CN100499899C - Playback attack prevention method - Google Patents
Playback attack prevention method Download PDFInfo
- Publication number
- CN100499899C CN100499899C CNB2005101232524A CN200510123252A CN100499899C CN 100499899 C CN100499899 C CN 100499899C CN B2005101232524 A CNB2005101232524 A CN B2005101232524A CN 200510123252 A CN200510123252 A CN 200510123252A CN 100499899 C CN100499899 C CN 100499899C
- Authority
- CN
- China
- Prior art keywords
- sequence number
- travelling carriage
- base station
- message
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention relates to a method for avoiding replay attack, wherein said method comprises that: a, mobile station switches to target base station, mobile station and identifier generate AK and refresh AK serial number; b, identifier sends generated AK and refreshed AK serial number to target base station; c, the message communicated between mobile station and target base station carries refreshed AK serial number. With said invention, in one identification period, even the mobile station is connected to same base station several times, there will not generate messages with same serial number, to avoid replay attack.
Description
Technical field
The present invention relates to authentication techniques field, the communications field, be meant a kind of method that prevents Replay Attack especially.
Background technology
IEEE802.16 is the wireless access technology standard of a kind of point-to-multipoint of IEEE tissue definition.The system of IEEE802.16 definition is made up of base station (BS) and a plurality of travelling carriage (MS).Be that unit communicates with the radio frames between base station and the travelling carriage.Because the opening and the mobility of mobile radio system, the communication of travelling carriage is easy to be monitored, and system also receives attack easily.As the counterfeit travelling carriage identity of assailant, usurp network.Therefore, nearly all wireless communication system all has the complete safety measure of a cover, comprises authentication and encryption, is used for guaranteeing communication security, prevents to attack.Authentication is meant to be confirmed the identity of travelling carriage, guarantees to be legal mobile station; Encryption is meant encrypts the data of air interface, guarantees the privacy of communication.General in order to improve the dynamic of key, the fail safe that further improves system is encrypted used key and is all got in touch with verification process, dynamically generates and distributed key by verification process.
In the IEEE802.16 system, can adopt multiple authentication mode, as RSA (a kind of public key encryption algorithm), Extensible Authentication Protocol (EAP), RSA+EAP, EAP+EAP etc. by Rivest, Shamir, Adleman exploitation, system produces authorization key (AuthorizedKey by these authentication modes, AK), then by other keys that in communication process, utilized of AK regeneration.
Be example below by the EAP authentication, the brief description travelling carriage produces the process of AK and other keys that utilized in communication process behind access base station.As shown in Figure 1, the process by EAP authentication generation key is as follows:
In step 101, travelling carriage before access base station and certificate server to carry out EAP authentication mutual, finish the EAP authentication after, generate master session key (Master Session Key, MSK).Then in step 102 to step 105, certificate server passes to authenticate device (Authenticator) with MSK, authenticate device is stipulated according to agreement, earlier calculate pairwise master key (Pairwise Master Key by MSK, PMK), the Base Station Identification (BSID) and the mobile station identification (MSID) that will insert according to PMK and travelling carriage calculates AK again, then the AK that calculates passed to the base station that travelling carriage will insert; The base station is after receiving AK, produce the key (CMAC_KEY_U of the check code be used to calculate upstream message according to AK, or HMAC_KEY_U), be used to calculate downstream message check code key (CMAC_KEY_D, or HMAC_KEY_D) and be used for encrypting the key (KEK) that is actually used in encryption key (TEK).
In the process that above-mentioned steps 102 to step 105 is carried out, accordingly at mobile station side, execution in step 102 ` and step 103 `: mobile station MS K calculates PMK, calculates AK according to PMK again, produces the key and the KEK of the check code that is used to calculate up-downgoing message then according to AK.
Then in step 106 to step 109, travelling carriage sends message request TEK to the base station, after the base station receives this message, produce a random number as TEK, after with KEK TEK being encrypted then, send to travelling carriage, after this communicating by letter between travelling carriage and the base station uses the TEK after KEK encrypts to encrypt.
To step 112, when travelling carriage need upgrade TEK, send message request TEK once more to the base station in step 110, the base station produces new TEK, and after with KEK TEK being encrypted, sends to travelling carriage.
More than be to be the description that example is carried out the process of key generation with EAP, when using other authentication modes, different with the flow process before the difference of above-mentioned flow process just is to produce AK, promptly produce the method difference of AK, and after producing AK, the method that generates other keys according to AK is all identical with above-mentioned flow process.In the various concrete authentication modes, the method that generates AK and generate other keys can realize with reference to the method in the agreement, no longer describes in detail here.
