[go: up one dir, main page]

WO2008034368A1 - Procédé, système, noeud mobile et noeud correspondant pour la production d'une clé de gestion de liaison - Google Patents

Procédé, système, noeud mobile et noeud correspondant pour la production d'une clé de gestion de liaison Download PDF

Info

Publication number
WO2008034368A1
WO2008034368A1 PCT/CN2007/070453 CN2007070453W WO2008034368A1 WO 2008034368 A1 WO2008034368 A1 WO 2008034368A1 CN 2007070453 W CN2007070453 W CN 2007070453W WO 2008034368 A1 WO2008034368 A1 WO 2008034368A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
message
public key
binding
public
Prior art date
Application number
PCT/CN2007/070453
Other languages
English (en)
Chinese (zh)
Inventor
Chunqiang Li
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2008034368A1 publication Critical patent/WO2008034368A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network

Definitions

  • the present invention relates to mobile network technologies, and in particular, to a method, system, mobile node and communication node for generating a binding management key in a mobile IPv6 network.
  • Mobile IPV6 is a solution for mobility at the network layer.
  • a mobile node MN, Mobile Node
  • CN communication node
  • HA Home Agent
  • the mobile IPv6 specification requires that the mobile node moves from one link to another without interrupting the ongoing communication using the Home Address (HoA), the mobility of the node to the transport layer and other high-level protocols. It is transparent, and a mobile node can be uniquely identified by its home address.
  • the mobile node When the mobile node roams to the foreign network, it will generate a care-address (CoA, Care of Address) in a certain way, and notify the home agent through the binding update message, and the home agent intercepts the report sent to the mobile node's home network and the mobile node.
  • CoA Care of Address
  • the packet is forwarded to the mobile node through the tunnel mode.
  • the packet needs to be sent to the home agent through the tunnel mode.
  • the home agent decapsulates the tunnel packet and forwards the packet to the CN.
  • the MN referred to herein refers to the mobile node of IPv6.
  • the communication method in which the mobile node and the communication peer transit through the home agent is called a triangle routing mode, which obviously increases the communication delay, and there is a large header cost such as communication with the mobile node, and the mobile node is added to the hometown. Link burden, routing may not be optimized enough. Therefore, if the current location information (ie, the care-of address) of the mobile node is notified to the communication peer, the communication between the communication peer and the mobile node can be transferred without going through the home agent.
  • the method in which such a communication peer directly communicates with the mobile node is called a route optimization mode.
  • the route optimization mode of mobile IPv6 can avoid the above problems in the triangular routing mode.
  • the mobile node In order for the CN to send the message directly to the mobile node, the mobile node needs to advertise its current location information to the CN through a Binding Update (BU, Binding Update) message, which requires protection of the BU message, otherwise the mobile node and Communication between peers is vulnerable. For example: An attacker replaces Co A in a BU message with a forged Co A, and the mobile node cannot receive the message sent by the CN.
  • BU Binding Update
  • FIG. 1 is a schematic diagram of a process of using a return route reachability in the prior art.
  • the mobile node attempts to communicate with the CN using the route optimization mode, it sends a Home Test Init (HoTI, Home Test Init) and a Care Test Init (CoTI) message to the CN.
  • HoTI Home Test Init
  • CoTI Care Test Init
  • Home secret, secret generation token First ( 64, HMAC-SHA1 ( Ken, HoA I Nonce I
  • Hand over the secret generation token First ( 64, HMAC-SHA1 ( Ken, CoA I Nonce II ) ) where Ken is known only to CN.
  • the key, Nonce is a random number generated by the CN, and HMAC-SHA1 is an algorithm for generating a Hash Message Authentication Code (HMAC) using the SHA1 with a key.
  • HMAC Hash Message Authentication Code
  • MAC Message Authentication Code
  • the implementation of the method requires that the attacker cannot simultaneously spoof two CoT and HoT messages on the two links between the HA and the CN and between the MN and the CN. In fact, the attacker can eavesdrop on the CoT or HoT message by selecting the appropriate location.
  • the following is an example of the network diagram of the mobile node in Figure 2 to illustrate the situation.
  • the two links between the HA and the MN and between the MN and the CN have a common link, and the C link, the eavesdropper can audate both CoT and HoT at any position on the C link. Message.
  • CoT and HoT messages are easily available for node cooperation on two different links. After obtaining CoT and HoT, the attacker can calculate Kbm and naturally forge a BU message.
  • the analog MN When a malicious node selects an appropriate location, such as on the link between the HA and the CN, the analog MN sends CoTI and HoTI messages to the CN through the RRP. Because of the lack of necessary identity authentication information, CN naturally cannot distinguish this. Whether the CoTI and HoTI messages are messages sent by the fake MN, it is also difficult to generate a suitable binding entry.
  • Kbm SHAl (Home Secret Generation Token) can be used to generate the MAC in the BU message.
  • the main object of the present invention is to provide a party that generates a binding management key.
