CN1571335A - A source authentication method applied in multicast communication system - Google Patents

Abstract

The invention discloses a source authentication method applied in a multicast communication system, belonging to the technical field of computer security. The technical solution of the present invention is: provide an identity credential for each member participating in the multicast communication, which is used to carry out two-way authentication between the multicast client and the authentication center, and determine the transmission key and the client public and private key of the communication parties; When the multicast information is transmitted, the source authentication scheme based on the event sequence is used to perform signature authentication on the transmitted information to ensure that the sender of the multicast information is the sender of its statement. The technical solution of the invention has the characteristics of low cost, good scalability, fast authentication, good loss resistance, etc., and can effectively improve the efficiency of low-end receivers in the multicast application scenario.

Description

A kind of source authentication method that is applied in the multicast communication system

Technical field

The present invention relates to a kind of source authentication method that is applied in the multicast communication system, it belongs to the computer security technique field.

Background technology

Existing cast communication system is a kind of communication system of opening, is characterized in: information source determines that the stay of two nights is clearly and not concrete, at any one time promptly, participate in the main frame of certain multi-cast system information source being arranged necessarily, but stay of two nights quantity is normally unfixed, even is the zero stay of two nights; And multicast communication system does not provide data source to differentiate service mechanism, makes any main frame to send data to any multicast group.This just means that any main frame all can mix the multicast packet of information source main frame or pretend to be information source host groups multicast data, and this is extremely serious problem in the present multicast communication system security of multicast.Therefore,, need carry out the source monitoring, the information that the multicast member of having discerned sends is tackled, filtered multicast for multicast is carried out effective monitoring.If there is not the authentication (checking) of multicast source, it is lead-pipe cinch that the assailant of malice sends data to multicast group, and this group of recipients is differentiated the data of having to accept the assailant owing to having no way of.

In the unicast communication system, use pure symmetric cryptography mechanism that the authentication of packet just can be provided, promptly sender and recipient share a cipher key calculation message authentication code.When the information with message authentication code arrived, the recipient verifies correctly can be confirmed to be this message that is produced by the sender.But in multicast communication system, re-using the authentication of symmetric cryptography mechanism is not very safe just.Because according to the characteristics of multicast communication system,, then probably pretend to be sender's spurious information to send to other recipient if each recipient knows this key.In addition, because authentication has higher requirement to data in multicast environment, promptly need there be packet loss, sender not to know under the situation of recipient's state, efficiently authentication data packet.This makes that it is impracticable still using symmetric cryptography mechanism to carry out the source authentication in multicast environment.

By using asymmetric encryption mechanism can realize the source authentication of multi-cast system, make each recipient only needn't produce authentication information and realize authentication multicast source by checking the authentication information that it receives.Usually, asymmetric mechanism is to use the unsymmetrical key technology to produce, as digital signature.But because asymmetric encryption techniques expensive makes this method can only be used for the data flow of low speed, and to require sender and recipient be powerful work station.

Using symmetric cryptography mechanism still is that asymmetric encryption mechanism authenticates information source and is not absolute.The pure symmetric key technique of using authenticates information source as only using the symmetric key message authentication code, also can not reach the source authentication of multicast at present.Therefore, cost is low, authentication speed fast, the anti-good multicast source authentication mechanism that can satisfy the demands of losing property to provide one, is the problem that needs emphasis to solve in the security of multicast service.

Summary of the invention

In view of the foregoing, the purpose of this invention is to provide a kind of source authentication method that is applied in the multicast communication system, make the information source that in multicast environment, can confirm multicast information.

For achieving the above object, the present invention is by the following technical solutions: a kind of source authentication method that is applied in the multicast communication system, it may further comprise the steps: 1, provide an identity documents to each member who participates in cast communication, be used between multicast client and authentication center, carrying out two-way authentication, determine the transmission security key and the public and private key of client of communication parties; 2, when multicast information transmits, adopt source certificate scheme that information transmitted is carried out signature authentication based on sequence of events.

