[go: up one dir, main page]

CN110753342B - Body area network equipment authentication and key agreement method based on channel characteristics - Google Patents

Body area network equipment authentication and key agreement method based on channel characteristics Download PDF

Info

Publication number
CN110753342B
CN110753342B CN201910994540.9A CN201910994540A CN110753342B CN 110753342 B CN110753342 B CN 110753342B CN 201910994540 A CN201910994540 A CN 201910994540A CN 110753342 B CN110753342 B CN 110753342B
Authority
CN
China
Prior art keywords
key
control unit
new device
message
body area
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910994540.9A
Other languages
Chinese (zh)
Other versions
CN110753342A (en
Inventor
陈晶
梁微
何琨
杜瑞颖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan University WHU
Original Assignee
Wuhan University WHU
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan University WHU filed Critical Wuhan University WHU
Priority to CN201910994540.9A priority Critical patent/CN110753342B/en
Publication of CN110753342A publication Critical patent/CN110753342A/en
Application granted granted Critical
Publication of CN110753342B publication Critical patent/CN110753342B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/65Environment-dependent, e.g. using captured environmental data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/009Security arrangements; Authentication; Protecting privacy or anonymity specially adapted for networks, e.g. wireless sensor networks, ad-hoc networks, RFID networks or cloud networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0433Key management protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/63Location-dependent; Proximity-dependent

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Environmental & Geological Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a body area network equipment authentication and key agreement method based on channel characteristics, which mainly comprises five processes of initialization, equipment fingerprint generation, key agreement, key authentication and key updating, and equipment fingerprints are generated by utilizing the randomness of environmental factors and the uniqueness of user behavior characteristics. The initialization procedure is used to establish a preliminary connection of the new device with the control unit in the system. The device fingerprint generation process is used to generate a device fingerprint in preparation for the key agreement and key authentication processes. The key agreement procedure is used to generate a consistent session key between the new device and the control unit. The key authentication process is used to verify whether a device newly added to the system is a secure device. The key updating process is used for generating uniform session keys for all body area network devices in the system and updating in time, so that the communication safety and the lightweight of a key agreement protocol are ensured. The body area network equipment safety authentication method provided by the invention is more convenient, effective, safe and reliable.

Description

一种基于信道特征的体域网设备认证与密钥协商方法A body area network device authentication and key agreement method based on channel characteristics

技术领域technical field

本发明属于物联网通信技术领域,涉及一种基于信道特征的体域网设备认证与密钥协商方法,具体涉及一种基于环境上下文和用户行为基于信道特征的体域网设备认证与密钥协商方法。The invention belongs to the technical field of Internet of Things communication, relates to a channel feature-based body area network device authentication and key negotiation method, and in particular relates to a body area network device authentication and key negotiation based on channel features based on environmental context and user behavior method.

背景技术Background technique

随着物联网技术的不断发展以及互联网技术的成熟,家电设备、生活用品、可穿戴设备等各种物联网设备连接入网已成为现实。体域网作为物联网的重要组成部分,被广泛应用于医疗、保健、体育、消费类电子等多个领域,有着非常广阔的应用前景。常见的体域网设备主要有智能手环、智能眼镜、智能跑鞋以及一些能够收集人体各项生理参数(例如,心电图、血压、脉搏等)的便携式或植入式设备。体域网设备的普及,不仅提高了人们的生活质量,而且提高了人们的医疗保健水平。然而这些体域网设备给用户提供便利的同时,也存在着一定的安全风险。体域网设备的处理能力有限,而且设备创建的数据通常包含有关用户活动以及用户健康的隐私敏感信息,一旦被攻击者获取,将造成无法挽回的影响。With the continuous development of Internet of Things technology and the maturity of Internet technology, it has become a reality that various Internet of Things devices such as home appliances, daily necessities, and wearable devices are connected to the network. As an important part of the Internet of Things, body area network is widely used in medical, health care, sports, consumer electronics and other fields, and has a very broad application prospect. Common body area network devices mainly include smart bracelets, smart glasses, smart running shoes, and some portable or implantable devices that can collect various physiological parameters of the human body (eg, electrocardiogram, blood pressure, pulse, etc.). The popularization of body area network equipment not only improves people's quality of life, but also improves people's medical care level. However, while these body area network devices provide users with convenience, there are also certain security risks. The processing power of body area network devices is limited, and the data created by the device often contains privacy-sensitive information about user activity and user health. Once obtained by an attacker, it will cause irreversible effects.

为了保证体域网设备间的通信安全,当新的体域网设备加入时,需要通过加密密钥与现有设备进行安全认证来避免中间人攻击和协议操控等攻击。传统的安全认证协议需要用户手动操作实现,例如利用蓝牙或者无线网进行设备认证时,需要用户手动输入密码进行认证。这种方法要求设备具有交互界面才能够完成认证,并且用户手动进行配对还会增加用户的使用负担和学习负担。虽然可以为体域网设备配置预加载密钥、交互界面或者专用配对硬件(例如NFC),但这些方法会使设备制造商负担过重并增加设备成本。In order to ensure the communication security between body area network devices, when a new body area network device is added, it is necessary to perform security authentication with the existing device through an encryption key to avoid man-in-the-middle attacks and protocol manipulation attacks. The traditional security authentication protocol requires the user to perform manual operation. For example, when using Bluetooth or wireless network for device authentication, the user needs to manually enter a password for authentication. This method requires the device to have an interactive interface to complete the authentication, and manual pairing by the user will also increase the user's burden of use and learning. While it is possible to configure a body area network device with preloaded keys, an interactive interface, or dedicated pairing hardware (eg, NFC), these approaches can overburden the device manufacturer and increase the cost of the device.