In above-mentioned steps 109, in the communication process, the algorithm that utilizes transmit leg and recipient to know altogether, transmit leg goes out check code according to the cipher key calculation that message text and being used to calculates the message check code, and check code and the message text that calculates sent to the recipient together; After the recipient receives above-mentioned check code and message text, go out check code according to above-mentioned both sides algorithm of knowing altogether and the cipher key calculation that is used for the calculation check sign indicating number, then check code that calculates and the check code that receives are compared, if both equate that then the message verification is passed through; Otherwise verification failure.Because above-mentioned check key is the privately owned shared information that transmit leg and recipient calculate according to AK respectively, therefore can guarantee that the assailant can't calculate correct check key, also can't distort message.
In the communication process of above-mentioned steps 109,, can't take precautions against Replay Attack though can guarantee that by check key message is not distorted.Replay Attack is meant that the assailant intercepts and captures the wherein data of a side A (or B) transmission in communicating pair A and B reciprocal process, and on after this certain opportunity, resend the data of above-mentioned intercepting and capturing to B (or A), the assailant just can pretend to be the side in the communicating pair to go to cheat the opposing party like this, reaches the purpose of attacking network.
For preventing Replay Attack, common way is to add sequence number in each message, guarantees identical message can not occur in normal communication process.Like this, when the assailant carried out Replay Attack, it was illegal that the recipient just can determine this message, thereby has prevented Replay Attack.Stipulate that in the IEEE802.16 agreement down management message is carried sequence number and is encryption downstream message authentication code sequence number CMAC_PN_D, down management message of every transmission, this sequence number adds one; Up administrative messag carries sequence number and is encryption upstream message authentication code sequence number CMAC_PN_U, up administrative messag of every transmission, and this sequence number adds one.In addition, also can replace top CMAC_PN_D and CMAC_PN_U with Hash downstream message authentication code sequence number HMAC_PN_D and Hash upstream message authentication code sequence number HMAC_PN_U.
In cordless communication network, because travelling carriage is movably, and the base station is fixed, so along with moving of travelling carriage, when passing the overlay area of different base station, travelling carriage guarantees communication continuity by the base station that replacing communicates, and this process is called switching.Before and after switching, if do not authenticate again, then the PMK of travelling carriage or PAK just can not change, PMK sequence number (Sequence Number) and PAK Sequence Number can not change yet, thereby AKSequence Number can not change yet, but because variation has taken place in the base station that connects, according to the method for the calculating AK of front as can be known, after the base station changes, because the variation of BSID, cause AK that variation has taken place, after AK has carried out upgrading, also upgrade for CMAC_PN_D and CMAC_PN_U.
The process of in the handoff procedure key being upgraded is: travelling carriage is after switching, and target BS is to the AK of this travelling carriage of authenticate device request, and authenticate device generates sending to the base station behind the new AK of base station; The base station reinitializes CMAC_PN_D and CMAC_PN_U according to the AK that receives, and is about to both and calculates since 0; And travelling carriage upgrades AK equally, also reinitializes CMAC_PN_D and CMAC_PN_U, according to new AK key is set in message in the subsequent communications process, and the sequence number after the renewal is set in message.
Because travelling carriage switches between two base stations back and forth through regular meeting, so in the said process, after travelling carriage switches to base station b from base station a and switches to base station a again, because when switching back a again, under situation about not authenticating again, the AK that generates is with not switch the AK that preceding base station a obtains identical, and because CMAC_PN_D and CMAC_PN_U are all since 0, the message of identical check code and same sequence number then can appear comprising, if the base station is refused such message just to have hindered as Replay Attack message the proper communication of legal mobile travelling carriage; If the base station is received such message as legitimate messages, will implement Replay Attack to the assailant and cause chance.
Summary of the invention
In view of this, the object of the present invention is to provide a kind of method that prevents Replay Attack, this method can be implemented in and guarantee to prevent Replay Attack under the normal prerequisite of switching of travelling carriage.
In order to achieve the above object, the invention provides a kind of method that prevents Replay Attack, the method includes the steps of:
Behind A, the switching mobile station to target base station, travelling carriage and authenticate device all regenerate AK, and upgrade the AK sequence number;
B, authenticate device send to described target BS with the AK of generation and the AK sequence number after the renewal;
Carry the AK sequence number after the described renewal in C, travelling carriage and the target BS interactive messages, utilize the AK sequence number after upgrading to carry out the message verification.
