CN1599484A - Group system group key managing method - Google Patents

Abstract

The invention discloses a group key management method of a trunking system. The method includes: A. The network side uses the CK corresponding to the trunking terminal whose group key is to be set as the key, and encrypts the group key to be set to obtain SKG _i , At the same time, according to a certain algorithm, calculate the first digest according to the group key to be set; then send the group key setting command carrying SKG _i and the first digest to the cluster terminal; B. the cluster terminal Use its own CK to decrypt SKG _i to obtain the group key, and follow the same algorithm in step A, calculate the second digest according to the group key obtained by decrypting itself, compare whether the second digest is consistent with the first digest, if they are consistent, Then execute step C, otherwise, the setting of the group key fails, and jump out of this process; C. The cluster terminal uses the group key decrypted in step B to set. The method generates the group key by the network side, is simple to manage, safe and reliable, can guarantee the integrity of the key update signaling, and resists the attack of replaying the group key change signaling.

Description

A Group Key Management Method for Cluster System

technical field

The invention relates to the security management technology of the cluster system, in particular to a management method of the group key of the cluster system.

Background technique

Trunking wireless communication system, hereinafter referred to as trunking system, is a relatively economical and flexible command and dispatch communication system, which is widely used in government agencies, energy transportation, airport terminals, industrial and mining enterprises, fire police, water conservancy and military units to meet Internal communication needs of each unit.

The most basic service provided by the trunking system is the Voice Group Call Service (VGCS). VGCS allows users to establish a call to a group of users belonging to a given service area and group identifier (GID). The service is provided in half-duplex mode. During the call, any member can become a speaker, but only One speaker, the other members are listeners. The service area can be composed of several cells belonging to the same mobile switching center (MSC) or different MSCs. When calling, each relevant cell has a group call channel, in which the uplink is only used by the current speaker, which can be called group transmission mode. All The listener waits on the downlink, which can be called the group receiving mode, and the notification message of the group call channel configuration is broadcast on the notification channel (NCH). Since users in the same cell share a downlink channel, wireless resources are greatly saved.

High confidentiality units such as public security and military have high requirements for communication confidentiality, and require end-to-end encryption for group call services. Since a group call is a many-to-many communication, each member of the same group must share a group key (KG), which is used to generate the end-to-end encryption key and complete permanent protection key. In addition, the KG and the corresponding GID are stored in the Subscriber Identity Module (SIM) card of each user, and the network side also needs to store the KG corresponding to the GID.

When the dispatch center dynamically builds a group, it needs to distribute a new group key to each group member; in addition, based on security considerations, each key has a certain period of use, so the dispatch center may also initiate periodic group keys renew. In addition, when some users exit the group, such as the dispatch center cancels its group authority because a certain terminal is stolen, the group key of other group members must also be updated to ensure that the user whose authority has been canceled cannot continue to participate in the group group call.

The management method of the group key in the existing cluster system includes the following several technical solutions.

The first type: the key management center assigns multiple fixed group keys to each group, and each group key is uniquely determined by the group key identifier. These fixed group key sequences are written into the SIM cards of each group member through a dedicated SIM card read-write device. When performing a group call or multicast service, that is, when the encryption function needs to be used, the service initiator or the network can select the group key identifier in the group key system, and use the selected group key as the encryption and decryption key , and notify each user in the group who participates in the cluster service of the identity corresponding to the key.

In a cluster system, each group member is not fixed. When a new member is added to the group, if the original group key is simply written into the SIM card of the new member, the newly added member can use the group key to decrypt the previous group communication information. Moreover, a member of the group may have withdrawn from the group. According to regulations, this member cannot continue to participate in the group business. However, if the group key is not updated in time, the withdrawn member can still decrypt the confidential communication of the group. . It can be seen that it is very necessary to update the group key safely and timely to ensure the security of group communication. When using the first technical solution to update the key, a dedicated SIM card reading and writing device is required, so it is difficult to ensure that the group key is updated in time, so it is impossible to ensure the safe communication of the cluster system.

In the second type, the group key is generated through negotiation among group members. The starting point of this technical solution is to extend the Diffie-Hellman key exchange protocol used for two-party key agreement to group communication.