基于环境上下文认证方法能够很好的弥补传统安全认证协议的缺陷,利用存在于同一环境下的设备将会感知到相似环境信息的特点,根据设备检测到的相似信号变化产生相似的设备指纹进行身份验证。在体域网场景中,设备的传感器类型往往是多样的,对异构传感器采集到的不同类型的信号进行数据处理产生设备指纹是十分困难的。The environmental context-based authentication method can make up for the shortcomings of traditional security authentication protocols. Using the characteristics that devices existing in the same environment will perceive similar environmental information, and generate similar device fingerprints based on similar signal changes detected by the device. verify. In the body area network scenario, the sensor types of the device are often diverse, and it is very difficult to process the data of different types of signals collected by heterogeneous sensors to generate device fingerprints.

此外,在体域网系统中,设备两两配对能够实现通信,但是当与没有直接配对的设备进行通信时,需要通过其他已经实现配对的设备进行信息的传递,这将会增加设备的存储成本和通信成本。In addition, in the body area network system, pairing of devices can realize communication, but when communicating with a device that is not directly paired, it is necessary to transmit information through other devices that have been paired, which will increase the storage cost of the device and communication costs.

发明内容SUMMARY OF THE INVENTION

为了解决上述技术问题,本发明提供了一种基于环境上下文和用户行为的基于信道特征的体域网设备认证与密钥协商方法,它可以避免因设备传感器类型不同而造成数据处理困难的问题,实现同一用户穿戴的体域网设备的认证及统一会话密钥的协商,并且无须用户手动操作进行认证,减轻用户负担,增加其实用性。In order to solve the above technical problems, the present invention provides a channel feature-based body area network device authentication and key agreement method based on environmental context and user behavior, which can avoid the problem of difficult data processing caused by different types of device sensors, It realizes the authentication of the body area network equipment worn by the same user and the negotiation of the unified session key, and does not require manual operation of the user for authentication, which reduces the burden on the user and increases its practicability.

本发明所采用的技术方案是:一种基于信道特征的体域网设备认证与密钥协商方法,其特征在于,包括以下步骤:The technical scheme adopted in the present invention is: a method for authentication and key agreement of a body area network device based on channel characteristics, which is characterized in that it includes the following steps:

步骤1:将新设备与系统中的控制单元建立初步的连接;Step 1: Establish a preliminary connection between the new device and the control unit in the system;

所述控制单元指的是移动智能设备,用于将系统中所有传感器设备采集的生理信号进行汇总并转发至服务器进行处理;The control unit refers to a mobile intelligent device, which is used to summarize the physiological signals collected by all sensor devices in the system and forward it to the server for processing;

步骤2:生成新设备和控制单元指纹;Step 2: Generate new device and control unit fingerprints;

依据用户行为特征的随机性、独特性以及信道环境的相似性,产生新设备和控制单元指纹;According to the randomness and uniqueness of user behavior characteristics and the similarity of channel environment, new device and control unit fingerprints are generated;

步骤3:密钥协商;Step 3: key negotiation;

在新设备和控制单元之间产生一致的会话密钥,通过各自产生的设备指纹进行会话密钥的协商;Generate a consistent session key between the new device and the control unit, and negotiate the session key through the device fingerprints generated by each;

步骤4:密钥认证;Step 4: key authentication;

验证新加入系统的新设备是否为同一用户穿戴的安全设备,通过利用新设备产生的设备指纹来验证判断其是否为安全设备;其中,同一用户穿戴的设备,两两之间的相对距离变化以及信道环境是一致的;Verify whether the new device newly added to the system is a security device worn by the same user, and whether it is a security device is verified by using the device fingerprint generated by the new device; among the devices worn by the same user, the relative distance between the two changes and The channel environment is consistent;

步骤5:密钥更新;Step 5: Key update;

为系统中所有体域网设备产生统一的会话密钥并且及时更新,保证通信安全。Generate a unified session key for all body area network devices in the system and update it in time to ensure communication security.

本发明相比现有技术,其优点和积极效果主要体现在以下几个方面:Compared with the prior art, the advantages and positive effects of the present invention are mainly reflected in the following aspects:

本发明相比现有技术,其优点和积极效果主要体现在以下几个方面:Compared with the prior art, the advantages and positive effects of the present invention are mainly reflected in the following aspects:

(1)它能够消除体域网设备认证与密钥协商过程中对高级硬件和人为参与的需要,相比传统方式适用于更多的场景,并且减轻了用户负担。(1) It can eliminate the need for advanced hardware and human participation in the process of body area network device authentication and key agreement. Compared with the traditional method, it is suitable for more scenarios and reduces the burden on users.

(2)它依据同一用户携带的体域网设备之间信道特征的相似性产生设备指纹,该信道特征由于环境因素以及用户活动行为的独特性和随机性,提高了密钥提取的熵并且保证了安全性。(2) It generates device fingerprints based on the similarity of channel characteristics between the body area network devices carried by the same user. Due to environmental factors and the uniqueness and randomness of user activity behavior, the channel characteristics improve the entropy of key extraction and ensure that security.