In described mutual authentication process, licensed group communication member at first registers his mandate identity recognition number to authentication center, and use similar Diffie-Hellmen algorithm to generate password and pay authentication center's preservation, for preventing Replay Attack, the present invention has designed Passive Defence and active defensive measure, and the causality of authentication message and order are designed to the synchronous and event sequence consistency of logical timer.In each bar message, message sends message " random number chain " the cochain sign that a disposable random value is replied as transmission to the recipient is set; And, realize the ageing of message by setting time stamp and time limit, solve consistent problem of the discrete relatively time of at every turn replying.

Source authentication method based on sequence of events is only the part in the receiving terminal packet to be authenticated separately, and other bag then relies on these bags that authenticated and obtains authentication.This carries the authentication information of next bag to be certified with regard to the bag that requires to have authenticated, and these have authenticated chain of subsequent authentication information appended in bag formation all linked with one another so.This chain is to construct in the sequence (order or backward) that transmitting terminal sends according to packet, so at receiving terminal, according to the authentication sequence authentication data packet in this chain.

The present invention adopts the beneficial effect of above-mentioned source authentication method to be:

1, adopt bidirectional identity authentication, make authentication center in the authentication client identity, the client can authenticate authentication center equally, can resist man-in-the-middle attack effectively.Simultaneously, use the random number chain, can be good at the opposing playback again and wait attack.

2, the required cost of minimizing source authentication.Out of order phenomenon takes place through regular meeting in uncertain and other reason owing to the Network Transmission path, promptly causes the packet sequence of receiving at receiving terminal inconsistent with the packet sequence of transmitting terminal transmission.If carry out the source authentication to each bag is all independent, so the communication cost, assessing the cost will be very high.The source certificate scheme based on sequence of events that the present invention uses has well solved this problem, characteristics such as have that cost is low, favorable expandability, rapid authentication, anti-losing property are good.

Description of drawings:

The flow chart of Fig. 1 authentication center during for bidirectional identity authentication of the present invention

Fig. 2 is two-way chain schematic diagram

Fig. 3 is the pack arrangement of a list

Fig. 4 sends the flow chart of multicast packet for the multicast user

Fig. 5 is the flow chart of multicast user's receiving multicast data

Embodiment

The source authentication method that is applied in the multicast communication system disclosed by the invention is the source authentication method based on the unsymmetrical key technology, and more integrated existing technological means, as: Diffie-Hellman Diffie-Hellman, one-way Hash algorithm, RSA public key algorithm etc.

Below in conjunction with accompanying drawing and example the present invention is elaborated.

The source authentication method that is applied in the multicast communication system provided by the invention comprises two steps:

1, for each member who participates in cast communication provides an identity recognition number, in the cast communication process, at first carries out the two-way authentication of identity between multicast client and the authentication center;

2, when multicast information transmits, adopt source certificate scheme that information transmitted is carried out signature authentication based on sequence of events.

When bidirectional identity authentication, licensed group communication member A registers his mandate identity recognition number IDa to the S of authentication center; And use the Diffie-Hellmen algorithm to generate the authority Ya payment authentication center preservation of group communication member authentication, algorithm is as follows substantially:

X _a＜p，X _s＜p.

$Y_a=a^{X_a}\mathrm{mod}\left(p\right)......[A.0.1]$

$Y_s=a^X,\mathrm{mod}\left(p\right)......[A.0.2]$

$K_{\mathrm{as}}={\left(Y_a\right)}^{X_s}\mathrm{mod}\left(p\right)={\left(Y_s\right)}^{X_a}\mathrm{mod}\left(p\right)......[A.0.3]$

Known prime number p and primitive root integer a ∈ Z*p thereof.Xa, Xs are random numbers, are generated Xa at random and are calculated the authority of Ya as group communication member's authentication by the group communication member, pay authentication center in advance and preserve, change up to this user next time.When each authen session, authentication center all provides Xs randomly, and calculates Ys and send to group communication member A and generate conversation key K as.

Although Xa is relative with Ya constant, because each authen session, authentication center all specifies Xs randomly, and then changes Ys randomly, and final order conversation key K as becomes disposable random key, increases the difficulty of competitor analysis key.

Ageing (Ts) of authentication message realizes that by time stamp (Time-stamp) and time limit (Life-time) discrete relatively at every turn replying is that interaction message is formed in twos, and causality and event sequence need have only and mutual exclusion character.Before and after adopting, the present invention adds same disposable random value (Nonce) formation " random number chain (N respectively in the message in twos _a) ", solve " event sequence consistency " problem that verification process runs in distributed environment.