  • the method and system can provide a more secure binding management key generation mechanism and implement more effective protection of BU messages.
  • Another main object of the present invention is to provide a mobile node and a communication node, which are capable of generating a binding management key by exchanging keys to provide a more secure protection function for BU messages.
  • the present invention discloses a method for generating a binding management key.
  • the method includes:
  • the MN and the CN calculate their respective public keys according to the key exchange algorithm used and exchange the public keys with each other;
  • the MN uses the public key from the CN and its own private key, calculates the binding management key according to the key exchange algorithm, uses the binding management key to generate binding authorization data, and carries the binding authorization data in the binding update. Send to the CN in the BU message;
  • the CN uses the public key from the MN and its own private key, calculates the binding management key according to the key exchange algorithm, and uses the binding management key calculated by itself to perform the binding authorization data in the received BU message. verification.
  • the method further includes: setting a key exchange algorithm in the MN and the CN in advance.
  • the method further includes: MN and CN negotiate to obtain a currently used key exchange algorithm.
  • MN and CN negotiate to obtain a currently used key exchange algorithm, including:
  • the MN sends the information of the key exchange algorithm supported by itself to the CN, and the CN determines the currently used key exchange algorithm according to the information of the key exchange algorithm supported by the MN and the key exchange algorithm supported by the MN.
  • the MN sends the information of the key exchange algorithm supported by the MN to the CN, including:
  • the MN carries the information of the key exchange algorithm supported by itself in the initial HOTI message or/and the handover test initial CoTI message sent to the home of the CN.
  • the MN and the CN calculate the respective public keys according to the key exchange algorithm used and exchange the public keys with each other, including:
  • CN refers to the public key cryptosystem of the key exchange algorithm that both the MN and the MN can support.
  • the CN's public key is sent to the MN; the MN generates its own private key based on the public key cryptosystem parameters from the CN, calculates its own public key, and sends the calculated public key to the CN.
  • the CN sends the public key and the public key cryptosystem parameter to the MN, including: the CN carries the public key in the home test HoT message sent to the MN, and carries the public key in the handover test CoT message sent to the MN. Key cryptosystem parameter; or, CN carries the public key cryptosystem parameter in the home test HoT message sent to the MN, and carries the public key in the handover test CoT message sent to the MN.
  • the CN sends the public key and the public key cryptosystem parameter to the MN, including: the CN carries the public key and the public key cryptosystem parameter in the home test HoT message sent to the MN; or, the CN is sent to The MN's handover test CoT message carries the public key and the public key cryptosystem parameters.
  • the system further includes: an entity for providing an authentication function; when the CN sends the public key calculated by itself to the MN, the CN further adds a digital signature to the message carrying the public key; After the message carrying the public key of the CN, accessing the entity for providing the authentication function, and performing identity authentication on the CN according to the digital signature in the message;
  • the MN When the MN sends the self-calculated public key to the CN, the MN further adds a digital signature to the message carrying the public key; after receiving the message carrying the public key of the MN, the CN accesses the information for providing the authentication function.
  • the entity authenticates the MN according to the digital signature in the message.
  • the method further includes: the CN generates the binding authorization data by using the binding management key calculated by the CN, and carries the binding authorization data in the binding confirmation BA message to be sent to the MN; the MN uses the binding management calculated by itself. The key verifies the binding authorization data in the received BA message.
  • Next_Kbm is a new binding management key
  • Kbm is the original binding management key
  • Expression is composed of any one or more of CN, home address Ho A , CoA, Nonce, Cookies, and pseudo.
  • the random function PRF ( ) represents a function that pseudo-randomizes Expression under the action of Kbm.
  • the MN when the MN still communicates with the CN, but the link of the MN is switched to change the CoA, the HoTI message and the HoT message need not be sent between the MN and the CN, and the CN's public key for key exchange is The bearer is carried in the CoT message and sent to the MN. As long as the public key and/or the private key are still in the lifetime, the CN and the MN no longer update the public key and/or private key used for the key exchange.
  • the CN uses the same private key as each MN uses the key exchange to generate the binding management key.
  • the message authentication code MAC is used to protect the binding management key that is still valid.
  • the message carrying the new public key is used.
  • the invention discloses a system for generating a binding management key, the system comprising: a MN and a CN; the CN pre-storing its own private key;