Preferably, the method for described renewal AK sequence number is:
With AK sequence number increasing or decreasing on the basis of the former AK sequence number of storage.
Preferably, further comprise before the described steps A: travelling carriage and authenticate device are after authenticating, and during initialization AK sequence number, the initial value that the AK sequence number is set is predefined value.
Preferably, described predefined value is 0 or 1.
Preferably, authenticate device regenerates AK in the described steps A, and the sequence number of renewal AK is:
Described target BS sends message request to authenticate device and obtains AK and AK sequence number after described travelling carriage switches access;
Authenticate device is according to the described message of reception and the last information updating AK and the AK sequence number of storing in self that authenticates of described travelling carriage.
Preferably, described target BS determines that described travelling carriage switches the method that inserts and is:
Described target BS determines that described travelling carriage inserts by switching after receiving the Indication message of the described switching mobile station to target base station that mobile station side or network side send.
Preferably, further comprise in the described steps A:
Travelling carriage and authenticate device judge that respectively whether the AK sequence number after the renewal used, if then initiate re-authentication, finished this flow process then in this verification process; Otherwise carry out described step B and step C.
If the AK sequence number that carries in described travelling carriage and the base station interactive messages has maximum;
AK sequence number after then described judgement is upgraded whether used method can for:
Judge that whether the AK sequence number after upgrading has surpassed described maximum, used if then judge the AK sequence number; Otherwise, judge the AK sequence number and do not use.
Preferably, the method for described authenticate device initiation re-authentication is:
Authenticate device sends the message informing base station to the base station and initiates re-authentication.
Preferably, the method for described base station initiation re-authentication is:
The base station sends EAP authentication request message or Revest-Shamir-Adleman Algorithm (RSA) authentication invalid message triggering Mobile Origination re-authentication to travelling carriage.
From above scheme as can be seen, upgrade AK Sequence Number by travelling carriage and authenticate device in the handoff procedure in authentication period among the present invention, and in the communication process of travelling carriage and target BS, in message, carry the AK Sequence Number after the renewal, therefore, in authentication period, even travelling carriage repeatedly connects with identical base station, can occurrence sequence number all identical message yet, thus under the situation that guarantees proper communication, prevented Replay Attack;
And then, because the AK Sequence Number that is arranged in the message has maximum, by whether AK Sequence Number is surpassed maximum judge in the present invention, and after surpassing above-mentioned maximum, again initiate authentication, improved effect of the present invention, further guaranteed proper communication to have prevented Replay Attack.
Description of drawings
Fig. 1 is authentication and coded communication flow chart;
Fig. 2 is the flow chart of mobile station side in the specific embodiment of the invention;
Fig. 3 is the flow chart of base station side in the specific embodiment of the invention.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, the present invention is described in further detail below in conjunction with accompanying drawing.
Main thought of the present invention is, in authentication period, behind switching mobile station to target base station, travelling carriage and authenticate device all upgrade AK Sequence Number, and in the communication process of travelling carriage and target BS, in message, carry the AK Sequence Number after the renewal.
The present invention will be described in detail below by a specific embodiment.
Be illustrated in figure 2 as the flow chart of mobile station side in the specific embodiment that prevents the Replay Attack method in the handoff procedure of the present invention, specifically may further comprise the steps:
After authenticating again, mobile station side is when initialization AK SequenceNumber at every turn in the present embodiment, and initial value can be 0, or 1, or same as the prior art, determine that according to the value of PMK/PAKSequence Number after this travelling carriage writes down the value of current AK Sequence Number.When upgrading AK Sequence Number, increasing or decreasing on the basis of original AK Sequence Number value.Can certainly adopt other complicated algorithm that AK Sequence Number is upgraded,, enumerate no longer one by one here because adoptable method is very many.Upgrading AK Sequence Number in the following mode that increases progressively with employing in to the explanation of this flow process is that example describes.
In addition, when upgrading the context of AK in this step, can reinitialize, also can not reinitialize for CMAC_KEY_D and CMAC_KEY_U.
Increase this step in the present embodiment and be because, when in message, carrying AK SequenceNumber, the bit number of distributing for AK Sequence Number is fixed, for example be 4, then this AK Sequence Number has maximum 15, after upgrading AK Sequence Number, after its value surpasses above-mentioned maximum, owing to overflowing reason, again this value is arranged in the message, this value just might be used, so in this step, judge whether the AK Sequence Number after upgrading used, whether the AK Sequence Number value after promptly judgement is upgraded is greater than above-mentioned maximum, if the AK Sequence Number that promptly judges after the renewal used; Otherwise, do not judge and used.