In each bar message, message sends a disposable random value (N is set _a) message " random number chain " the cochain sign of replying for the recipient as transmission.And, realize the ageing (T of message by setting time stamp and time limit _s), solve consistent problem of the discrete relatively time of at every turn replying.

That is to say that disposable random value (Na) links whole protocol procedures as the chain of messages sign.Timeliness value (Ts) and " random number chain " sign of preventing " Mitnick " attack, message then are used for taking precautions against " Replay Attack ".

The structure of every message is identical in the mutual authentication process.For the sake of clarity, the one-way Hash value of every message all is expressed as H (mi), and form is as follows:

$M_i.P\→Q:\{m_i,\{H\left(m_i\right){\}}_{K_p^{-1}}{\}}_{K_p},i=\mathrm{1,2,3,4};$

Therefore, its message sequence can be described as:

$M_1.A\→S:\{T_a,N_a,S,X_1,\{H\left(m_1\right){\}}_{K_a^{-1}}{\}}_{K_s;}$ M wherein ₁=(T _a, N _a, S, X ₁), X ₁=ID _a

$M_2.S\→A:\{N_a,N_s,A,X_2\{H\left(m_2\right){\}}_{K_s^{-1}}{\}}_{K_a};$ M wherein ₂=(N _a, N _s, A, X ₂), $X_2=(Y_s,\{{N^{\′}}_s,T_s{\}}_{K_{\mathrm{as}}}).$

$M_3.A\→S:\{N_s,{N^{\′}}_a,S,X_3,\{H\left(m_3\right){\}}_{K_a^{-1}}{\}}_{K_s};$ M wherein ₃=(N _s, N ' _a, S, X ₃), $X_3=\{{N^{\′}}_s,{N^{\′\′}}_a,\mathrm{mgroup}{\}}_{K_{\mathrm{as}}}$

$M_4.S\→A:\{{N^{\′}}_a,A,X_4\{H\left(m_4\right){\}}_{K_a^{-1}}{\}}_{K_a};$ M wherein ₄=(N ' _a, A, X ₄), $X_4=\{{N^{\′\′}}_a,\mathrm{warrant}{\}}_{K_{\mathrm{as}}},$

warrant＝(type，iv，K _mgroup)。

Wherein, mgroup represents the multicast group address applied for, and Kmgroup represents the communications key of multicast group.When user and authentication center authenticated, the program flow diagram of authentication center as shown in Figure 1.Detailed process is as follows:

(1), receives the client public key that the user sends to authentication center.

(2), authentication center sends the PKI of authentication center to the user.

(3), receive the user authentication request that the user sends to authentication center, wherein the content format of user authentication request has comprised user time and has stabbed T shown in the M1 in the top message sequence in the message _a, random value N _a, identity recognition number ID _a, adopt one-way Hash algorithms to generate an one-way Hash value these contents, the user uses user's private key to sign, and at last these contents is reinstated the public key encryption of authentication center together with user's signature one, finally forms user authentication request.

(4), authentication center deciphers user authentication request with the private key of authentication center, and verifies and extract user's identity recognition number ID by user's signature _a, check whether the user exists error logging, if there is error logging, then finishes this authentication, does not carry out cast communication; If there is not error logging, then generate an X randomly _s, and calculate Y _s, then according to the Y that keeps in advance _aCalculate the key K of this session _As, and generate two random number N _sAnd N _s'.

(5), authentication center sends authentication request response to the user, the content format of authentication request response has comprised the time stamp T of authentication center in the message shown in the M2 in the top message sequence _s, random value N _sAnd N _s' and the Y that generates of authentication center _s, N wherein _s', T _s, and Y _sWill be by the key K of session _AsEncrypt, the ciphertext of generation will with random value N _sAnd the user's random value N that had before received _aAdopt the one-way Hash algorithm to generate an one-way Hash value, the private key that re-uses authentication center is signed to this one-way Hash value, at last with the ciphertext and the random value N that generate _sAnd the user's random value N that had before received _aReinstate user's public key encryption together with user's signature one, finally form the authentication request response.

