RU2845169C1 - Method for mutual authentication of equipment within the framework of building a secure telecommunication network - Google Patents

Abstract

FIELD: physics.

SUBSTANCE: invention relates to secure telecommunication network engineering for performing mutual authentication procedures. Disclosed is a method for mutual authentication, comprising the following steps: first object generates random number Na and sends it to second object, which performs generation of its random number Nb and sending to first object of concatenation Na||Nb, where Na ≠ Nb, then the first object compares the sent and received values of the number Na, and in case of mismatch authentication is interrupted, otherwise calculates authentication vector of first object Vauth_A = F1(Na⊕Nb, Na) and calculates insert simulations from the authentication vector of the first object on the service authentication key (SAK) – Kserv by the formula: MAC_A = F2(Kserv, Vauth_A), and sends imitator MAC_A to second object, which performs calculation of authentication vector of first object Vauth_A and its simulators insert MAC_A on SAK Kserv, comparison of calculated and received from first object imitator MAC_A, and in case of mismatch, authentication is interrupted, otherwise calculates the authentication vector of the second object Vauth_B = F1(Na⊕Nb, Nb), calculates insert imitations from the authentication vector of the second object on SAK Kserv by formula: MAC_B = F2(Kserv, Vauth_B) and sends imitator MAC_B to first object, which performs calculation of authentication vector of second object Vauth_B and its simulators insert MAC_B on SAK Kserv, comparison of calculated and received from second object imitator MAC_B, and in case of mismatch authentication is interrupted, otherwise the first and second objects calculate a common authentication vector according to the formula: Vauth = Vauth_A ⊕ Vauth_B, thus establishing mutual authentication.

EFFECT: providing fast and low-cost mutual authentication of equipment with high reliability and trusted authentication based on cryptographic functions.

2 cl, 1 dwg

Description

Field of technology

The invention relates to the field of secure telecommunications network technology for performing mutual authentication procedures of equipment.

State of the art

In telecommunications networks, it is necessary to ensure that data is transmitted reliably, i.e. the sender must ensure that the data is received by the correct recipient, and the recipient must ensure that the data is sent by the correct sender. Various authentication options are used for this purpose. The authentication process is generally a process of confirming identity. During this process, messages are typically exchanged between the verifying party and the party that must be authenticated.

In conventional methods, authentication is often performed via a challenge-response method, where a challenge message is transmitted, which is, for example, generated based on a random number. The party then calculates a second value, also referred to as a response message, using a secret cryptographic key. This response message is sent back to the initiator of the challenge, who then checks the response for its correctness.

There is a handshake protocol (CHAP [RFC-1994] August 1996 https://www.ietf.org/rfc/rfc1994.txt) that is used for initial authentication of the subject after establishing a connection, but can be used for periodic confirmation of the subject's authenticity during operation within the established connection. Authentication occurs in three iterations. The Protocol field of the PPP frame is specified as 0xC223, the Data field is converted into four fields. Code = 1: Request for provision of data for authentication. Code = 2: Response to the request with authentication data. Code = 3: Authentication confirmation. Code = 4: Authentication refusal. Implementation of the CHAP protocol requires that both parties have pre-agreed secret data that is not sent over the network, but is most often present in the open form to the object. In this case, the volume of secret data must be no less than 1 byte, and in principle its size must correspond to the requirements of the hash algorithm selected for implementation. The authentication procedure itself occurs as follows: 1) a PPP connection is established; 2) the object sends a request to the subject to provide data for authentication; 3) the subject responds with the necessary data, some of which is taken from the content of the request; 4) the object analyzes the received data and responds with confirmation or refusal.

A method and device for mutual authentication are known (patent RU 2420896 C2 published 2011.06.10), which discloses a method for mutual authentication between a first and a second object, in which a message is sent to a secure removable media device, which encrypts a first random number using a public key associated with a digital rights agent. The digital rights agent decrypts the encrypted first random number and encrypts a second random number and a first hash based on at least the first random number. The secure removable media device decrypts the encrypted second random number and the first hash, verifies the first hash in order to authenticate the digital rights agent, and forms a second hash based on at least the second random number. The digital rights agent verifies the second hash in order to authenticate the secure removable media device.

