一种基于双线性配对的天地一体化网络安全身份认证方案

doi:10.3969/j.issn.1671-1122.2020.12.005

信息网络安全 ›› 2020, Vol. 20 ›› Issue (12): 33-39.doi: 10.3969/j.issn.1671-1122.2020.12.005

一种基于双线性配对的天地一体化网络安全身份认证方案

赵国锋¹(), 周文涛¹, 徐川¹, 徐磊²

1.重庆邮电大学未来网络研究中心,重庆 400065
2.四川九强通信科技有限公司,绵阳 621000

收稿日期:2020-08-17 出版日期:2020-12-10 发布日期:2021-01-12
通讯作者: 赵国锋 E-mail:zhaogf@cqupt.edu.cn
作者简介:赵国锋（1972—）,男,重庆,教授,博士,主要研究方向为天地一体化网络安全、工业物联网、网络测量|周文涛（1996—）,男,安徽,硕士研究生,主要研究方向为天地一体化网络安全|徐川（1980—）,男,重庆,教授,博士,主要研究方向为天地一体化网络、工业互联网、软件定义网络|徐磊（1988—）,男,四川,本科,主要研究方向为天地一体化网络、网络安全
基金资助:
国家重点研发计划(2018YFB1800304);四川省重大科技专项(2018GZDZX0014)

A Secure Identity Authentication Scheme for Space-ground Integrated Network Based on Bilinear Pairing

ZHAO Guofeng¹(), ZHOU Wentao¹, XU Chuan¹, XU Lei²

1. Future Network Research Center, Chongqing University of Posts and Telecommunications, Chongqing 400065, China
2. Sichuan Jiuqiang Communication LTD., Mianyang 621000, China

Received:2020-08-17 Online:2020-12-10 Published:2021-01-12
Contact: ZHAO Guofeng E-mail:zhaogf@cqupt.edu.cn

摘要/Abstract

摘要：

文章提出一种基于双线性配对的天地一体化网络安全身份认证方案,认证过程中无需第三方参与即可完成网络内实体间的双向认证,且在认证过程中会协商出会话密钥,为后续的数据传输提供机密性保障。此外,方案的安全性基于椭圆曲线离散对数困难问题（ECDLP）和椭圆曲线计算Diffie-Hellman困难问题（ECCDHP）,安全性高,能够防御多种形式的攻击。文章最后对方案的可行性和有效性进行了理论及性能分析。

关键词: 天地一体化网络, 双线性配对, 双向认证, 密钥协商

Abstract:

This paper proposes a secure identity authentication scheme for space-ground integrated network based on bilinear pairing. In the process of authentication, the two-way authentication between entities in the network can be completed without the participation of a third party, and the session key will be negotiated during the authentication process. The key provides confidentiality protection for the subsequent data transmission. In addition, the security of the proposed scheme is based on the elliptic curve discrete logarithm difficulty problem(ECDLP) and the elliptic curve computational Diffie-Hellman difficult problem(ECCDHP). It has high security and can defend against various forms of attacks. Finally, thisp paper conducts a theoretical analysis for the scheme of the feasibility and effectiveness.

Key words: space-ground integrated network, bilinear pairing, two-way authentication, key agreement

中图分类号:

TP309

赵国锋, 周文涛, 徐川, 徐磊. 一种基于双线性配对的天地一体化网络安全身份认证方案[J]. 信息网络安全, 2020, 20(12): 33-39.

ZHAO Guofeng, ZHOU Wentao, XU Chuan, XU Lei. A Secure Identity Authentication Scheme for Space-ground Integrated Network Based on Bilinear Pairing[J]. Netinfo Security, 2020, 20(12): 33-39.