The group Diffie-Hellman key exchange protocol is described as follows: there are n members in the group, which are respectively denoted as M ₁ , M ₂ ... M _n , and a large prime number q and its primitive element α are disclosed. The operation in the protocol All are carried out on the finite field GF(q). The key agreement is divided into two stages: uplink (n-1) round and downlink (n-1) round, and finally each member can calculate the group key α ^N1N2...Nn , where N _i is the member M _i independent A random number that is generated and kept secret.

In the uplink phase, member _Mi calculates the N _i power of the last element of the set it receives, and then sends it to Mi ₊₁ together with the received value, while in the downlink phase, user _Mi calculates the received value The N _i power of the last element of the set is used as the group key, and then the N _i power of other elements in the set is calculated and sent to M _i-1 . As shown in Table 1, in the uplink interaction phase: in the i-th round, i=1,...,n-1, M _i sends to M _i+1 $\left\{{\mathrm{\α}}^{\mathrm{\Π}\left(N_k\right|k\∈[1,i])}\right|j\∈[1,i]\};$ In the downlink interaction phase, in the n-1+i round, i=1,..., n-1M _ni sends to M _n-i+1 $\left\{{\mathrm{\α}}^{\mathrm{\Π}\left(N_k\right|k\∉[i,j])}\right|j\∈[1,i]\}.$

Table 1

Taking n=5 as an example, in the uplink interaction stage, user M ₄ will receive the set {α ^N1 , α ^N1N2 , α ^N1N2N3 }, he uses α ^N1N2N3 and the random number N ₄ generated by himself to calculate α ^N1N2N3N4 , and sends { α ^N1 , α ^N1N2 , α ^N1N2N3 , α ^N1N2N3N4 } to M ₅ . M ₅ uses α ^N1N2N3N4 to calculate the final group key α ^N1N2N3N4N5 and saves it. Afterwards, in the downlink interaction phase, M ₅ calculates the intermediate value set and sends it to M ₄ , and user M ₄ receives the set {α ^N4N5 , α ^N1N4N5 , α ^N1N2N4N5 }, The final key can also be calculated by using α ^N1N2N3N5 , and then the intermediate value set {α ^N5 , α ^N1N5 , α ^N1N2N5 , α ^N1N2N3N5 } is calculated and sent to M ₃ .

In this scheme, the group key is negotiated and generated by n group members, and a total of 2(n-1) interactions between group members are required. For a wireless system, each interaction between group members needs to apply for channel resources to establish a connection, which will inevitably consume huge system resources; moreover, in the process of generating group keys, each group member must perform multiple Modular exponentiation of the next largest number, and the computing power of the mobile terminal is currently limited, and the numerical value is too large and sometimes exceeds the computing range of the mobile terminal.

Contents of the invention

In view of this, the object of the present invention is to provide a group key management method in the cluster system, which can adapt to the dynamic changes of the group members of the cluster system and make the communication of the cluster system safe.

A method for managing group keys in a cluster system provided by the present invention includes:

A. The network side uses the CK corresponding to the cluster terminal for which the group key is to be set as the key, encrypts the group key to be set to obtain SKG _i , and calculates the first summary; then send the group key setting command carrying SKG _i and the first summary to the cluster terminal;

B. The cluster terminal uses its own CK to decrypt the received SKGi to obtain the group key, and according to the same algorithm in step A, calculates the second abstract according to the group key obtained by decrypting itself, and compares the second abstract with the first Check whether the summaries are consistent, if they are consistent, execute step C, otherwise, the group key setting fails, and this process is skipped;

C. The cluster terminal is configured using the group key decrypted in step B.

The first abstract in step A is calculated by the network side according to the group key to be set and the cluster terminal group key update sequence number saved by the network side;

The group key setting command described in step A also includes the cluster terminal group key update sequence number;

Then, the second digest in step B is calculated by the trunking terminal according to the group key obtained by decrypting itself and the group key update sequence number of the trunking terminal sent by the network side.

Before performing step C, the method may further include:

C1. The cluster terminal judges whether the group key update sequence number of the cluster terminal stored on the network side is greater than the group key update sequence number stored by itself, and if it is greater, then execute step C; otherwise, the group key setting fails and jumps out This process.