The closest analogue is known - a distributed authentication method and an identity-based system in a multi-server environment (patent CN 107659395 B published on 2021-09-24), which discloses a distributed authentication method and an identity-based system in a multi-server environment, which includes the following steps: the registration center generates (R, s) for U and generates a pair of random numbers; (R<j>, s<j>) is generated for s<j> and public and private key pairs are generated; The key pair is sent to the side p<1>, and the other key pair is sent to the other side P<2>; two devices p<1> and p<2> of the authentication process generate random numbers; P<1> calculates (C<1>, C, x<1>) and sends (c<1>, c, x<1>) to p<2>; P<2> computes (C<2>, x<2>) and sends (c<2>, x<2>) to p<1>; P<1> decrypts C<2> to obtain the signature Taui, and after the signature is successfully verified, P<1> publishes the generated signature (x, tau); the user encrypts the signature to generate C<3> and sends C<3> to the server; the server decrypts C<3>, checks the accuracy of the signature, performs MAC to obtain C<4>, and sends C<4> to the user; the user verifies C<4>, and if C<4> is accurate, mutual authentication is implemented.

The disadvantage of these solutions is that the equipment in the authentication process must have sufficient computing processing power to ensure the required authentication speed and authentication reliability.

Therefore, there is a need in the art for reliable mutual authentication of equipment having limited processing power.

The technical result of the proposed invention is to provide fast and low-cost mutual authentication of equipment in terms of computing resources with increased reliability and trusted authentication based on cryptographic functions.

The technical result achieved is that a method of mutual authentication is proposed, which contains the following stages:

the first object, using a random number generator (RNG), generates a random number Na of 256 bits, wherein the first object is configured to send Na to the second object, and the second object, using a RNG, generates its own random number Nb of 256 bits, wherein the second object is configured to send the first object the concatenation Na||Nb (wherein Na ≠ Nb),

the first object is designed with the ability to: compare the sent and received values of the number Na, and if the values do not match, the authentication procedure is interrupted, and if they match, the calculation of the authentication vector of the first object Vauth_A according to the formula: Vauth_A = F1(Na⊕Nb, Na), where ⊕ is the operation of componentwise addition modulo 2, and the calculation of the impersonation insertion from the authentication vector of the first object on the service authentication key (SAK) Kserv according to the formula: MAC_A = F2(Kserv, Vauth_A), and the sending of the impersonation insertion MAC_A to the second object,

the second object is configured to: calculate the authentication vector of the first object Vauth_A and its MAC_A impersonation insertion on the SCA Kserv, according to the formulas Vauth_A = F1(Na⊕Nb, Na) and MAC_A = F2(Kserv, Vauth_A), compare the calculated and received from the first object MAC_A impersonation insertions, and if the values do not match, the authentication procedure is interrupted, and if they match, calculate the authentication vector of the second object Vauth_B according to the formula: Vauth_B = F1(Na⊕Nb, Nb), and calculate the impersonation insertion from the authentication vector of the second object on the SCA Kserv according to the formula: MAC_B = F2(Kserv, Vauth_B), where the functions F1, F2 have the format F(key, data), where key is a 256-bit bit string used as a key, data is a 256-bit data string, and send the MAC_B impersonation insertion to the first object,

the first object is configured to: calculate the authentication vector of the second object Vauth_B and its MAC_B impersonation on the Kserv SCA, according to the formulas Vauth_B = F1(Na⊕Nb, Nb) and MAC_B = F2(Kserv, Vauth_B), compare the calculated and received from the second object MAC_B impersonation, and if the values do not match, the authentication procedure is interrupted, and if they match, the first and second objects calculate the common authentication vector according to the formula: Vauth = Vauth_A ⊕ Vauth_B, thereby establishing mutual authentication.

An additional feature is that the specified parameters have the following values: the size of the Kserv SCA is 256 bits, the size of the Vauth_A, Vauth_B authentication vector is 256 bits, the size of the MAC_A, MAC_B impersonation insert is 64 bits or 128 bits.

An additional feature is that the first and second objects represent software and hardware, for example, a client, a communication terminal and/or a router/switch and/or a server, which are designed with the ability to implement the above-proposed method of mutual authentication.