图/表 6

图1

表1

图2

表2

表3

表4

参考文献 16

[1]	LIU Lixiang. Space-ground Integrated Network[M]. Beijing: Science Press, 2015.
	刘立祥. 天地一体化网络[M]. 北京: 科学出版社, 2015.
[2]	ZHANG Wei, BIAN Dongming, XIE Zhidong, et al. A Novel Space Information Network Architecture Based on Autimonmous System[C]// IEEE. 2015 International Conference on Wireless Communications and Signal Processing, October 15-17, 2015, Nanjing, China. New Jersey: IEEE, 2015: 1-5.
[3]	WU Heng. Research on Key Technologies of Satellite Security Network Authentication[D]. Xi’an: Xidian University, 2019.
	武衡. 卫星安全组网认证关键技术研究[D]. 西安:西安电子科技大学, 2019.
[4]	CRUICKSHANK H. S A Security System for Satellite Networks[C]// IET. 15th International Conference on Satellite Systems for Mobile Communications & Navigation, May 13-15 1996, London, UK. New York: IET, 1996: 187-190.
[5]	HWANG M S, YANG C C, SHIU C Y. An Authentication Scheme for Mobile Satellite Communication Systems[J]. ACM Sigops Operating Systems Review, 2003,37(4):42-47. doi: 10.1145/958965.958970 URL
[6]	CHANG Y F, CHANF C C. An Efficient Authentication Protocol for Mobile Satellite Communication Systems[J]. ACM SIGOPS Operating Systems Review, 2005,39(1):70-84. doi: 10.1145/1044552.1044560 URL
[7]	REN Fang, MA Jianfeng, HAO Xuanwen. Certificate-based Hybrid Public Key Infrastructure of Spatial Information Network[J]. Journal of Jilin University (Engineering and Technology Edition), 2012,42(2):440-445.
	任方, 马建峰, 郝选文. 空间信息网基于证书的混合式公钥基础设施[J]. 吉林大学学报(工学版), 2012,42(2):440-445.
[8]	LEE C C, LI C T, CHANG R X. A Simple and Efficient Authentication Scheme for Mobile Satellite Communication Systems[J]. International Journal of Satellite Communications and Networking, 2012,30(1):29-38. doi: 10.1002/sat.993 URL
[9]	TSAJ J L, LO N W, WU T C. Secure Anonymous Authentication Scheme without Verification Table for Mobile Satellite Communication Systems[J]. International Journal of Satellite Communications & Networking, 2015,32(5):443-452.
[10]	ZHANG Yuanyuan, CHEN Jianhua, HUANG Baojun. An Improved Authentication Scheme for Mobile Satellite Communication Systems[J]. International Journal of Satellite Communications & Networking, 2015,33(2):135-146.
[11]	LIN Hanyu. Efficient Dynamic Authentication for Mobile Satellite Communication Systems without Verification Table[J]. International Journal of Satellite Communications and Networking, 2016,34(1):3-10. doi: 10.1002/sat.1088 URL
[12]	IBRAHIM M H, KUMARI S, DAS A K, et al. Jamming Resistant Non-interactive Anonymous and Unlinkable Authentication Scheme for Mobile Satellite Networks[J]. Security and Communication Networks, 2016,9(18):5563-5580. doi: 10.1002/sec.v9.18 URL
[13]	MENG Wei, XUE Kaiping, XU Jie, et al. Low-latency Authentication Against Satellite Compromising for Space Information Network[C]// IEEE. 15th International Conference on Mobile Ad Hoc and Sensor Systems(MASS), October 9-12, 2018, Chengdu, China. New Jersey: IEEE, 2018: 237-244.
[14]	ZHANG Zhaolei, DONG Guishan. Research on Improvement of User Identity Authentication Mechanism in Satellite IP Network[J]. Communication Technology, 2018,51(11):2715-2720.
	张兆雷, 董贵山. 卫星IP网络中用户身份认证机制的改进研究[J]. 通信技术, 2018,51(11):2715-2720.
[15]	QI Mingping, CHEN Jianhua, CHEN Yitao. A Secure Authentication with Key Agreement Scheme Using ECC for Satellite Communication Systems[J]. International Journal of Satellite Communications and Networking, 2019,37(3):234-244. doi: 10.1002/sat.v37.3 URL
[16]	XIONG Hu, BAO Yangyang, NIE Xuyun, et al. Server-aided Attribute-based Signature Supporting Expressive Access Structures for Industrial Internet of Things[J]. IEEE Transactions on Industrial Informatics, 2019,16(2):1013-1023.

符号	描述
$I{{D}_{A}}$	实体A的真实身份信息
$I{{D}_{B}}$	实体B的真实身份信息
$TI{{D}_{A}}$	实体A的临时可信身份标识信息
$TI{{D}_{B}}$	实体B的临时可信身份标识信息
${{Q}_{A}}$	实体A的公钥
${{S}_{A}}$	实体A的私钥
${{Q}_{B}}$	实体B的公钥
${{S}_{B}}$	实体B的私钥
${{R}_{A}},{{R}_{B}}$	实体注册时生成的随机数
$t,{t}',{{t}_{A}},{{t}_{B}},{{t}_{l}}^{\prime },{{t}_{u}}^{\prime }$	注册和认证阶段生成的时间戳
${{H}_{1}},{{H}_{2}},{{H}_{3}},{{H}_{4}},{h}'$	安全的密码哈希函数
${{Z}_{P}}^{*}$	元素集{0,…, p-1}
$s$	KGC的主密钥
$P$	${{G}_{1}}$的生成元
$\hat{e}$	双线性映射${{G}_{1}}\times {{G}_{1}}\to {{G}_{T}}$
${{r}_{A}},{{r}_{B}}$	实体认证过程生成的随机数
$m$	消息
$\sigma $	签密的密文
$K$	实体之间协商出的会话密钥
$\oplus $	异或操作
$\|\|$	字符串连接操作

