Journal of Systems Engineering and Electronics ›› 2012, Vol. 34 ›› Issue (6): 1258-1265.doi: 10.3969/j.issn.1001-506X.2012.06.32

• 通信与网络 • 上一篇    下一篇

基于身份的域间认证及密钥协商协议

庞辽军1,2, 徐银雨2, 裴庆祺3, 李慧贤4, 王育民2   

  1. 1. 西安电子科技大学生命科学技术学院, 陕西 西安 710071;
    2. 西安电子科技大学计算网络与信息安全教育部重点实验室, 陕西 西安 710071;
    3. 西安电子科技大学通信工程学院, 陕西 西安 710071;
    4. 西北工业大学 计算机学院, 陕西 西安 710072
  • 出版日期:2012-06-18 发布日期:2010-01-03

Identity-based inter-domain authentication and key agreement protocol

PANG Liao-jun1,2, XU Yin-yu2, PEI Qing-qi3, LI Hui-xian4, WANG Yu-min2   

  1. 1. School of Life Sciences and Technology, Xidian University, Xi’an 710071, China;
    2. Key Laboratory of Computer Network and Information Security, the Ministry of Education, Xidian University, Xi’an 710071, China; 
    3. School of Telecommunications Engineering, Xidian University, Xi’an 710071, China;
    4. School of Computer Science and Technology, Northwestern Polytechnical University, Xi’an 710072, China
  • Online:2012-06-18 Published:2010-01-03

摘要:

基于Shamir的秘密共享思想,提出了一种基于身份的域间认证及密钥协商协议。该协议要求域内节点共同参与共享密钥的生成,解决了现有的两方密钥协商方法用于域间认证,及密钥协商时不能保障代表节点可靠性和普通节点参与度的问题。协议的正确性和安全性分析说明,该协议不仅满足密钥协商的基本安全属性,而且还满足数据保密性、数据完整性、抵抗代表节点假冒和欺骗等安全性要求。与使用现有的两方密钥协商协议进行域间认证及密钥协商相比较,本协议具有更低的通信量和计算量,同时,提高了域内普通节点在密钥协商过程中的参与度。

Abstract:

Derived from Shamir’s secret sharing idea, an identity-based inter-domain authentication and key agreement protocol is proposed. The protocol requires all nodes of a domain to participate the generation of the shared key, thus two knotty problems that the reliability of the representative nodes of the domains cannot be guaranteed and the efficiency of key agreement is very low are solved when using the existing two-party key agreement  protocols for inter-domain authentication and key agreement. The correctness and security analyses show that this protocol meets not only the basic security properties of the key agreement, but also data confidentiality, data integrity, resistance to impersonating the representative nodes and so on. Compared with the existing two-party key agreement protocols in inter-domain key agreement, the proposed protocol is less in communication and computation, and at the same time, it improves the participation of the common nodes of the domains in the process of key agreement.