The first summary in step A is calculated by the network side according to the group key to be set and the current time;

The group key setting command in step A also includes the current time when the network side will calculate the first summary;

The second digest in step B is calculated by the trunking terminal according to the group key to be set and the current time.

Before performing step C, the method may further include:

C2. The cluster terminal judges whether the time for calculating the second summary is greater than the time for calculating the first summary, and whether the difference between the two is within a preset range. If yes, execute step C; otherwise, set The key setting fails, and this process is skipped.

Step C can include:

The cluster terminal judges whether it has a group identification record, and if so, uses the group key decrypted by itself to update the group key corresponding to the group identification record, and if not, adds a group identification record entry, and then decrypts itself The output group key is stored in the group identification record entry.

After step C, the method may further include: the trunking terminal notifying the network side that the group key is set successfully, and the network side updates the management record saved by itself according to the result.

The group key to be set in step A is a random sequence generated by the network side.

After the group key setting fails, the method may further include: the cluster terminal notifying the network side of the group key setting failure.

The method may further include: presetting a list of cluster group members in an active state, and before performing step A:

A1. According to the cluster group member list, determine whether there are cluster terminals that have not completed the group key setting this time, if there are, select one of them as the cluster terminal to be set for the group key, and perform step A, otherwise , jump out of this process;

And after step C is executed, step A1 is executed.

The setting described in step C is updating the group key, or setting the group key for the first time.

The group key setting command described in step A may also include a group identifier;

Then before step B, it further includes: the trunking terminal judges whether it needs to set a group key according to the group identifier, and if so, executes step B; otherwise, skips the process without processing.

In the present invention, the network side determines the group key to be set, and uses the secret information CK shared by each group member in the cluster group and the network as a key to encrypt the group key to be set, and then notifies each group member through signaling , the calculation is simple and convenient; and because the summary information is used, the integrity of the key update signaling can be guaranteed, and the real identity of the initiator can also be identified; this method also uses SQN or time stamp to resist the replay group key change signal order attack, so the security is high.

Description of drawings

Fig. 1 is the schematic flow chart realizing the method of the present invention;

Fig. 2 is a schematic flow chart of a specific embodiment for realizing the method of the present invention;

Fig. 3 is a schematic flow chart of the second specific embodiment for realizing the method of the present invention.

Detailed ways

For the wireless system, the network-side device can serve as a trusted key management center to directly grasp the group key of the cluster system. Therefore, in order to simplify the generation process of the group key and the security of the cluster system, the method of the present invention determines the group key to be set by the network side, and uses the secret information CK shared by each group member and the network in the cluster group as Key, encrypt the group key to be set, and then notify each group member through signaling; each group member uses its own CK to decrypt the group key to be set to obtain the group key to be set.

Shown in Fig. 1, realize the concrete process of the inventive method as follows:

Step 101: The network side uses the CK corresponding to the cluster terminal for which the group key is to be set as the key, encrypts the group key to be set to obtain SKG _i , and calculates the first a summary; then send a group key setting command carrying SKG _i and the first summary to the cluster terminal;

Step 102: The cluster terminal uses its own CK to decrypt SKGi to obtain the group key, and according to the same algorithm in step 101, calculates the second digest according to the group key obtained by decrypting itself, and compares the second digest with the first digest Whether they are consistent, if they are consistent, then perform step 103, otherwise, the group key setting fails, and this process is skipped;

Step 103: The trunking terminal uses the group key decrypted by itself to set a group key. The settings here include two cases, the group key has already been saved, and the group key is updated at this time; the other is the group key is set for the first time.

Of course, if the group key setting command in step 101 also includes a group identifier, then before step 102, the cluster terminal judges whether it needs to set a group key according to the received group identifier, and if so, executes step 102, otherwise , do not process, and jump out of this process.

The technical solution of the present invention will be described in detail below in conjunction with the accompanying drawings and specific embodiments.

In the cluster system, each cluster terminal, that is, each group member, shares a secret data CK with the network side for encrypting communication between the network and users. In this embodiment, CK, encryption algorithm f _E , decryption algorithm f _D , and digest algorithm H are used in the process of group key management.