The conducted analysis of the state of the art allows us to determine that the proposed technical solution is new and has an inventive level, and the possibility of its use in industry determines its industrial applicability.

These and other aspects will become apparent and will be explained with reference to the drawing and the embodiment described hereinafter.

The invention is explained by the following graphic materials:

Fig. 1 is a diagram illustrating functional blocks implementing the proposed method of mutual authentication of equipment within the framework of constructing a secure telecommunications network with geographically distributed segments.

Implementation of the invention

Mutual authentication is used to transmit confidential data in a secure telecommunications network, in order to ensure data security. Mutual authentication can be performed using different types of credentials: usernames and passwords and public key certificates.

The mutual authentication procedure plays a key role in the field of network security and access control in a secure telecommunications network, which allows the implementation of new authentication and authorization methods, providing a high level of protection against unauthorized access.

Before starting to work together, the equipment of a secure telecommunications network performs a mutual authentication procedure.

The mutual authentication procedure is intended to confirm the authenticity of the equipment of a secure telecommunications network and to check the availability of rights (authorities) for joint work. Mutual authentication is performed on the basis of a pre-distributed "secret" - a service authentication key (SAK) between all devices (equipment instances) in a secure telecommunications network.

The trusted intermediary administrator accepts the information that the network user (equipment/device) provides during the authentication process and authorizes the user. It determines whether the user can access the local or remote network, establishes what privileges the user is allowed, and records the user's activity while connected to the resources of the protected telecommunications network. The administrator can assign the same SCA to all devices in the protected telecommunications network, or an individual SCA for each independent pair of devices.

For reliable authentication of devices involving two parties/objects (party A and party B), the first (A) and/or second (B) party may be a user using a personal terminal and/or a router and/or a server, each of which includes, interconnected by means of buses or otherwise, at least an authentication data processing unit - a processor and memory for storing the program code of the proposed authentication algorithm, an input/output interface, a random number generator implemented as software or hardware and software, a secure communication facility containing a transmitter configured to send data outside, and a receiver configured to receive data from outside. The memory is configured to store the program code, and the processor is configured to call and launch the program code stored in the memory.

Fig. 1 shows a diagram illustrating the stages of the method for mutual authentication of equipment within the framework of building a secure telecommunications network.

The mutual authentication procedure is described below.

Party A generates a 256-bit random number Na using a RNG and sends it to party B.

Party B generates a random number Nb of 256 bits using a random number generator and sends to party A the concatenation Na||Nb (with Na ≠ Nb), where the concatenation of strings Na, Nb, ∈ V*, i.e. a string from V|Na| + |Nb|, in which the substring with larger component numbers from V|Na| coincides with the string Na, and the substring with smaller component numbers from V|Nb| coincides with the string Nb, V* is the set of all binary strings of finite length, including the empty string.

Party A compares the sent and received values of the number Na. If the values do not match, the authentication procedure is interrupted.

Calculation of the authentication vector of party A Vauth_A using the formula: Vauth_A = F1(Na⊕Nb, Na), where ⊕ is the operation of componentwise addition modulo 2 of two binary strings of the same length.

Calculation of the checksum (checksum insert) from the authentication vector of party A on the MAC Kserv using the formula: MAC_A = F2(Kserv, Vauth_A).

Sending MAC_A impersonation to party B.

Party B calculates the authentication vector of party A Vauth_A and its impersonation insert MAC_A on the SCA Kserv (similar to party A).

Comparison of the calculated and received from party A MAC_A impersonations. If the values do not match, the authentication procedure is interrupted.

Calculation of the authentication vector of party B Vauth_B using the formula: Vauth_B = F1(Na⊕Nb, Nb).

Calculation of the imitative insertion from the authentication vector of party B on the SCA Kserv using the formula: MAC_B = F2(Kserv, Vauth_B).

Sending MAC_B impersonation to party A.

Party A calculates the authentication vector of party B Vauth_B and its impersonation insertion MAC_B on the SCA Kserv (similar to party B).

Comparison of the calculated and received from party B MAC_B impersonations. If the values do not match, the authentication procedure is interrupted.

Party A calculates the total authentication vector using the formula: Vauth = Vauth_A ⊕ Vauth_B.