(3)它能够认证设备是否可信,并为系统中所有体域网设备产生统一会话密钥,保证了体域网系统内的通信安全并且节省了设备的存储资源。(3) It can authenticate whether the device is trustworthy, and generate a unified session key for all the body area network devices in the system, which ensures the communication security in the body area network system and saves the storage resources of the device.

附图说明Description of drawings

图1为本发明实施例的流程图;1 is a flowchart of an embodiment of the present invention;

图2为本发明实施例中五个过程的步骤详解图。FIG. 2 is a detailed diagram illustrating steps of five processes in an embodiment of the present invention.

具体实施方式Detailed ways

为了便于本领域普遍技术人员的理解和实施本发明,下面结合附图及实施例对本发明做进一步的详细描述,应当理解,此处所描述的实施示例仅用于说明和解释本发明,并不用于限定本发明。In order to facilitate the understanding and implementation of the present invention by those skilled in the art, the present invention will be described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the embodiments described herein are only used to illustrate and explain the present invention, not The invention is limited.

请见图1,本发明提供的一种基于信道特征的体域网设备认证与密钥协商方法,主要包含初始化、设备指纹生成、密钥协商、密钥认证和密钥更新五个过程。初始化过程,用于将新设备与系统中的控制单元建立初步的连接。设备指纹生成过程,用于产生设备指纹为密钥协商和密钥认证过程做准备。设备指纹生成的主要思想基于以下三点:(1)无线信道通常会因环境因素及人体运动产生RSS波动;(2)同一用户穿戴的设备,两两之间的信道特征在相干时间内是一致的;(3)用户的行为特征具有不可预测性和唯一性,不易被预测及复制。密钥协商过程,用于在新设备和控制单元之间产生一致的会话密钥,通过各自产生的设备指纹进行共享加密密钥的协商。密钥认证过程,用于验证新加入系统的设备是否为同一用户穿戴的安全设备,通过利用新设备产生的设备指纹来验证其是否为安全设备。密钥更新过程,用于为系统中所有体域网设备产生统一的加密密钥并且及时更新,保证通信安全。Referring to FIG. 1 , a method for authentication and key negotiation of a body area network device based on channel characteristics provided by the present invention mainly includes five processes: initialization, device fingerprint generation, key negotiation, key authentication and key update. The initialization process is used to establish a preliminary connection between the new device and the control unit in the system. The device fingerprint generation process is used to generate the device fingerprint to prepare for the key negotiation and key authentication process. The main idea of device fingerprint generation is based on the following three points: (1) RSS fluctuations usually occur in wireless channels due to environmental factors and human motion; (2) the channel characteristics between two devices worn by the same user are consistent within the coherence time. (3) The behavior characteristics of users are unpredictable and unique, and are not easy to be predicted and replicated. The key negotiation process is used to generate a consistent session key between the new device and the control unit, and negotiate the shared encryption key through the device fingerprints generated by each. The key authentication process is used to verify whether the device newly added to the system is a security device worn by the same user, and whether it is a security device is verified by using the device fingerprint generated by the new device. The key update process is used to generate a unified encryption key for all body area network devices in the system and update it in time to ensure communication security.

在本实施例中,体域网系统中的每个设备具有唯一的设备ID,系统中存在可信的控制单元,系统的会话密钥为K。新设备N加入系统需要先生成设备指纹F_N,再与控制单元进行密钥协商,协商出会话密钥后进行密钥认证来验证新设备N是否为可信设备,最终通过密钥更新计算出新的会话密钥。In this embodiment, each device in the body area network system has a unique device ID, a trusted control unit exists in the system, and the session key of the system is K. When a new device N joins the system, it needs to generate the device fingerprint F_N first, then perform key negotiation with the control unit, and after negotiating the session key, perform key authentication to verify whether the new device N is a trusted device, and finally calculate the new device N through key update. session key.

请见图2,本发明的实现具体包括以下步骤:See Fig. 2, the realization of the present invention specifically comprises the following steps:

步骤1:将新设备与系统中的控制单元建立初步的连接;Step 1: Establish a preliminary connection between the new device and the control unit in the system;

本实施例中,控制单元通常指的是智能手机、智能平板等移动智能设备,用于将系统中所有传感器设备采集的生理信号进行汇总并转发至服务器进行处理。In this embodiment, the control unit usually refers to a mobile smart device such as a smart phone and a smart tablet, and is used to summarize the physiological signals collected by all sensor devices in the system and forward it to the server for processing.

本实施例中,步骤1的具体实现包括以下子步骤:In this embodiment, the specific implementation of step 1 includes the following sub-steps:

步骤1.1:用户将新设备N置于安全区域内,进行正常的活动;例如:走路、吃饭、跑步等。Step 1.1: The user places the new device N in a safe area and performs normal activities; for example, walking, eating, running, etc.

本实施例中,安全区域指的是在同一体域网中(即在同一用户身上),用以将可信设备与其他体域网的外界设备或攻击者设备分开。用户的活动行为,能够对信道特征带来更多的不确定因素,使得收集的RSS数据值有足够的波动性,为指纹提取提供足够的熵。In this embodiment, the security zone refers to the same body area network (ie, on the same user), which is used to separate the trusted device from the external devices or attacker devices of other body area networks. The user's activity behavior can bring more uncertainties to the channel characteristics, so that the collected RSS data values have enough volatility and provide enough entropy for fingerprint extraction.