  • the CN sends its own public key and system parameters of the key exchange algorithm to the MN, and uses the public key from the MN and the private key pre-stored by itself, and calculates the binding tube according to the key exchange algorithm.
  • the authentication key is used to verify the binding authorization data in the received BU message by using the binding management key calculated by itself;
  • the MN generates a private key and calculates its own public key according to the key exchange algorithm system parameters sent by the CN, and sends the calculated public key to the CN, using the public key from the CN and its own private key, pressing the key
  • the switching algorithm calculates the binding management key, generates the binding authorization data by using the binding management key, and carries the binding authorization data in the BU message and sends it to the CN.
  • the CN is further used to generate the binding authorization data by using the binding management key calculated by the self, and the binding authorization data is carried in the binding confirmation BA message and sent to the MN;
  • the binding authorization data in the received BA message is verified by using the binding management key calculated by itself.
  • the system further includes: a home agent HA; the MN carries the information of the key exchange algorithm supported by the MN in the HoTI message and the CoTI message sent to the CN, and sends the HoTI message to the CN by using the HA
  • the CN W HoTI message and the information of the key exchange algorithm carried in the CoTI message determine the currently used key exchange algorithm.
  • the system further includes: HA; the CN carries the public key calculated by the CN in the HoT message or the CoT message sent to the MN, and carries the public key cryptosystem parameter corresponding to the key exchange algorithm in the sending To the MN's HoT message or CoT message, and send the HoT message to the MN through the HA.
  • the system further includes: HA; the MN carries the information of the key exchange algorithm supported by itself in the HoTI message and the CoTI message sent to the CN; and uses the public key cryptosystem parameter from the CN to generate its own private Key, and the public key is calculated, and the calculated public key and the generated binding authorization data are carried in the BU message and sent to the CN; the CN is based on the received HoTI message and the key in the CoTI message.
  • the information of the exchange algorithm determines the currently used key exchange algorithm; uses the HoT message according to the predetermined public key cryptosystem parameter corresponding to the key exchange algorithm and the public key calculated by the self-preserved private key And the CoT message carries the public key and the public key cryptosystem parameter respectively and sends them to the MN; using the public key in the BU message and its own private key, and calculating the binding management key according to the key exchange algorithm;
  • the HA is used to forward HoTI messages and HoT messages between the MN and the CN.
  • the system further includes: an entity for providing an authentication function, configured to save the trusted data and provide an identity authentication function; the CN is further configured to carry the public key calculated by the self to the MN Adding a digital signature to the message of the public key; after receiving the message carrying the public key of the MN, accessing the entity for providing the authentication function, performing identity authentication on the MN according to the digital signature in the message;
  • the public key calculated by the user is sent to the CN, the digital signature is added to the message carrying the public key; after receiving the message carrying the public key of the CN, accessing the entity for providing the authentication function, according to the The digital signature in the message authenticates the CN.
  • the present invention also discloses a MN for transmitting a BU message to the CN when initiating communication with the CN;
  • the MN includes:
  • a key exchange unit configured to receive a public key from the CN, calculate a public key, and send the public key to the CN, use a public key from the CN and its own private key, calculate a binding management key according to a key exchange algorithm, and use the tied
  • the management key generates the binding authorization data, and carries the binding authorization data in the BU message sent to the CN.
  • the MN further includes: a verification unit, configured to receive the BA message from the CN, and use the binding management key generated by the key exchange unit to verify the binding authorization data of the CN carried in the BA message.
  • the present invention further discloses a CN for receiving a BU message from a MN when the MN initiates communication with the CN;
  • the CN includes:
  • a key exchange unit configured to receive a public key and a BU message from the MN, calculate the public key, and send the public key to the MN, using a public key from the MN and its own private key, and calculating according to a key exchange algorithm Get the binding management key;
  • the verification unit is configured to receive the BU message from the MN, and use the binding management key generated by the key exchange unit to verify the binding authorization data of the MN carried in the BU message.
  • the key exchange unit is further configured to generate the binding authorization data by using the binding management key calculated by the self, and carry the binding authorization data in the BA message sent to the MN.
