您的位置:山东大学 -> 科技期刊社 -> 《山东大学学报(理学版)》

山东大学学报(理学版) ›› 2016, Vol. 51 ›› Issue (9): 101-105.doi: 10.6040/j.issn.1671-9352.2.2015.096

• • 上一篇    下一篇

基于Diffie-Hellman的无线Mesh网络快速认证机制

苏彬庭1,2,许力1,2*,方禾1,2,王峰1,2   

  1. 1. 福建师范大学数学与计算机科学学院, 福建 福州 350007;2. 福建省网络安全与密码技术重点实验室, 福建 福州 350007
  • 收稿日期:2015-08-17 出版日期:2016-09-20 发布日期:2016-09-23
  • 通讯作者: 许力(1970— ),男,博士,教授,研究方向为无线网络与移动通信、网络与信息安全、物联网与云计算、智能信息处理、复杂网络和网络的建模与仿真.E-mail:xuli@fjnu.edu.cn E-mail:811150155@qq.com
  • 作者简介:苏彬庭(1990— ),男,硕士,研究方向为网络与信息安全.E-mail:811150155@qq.com
  • 基金资助:
    国家自然科学基金资助项目(U1405255);福建省高校产学研合作重大项目(2014H61010105);福建师范大学科研创新团队资助项目(IRTL1207)

Fast authentication mechanism based on Diffie-Hellman for wireless mesh networks

SU Bin-ting1,2, XU Li1,2*, FANG He1,2, WANG Feng1,2   

  1. 1.School of Mathematics and Computer Science, Fujian Normal University, Fuzhou 350007, Fujian, China;
    2. Fujian Provincial Key Laboratory of Network Security and Cryptology, Fuzhou 350007, Fujian, China
  • Received:2015-08-17 Online:2016-09-20 Published:2016-09-23

摘要: 为了保证无线Mesh网络中移动客户端能够安全快速通过认证,提出了基于Diffie-Hellman算法的快速接入认证和切换认证两种方案。在接入认证方案中,Mesh客户端通过预分发的标签经4次握手完成首次接入认证后,计算用于切换认证的共享密钥,并将密钥预分发给切换的目标接入点。客户端在后续的移动过程中,利用共享密钥经3次握手完成双向认证,认证过程无需认证服务器的参与。对上述两种方案的安全性和性能代价进行了分析,结果表明新提出的两种认证方案的通讯代价和计算代价更小,具有认证时延短、认证效率高的优点,且在网络合法用户可信的前提下是安全的。

关键词: Diffie-Hellman算法, 认证效率, 安全性, Mesh网络

Abstract: In order to ensure the celerity and security in mobile client switching process of wireless Mesh networks, the fast login authentication and fast handover authentication scheme based on Diffie-Hellman algorithms were proposed. In login authentication process, the Mesh client is authenticated successfully with 4 rounds of message exchange by predistribution of tickets, followed by calculating their shared handover key and delivering it to any of its neighbor. With the shared key, the handover authentication process takes a 3-message handshake to accomplish mutual authentication when clients move to a new router. During the process, the authentication server does not need to be involved. The analysis of the scheme security show that the proposed schemes have less communication and computation overhead, lower authentication latency and higher authentication efficiency. And it is secure if the user is considered trustworthy.

Key words: Diffie-Hellman algorithms, security, Mesh network, efficiency

中图分类号: 