步骤1.2:想加入系统的新设备N向外发出广播消息,消息中包含新设备身份标识IDN以及请求配对消息Request_To_Pair;Step 1.2: The new device N that wants to join the system sends out a broadcast message, the message contains the new device identity ID N and the request pairing message Request_To_Pair;

步骤1.3:系统中控制单元A接收到消息,向新设备N发送配对响应消息Response_To_Pair及身份标识IDAStep 1.3: The control unit A in the system receives the message, and sends the pairing response message Response_To_Pair and the identity ID A to the new device N.

步骤2:生成新设备和控制单元指纹;Step 2: Generate new device and control unit fingerprints;

依据用户行为特征的随机性、独特性以及信道环境的相似性,产生新设备和控制单元指纹;According to the randomness and uniqueness of user behavior characteristics and the similarity of channel environment, new device and control unit fingerprints are generated;

本实施例中,步骤2的具体实现包括以下子步骤:In this embodiment, the specific implementation of step 2 includes the following sub-steps:

步骤2.1:控制单元A向新设备N发送消息M=(x,t0,t),其中,x,t0,t分别表示某一时间,其值预先设置;Step 2.1: The control unit A sends a message M=(x, t 0 , t) to the new device N, where x, t 0 , t respectively represent a certain time, and its value is preset;

步骤2.2:新设备N收到消息x秒后向控制单元A每隔t毫秒发送一次探测消息m,持续t0秒;此时,控制单元A能够通过探测消息收集到一组连续的RSS值;其中t大于设备间的相干时间;Step 2.2: After receiving the message x seconds, the new device N sends a detection message m to the control unit A every t milliseconds for t 0 seconds; at this time, the control unit A can collect a group of continuous RSS values through the detection message; where t is greater than the coherence time between devices;

步骤2.3:控制单元A对每条探测消息在相干时间内做出响应,重复响应相同的消息m;此时,新设备N能够通过响应消息收集到一组连续的RSS值;Step 2.3: the control unit A responds to each probe message within the coherence time, and repeatedly responds to the same message m; at this time, the new device N can collect a group of continuous RSS values through the response message;

步骤2.4:新设备N与控制单元A对收集到的RSS值通过量化器进行量化,分别得到两串比特序列,即新设备的设备指纹FN和控制单元的设备指纹FAStep 2.4: The new device N and the control unit A quantify the collected RSS values through a quantizer to obtain two bit sequences, namely the device fingerprint F N of the new device and the device fingerprint F A of the control unit.

本实施例中,量化器指的是利用基于有损量化的方法从RSS测量值中提取出设备指纹的比特序列;采用Mathu量化方法,使用两个阈值q+和q-,q+=mean+α*stddeviation,q-=mean-α*stddeviation,其中mean为收集数据的平均值,α为可配置的调整参数,0<α<1,stddeviation为标准方差;在Mathu量化方法中,首先丢弃收集的RSS数据集中小于q+且大于q-的值,其次对于剩下的数据,若大于q+则被置为1,若小于q-则被置为0,从而实现RSS值量化得到设备指纹的比特序列。In this embodiment, the quantizer refers to extracting the bit sequence of the device fingerprint from the RSS measurement value using the method based on lossy quantization; using the Mathu quantization method, two thresholds q + and q are used, q + =mean+ α*std deviation , q - = mean-α*std deviation , where mean is the average value of the collected data, α is a configurable adjustment parameter, 0<α<1, and std deviation is the standard deviation; in the Mathu quantification method, First, discard the values less than q + and greater than q - in the collected RSS data set, and secondly, for the remaining data, if it is greater than q + , it is set to 1, and if it is less than q - , it is set to 0, so as to realize the quantification of the RSS value. The bit sequence of the device fingerprint.

由于设备硬件不同等因素,两设备产生的设备指纹比特序列不会完全一致,需要通过过程三进行协商得到统一的共享加密密钥。Due to factors such as different device hardware, the device fingerprint bit sequences generated by the two devices will not be exactly the same, and a unified shared encryption key needs to be negotiated through process three.

步骤3:密钥协商;Step 3: key negotiation;

在新设备和控制单元之间产生一致的会话密钥,通过各自产生的设备指纹进行会话密钥的协商;Generate a consistent session key between the new device and the control unit, and negotiate the session key through the device fingerprints generated by each;

本实施例中,步骤3的具体实现包括以下子步骤:In this embodiment, the specific implementation of step 3 includes the following sub-steps:

步骤3.1:控制单元A产生随机密钥k并对其进行编码得到码字ENC(k),其中ENC()为纠错码的编码函数,纠错码使用RS码;然后,利用控制单元指纹FA计算承诺

Figure BDA0002239330400000051
其中
Figure BDA0002239330400000052
代表在一个有限域中的减法,等价于XOR运算;Step 3.1: The control unit A generates the random key k and encodes it to obtain the codeword ENC(k), wherein ENC() is the encoding function of the error correction code, and the error correction code uses the RS code; then, utilize the control unit fingerprint F A computing commitment
Figure BDA0002239330400000051
in
Figure BDA0002239330400000052
Represents subtraction in a finite field, equivalent to the XOR operation;

步骤3.2:控制单元A向设备N发送CA和h(k),其中h()是一种抗冲突的散列函数,采用SHA-3散列函数,它不会泄露关于密钥k或指纹FA的任何信息;Step 3.2: Control unit A sends C A and h(k) to device N, where h() is a collision-resistant hash function, using the SHA-3 hash function, which does not reveal information about the key k or the fingerprint any information on F A ;