More than be the realization flow to mobile station side in the specific embodiment of the invention, accordingly, the realization flow of base station side specifically may further comprise the steps as shown in Figure 3 in the present embodiment:
In this step, the base station can switch to the Indication message of new base station by the travelling carriage of receiving the transmission of mobile station side or network side, defines travelling carriage and inserts by switching.
Corresponding with mobile station side, in the authenticate device side, after authenticating again, during initialization AK Sequence Number, initial value can be 0 at every turn among the present invention, or 1, or predefined maximum.Or same as the prior art, determine that according to the value of PMK/PAK Sequence Number after this authenticate device writes down the value of current AK Sequence Number.When upgrading AK Sequence Number, increasing or decreasing on the basis of original AK Sequence Number value.Certainly also adopt other complicated algorithm that AK Sequence Number is upgraded,, enumerate no longer one by one here because adoptable method is very many.
Authenticate device can also calculate other authentication-related information in this step, as AKID, AKLifetime with other are as keys such as CMAK_KEY_D and CMAC_KEY_U.
Judge in this step that method that whether AK Sequence Number be used is identical with determination methods in the above-mentioned steps 202, therefore no longer describes in detail.In this step, re-authentication is initiated in the base station in addition, can be by sending message trigger Mobile Origination re-authentication.For example, in the EAP authentication, the base station can send EAP authentication request (EAP-Request) message trigger Mobile Origination re-authentication to travelling carriage; In Revest-Shamir-Adleman Algorithm (RSA) authentication, the base station can send authentication invalid (Authen-Invalid) message trigger Mobile Origination re-authentication to travelling carriage.
After step 306, base station receive the AK and AK Sequence Number that authenticate device sends, calculate other key according to the AK that receives, and with the travelling carriage interactive messages in the AK Sequence Number that is received is set.
In this step, other keys in base station pair and the travelling carriage interactive messages beyond the employed AK, as CMAK_KEY_D and CMAC_KEY_U etc., if authenticate device has sent to the base station, then the association key of reception is directly used in the base station, if authenticate device does not send to the base station, then calculate voluntarily the base station.Corresponding with mobile station side, CMAC_PN_D and CMAC_PN_U can reinitialize, and also can not reinitialize.
Be appreciated that the above only for preferred embodiment of the present invention, or not within the spirit and principles in the present invention not all in order to restriction the present invention, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (10)
1, a kind of method that prevents Replay Attack is characterized in that, this method may further comprise the steps:
Behind A, the switching mobile station to target base station, travelling carriage and authenticate device all regenerate authorization key AK, and upgrade the AK sequence number;
B, authenticate device send to described target BS with the AK of generation and the AK sequence number after the renewal;
Carry the AK sequence number after the described renewal in C, travelling carriage and the target BS interactive messages, utilize the AK sequence number after upgrading to carry out the message verification.
2, method according to claim 1 is characterized in that, the method for described renewal AK sequence number is:
With AK sequence number increasing or decreasing on the basis of the former AK sequence number of storage.
3, method according to claim 1 is characterized in that, further comprise before the described steps A: travelling carriage and authenticate device are after authenticating, and during initialization AK sequence number, the initial value that the AK sequence number is set is predefined value.
4, method according to claim 3 is characterized in that, described predefined value is 0 or 1.
5, method according to claim 1 is characterized in that, authenticate device regenerates AK in the described steps A, and the sequence number of renewal AK is:
Described target BS sends message request to authenticate device and obtains AK and AK sequence number after described travelling carriage switches access;
Authenticate device is according to the described message of reception and the last information updating AK and the AK sequence number of storing in self that authenticates of described travelling carriage.
6, method according to claim 5 is characterized in that, described target BS determines that described travelling carriage switches the method that inserts and is:
Described target BS determines that described travelling carriage inserts by switching after receiving the Indication message of the described switching mobile station to target base station that mobile station side or network side send.
7, according to the described method of each claim in the claim 1 to 6, it is characterized in that, further comprise in the described steps A:
Travelling carriage and authenticate device judge that respectively whether the AK sequence number after the renewal used, if then initiate re-authentication, finished this flow process then in this verification process; Otherwise carry out described step B and step C.