  • the method, system, mobile node and communication node for generating a binding management key provided by the present invention can combine a key exchange and a return route reachability process to generate a binding management key, and use the generated binding.
  • the management key is used to protect the binding update message of the mobile IPv6, and the attack initiated by the third party to calculate the Kbm by eavesdropping on the HoT and CoT messages can be avoided, and the security of the communication in the mobile IPv6 route optimization mode is improved.
  • FIG. 1 is a schematic diagram of a return route reachable process in the prior art.
  • FIG. 2 is a networking diagram of communication performed by a mobile node.
  • FIG. 3 is a schematic diagram of a process flow of a preferred embodiment of the method of the present invention.
  • FIG. 4 is a schematic diagram of a specific structure of a binding management key system according to the present invention.
  • FIG. 5 is a schematic diagram of a specific structure of a mobile node device according to the present invention.
  • FIG. 6 is a schematic diagram of a specific structure of a communication node device according to the present invention. Mode for carrying out the invention
  • the present invention provides a method for combining a key exchange and a return route reachability procedure (RRP) to generate a binding management key, and a method for how to update the binding management key subsequently.
  • RRP return route reachability procedure
  • the main processing of the present invention includes: When the MN and the CN communicate using the route optimization mode At the same time, the MN first initiates registration with the peer. At this time, the two negotiate the key exchange algorithm used, such as: an elliptic curve key exchange algorithm or a Diffie-Hdlman key exchange algorithm. After determining the key exchange algorithm used, the CN sends the public key cryptosystem parameter and the public key PKcn used for key exchange to the MN, and the MN generates its own private according to the public key cryptosystem parameters sent by the CN.
  • the key exchange algorithm used such as: an elliptic curve key exchange algorithm or a Diffie-Hdlman key exchange algorithm.
  • the key is used to calculate the corresponding public key PKmn, and the binding management key (Kbm) is calculated by the key exchange algorithm using the received public key PKcn and its own private key, and the binding update message (BU) is generated by using the Kbm.
  • Binding authorization data such as MAC.
  • the MN sends a BU message carrying the binding authorization data and the public key PKmn to the CN, and then the CN calculates the binding management key using the public key PKmn and the self-preserved private key, and then uses the binding management key to verify the BU message. Further, the CN generates the binding authorization data by using the generated binding management key and carries it in the binding confirmation message (BA) message, and returns it to the MN, and the MN uses the binding management key generated by the MN to verify the BA.
  • BA binding confirmation message
  • the MN may carry the information of the key exchange algorithm that can be supported by the MN when transmitting the HoTI and the CoTI message, and the CN determines the currently used key exchange algorithm according to the HoTI and the CoTI message; and the CN can calculate the obtained public key system by itself.
  • the parameters and the public key PKcn are respectively carried in the HoT and CoT messages and sent to the MN.
  • FIG. 3 is a schematic diagram of a process flow of a preferred embodiment of the method of the present invention. As shown in Figure 3, the specific processing steps include:
  • Step 301 The MN sends a HoTI message to the CN through the HA, where the HoTI message carries information of a key exchange algorithm supported by the MN.
  • Step 302 The MN sends a CoTI message to the CN, where the CoTI message carries information of a key exchange algorithm supported by the MN.
  • Step 303 The CN determines the currently used key exchange algorithm according to the received information of the HoTI message and the key exchange algorithm in the CoTI message. Then, using the determined key exchange algorithm, using a preset private Key 1 and the public key cryptosystem corresponding to the key exchange algorithm The public key 1 is calculated by the system parameters.
  • Step 304 The CN sends a HoT message to the MN through the HA, where the HoT message carries the public key 1.
  • Step 305 The CN sends a CoT message to the MN, where the CoT message carries the public key cryptosystem parameter described in step 303.
  • the CN sends the public key 1 and the public key cryptosystem parameters to the MN through the HoT message and the CoT message respectively. Therefore, the HoT message may also carry the public key cryptosystem parameter in step 304, and the CoT message is performed in step 305. Carry the public key 1.
  • the public key 1 and public key cryptosystem parameters may also be included in the same message and sent to the MN, such as a HoT message or a CoT message.
  • Step 306 The MN extracts the public key 1 and the public key cryptosystem parameters from the received HoT message and the CoT message; uses the public key cryptosystem parameter to generate its own private key 2 and calculates the public key 2; uses the public key 1 And the private key 2 calculates the binding management key according to the key exchange algorithm; and then uses the calculated binding management key to generate the binding authorization data.
  • Step 307 The MN sends a BU message to the CN, where the BU message carries the binding authorization data and the public key 2 calculated by the MN.