Referring to Figure 2, the specific process of managing group keys in this embodiment is as follows:

Step 201: When the network side decides to initiate the group key update and group key distribution process, generate a random sequence as the new K _G , that is, the group key to be set, and generate a list of active group members, follow step 202 ˜209 Notify users one by one to update the group key.

Step 202: The network side obtains the CK and SQN corresponding to the group member I, where SQN represents the serial number of the user group key update; then uses the CK corresponding to the group member I as the key to encrypt K with the encryption algorithm f _{E G} obtains SKGi, that is, SKGi=f _E (CKi, K _G ).

Step 203: the network side calculates the first digest DIGTi=H(SQNi, K _G ) by using digest algorithms H, SQNi and K _G .

Step 204: The network side sends a group key update instruction carrying GID, SKGi, SQNi and DIGTi to group member I.

Step 205: After receiving the group key update command carrying GID, SKGi, SQNi and DIGTi, group member I decrypts SKGi with its own CK to obtain rec_KG, ie rec_KG=fD(CKi, SKGi).

Step 206: Group member I calculates the second abstract according to SQNi and rec_KG, namely rec_DIGT=H(SQNi, rec_KG), and compares whether the second abstract rec_DIGT calculated by itself is consistent with the first abstract DIGTi calculated by the network side, if consistent, Then execute step 207, otherwise, the group key setting fails, and the network side is notified, and this procedure is skipped.

Step 207: Group member 1 judges whether SQNi is greater than the group key update sequence number SQN saved by itself, if greater, then considers that the group key update command is legal, and executes step 208, otherwise, returns the key update failure signaling, and jumps out of this process.

Step 208: Group member I uses the rec_KG obtained by decrypting itself to set a group key. After the group member I successfully updates the group key, it sends a group key update success signaling to the network side, and updates the SQN in the SIM card to SQNi.

Here, if there is a GID in the group ID list of the group member I's own SIM card, the group key corresponding to the GID is updated to rec_KG, otherwise a record with the group ID being GID and the group key being rec_KG is added.

Step 209: After receiving the group key update confirmation signaling of group member I, the network side updates the SQN corresponding to group member I to SQNi+1, marking that the group key of group member I has been updated.

The above process only describes the setting of a group key of a cluster terminal, which is currently in the active list and may include multiple group members, and the network side needs to repeat steps 202-209 to complete. Certainly, for a group member who is not currently in an active state, the same procedure can be used to set its group key when registering its location.

The technical solution of the present invention will be described in detail below with specific example 2.

Referring to Figure 3, the specific process of group key management in this embodiment is as follows:

Step 301: When the network side decides to initiate the group key update and group key distribution process, generate a random sequence as the new K _G , and generate a list of active group members, and notify users one by one to update the group key according to steps 302-309 key.

Step 302: The network side encrypts K G with the encryption algorithm f _E according to the CK corresponding to group member I stored by itself, and uses the _CK as a key to obtain SKGi, that is, SKGi=f _E (CKi, K _G ).

Step 303: The network side calculates the first summary DIGT _i by using the summary function H, K _G and the current time TS, DIGT _i =H(TS, K _G );

Step 304: The network side sends a group key update instruction carrying GID, SKG _i , TS and DIGT _i to group member I.

Step 305: After receiving the group key update command carrying GID, SKGi, SQNi and DIGTi, group member I decrypts SKGi with its own CK to obtain rec_KG, ie rec_KG=fD(CKi, SKGi).

Step 306: Group member I decrypts rec_KG according to the current time and itself, calculates the second digest rec_DIGT, namely rec_DIGT=H(TS, rec_KG), and compares the second digest rec_DIGT with the first digest DIGT, if they are consistent, consider The group key setting is valid this time, otherwise, the key setting fails.

Step 307: Group member I compares TS with the current time TS`, if TS` is greater than TS and the difference between the two is within the preset time range, the group key update command is considered legal, and the group key decrypted by itself is used to Make settings, and then execute step 308, otherwise, send a key update failure signaling to the network side.