Party B calculates the overall authentication vector using the formula: Vauth = Vauth_A ⊕ Vauth_B.

In the proposed method of mutual authentication of equipment within the framework of building a secure telecommunications network, the following parameter values are proposed:

The size of the Na, Nb number is 256 bits.

The size of the service authentication key is 256 bits.

The size of the authentication vector Vauth, Vauth_A, Vauth_B is 256 bits.

The size of the MAC_A, MAC_B imitation insert is determined by the F2 function (for the basic “Magma” function the size is 64 bits, and for the “Grasshopper” function - 128 bits).

Functions F1(…), F2(…) have the following format F(key, data), where key is a 256-bit bit string used as a key, data is a 256-bit data string, for example, the functions “Magma” or “Grasshopper” defined in GOST R 34.12-2015 can be used as functions F1(…), F2(…).

Thus, the input data for the Magma algorithm are: a 64-bit plaintext block and a 256-bit key. The structure of this cipher is a Feistel network that performs 32 iterations. The nonlinear function of the algorithm is structured as follows: 1) addition with the round key K _i modulo 2 ³² ; 2) each 4-bit subvector of the 32-bit input vector passes through the S-block S _i ; 3) the resulting 32-bit vector is cyclically shifted to the left by 11 bits.

So the input data for this algorithm "Kuznechik" are: a 128-bit plaintext block and a 256-bit key. The structure of the cipher is a substitution-permutation (SP) network (i.e. the transformation is performed with the entire data block, not with half), which consists of 9 identical rounds and one additional addition with a round key. One round of this network has the following structure: 1) bitwise addition (XOR) with a round key Ki; 2) nonlinear transformation by a substitution block S; 3) linear transformation L.

For the F1(…) function, the basic function (“Magma” or “Grasshopper”) is used in encryption mode, and for the F2(…) function, in the imitation insertion calculation mode; the operating modes of the basic functions are defined in GOST R 34.13-2015.

Imitation key is a value calculated from input data using a cryptographic algorithm with a secret element (key) known only to the sender and receiver.

The generated general authentication vector is further used in the procedures (protocols and mechanisms) of information security of the equipment of the protected telecommunications network as a unique random number linked to the authentication session.

Authentication efficiency is achieved by minimizing the number of key operations and by using a specific key size and cryptographic hashes to represent proof of ownership.

The described mutual authentication procedure based on a pre-allocated (assigned) service authentication key ensures trusted authentication based on Russian standards of cryptographic functions.

The proposed method for mutual authentication of equipment within the framework of building a secure telecommunications network can be implemented on the basis of a computer-implemented authentication system, which is described below as one of the implementation options.

The computing environment of the authentication system includes data storage, network interfaces, processing facilities (computers, routers, servers). The information carriers may be located in many places, for example, locally in the data storage (and/or located in them), one or more computers, or remotely from all computers in the network. Authentication information may be permanently or locally stored in the data storage. Data storage may contain one or more data storage devices, such as disk drives, optical storage devices, semiconductor memory devices, as well as removable information media, memory cards. Likewise, files and authentication data necessary for performing functions characteristic of computers, servers or other network devices may be stored locally and/or, if necessary, remotely.

The processing means using the computational stages of the method of mutual authentication of equipment in a secure telecommunications network may contain elements of software and hardware that are electrically connected via a bus. The elements of software and hardware include, for example, at least one central processor, an input device (mouse, keyboard, controller, display), an output device (display device). The bus may be one or more of any type of several bus architectures, including a memory bus or a memory controller, a peripheral bus, etc.

The processor may include any type of electronic data processor. The memory may comprise any type of storage device configured to store data, programs, and other information and to provide access to data, programs, and other information via a bus. The memory may comprise any type of system memory, such as static random access memory (SRAM), dynamic random access memory (DRAM), synchronous DRAM (SDRAM), read-only memory (ROM), combinations thereof. In an embodiment, the memory may include ROM for use in booting and DRAM for storing programs and data for use in executing programs.

