in running time and memory usage. During the test, the specific performance of different encryption modes in the verification scheme was tested, but the use of a certain encryption mode was not specified.

As shown in Table 1, Table 1 shows the protocol performance test results, mainly for SM2 digital signature generation, SM2 digital signature verification, SM2 encryption, SM2 decryption, SM3 digest generation, and SM4 encryption during the identity authentication process and key negotiation communication process. , SM4 decryption rate is tested. Judging from the protocol performance test results, after 15 rounds of testing, the encryption and decryption speed of SM2 is about 900 times/s, the execution speed of SM3 is also about 2000 times/s, and the encryption and decryption speed of SM4 is about 3000 times/s. Since SM3 is a hash algorithm, it is not broken down into multiple processes. Therefore, after multiple rounds of testing, it was found that each protocol runs stably, various functions perform well, and can achieve the expected results.

It can be seen from the above test results that the identity verification method of this embodiment is implemented in combination with the SM2 algorithm, SM3 algorithm and SM4 algorithm. While improving the communication security and data security of the device, it also optimizes the calculation and processing volume of the device and achieves lightweight , adapted to the security authentication and session key establishment scheme used by both the device side and the server side. It also provides a high-level security mechanism for massive IoT nodes to ensure the data security of each node.

One or more technical solutions in the embodiments of the present invention have at least the following technical effects or advantages:

In the embodiment of the present invention, after the device side establishes a connection with the server side, the device side uses the SM3 algorithm to obtain the authentication message from the target response signal of the pre-stored physical unclonable function, and sends the authentication message to the server side, so that the server side Obtain the authentication pass message according to the authentication message. Here, the device pre-stores a target response signal obtained through the physical unclonable function, obtains the authentication message through SM3 algorithm processing, and sends the authentication message to the server, so that the server can verify the identity of the device. The subsequent authentication process and session process between the device side and the server side are realized through the target response signal. There is no need to store a large number of PUF responses in advance, which reduces the calculation amount on the device side. It is more suitable for IoT devices and realizes lightweight communication between the device side and the server side. process. Combined with the SM3 algorithm, the security and confidentiality of the communication process on the device side are improved.

Then, obtain the authentication-passed message, verify the digital signature of the authentication-passed message through the pre-stored server-side public key, and obtain the signature result. If the signature result is a verification result, the SM4 algorithm is used to decrypt the authentication message to obtain the session duration and session key parameters. The session key parameter is used to communicate with the server through the session key parameter within the session duration. communication. Through the matching use of SM4 algorithm and session key, the device and the server first establish a secure shared session key through the network and then conduct confidential communication, ensuring the encryption and decryption efficiency and communication security of the communication between the device and the server. The device side has high resistance to differential attacks, can resist classic attacks to a large extent, and improves communication efficiency.

Embodiment 2

The first embodiment of the present invention provides an identity verification method, as shown in Figure 7, applied to the server side. The method includes:

S201: After establishing a connection with the device, obtain the authentication message sent by the device;

S202, search for a pre-stored target response signal according to the device number of the authentication message, and obtain the target hash value according to the target response signal and the SM3 algorithm;

S203. If the target hash value is consistent with the pre-stored hash value, obtain an authentication pass message and send the authentication pass message to the device.

Preferably, the obtaining the authentication pass message includes:

Get the session key, the first random number and the second random number;

Obtain a temporary key according to the target response signal, the first random number and the SM3 algorithm;

Encrypt the device number, the session key, the session duration and the second random number using the encryption algorithm of the SM4 algorithm to obtain ciphertext;

The current timestamp, the first random number and the ciphertext are digitally signed using the private key of the server to obtain a digital signature, and then the digital signature is obtained based on the current timestamp, the first random number and the digital Sign, and get the authentication passed message.

Preferably, after sending the authentication pass message to the device, the method further includes:

Within the session duration, obtain the session message sent by the device;

Decrypt the session message to obtain the message content and verification random value of the session message;

If the verification random value is consistent with the second random value, communication is performed with the device.

Embodiment 3

Based on the same inventive concept, a second embodiment of the present invention also provides a chip, including: a memory, a processor, and a computer program stored in the memory and executable on the processor. When the processor executes the program Steps to implement any of the above authentication methods.

Since the chip introduced in this embodiment is the chip used to implement the identity verification method in Embodiment 1 of this application, based on the identity verification method introduced in Embodiment 1 of this application, those skilled in the art can understand the method of this embodiment. The specific implementation mode of the chip and its various modifications, therefore, how the chip implements the method in Embodiment 1 of the present application will not be described in detail here. As long as those skilled in the art implement the chips used in the identity verification method in Embodiment 1 of this application, they all fall within the scope of protection intended by this application.

Embodiment 4

Based on the same inventive concept, a fourth embodiment of the present invention also provides an electronic device, including the above chip.

Those skilled in the art will understand that embodiments of the present invention may be provided as methods, devices (systems), or computer program products. Thus, the invention may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.

The invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each process and/or block in the flowchart illustrations and/or block diagrams, and combinations of processes and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing device to produce a machine, such that the instructions executed by the processor of the computer or other programmable data processing device produce a use A device for realizing the functions specified in one process or multiple processes of the flowchart and/or one block or multiple blocks of the block diagram.

These computer program instructions may also be stored in a computer-readable memory that causes a computer or other programmable data processing apparatus to operate in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction means, the instructions The device implements the functions specified in a process or processes of the flowchart and/or a block or blocks of the block diagram.

These computer program instructions may also be loaded onto a computer or other programmable data processing device, causing a series of operating steps to be performed on the computer or other programmable device to produce computer-implemented processing, thereby executing on the computer or other programmable device. Instructions provide steps for implementing the functions specified in a process or processes of a flowchart diagram and/or a block or blocks of a block diagram.

Although the preferred embodiments of the present invention have been described, those skilled in the art will be able to make additional changes and modifications to these embodiments once the basic inventive concepts are apparent. Therefore, it is intended that the appended claims be construed to include the preferred embodiments and all changes and modifications that fall within the scope of the invention.

Obviously, those skilled in the art can make various changes and modifications to the present invention without departing from the spirit and scope of the invention. In this way, if these modifications and variations of the present invention fall within the scope of the claims of the present invention and equivalent technologies, the present invention is also intended to include these modifications and variations.

Claims (10)

1. An identity verification method, characterized in that it is applied to the device side, and the method includes: After establishing a connection with the server, use the SM3 algorithm to obtain the authentication message from the target response signal of the pre-stored physical unclonable function, and send the authentication message to the server, so that the server can use the SM3 algorithm to obtain the authentication message according to the authentication message. Get the certification pass message; Obtain the authentication passing message, verify the digital signature of the authentication passing message through the pre-stored server-side public key, and obtain a signature result; If the signature result is a passing verification result, the authentication passing message is decrypted using the decryption algorithm of the SM4 algorithm to obtain the session duration and session key parameters, wherein the session key parameter is used to pass the authentication within the session duration. Session key parameters are communicated with the server side. 2. The method according to claim 1, characterized in that, before establishing a connection with the server, it further includes: In the secure channel, a registration request signal is sent to the server, so that the server sends an initial stimulus signal and the public key of the server according to the received registration request signal, wherein the registration request signal Includes the device number of the device, and the public key of the server is a public key encrypted by the SM2 algorithm; Receive the initial excitation signal and the public key of the server, and obtain the target response signal based on the initial excitation signal and the physical unclonable function; Store the target response signal and the public key of the server, and send the target response signal to the server, so that the server stores the target response signal and the device number. 3. The method according to claim 2, characterized in that obtaining the authentication message from the target response signal of the pre-stored physical unclonable function through the SM3 algorithm includes: Process the target response signal and the current timestamp through the SM3 algorithm to obtain an authentication excitation signal, and then obtain an authentication response signal based on the physical unclonable function and the authentication excitation signal; The authentication message is obtained according to the authentication stimulus signal, the authentication response signal, the target response signal, the current timestamp and the device number. 4. The method of claim 1, wherein the session length and session key parameters are obtained by decrypting the authentication pass message using the SM4 algorithm, including: Verify the authentication pass message to obtain the first random number and ciphertext; Obtain the temporary key according to the first random number and the target response signal; The ciphertext is decrypted using the SM4 algorithm and the temporary key to obtain the session duration and the session key parameters. The session key parameters include the session key and the second part of the ciphertext. random number. 5. The method of claim 1, wherein within the session duration, it further includes: Obtain a session message according to the session key parameter and the SM4 algorithm, and send the session message to the server, so that the server can obtain a session feedback message according to the session message, which is used to implement the communication with the server. Describes communication between servers. 6. An identity verification method, characterized in that it is applied to the server side, and the method includes: After establishing a connection with the device, obtain the authentication message sent by the device; Search for the pre-stored target response signal according to the device number of the authentication message, and obtain the target hash value based on the target response signal and the SM3 algorithm; If the target hash value is consistent with the pre-stored hash value, an authentication pass message is obtained, and the authentication pass message is sent to the device. 7. The method of claim 6, wherein obtaining the authentication pass message includes: Get the session key, the first random number and the second random number; Obtain a temporary key according to the target response signal, the first random number and the SM3 algorithm; Encrypt the device number, the session key, the session duration and the second random number using the encryption algorithm of the SM4 algorithm to obtain ciphertext; The current timestamp, the first random number and the ciphertext are digitally signed using the private key of the server to obtain a digital signature, and then the digital signature is obtained based on the current timestamp, the first random number and the digital Sign, and get the authentication passed message. 8. The method of claim 7, wherein after sending the authentication pass message to the device, it further includes: Within the session duration, obtain the session message sent by the device; Decrypt the session message to obtain the message content and verification random value of the session message; If the verification random value is consistent with the second random value, communication is performed with the device. 9. A chip, characterized in that it includes a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that when the processor executes the program, it implements claim 1- The method steps of any one of claims 5. 10. An electronic device, comprising the chip according to claim 9.