  • Step 308 The CN extracts the public key 2 from the received BU message, calculates the Kbm by using the public key 2 and the pre-stored private key 1 according to the key exchange algorithm, and uses the Kbm to verify the binding carried in the BU message. Authorize the data to verify the MN.
  • the Kbm generated by the CN is the same as the Kbm generated by the MN, the binding authorization data carried in the BU message can be verified, that is, the MN can pass the CN verification; otherwise, the MN cannot pass the CN verification.
  • Step 309 The CN calculates the Kbm generated binding authorization data by using step 308.
  • Step 310 The CN sends a BA message to the MN, where the BA message carries the binding authorization data generated by the CN step 309.
  • Step 311 The MN uses the Kbm calculated by itself to verify the binding authorization data in the BA message to implement verification of the CN. Similarly, if the Kbm generated by the CN is the same as the Kbm generated by the MN, the CN can pass the verification by the MN; otherwise, the CN cannot pass the verification by the MN.
  • the information of the key exchange algorithm, the public key 1, the public key 2, the public key cryptosystem parameter, the binding authorization data, and the like are carried in the existing HoTI, HoT, CoTI, CoT in the return route reachable process.
  • the present invention does not limit the specific message carrying the information, and the solution of the present invention can also carry other information to carry the information, and the object of the present invention can be achieved.
  • the invention can be implemented by various key exchange algorithms.
  • the two most common algorithms are the elliptic curve key exchange algorithm and the Diffie-Hdlman key exchange algorithm.
  • the binding management key generation method of the present invention will be described in detail below in conjunction with an elliptic curve key exchange algorithm and a Diffie-Hdlman key exchange algorithm.
  • p is a positive integer
  • Fp is a finite field
  • a and b are positive integers on Fp
  • G is the base point on the elliptic curve E ( Fp )
  • n is a prime number and is the order of the base point G.
  • the securely stored private key 1) is divided into two parts and sent to the MN in a HoT message and a CoT message, respectively.
  • Ks can be used, or K can be used as the binding management key (Kbm).
  • Expression can be composed of CN, Ho A, Co A, Nonce, Cookies, etc., or it can be empty;
  • PRF ( Ks , Expression ) A function that performs pseudo-random processing on Expression under the action of the key Ks, which can be used for message authentication and derivation of a key. It can be a function such as HMAC_MD5, HMAC-SHA1, HMAC-SHA256.
  • the MN generates the binding authorization data by using the calculated Kbm, sends a BU message carrying the binding authorization data, carries the Nonce option in the BU message, and places the public key 2 (ie, R,) in the BU option to send to the BU.
  • CN After receiving the BU message, the CN checks the Nonce option. After checking, the CN uses the public key 2 and the private key 1 to calculate the binding management key.
  • the Kbm is calculated, and the binding authorization data carried in the BU message is verified by using Kbm.
  • the CN may also use Kbm to generate binding authorization data and carry it in the BA message and return it to the MN, and the MN uses the Kbm generated by itself to verify the binding authorization data in the BA message.
  • the CN uses the same private key when performing route optimization with multiple MNs, that is, when multiple MNs initiate communication to the same CN, the CN and each When the MN interacts to generate a binding management key, the private key used is the same.
  • DOS denial of service
  • the public key cryptosystem parameter to be selected is (p, g), where p is a prime number, g is a finite field F p generator, and g ⁇ p.
  • x mod p (where X is the private key 1 saved by the CN) is divided into two parts and placed in the HoT and CoT messages and sent to the MN. The MN checks the message after receiving the HoT message and the CoT message.
  • the MN generates the binding authorization data by using the calculated Kbm, sends a BU message carrying the binding authorization data, needs to carry the Nonce option in the BU message, and sends the public key 2 (ie, Y) in the option of the BU message.
  • multiple MNs can use the same private key when performing route optimization with the same CN.
  • the attacker cannot extract the Kbm used by the MN and the CN even if the public key and the public key cryptosystem parameters in the HoT and CoT messages are intercepted, and the MN can not be sent to the CN to generate the binding authorization data.
  • BU messages to implement the attack.
  • the present invention may generate the binding management key by using an anonymous key exchange method. That is, the digital signature is not included in the message involving the key exchange.
  • the time stamp mechanism can be used to provide the protection function. For example, when a message carrying a key exchange carries a timestamp, when the MN does not receive the message carrying the public key within a certain time limit, the MN determines that the CN is attacked and discards the message from the CN.
  • the entity that provides the authentication function with the trusted data is set in the network, and the message related to the key exchange (such as: HoT message, CoT) Digital signatures are added to messages, etc. for identity authentication.
  • the CN or the MN may use the data signature in the message to access the entity providing the authentication function to complete the identity verification.