(6), receive the user authentication response that the client sends to authentication center, the content format of user authentication response has comprised the random value N that the user generates in the message shown in the M3 in the top message sequence _a' and N _a", the user reduces the N that the authentication request response of authentication center draws _sAnd N _s' and the multicast group address mgroup that adds of user applies, wherein N _s', N _a" and the mgroup session key K that will generate by the user _AsEncrypt, the ciphertext of generation will with random value N _a' and the random value N of authentication center that before received _sAdopt the one-way Hash algorithm to generate an one-way Hash value, the private key that re-uses the user is signed to this one-way Hash value, at last with the ciphertext and the random value N that generate _a', N _sReinstate the public key encryption of authentication center together with user's signature one, finally form user authentication response.

(7), the random number N that oneself generates is judged by authentication center _sAnd N _s' with the user authentication response that receives in the N that provides _sAnd N _s' whether identical, if inconsistent, then finish this authentication, do not accept user's request, and in error logging, add this user's record; If consistent, by this authentication, authentication center can be according to the multicast group address of user applies, and information such as the transmission security key of cast communication send to the user, and message format is shown in the M4 in the top message sequence.The multicast user just can carry out cast communication after authenticating the transmission security key that has obtained cast communication.

After authentication, the cast communication member can obtain the information such as transmission security key of cast communication, and the PKI with oneself has sent to authentication center simultaneously, authenticates so that carry out the source during cast communication.

When the multicast user communicated, transmitting terminal at first divided into groups packet based on the source certificate scheme employing of sequence of events, and the group head bag of each grouping is signed separately, and the HASH value of packet constitutes two-way HASH chain before and after comprising in the group.Two-way HASH chain is that two HASH chains that direction is different are arranged on the packet of each grouping, and the HASH value that chain is previous bag is attached to back one and wraps, and another chain is that the HASH value of a back bag is attached to previous wrapping.When using that wherein a chain can't authenticate, use the HSAH chain of other direction can obtain authentication.Because the rapidity of HASH value verification and anti-the losing property of two-way chain, this method have rapid authentication and anti-advantage of losing.As shown in Figure 2.

When packet loss, wait for the arrival of next packet group head bag, again according to from after forward HASH chain obtain authentication.If " isolated island " situation of generation, the bag bidirection chain that promptly receives all breaks, and at this moment waits for " some list " arrival reauthentication.

The point list derives from the thinking of using the personnel that check that call the roll in the life.The implication of calling the roll is that a register had been arranged before seeing some, comprises these people's basic document in this register, checks when preparing against point to the someone.Point list technology herein adopts this thought to be used for anti-the losing property of raising source authentication.

The HASH value of some packets put together be stored in the bag, when needs authenticate, from this bag, take out the HASH value of certain bag that needs authentication respectively, compare, get final product access authentication by calculating.The prerequisite of this method is that the packet of depositing a plurality of HASH values should at first obtain identity validation, as using digital signature etc.The pack arrangement of some list as shown in Figure 3.

When carrying out cast communication, at first after the data of a grouping of buffer memory, the packet of establishing protective ESA authentication information sends each packet to this group membership to transmitting terminal then.The structure of this packet specifically comprises in each bag as shown in Figure 2:

The information Mi of i packet;

The HASH value H ' i of i packet, it is that the information Mi+1 of a back packet and it comprise the HASH value of H ' i+1, i.e. H ' i=H (Mi+1+H ' i+1);

The HASH value Hi of i packet, it is that the information Mi-1 of previous packet and it comprise the HASH value of Hi-1, i.e. Hi=H (Mi-1+Hi-1);

Each start of packet bag also comprises:

(noncei), K is a group key to the UMAC value Ui=UHAC of i packet for (Mi, Hi, H ' i), K, and nonce is a random number;

In i packet to the signature of UMAC: Sig (Ui), and with the random value noncei that goes up this bag.

Fig. 4 sends the flow chart of multicast packet for multicast user in the cast communication process.Transmitting terminal mainly is to generate packet according to the method described above, sends each packet to this group membership then.

Fig. 5 is the flow chart of multicast user's receiving multicast data in the cast communication process.When receiving terminal received the initiation parameter signature packets, at first whether signature verification was correct, obtained the required parameter of various authentications then.