  • TP393
[1] BRUNNO R, CONTI M, GREGORI E.Mesh networks: commodity multihop ad hoc networks[J]. IEEE communications Magazine, 2005, 43(3):123-131.
[2] WHITEHEAD P. Mesh networks: a new architecture for broadband wireless access systems[J]. IEEE Conference on Radio and Wireless(RAWCON), 2000:43-46.
[3] HE D, CHEN C, CHAN S, et al. Secure and efficient handover authentication based on bilinear pairing functions[J]. IEEE Transactions on Wireless Communications, 2012, 11(1):48-53.
[4] MISHRA A, SHIN M, CLANCY T, et al. Proactive key distribution using neighbor graphs[J]. IEEE Wireless Communications, 2003, 11(1):26-36
[5] 彭清泉, 裴庆祺, 庞辽军, 等. 一种WLAN Mesh网络快速切换认证方法[J]. 江苏大学学报, 2010, 31(4):458-463. PENG Qingquan, PEI Qingqi, PANG Liaojun, et al. Fast handover authentication method for Mesh WLAN network[J]. Journal of Jiangsu University, 2010, 31(4):458-463.
[6] BARR K, ASANOVI K. Energy aware lossless data compression[J]. ACM Transactions on Computer Systems(TOCS), 2006, 24(3):231-244.
[7] JIANG Y, LIN C, SHEN X, et al. Mutual authentication and key exchange protocols for roaming services in wireless mobile networks[J]. IEEE Transactions on Wireless Communications, 2006, 5(9):2569-2577.
[8] PARK C, HUR J, KIM C, et al. Pre-authentication for fast handoff in wireless mesh networks with mobile APs[J]. Lecture Notes in Computer Science, 2006, 4298:349-363.
[9] KASSAB M, BONNIN J M, GUILLOUARD K. Securing fast handover in WLANs: a ticket based proactive authentication scheme[C] // Proceedings of IEEE Globecom Workshops. New York: IEEE, 2007:1-6.
[10] CHANG C C, LEE C Y, CHIU Y C. Enhanced authentication scheme with anonymity for roaming service in global mobility networks[J]. Computer Communications, 2009, 32(4):611-618.
[11] LIAO Y P, WANG S S. A secure dynamic ID based remote user authentication scheme for multi-server environment[J]. Computer Standards and Interfaces, 2009, 31(1):24-29.
[12] HSIANG H C, SHIH W K. Improvement of the secure dynamic ID based remote user authentication scheme for multi-server environment[J]. Computer Standards and Interfaces, 2009, 31(6):1118-1123.
[13] HE D J, MA M D, ZHANG Y, et al. A strong user authentication scheme with smart cards for wireless communications[J]. Computer Communications, 2011, 34(3): 367-374.
[14] FU A M, ZHANG Y Q, ZHU Z C, et al. A fast handover authentication mechanism based on ticket for IEEE 802.16m[J]. IEEE Communications Letters, 2010, 14(12): 1134-1136.
[15] LI G S, MA J F, JIANG Q, et al. A novel re-authentication scheme based on tickets in wireless local area networks[J]. Journal of Parallel and Distributed Computing, 2011, 71(7): 906-914.
[16] XU L, HE Y, CHEN X F, et al. Ticket-based handoff authentication for wireless mesh networks[J]. Computer Networks, 2014, 73(C): 185-194.
[17] LI C, NGUYEN U T, NGUYEN H L, et al. Efficient authentication for fast handover in wireless Mesh networks[J]. Computers and Security, 2013, 37(3):124-142.
[18] RIVEST R, SHAMIR A, ADLEMAN L. A method for obtaining digital signatures and public key cryptosystems[J]. Communication of the ACM, 1983, 26(2):96-99.
[19] ECDSA. FIPS186-3 Digital signature standard(DSS)[S]. Gaithersburg: National Institute of Standards and Technology, 2001.
[20] MANUEL S. Classification and generation of disturbance vectors for collision attacks against SHA-1[J]. Designs Codes and Cryptography, 2011, 59(1-3):247-263.
[1] 朱智强,马可欣,孙磊. 一种基于零知识证明的远程桌面认证协议[J]. 山东大学学报(理学版), 2016, 51(9): 47-52.
[2] 唐乾,杨飞,黄琪,林果园. 基于TCB子集的访问控制信息安全传递模型[J]. 山东大学学报(理学版), 2016, 51(7): 98-106.
[3] 杜军威, 江峰, 张会萍, 曹玲, 殷文文. 基于图形转换的组合状态安全性验证技术[J]. 山东大学学报(理学版), 2014, 49(09): 41-49.
[4] 倪亮1,2,3,陈恭亮3,李建华3. eCK模型的安全性分析[J]. J4, 2013, 48(7): 46-50.
[5] 万智萍1,吕志民1,2*. 一种自适应物种寻优的无线Mesh网络QoS路由算法[J]. J4, 2013, 48(09): 10-16.
[6] 陈晶1, 刘亚斌2, 刘建东2, 赵黎1, 林青云1, 杜瑞颖1. 无线Mesh网络中基于人工免疫的容错拓扑控制[J]. J4, 2012, 47(9): 38-44.
[7] 巨春飞1,仇晓涛2,王保仓2,3. 基于矩阵环的快速公钥密码算法[J]. J4, 2012, 47(9): 56-59.
[8] 汪定1,2,薛锋1,王立萍1,马春光2. 改进的具有PFS特性的口令认证密钥协商方案[J]. J4, 2012, 47(9): 19-25.
[9] 王侃1,吴磊2,3,郝蓉4. 一个弹性分布式数据安全方案[J]. J4, 2011, 46(9): 39-42.
[10] 阎召祥. ZS加密方案的选密安全性证明[J]. J4, 2010, 45(11): 115-121.
[11] 阎召祥 . 2m次根方案在同步攻击下的安全性证明[J]. J4, 2007, 42(4): 10-13 .
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!