  • PRF Ks, Expression
  • Ks Ks, Expression
  • Ks Ks, Expression
  • the derivation of the key which can be HMAC_MD5, HMAC-SHA1, HMAC-SHA256 and other functions.
  • the RRP in this time does not have to interact with the ⁇ / ⁇ message, only the CoTI/CoT message is reserved, and the CN is used for the key.
  • the exchanged public key will be placed in the CoT message and sent to the MN.
  • the CN and MN may not have to update the public-private key pair used for the key exchange.
  • the CN and the MN will generate a new public key using the message involving the key exchange, and may generate a message authentication code using Ks (MAC, Message Authentication).
  • the present invention also discloses a system for generating a binding management key.
  • Figure 4 is a specific embodiment of the system.
  • the system includes: MN and CN.
  • MN and CN negotiate a key exchange algorithm through a HoTI message, and/or through HoT
  • the public key is transmitted, the HoTI message and the HoT message need to be forwarded by the HA, and the system may further include: HA.
  • the MN and the CN exchange their respective public keys through HoT messages, BU messages, etc.
  • the digital signature may be further added to the message carrying the public key for the message receiving end to authenticate the message sending end.
  • an entity for providing an authentication function needs to be further configured as shown in FIG. 4, and an end of the MN and the CN accesses an entity for providing an authentication function after receiving the message carrying the public key, according to the entity The digital signature carried in the message authenticates the other end of the MN and the CN.
  • the invention also discloses a mobile node (MN) device.
  • Figure 5 is a specific embodiment of the MN.
  • the MN is configured to send a BU message to the CN when initiating communication with the CN;
  • the MN includes: a key exchange unit, configured to receive a public key from the CN, calculate the public key, and send the message to the CN, using the public from the CN.
  • the key and the private key of the key are calculated by the key exchange algorithm, and the binding management key is generated by using the binding management key, and the binding authorization data is carried in the BU message sent to the CN.
  • the MN may further include: a verification unit, configured to receive the BA message from the CN, and use the binding management key generated by the key exchange unit to verify the binding authorization data of the CN carried in the BA message.
  • a verification unit configured to receive the BA message from the CN, and use the binding management key generated by the key exchange unit to verify the binding authorization data of the CN carried in the BA message.
  • the present invention discloses a communication node (CN).
  • Figure 6 is a specific embodiment of the CN.
  • the CN is configured to receive a BU message from the MN when the MN initiates communication with the CN;
  • the CN includes: a key exchange unit, configured to receive a public key and a BU message from the MN, calculate the public key, and send the public key to the MN, Using the public key from the MN and the private key pre-stored by itself, the binding management key is calculated according to the key exchange algorithm;
  • the verification unit is configured to receive the BU message from the MN, and use the binding management key generated by the key exchange unit.
  • BU message The binding authorization data of the MN carried in the verification is performed.
  • the key exchange unit is further configured to generate the binding authorization data by using the binding management key calculated by the self, and carry the binding authorization data in the BA message sent to the MN.
  • the invention combines the key exchange and the return route reachability process to generate a binding management key, and uses the generated binding management key to protect the binding update message of the mobile IPv6, thereby preventing the third party from eavesdropping on the HoT and CoT messages.
  • the attack initiated by Kbm is calculated to improve the security of communication in the mobile IPv6 route optimization mode.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne un procédé de production d'une clé de gestion de liaison selon lequel le noeud mobile (MN) et le noeud correspondant (CN) calculent une clé publique respective selon un algorithme de commutation de clé employée et échangent la clé publique; le noeud mobile calcule une clé de gestion de liaison au moyen de la clé publique du noeud correspondant et de la clé privée sur la base de l'algorithme de commutation de clé, produit des données d'autorisation de liaison au moyen de la clé de gestion de liaison, et envoie les données d'autorisation de liaison contenues dans le message de mise à jour de liaison (BU) au noeud correspondant; et le noeud correspondant calcule une clé de gestion de liaison au moyen de la clé publique du noeud mobile et de la clé privée sur la base de l'algorithme de commutation de clé, et authentifie les données d'autorisation de liaison dans le message de mise à jour de liaison reçu au moyen de la clé de gestion de liaison calculée. L'invention concerne également un système correspondant, un noeud mobile et un noeud correspondant. Le niveau de sécurité du procédé de production de la clé de gestion de liaison peut être amélioré.
PCT/CN2007/070453 2006-09-18 2007-08-10 Procédé, système, noeud mobile et noeud correspondant pour la production d'une clé de gestion de liaison WO2008034368A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2006101541984A CN101150849B (zh) 2006-09-18 2006-09-18 生成绑定管理密钥的方法、系统、移动节点及通信节点
CN200610154198.4 2006-09-18