步骤3.3:当新设备N接收到信息后,尝试使用新设备指纹FN打开承诺CA来获得随机密钥k;新设备N通过公式

Figure BDA0002239330400000053
获得相应的
Figure BDA0002239330400000054
其中,DEC()为互补解码函数;需要强调的是,当FN和FA的汉明距离在解码能力范围内时,设备N计算得到的
Figure BDA00022393304000000512
才能与控制单元产生的随机密钥k相等;Step 3.3: When the new device N receives the information, it tries to use the new device fingerprint F N to open the commitment C A to obtain the random key k; the new device N passes the formula
Figure BDA0002239330400000053
get the corresponding
Figure BDA0002239330400000054
Among them, DEC() is the complementary decoding function; it should be emphasized that when the Hamming distance of F N and F A is within the decoding capability range, the calculated value of device N
Figure BDA00022393304000000512
can be equal to the random key k generated by the control unit;

步骤3.4:新设备N利用密钥派生函数KDF()产生一个与控制单元A共享的对称密钥

Figure BDA0002239330400000055
此时,控制单元A不知道设备N创建的共享密钥
Figure BDA0002239330400000056
需要通过下面的密钥认证过程进行确认。Step 3.4: The new device N uses the key derivation function KDF() to generate a symmetric key shared with the control unit A
Figure BDA0002239330400000055
At this point, the control unit A does not know the shared key created by the device N
Figure BDA0002239330400000056
Confirmation is required through the following key authentication process.

步骤4:密钥认证;Step 4: key authentication;

验证新加入系统的新设备N是否为同一用户穿戴的安全设备,通过利用新设备产生的设备指纹来验证判断其是否为安全设备;其中,同一用户穿戴的设备,两两之间的相对距离变化以及信道环境是一致的;Verify whether the new device N newly added to the system is a security device worn by the same user, and whether it is a security device is verified by using the device fingerprint generated by the new device; among which, the relative distance between the devices worn by the same user changes and the channel environment is consistent;

本实施例中,步骤4的具体实现包括以下子步骤:In this embodiment, the specific implementation of step 4 includes the following sub-steps:

步骤4.1:新设备N产生一个随机数nN,并计算消息验证码

Figure BDA0002239330400000057
即利用密钥
Figure BDA0002239330400000058
加密随机数nN;Step 4.1: The new device N generates a random number n N and calculates the message verification code
Figure BDA0002239330400000057
using the key
Figure BDA0002239330400000058
encrypted random number n N ;

步骤4.2:新设备N将

Figure BDA0002239330400000059
nN
Figure BDA00022393304000000510
发送给控制单元A;Step 4.2: The new device N will
Figure BDA0002239330400000059
n N ,
Figure BDA00022393304000000510
Send to control unit A;

步骤4.3:控制单元A收到消息后,首先验证

Figure BDA00022393304000000511
是否与h(k)相等;若
Figure BDA0002239330400000061
控制单元A通过公式kAN=KDF(k)推导出与新设备N的共享密钥kAN,否则终止协议,配对失败;然后判断消息验证码M(kAN(nN))与
Figure BDA0002239330400000062
是否相等,对密钥
Figure BDA0002239330400000063
进行验证;若相等,则A产生一个随机数nA,并计算M(kAN(nN||nA)),否则协议终止,配对失败;Step 4.3: After control unit A receives the message, it first verifies
Figure BDA00022393304000000511
Is it equal to h(k); if
Figure BDA0002239330400000061
The control unit A derives the shared key k AN with the new device N through the formula k AN =KDF(k), otherwise the protocol is terminated and the pairing fails; then it is judged that the message verification code M(k AN (n N )) and the
Figure BDA0002239330400000062
Is it equal to the key
Figure BDA0002239330400000063
Verify; if they are equal, A generates a random number n A and calculates M(k AN (n N ||n A )), otherwise the protocol terminates and the pairing fails;

步骤4.4:A将随机数nA与消息验证码M(kAN(nN||nA))发送给N;Step 4.4: A sends the random number n A and the message verification code M (k AN (n N ||n A )) to N;

步骤4.5:新设备N验证M(kAN(nN||nA))与

Figure BDA0002239330400000064
是否相等,若相等则A与N成功建立一个共享密钥kAN,否则协议终止,配对失败。Step 4.5: The new device N verifies that M(k AN (n N ||n A )) and
Figure BDA0002239330400000064
If they are equal, A and N successfully establish a shared key k AN , otherwise the protocol terminates and the pairing fails.

步骤5:密钥更新;Step 5: Key update;

为系统中所有体域网设备产生统一的会话密钥并且及时更新,保证通信安全;Generate a unified session key for all body area network devices in the system and update it in time to ensure communication security;

本实施例中,步骤5的具体实现包括以下子步骤:In this embodiment, the specific implementation of step 5 includes the following sub-steps:

步骤5.1:控制单元A利用新设备N加入前的系统会话密钥K加密共享密钥kAN,即EK(kAN);其中,E()为AES加密函数;Step 5.1: the control unit A utilizes the system session key K before the new device N joins to encrypt the shared key k AN , namely E K (k AN ); wherein, E( ) is an AES encryption function;

步骤5.2:控制单元A将EK(kAN)发送给系统中的其他所有可信体域网设备TDsStep 5.2: the control unit A sends E K (k AN ) to all other trusted body area network devices TD s in the system;

步骤5.3:系统中的其他所有可信体域网设备TDs收到消息后,解密获得系统新的会话密钥K′=DK(kAN),完成密钥更新;其中,D()为AES解密函数。Step 5.3: After receiving the message, all other trusted body area network devices TDs in the system decrypt to obtain a new session key K′=D K ( k AN ) of the system, and complete the key update; where D() is AES decryption function.