8, method according to claim 7 is characterized in that, the AK sequence number that carries in described travelling carriage and the base station interactive messages has maximum;
Whether used method is AK sequence number after then described judgement is upgraded:
Judge that whether the AK sequence number after upgrading has surpassed described maximum, used if then judge the AK sequence number; Otherwise, judge the AK sequence number and do not use.
9, method according to claim 7 is characterized in that, the method that described authenticate device is initiated re-authentication is:
Authenticate device sends the message informing base station to the base station and initiates re-authentication.
10, method according to claim 9 is characterized in that, the method that re-authentication is initiated in described base station is:
The base station sends EAP authentication request message or Revest-Shamir-Adleman Algorithm (RSA) authentication invalid message triggering Mobile Origination re-authentication to travelling carriage.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005101232524A CN100499899C (en) | 2005-11-15 | 2005-11-15 | Playback attack prevention method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005101232524A CN100499899C (en) | 2005-11-15 | 2005-11-15 | Playback attack prevention method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1968494A CN1968494A (en) | 2007-05-23 |
| CN100499899C true CN100499899C (en) | 2009-06-10 |
Family
ID=38076971
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2005101232524A Active CN100499899C (en) | 2005-11-15 | 2005-11-15 | Playback attack prevention method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100499899C (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101541001A (en) * | 2009-04-28 | 2009-09-23 | 刘建 | Method and system for updating base key |
| CN101583130B (en) * | 2009-06-18 | 2015-09-16 | 中兴通讯股份有限公司 | The generation method and apparatus of air interface key |
-
2005
- 2005-11-15 CN CNB2005101232524A patent/CN100499899C/en active Active
Non-Patent Citations (2)
| Title |
|---|
| IEEE 802.16 安全漏洞及其解决方案. 李惠忠,陈惠芳,赵问道.现代电信科技,第1期. 2005 |
| IEEE 802.16 安全漏洞及其解决方案. 李惠忠,陈惠芳,赵问道.现代电信科技,第1期. 2005 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1968494A (en) | 2007-05-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8379854B2 (en) | Secure wireless communication | |
| US7624267B2 (en) | SIM-based authentication method capable of supporting inter-AP fast handover | |
| CN102036238B (en) | Method for realizing user and network authentication and key distribution based on public key | |
| KR101038096B1 (en) | Secure key authentication method for binary cdma network | |
| CN102026178B (en) | User identity protection method based on public-key mechanism | |
| EP3328108A1 (en) | Authentication method, re-authentication method and communication apparatus | |
| CN108880813B (en) | Method and device for realizing attachment process | |
| CN100488281C (en) | Method for acquring authentication cryptographic key context from object base station | |
| CN101272616A (en) | Safety access method of wireless metropolitan area network | |
| CN100456884C (en) | Re-identifying method in wireless communication system | |
| CN105828332A (en) | Method of improving wireless local area authentication mechanism | |
| WO2017188895A1 (en) | Method and system for authentication with asymmetric key | |
| CN100370772C (en) | Method for switching in radio local-area network mobile terminal | |
| CN105323754A (en) | Distributed authentication method based on pre-shared key | |
| CN101192927B (en) | Authorization based on identity confidentiality and multiple authentication method | |
| CN104010305A (en) | Bidirectional authentication reinforcement method of terminal and access network based on physical layer secret key | |
| CN100544253C (en) | The safe re-authentication method of mobile terminal of wireless local area network | |
| CN101784048B (en) | Method and system for dynamically updating identity authentication and secret key agreement of secret key | |
| CN106992866A (en) | It is a kind of based on wireless network access methods of the NFC without certificate verification | |
| CN1964259B (en) | A method to manage secret key in the course of switch-over | |
| CN100499899C (en) | Playback attack prevention method | |
| CN102111268B (en) | Two-way authentication method of global system for mobile communications (GSM) network | |
| CN108337661B (en) | LTE-R vehicle-ground communication access layer switching authentication method based on bill | |
| Rekik et al. | An optimized and secure authentication scheme for Vehicular Ad Hoc Networks | |
| Singh et al. | A secure WLAN authentication scheme |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20211222 Address after: 450046 Floor 9, building 1, Zhengshang Boya Plaza, Longzihu wisdom Island, Zhengdong New Area, Zhengzhou City, Henan Province Patentee after: Super fusion Digital Technology Co.,Ltd. Address before: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen Patentee before: HUAWEI TECHNOLOGIES Co.,Ltd. |