When what receive is when organizing the head bag, at first checks the random value noncei of this bag, is used for taking precautions against and forges and Replay Attack.Judge whether the noncei sequence number is up-to-date, see that more whether noncei is the part in this single continuous chain: according to the noncej that has authenticated that received in the past, (whether j＜i) calculates noncej=Fi-jnoncei.If, can think that then noncei is the random value of i bag, if not, illustrate that then noncei is personation or the repeating transmission of packet random value in the past, abandons.Confirm can directly to calculate nonce ' i=F ' (noncei) behind the noncei, calculate again UMAC (whether (Mi, Hi, H ' i), K noncei), conform to the UMAC value of calculating with sender's public key verifications signature, if, then prove Mi and Hi, H ' i is correct.

When what receive is when bag in the group, checks the random value in wrapping, to prevent Replay Attack.After security inspection passes through, judge whether i-1 packet existence and certified, if, directly verify the correctness of i bag with the H ' i-1 in the i-1 bag, if not, then buffer memory should wrap, and waited for the arrival of next start of packet bag, used the positive sequence chain to verify unverified bag one by one then.If backward chain and positive sequence chain all can not authenticate, the then arrival of holding point list, reauthentication.

Characteristics such as technical scheme of the present invention has that cost is low, favorable expandability, rapid authentication, anti-losing property are good can guarantee cast communication safety, low side recipient's efficient under the raising multicast application scene effectively.

Claims (6)

1, a kind of source authentication method that is applied in the multicast communication system, it is characterized in that: this method may further comprise the steps:

(1), for each member who participates in cast communication provides an identity documents, before cast communication, at first the cast communication member is carried out authentication;

(2), when multicast information transmits, adopt source certificate scheme that information transmitted is carried out signature authentication based on sequence of events.

2, a kind of source authentication method that is applied in the multicast communication system according to claim 1, its feature also is: the authentication in the described step (1) is a bidirectional identity authentication, when authentication center authenticated cast communication member identity, cast communication the member authenticated authentication center equally.

3, a kind of source authentication method that is applied in the multicast communication system according to claim 2, its feature also is: the bidirectional identity authentication process in the described step (1) has been used the random number chain, determines the transmission security key and the public and private key of client of communication parties.

4, a kind of source authentication method that is applied in the multicast communication system according to claim 3, its feature also is: described bidirectional identity authentication may further comprise the steps:

(1), authentication center receives the client public key that the user sends to authentication center;

(2), authentication center sends the PKI of authentication center to the user;

(3), authentication center receives the user authentication request that the user sends to authentication center;

(4), authentication center deciphers user authentication request with the private key of authentication center, and verifies and extract user's identity recognition number ID by user's signature _a, check whether the user exists error logging, if there is error logging, then finishes this authentication, does not carry out cast communication; If there is not error logging, then generate an X randomly _s, and calculate Y _s, then according to the Y that keeps in advance _aCalculate the key K of this session _Ss, and generate two random number N _sAnd N _s';

(5), authentication center sends the authentication request response to the user;

(6), receive the user authentication response that the client sends to authentication center;

(7), the random number N that oneself generates is judged by authentication center _sAnd N _s' with the user authentication response that receives in the N that provides _sAnd N _s' whether identical, if inconsistent, then finish this authentication, do not accept user's request, and in error logging, add this user's record; If consistent, by this authentication, authentication center can be according to the multicast group address of user applies, and information such as the transmission security key of cast communication send to the user; The multicast user just can carry out cast communication after authenticating the transmission security key that has obtained cast communication.

5, according to claim 1 or 2 or 3 or 4 described a kind of source authentication methods that are applied in the multicast communication system, its feature also is: the source certificate scheme based on sequence of events that adopts in the described step (2) is that packet is divided into groups, only the group head bag of each grouping is signed separately, the interior Bao Ze of group constitutes two-way HASH chain by the HASH value in the packet of front and back and authenticates.

6, a kind of source authentication method that is applied in the multicast communication system according to claim 5, its feature also is: the source certificate scheme based on sequence of events that adopts in the described step (2) all interrupts producing " isolated island " situation to the communication data packet forward-backward algorithm HASH chain that takes place, and adopts the method for " some list " to authenticate.

Images