本发明中考虑到当长时间没有新设备加入时,会话密钥便无法更新的情况。为了保证会话密钥的安全性,提出两种更新密钥的机制:(1)对系统中设备通信时发送的数据包进计数,当达到一定数量时,对当前的会话密钥进行更新;(2)在系统中加入一个计时器,每隔一段时间便对当前的会话密钥进行更新。其中更新方式,可以将当前的会话密钥K与随机数n做运算获得。The present invention considers the situation that the session key cannot be updated when no new device joins for a long time. In order to ensure the security of the session key, two mechanisms for updating the key are proposed: (1) Count the data packets sent by the devices in the system when communicating, and update the current session key when it reaches a certain number; ( 2) A timer is added to the system to update the current session key at regular intervals. The update method can be obtained by calculating the current session key K and the random number n.

在安全性方面,攻击者可以通过窃听体域网设备之间的通信窃取用户隐私敏感信息,为实现这一目标,攻击者可以发动暴力破解攻击、欺骗攻击(Shamming attack)或者中间人攻击(Man-in-the-middle attack)。暴力破解攻击:攻击者尝试通过利用哈希字典攻直接从密钥的哈希值中破解密钥。欺骗攻击:攻击者的设备放置在安全区域外但在无线通信范围内,试图去欺骗一个安全区域内的控制单元设备。攻击者设备可以通过尝试在距离用户很近的安全区域外对用户的行为发起模仿攻击;此外,攻击者还可以通过拦截密钥协商阶段设备间的通信消息来发起中间人攻击In terms of security, attackers can steal user privacy-sensitive information by eavesdropping on communications between body area network devices. To achieve this, attackers can launch brute force attacks, shaming attacks or man-in-the-middle attacks in-the-middle attack). Brute-force attack: An attacker attempts to crack a key directly from the key's hash value by exploiting a hash dictionary attack. Spoofing attack: An attacker's device is placed outside a secure area but within wireless communication range, attempting to spoof a control unit device within a secure area. Attacker devices can imitate the user's behavior by attempting to imitate the user's behavior outside of a safe area close to the user; in addition, the attacker can also initiate a man-in-the-middle attack by intercepting the communication messages between the devices during the key negotiation phase

针对暴力破解攻击,在传输时承诺值与哈希值一起发送,只要密钥的哈希长度比密钥的长度长,理论上暴力破解在计算上是不可行的。在本发明中使用SHA-3算法进行加密,并且定义的指纹比特位数为112位,因此哈希值长度比112大,即在一定程度上是安全的。For brute force attacks, the commitment value is sent together with the hash value during transmission. As long as the hash length of the key is longer than the length of the key, brute force cracking is computationally infeasible in theory. In the present invention, the SHA-3 algorithm is used for encryption, and the defined number of bits of the fingerprint is 112, so the length of the hash value is larger than 112, that is, it is secure to a certain extent.

针对欺骗攻击,在安全区域外的设备由于环境因素的不可预测性以及用户行为的独特性,攻击者很难通过模仿用户行为产生相似的设备指纹。因此可以通过验证设备指纹来判断该设备是否与可信设备处于同一环境,从而避免攻击者的欺骗攻击。For spoofing attacks, due to the unpredictability of environmental factors and the uniqueness of user behavior, it is difficult for attackers to generate similar device fingerprints by imitating user behavior. Therefore, it can be judged whether the device is in the same environment as the trusted device by verifying the device fingerprint, so as to avoid the spoofing attack of the attacker.

针对中间人攻击,本发明利用模糊承诺进行密钥协商产生会话密钥,能够有效防止中间人攻击。For the man-in-the-middle attack, the present invention uses the fuzzy promise to perform key negotiation to generate the session key, which can effectively prevent the man-in-the-middle attack.

应当理解的是,本说明书未详细阐述的部分均属于现有技术;上述针对较佳实施例的描述较为详细,并不能因此而认为是对本发明专利保护范围的限制,本领域的普通技术人员在本发明的启示下,在不脱离本发明权利要求所保护的范围情况下,还可以做出替换或变形,均落入本发明的保护范围之内,本发明的请求保护范围应以所附权利要求为准。It should be understood that the parts not described in detail in this specification belong to the prior art; the above description of the preferred embodiments is relatively detailed, and therefore should not be considered as a limitation on the protection scope of the patent of the present invention. Under the inspiration of the present invention, without departing from the scope of protection of the claims of the present invention, substitutions or modifications can also be made, which all fall within the scope of protection of the present invention. Requirements shall prevail.