Publications (1)

Publication Number Publication Date
WO2008034368A1 true WO2008034368A1 (fr) 2008-03-27

Family

ID=39200187

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2007/070453 WO2008034368A1 (fr) 2006-09-18 2007-08-10 Procédé, système, noeud mobile et noeud correspondant pour la production d'une clé de gestion de liaison

Country Status (2)

Country Link
CN (1) CN101150849B (fr)
WO (1) WO2008034368A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113825134A (zh) * 2021-09-29 2021-12-21 新华三技术有限公司 一种网络服务授权方法、装置及设备

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8565434B2 (en) * 2008-05-27 2013-10-22 Qualcomm Incorporated Methods and systems for maintaining security keys for wireless communication
CN103685181A (zh) * 2012-09-13 2014-03-26 北京大唐高鸿软件技术有限公司 一种基于srtp的密钥协商方法
KR20160078475A (ko) * 2013-10-30 2016-07-04 후아웨이 디바이스 컴퍼니 리미티드 키 구성 방법, 시스템, 및 장치
CN105814859B (zh) * 2013-12-31 2019-04-19 华为终端(东莞)有限公司 一种网络配置方法、相关装置及系统
CN103680111B (zh) * 2014-01-09 2017-01-25 西安电子科技大学 可验证智能感知终端数据聚集方法及系统
US9451032B2 (en) * 2014-04-10 2016-09-20 Palo Alto Research Center Incorporated System and method for simple service discovery in content-centric networks
US9705859B2 (en) * 2015-12-11 2017-07-11 Amazon Technologies, Inc. Key exchange through partially trusted third party
CN106533662A (zh) * 2016-11-03 2017-03-22 北京奇虎科技有限公司 一种传输网络安全密钥的方法与装置
CN108777678B (zh) * 2018-05-18 2020-12-11 北京邮电大学 一种网络密钥交互系统、装置及方法
CN109768982A (zh) * 2019-01-23 2019-05-17 深圳市元征科技股份有限公司 一种基于物联网的加密传输方法及装置
CN114513758B (zh) * 2022-02-10 2023-06-20 深圳指芯物联技术有限公司 基于密钥交换的自动绑定前后锁方法、系统及智能门锁