Here, if GID already exists in the group ID list in the SIM card of group member I, group member I will use rec_KG to update the group key corresponding to GID; The record whose key is rec_KG. Moreover, the time range is mainly set according to the transmission time of the signaling.

Step 308: After the group member I successfully updates the group key, it notifies the network side of the group key update success signaling. After receiving the signaling that the group key of group member I is successfully updated, the network side marks that the group key of group member I has been updated.

Different from the embodiment shown in FIG. 2 , this embodiment uses timestamp information instead of SQN to defend against retransmission attacks in a network using a network-wide synchronous clock, such as a cdma system. Using this method does not need to save SQN information on the network side and the terminal, which can save storage space.

Claims (12)

1, a kind of management method of group system group key is characterized in that, this method may further comprise the steps:

A. network side group key will be set the pairing CK of colony terminal as key, the group key that will be provided with is encrypted and is obtained SKG _i,, calculate first summary according to the described group key that will be provided with simultaneously according to certain algorithm; To carry SKG then _i, first summary group key order be set be sent to described colony terminal;

B. described colony terminal utilizes the SKG of CK to receiving of self _iDeciphering obtains group key, and according to algorithm identical in the steps A, calculates second summary according to oneself deciphering the group key that obtains, relatively whether second summary is consistent with first summary, if unanimity, then execution in step C, otherwise group key is provided with failure, jumps out this flow process;

C. described colony terminal utilizes the group key that decrypts among the step B to be provided with.

2, method according to claim 1 is characterized in that,

First summary described in the steps A is the described colony terminal group key management sequence number calculating of network side according to described group key that will be provided with and network side preservation;

Group key described in the steps A is provided with order and also comprises colony terminal group key management sequence number;

The then described colony terminal group key management sequence number calculating that sends of group key that to be described colony terminal obtain according to own deciphering of second summary described in the step B and network side.

3, method according to claim 2 is characterized in that, before execution in step C, this method further comprises:

C1, described colony terminal are judged the described colony terminal group key management sequence number of network side preservation whether greater than the group key management sequence number of self preserving, if greater than, execution in step C then, otherwise group key is provided with failure, jumps out this flow process.

4, method according to claim 1 is characterized in that, first summary described in the steps A is that network side calculates according to described group key that will be provided with and current time;

Group key described in the steps A is provided with order and comprises that also network side will calculate the current time of first summary;

Second summary described in the step B is that described colony terminal calculates according to group key that will be provided with and current time.

5, method according to claim 4 is characterized in that, before execution in step C, this method further comprises:

C2, described colony terminal judge calculate second summary time whether greater than time of described calculating first summary and both differences whether within predefined scope, if, execution in step C then, otherwise group key is provided with failure, jumps out this flow process.

6, method according to claim 1 is characterized in that, step C comprises:

Colony terminal judges whether self has the group id record, if have, then utilize the described group id of the group key management that self decrypts to write down pairing group key, if do not have, then increase group id record list item, the group key that self is decrypted is kept in the group id record list item again.

7, method according to claim 1 is characterized in that, after step C, this method further comprises: described colony terminal informing network side group key is provided with success, and network side upgrades the management accounts of self preserving according to this result.

8, method according to claim 1 is characterized in that, the group key that will be provided with described in the steps A is the random sequence that network side produces.

9, method according to claim 1 is characterized in that, after group key was provided with failure, this method further comprised: described colony terminal informing network side group key is provided with failure.

10, method according to claim 1 is characterized in that, this method further comprises: set in advance the cluster group membership tabulation that is in state of activation, further before execution in step A:

A1, according to described cluster group membership tabulation, judge whether to have or not and finish the colony terminal that this group key is provided with, if also have, select one of them as will carrying out the colony terminal that group key is provided with, execution in step A, otherwise, jump out this flow process;

And after execution in step C, execution in step A1.

11, method according to claim 1 is characterized in that, is set to the update group key described in the step C, or group key is set first.

12, method according to claim 1 is characterized in that, group key described in the steps A is provided with order and also comprises group id;

Before step B, further comprise:

Described colony terminal judges according to group id whether needs are provided with group key for self, if desired, and execution in step B then, otherwise, do not handle, jump out this flow process.

Images