Claims (3)

1. A body area network equipment authentication and key agreement method based on channel characteristics is characterized by comprising the following steps:
step 1: establishing a preliminary connection between the new device and a control unit in the system;
the control unit refers to a mobile intelligent device and is used for summarizing physiological signals acquired by all sensor devices in the system and forwarding the physiological signals to a server for processing;
the specific implementation of the step 1 comprises the following substeps:
step 1.1: the user places the new device N in a safe area to carry out normal activities; the security zone is in the same body area network, namely on the same user, and is used for separating the trusted device from external devices or attacker devices of other body area networks;
step 1.2: the new equipment N which wants to join the system sends out a broadcast message which contains the ID of the new equipmentNAnd Request pairing message Request _ To _ Pair;
step 1.3: the control unit A in the system receives the message and sends a pairing Response message Response _ To _ Pair and the ID To the new device NA
Step 2: generating a new device and control unit fingerprint;
generating new equipment and control unit fingerprints according to randomness and uniqueness of user behavior characteristics and similarity of channel environments;
the specific implementation of the step 2 comprises the following substeps:
step 2.1: the control unit A sends a message M ═ x, t to the new device N0T), where x, t0T represents a certain time, respectively, the value of which is set in advance;
step 2.2: after receiving the message for x seconds, the new device N sends a detection message m to the control unit A every t milliseconds for t0Second; at this time, the control unit a can collect a set of continuous RSS values through the probe message; where t is greater than the coherence time between devices;
step 2.3: the control unit A responds to each detection message within the coherence time and repeatedly responds to the same message m; at this point, the new device N is able to collect a set of consecutive RSS values through the response message;
step 2.4: the new device N and the control unit A quantize the collected RSS values through a quantizer to respectively obtain two bit sequences, namely a device fingerprint F of the new deviceNAnd controlDevice fingerprint F of a unitA
And step 3: key agreement;
generating a consistent session key between the new device and the control unit, and negotiating the session key by the device fingerprints generated respectively;
the specific implementation of the step 3 comprises the following substeps:
step 3.1: the control unit A generates a random key k and encodes the random key k to obtain a code word ENC (k), wherein ENC () is an encoding function of an error correcting code, and the error correcting code uses an RS code; then, using the control unit fingerprint FAComputing commitments
Figure FDA0003579387780000021
Wherein
Figure FDA0003579387780000022
Represents a subtraction in a finite field, equivalent to an XOR operation;
step 3.2: control unit A sends C to device NAAnd h (k), wherein h () is a collision-resistant hash function, employing the SHA-3 hash function;
step 3.3: when the new device N receives the information, it attempts to use the new device fingerprint FNOpen promise CATo obtain a random key k; new device N by formula
Figure FDA0003579387780000023
Obtain corresponding
Figure FDA0003579387780000024
Wherein DEC () is a complementary decoding function; wherein, when FNAnd FAWhen the Hamming distance is within the decoding capability range, the device N calculates
Figure FDA0003579387780000025
Can it be equal to the random key k generated by the control unit;
step 3.4: the new device N generates an AND control sheet using a key derivation function KDF ()Meta-A shared symmetric key
Figure FDA0003579387780000026
And 4, step 4: key authentication;
verifying whether new equipment newly added into the system is safety equipment worn by the same user or not, and verifying and judging whether the new equipment is the safety equipment or not by utilizing an equipment fingerprint generated by the new equipment; the relative distance change and the channel environment of the equipment worn by the same user are consistent;
the specific implementation of the step 4 comprises the following substeps:
step 4.1: the new device N generates a random number NNAnd calculates a message authentication code
Figure FDA0003579387780000027
I.e. using a secret key
Figure FDA0003579387780000028
Encrypting a random number nN
Step 4.2: new device N will
Figure FDA0003579387780000029
Sending the data to a control unit A;
step 4.3: after receiving the message, the control unit A firstly verifies
Figure FDA00035793877800000210
Is equal to h (k); if it is
Figure FDA00035793877800000211
The control unit A passes the formula kANKdf (k) derives a shared key k with the new device NANOtherwise, terminating the protocol and failing to pair; then judging the message verification code M (k)AN(nN) Are) and
Figure FDA00035793877800000212
whether or not to be in phaseEtc. to the secret key
Figure FDA00035793877800000213
Carrying out verification; if equal, A generates a random number nAAnd calculating M (k)AN(nN||nA) Else, the protocol is terminated and the pairing is failed;
step 4.4: a is random number nAAnd message authentication code M (k)AN(nN||nA) To N;
step 4.5: new device N verifies M (k)AN(nN||nA) Are) and
Figure FDA00035793877800000214
whether they are equal, if so, A and N successfully establish a shared secret key kANOtherwise, the protocol is terminated and the pairing is failed;
and 5: updating a secret key;
and a uniform session key is generated for all body area network devices in the system and is updated in time, so that the communication safety is ensured.
2. The method for body area network device authentication and key agreement based on channel characteristics as claimed in claim 1, wherein: in step 2.4, the quantizer is to extract a bit sequence of the device fingerprint from the RSS measurement value by using a method based on lossy quantization; using the Mathu quantization method, two thresholds q are used+And q is-,q+=mean+α*stddeviation,q-=mean-α*stddeviationWhere mean is the average of the collected data, α is a configurable adjustment parameter, α is greater than 0 and less than 1, stddeviationIs the standard deviation; in the Mathu quantization method, less than q of the collected RSS data sets are first discarded+And is greater than q-If it is greater than q, then for the remaining data+Is set to 1 if less than q-Is set to 0 to achieve the RSS value quantization resulting in a bit sequence of the device fingerprint.
3. The method for authenticating and negotiating keys for body area network devices according to claim 1 or 2, wherein the step 5 comprises the following sub-steps:
step 5.1: the control unit A encrypts the shared secret key K by using the system session secret key K before the new equipment N is addedANI.e. EK(kAN) (ii) a Wherein E () is an AES encryption function;
step 5.2: the control unit A will EK(kAN) To all other trusted body area network devices TD in the systems
Step 5.3: all other trusted body area network devices TD in the systemsAfter receiving the message, the decryption obtains a new session key K' ═ D of the systemK(kAN) Completing the updating of the secret key; where D () is the AES decryption function.
CN201910994540.9A 2019-10-18 2019-10-18 Body area network equipment authentication and key agreement method based on channel characteristics Active CN110753342B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910994540.9A CN110753342B (en) 2019-10-18 2019-10-18 Body area network equipment authentication and key agreement method based on channel characteristics