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US1456993A (en) * 1920-02-16 1923-05-29 William H Miner Friction draft rigging
US20030211842A1 (en) * 2002-02-19 2003-11-13 James Kempf Securing binding update using address based keys
CN1543117A (zh) * 2003-03-12 2004-11-03 ���ǵ�����ʽ���� 用于安全通信的返回路径可选择的方法
CN1758651A (zh) * 2004-09-07 2006-04-12 三星电子株式会社 使用转交地址(coa)绑定协议来认证地址所有权
US20070113075A1 (en) * 2005-11-10 2007-05-17 Ntt Docomo, Inc. Secure route optimization for mobile network using multi-key crytographically generated addresses

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1505780B1 (fr) * 2003-08-06 2011-03-23 Motorola, Inc. Procédé pour une communication validée

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US1456993A (en) * 1920-02-16 1923-05-29 William H Miner Friction draft rigging
US20030211842A1 (en) * 2002-02-19 2003-11-13 James Kempf Securing binding update using address based keys
CN1543117A (zh) * 2003-03-12 2004-11-03 ���ǵ�����ʽ���� 用于安全通信的返回路径可选择的方法
CN1758651A (zh) * 2004-09-07 2006-04-12 三星电子株式会社 使用转交地址(coa)绑定协议来认证地址所有权
US20070113075A1 (en) * 2005-11-10 2007-05-17 Ntt Docomo, Inc. Secure route optimization for mobile network using multi-key crytographically generated addresses

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113825134A (zh) * 2021-09-29 2021-12-21 新华三技术有限公司 一种网络服务授权方法、装置及设备

Also Published As

Publication number Publication date
CN101150849B (zh) 2010-09-08
CN101150849A (zh) 2008-03-26

Similar Documents

Publication Publication Date Title
CN101150849B (zh) 生成绑定管理密钥的方法、系统、移动节点及通信节点
US8918522B2 (en) Re-establishment of a security association
Arkko et al. Enhanced route optimization for mobile IPv6
JP5745626B2 (ja) ホストベースのモビリティおよびマルチホーミングプロトコルに対する軽量セキュリティソリューションのための方法および装置
US8447979B2 (en) Method and apparatus for binding update between mobile node and correspondent node
Deng et al. Defending against redirect attacks in mobile IP
JP5250634B2 (ja) 移動通信ネットワークにおいて使用するための方法及び装置
US7233782B2 (en) Method of generating an authentication
JP2000083017A (ja) 無線通信システムにおいて機密共有デ―タを更新するための方法
Shah et al. A TOTP‐Based Enhanced Route Optimization Procedure for Mobile IPv6 to Reduce Handover Delay and Signalling Overhead
CN101106568B (zh) 生成转交地址及提高路由优化安全性的方法、装置和系统
CN101330438B (zh) 一种节点间安全通信的方法及系统
Fathi et al. Leakage-resilient security architecture for mobile IPv6 in wireless overlay networks
Qiu et al. A PMIPv6-based secured mobility scheme for 6LoWPAN
Mayuri et al. A novel secure handover mechanism in PMIPV6 networks
WO2010003326A1 (fr) Procédé destiné à protéger la découverte de voisin de mandataire et système et appareil associés
CN100536471C (zh) 一种家乡代理信令消息有效保护方法
Susanto et al. Per-connection return routability test in mobile IPv6
CN119051844A (zh) 移动IPv6返回路径可达过程中保护关键信息的方法
Susanto Functional Scheme for IPv6 Mobile Handoff
Modares et al. Securing binding update in mobile IPv6 using private key base binding update protocol
Elshakankiry Securing home and correspondent registrations in mobile IPv6 networks
Shah et al. Research Article A TOTP-Based Enhanced Route Optimization Procedure for Mobile IPv6 to Reduce Handover Delay and Signalling Overhead
Modares Enhancing Security in Mobile IPv6 with Private Key-Based Binding Update Protocol
Liu et al. Local key exchange for mobile IPv6 local binding security association

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07800929

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07800929

Country of ref document: EP

Kind code of ref document: A1