Network interfaces may comprise wired connections, such as an Ethernet cable or the like, and/or wireless connections to access nodes or various networks. The network interface of the device (party/object A) allows the processing unit to communicate with remote devices (party/object B) via data transmission networks. For example, the network interface may provide wireless communication via one or more transmitters/transmitting antennas and one or more receivers/receiving antennas. In one embodiment, the devices are connected to a local area network or a wide-area network for data processing and communication with remote devices, the Internet, remote data storages.

The mutual authentication method according to the present invention can be implemented in the form of program instructions that can be executed by various computer means and recorded in a computer-readable medium. The computer-readable medium can include program instructions, data files, data structures or the like, individually or in combination. The program instructions recorded on the computer-readable medium can be configured for the present invention or can be known and used by a person skilled in the art in computer software. Examples of program instructions can include machine language codes, such as codes generated by a compiler, as well as codes in a high-level language that can be executed by a computer using an interpreter and the like.

In an embodiment of the invention, for implementing the proposed method of mutual authentication of equipment within the framework of building a secure telecommunications network, software and logic modules for recording and processing data, generating a random number, for example, based on a reprogrammable logic integrated circuit or a very large integrated circuit, can be used. It is obvious to a specialist that the above-mentioned logical modules can be implemented using a memory element that records the processed data and a processing processor, which can be a general-purpose processor, a finite-state machine or another hardware-programmable logic device, a discrete logic element or transistor logic or any combination thereof, in order to execute the instructions described above, and when the instruction is executed by the processor, the method of mutual authentication of equipment within the framework of building a secure telecommunications network is implemented.

A person skilled in the art should understand that embodiments of the present invention can be provided as a method, a system, or a computer program medium. Accordingly, the invention can take the form of hardware-only embodiments, software-only embodiments, or embodiments with a combination of software and hardware.

The embodiments of the invention are not exhaustive and are given only for the purpose of explanation and confirmation of industrial applicability, and specialists in this field of technology are able to create alternative embodiments of its implementation without departing from the scope of the formula, but within the scope of the essence of the invention reflected in the description.

Claims (7)

1. A method of mutual authentication comprising the steps of: the first object generates a random number Na of 256 bits and sends it to the second object, the second object generates a random number Nb of 256 bits and sends the concatenation Na||Nb to the first object, where Na ≠ Nb, the first object performs: comparison of the sent and received values of the number Na, and if the values do not match, the authentication procedure is interrupted, and if they match, it calculates the authentication vector of the first object Vauth_A using the formula: Vauth_A = F1(Na⊕Nb, Na), where ⊕ is the operation of componentwise addition modulo 2, calculates the authentication inserts from the authentication vector of the first object on the service authentication key (SAK) Kserv using the formula: MAC_A = F2(Kserv, Vauth_A), and then sends the authentication insert MAC_A to the second object, the second object performs: calculation of the authentication vector of the first object Vauth_A and its MAC_A impersonation insertion on the SCA Kserv according to the formulas Vauth_A = F1(Na⊕Nb, Na) and MAC_A = F2(Kserv, Vauth_A), comparison of the calculated and received from the first object MAC_A impersonation insertions, and if the values do not match, the authentication procedure is interrupted, and if they match, it calculates the authentication vector of the second object Vauth_B according to the formula: Vauth_B = F1(Na⊕Nb, Nb), calculates impersonation insertions from the authentication vector of the second object on the SCA Kserv according to the formula: MAC_B = F2(Kserv, Vauth_B), where the functions F1, F2 have the format F(key, data), where key is a 256-bit bit string used as a key, data is a 256-bit data string, and then sends the MAC_B impersonation insertion to the first object, the first object carries out: calculation of the authentication vector of the second object Vauth_B and its MAC_B impersonation on the Kserv SCA using the formulas Vauth_B = F1(Na⊕Nb, Nb) and MAC_B = F2(Kserv, Vauth_B), comparison of the calculated and received from the second object MAC_B impersonation, and if the values do not match, the authentication procedure is interrupted, and if they match, the first and second objects calculate the common authentication vector using the formula: Vauth = Vauth_A ⊕ Vauth_B, establishing mutual authentication. 2. The method according to item 1, characterized in that the size of the SKA Kserv is 256 bits, the size of the authentication vector Vauth_A, Vauth_B is 256 bits, and the size of the MAC_A, MAC_B impersonation insert is 64 bits or 128 bits.