符号	描述
$\|{{T}_{st}}\|$	时间戳长度
$\|{{T}_{id}}\|$	身份标识长度
$\|{{G}_{1}}\|$	群${{G}_{1}}$中元素比特数
$\|{{G}_{T}}\|$	群${{G}_{T}}$中元素比特数
$\|m\|$	认证请求消息长度
${{T}_{mul}}$	椭圆曲线上一次点乘运算所需时间
${{T}_{bp}}$	椭圆曲线上一次配对运算所需时间
${{T}_{add}}$	椭圆曲线上一次点加运算所需时间

	计算开销	通信时延	认证时延/ms
文献[12]	$11{{T}_{mul}}+3{{T}_{add}}+{{T}_{se}}+2{{T}_{si}}$	$\le 4\times {{T}_{E-E}}$	$\ge 74.506$
文献[13]	$10{{T}_{mul}}+4{{T}_{add}}+{{T}_{se}}+2{{T}_{si}}$	$\le 6\times {{T}_{E-E}}$	$\ge 73.850$
本文方案	$4{{T}_{mul}}+4{{T}_{bp}}$	$<4\times {{T}_{E-E}}$	$\ge 42.890$

	双向认证	身份匿名	密钥协商	前向保密
文献[12]	×	√	√	√
文献[13]	√	√	√	√
本文方案	√	√	√	√

一种基于双线性配对的天地一体化网络安全身份认证方案

A Secure Identity Authentication Scheme for Space-ground Integrated Network Based on Bilinear Pairing

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 6

参考文献 16

相关文章 15

编辑推荐

Metrics

本文评价

[1]	陈瑞滢, 陈泽茂, 王浩. 工业控制系统安全监控协议的设计与优化研究[J]. 信息网络安全, 2019, 19(2): 60-69.
[2]	程庆丰, 阮展靖, 张瑞杰. 对三个无双线性对的密钥协商协议分析[J]. 信息网络安全, 2019, 19(1): 16-26.
[3]	石金晶, 程佳婧, 陈慧, 周芳. 基于Bell测量与三粒子纠缠态的量子密钥协商协议[J]. 信息网络安全, 2017, 17(6): 56-61.
[4]	唐春明, 高隆. 区块链系统下的多方密钥协商协议[J]. 信息网络安全, 2017, 17(12): 17-21.
[5]	赖成喆, 郑东. 3GPP认证和密钥协商协议综述[J]. 信息网络安全, 2016, 16(8): 24-31.
[6]	矢敏, 叶伟伟, 欧庆于. 不需双线性对的基于身份的认证密钥协商协议[J]. 信息网络安全, 2016, 16(10): 21-27.
[7]	胡雪, 封化民, 陈迎亚, 吴阳阳. 一种增强WAPI安全性的改进方法[J]. 信息网络安全, 2015, 15(8): 47-52.
[8]	. 一种改进的 CHAP 方案[J]. , 2014, 14(7): 75-.
[9]	. 基于身份加密的可认证密钥协商协议[J]. , 2014, 14(3): 1-.
[10]	袁艳祥;游林. 基于身份加密的可认证密钥协商协议[J]. , 2014, 14(3): 0-0.
[11]	. 轻量级RFID双向通信认证协议优化方案[J]. , 2014, 14(2): 58-.
[12]	夏戈明;史立哲;周文;沈恒丰. 轻量级RFID双向通信认证协议优化方案[J]. , 2014, 14(2): 0-0.
[13]	苗俊峰, 马春光, 黄予洛, 李晓光. 3G-WLAN安全接入方案的研究与分析[J]. 信息网络安全, 2014, 14(10): 24-30.
[14]	周洲;彭长根;杨玉龙. 基于口令的密钥协商协议的改进与设计[J]. , 2014, 14(1): 0-0.
[15]	秦文仙;王琼宵;高能;王跃武. 对SIP认证协议的安全性分析与改进[J]. , 2013, 13(10): 0-0.