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910994540.9A CN110753342B (en) 2019-10-18 2019-10-18 Body area network equipment authentication and key agreement method based on channel characteristics

Publications (2)

Publication Number Publication Date
CN110753342A CN110753342A (en) 2020-02-04
CN110753342B true CN110753342B (en) 2022-05-13

Family

ID=69278884

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910994540.9A Active CN110753342B (en) 2019-10-18 2019-10-18 Body area network equipment authentication and key agreement method based on channel characteristics

Country Status (1)

Country Link
CN (1) CN110753342B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022116202A1 (en) * 2020-12-04 2022-06-09 Huawei Technologies Co., Ltd. Authentication method and device, and related products
CN114003884B (en) * 2021-10-25 2024-07-26 武汉大学 Biometric authentication key negotiation method and system for secure communication
CN114629647B (en) * 2022-05-17 2022-07-26 暨南大学 A physical layer key agreement negotiation method and system based on channel estimation
CN117938384B (en) * 2024-03-04 2024-07-30 广东全芯半导体有限公司 Main control chip security key generation method and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102802151A (en) * 2012-08-24 2012-11-28 山东省计算中心 Wireless body area network symmetric key negotiation method
CN107360570A (en) * 2017-06-23 2017-11-17 中国地质大学(武汉) The lightweight real-time cipher key generation method that Behavior-based control action perceives in Internet of Things wearable device
CN109889532A (en) * 2019-03-08 2019-06-14 武汉大学 Security authentication and key agreement method for IoT devices based on environmental context

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013084139A1 (en) * 2011-12-05 2013-06-13 Koninklijke Philips Electronics N.V. Electronic key convey solution for in-hospital medical body area network (mban) systems

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102802151A (en) * 2012-08-24 2012-11-28 山东省计算中心 Wireless body area network symmetric key negotiation method
CN107360570A (en) * 2017-06-23 2017-11-17 中国地质大学(武汉) The lightweight real-time cipher key generation method that Behavior-based control action perceives in Internet of Things wearable device
CN109889532A (en) * 2019-03-08 2019-06-14 武汉大学 Security authentication and key agreement method for IoT devices based on environmental context

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
《A Lightweight Mutual Authentication and Key Agreement Scheme for Medical Internet of Things》;ZISANG XU etal;《IEEE ACCESS》;20190423;全文 *
《基于无线信道特征的体域网安全技术研究》;武杨;《中国优秀博士学位论文全文库(信息科技辑)》;20150415;正文第2-3章及附图3-2、3-4、3-6 *
《基于无线信道特征的密钥生成算法与方案》;宋嘉良;《中国优秀硕士学位论文全文库(信息科技辑)》;20180415;基于无线信道特征的密钥生成算法与方案 *
基于RSSI变化趋势的BLE密钥协商方案;张星昊等;《系统仿真学报》;20170408(第04期);全文 *

Also Published As

Publication number Publication date
CN110753342A (en) 2020-02-04

Similar Documents

Publication Publication Date Title
CN110753342B (en) Body area network equipment authentication and key agreement method based on channel characteristics
CA2685427C (en) Synchronization test for device authentication
Masdari et al. Key management in wireless body area network: Challenges and issues
CN112954675B (en) Multi-gateway authentication method, system, storage medium, computer device and terminal
CN111080845B (en) Temporary unlocking method, system, door lock, administrator terminal and readable storage medium
US9992017B2 (en) Encrypting and storing data
US20100199095A1 (en) Password-Authenticated Association Based on Public Key Scrambling
Challa et al. Authentication protocols for implantable medical devices: taxonomy, analysis and future directions
US11722887B2 (en) Privacy protection authentication method based on wireless body area network
US9560024B2 (en) Pairwise temporal key creation for secure networks
CN104158666A (en) Method of implementing binding and authentication of intelligent bracelet and intelligent mobile terminal
WO2019100217A1 (en) Biometric information transmission establishing method , device, system, and storage medium
Nyangaresi et al. A formally verified message validation protocol for intelligent IoT E-health systems
CN115104282B (en) Key updating method and related device
CN104219252A (en) Coding error correction based secret key forward direction consistency calibration method
CN105187203B (en) Shared key method for building up based on received signal strength between a kind of wireless device
CN111817850A (en) An Anonymous Group Authentication Method Based on Industrial Internet of Things
Xu et al. A computationally efficient authentication and key agreement scheme for multi-server switching in WBAN
WO2020042023A1 (en) Instant messaging data encryption method and apparatus
Wu et al. Attack and countermeasure on interlock-based device pairing schemes
EP3185509B1 (en) Authentication of base station and headset
CN117544300B (en) Data encryption transmission system and method based on identification key
JPWO2009157048A1 (en) Wireless communication authentication method, wireless communication system, and wireless sensor
Cho et al. Efficient secret key delivery using heartbeats
Hussein et al. Lightweight and secure authentication protocol for wearable device in smart healthcare

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant