Kerberos authentication system and method based on physical unclonable function
阅读说明:本技术 一种基于物理不可克隆函数的Kerberos鉴权系统和方法 (Kerberos authentication system and method based on physical unclonable function ) 是由 柳亚男 邱硕 董如婵 程远 阎浩 卞志国 李晓蓉 于 2020-06-03 设计创作,主要内容包括:本发明公开了一种基于物理不可克隆函数的Kerberos鉴权系统和方法,本发明系统包括设备A、设备B、密钥分配中心KDC,所述密钥分配中心KDC中包括:认证服务器AS、票据授权服务器TGS、数据库DB;本发明方法包括以下步骤:对设备A和设备B在密钥分配中心KDC进行注册;设备A向认证服务器AS请求票据授权票据TGT;设备A获得票据授权票据TGT;设备A向TGS请求服务授权票据;设备A获得服务授权票据SGT;设备A向设备B请求通信服务。本发明能够防止攻击者通过入侵、半入侵及侧信道攻击等物理攻击造成的密钥泄露,同时克服公钥计算复杂度高、速度慢,通信带宽占用过多的问题,适合资源受限的网络应用。(The invention discloses a Kerberos authentication system and a method based on a physical unclonable function, wherein the system comprises a device A, a device B and a key distribution center KDC, and the key distribution center KDC comprises: the system comprises an authentication server AS, a bill authorization server TGS and a database DB; the method comprises the following steps: registering the device A and the device B in a key distribution center KDC; the device A requests a bill authorization bill (TGT) from an Authentication Server (AS); the device A obtains a bill authorization note TGT; the device A requests a service authorization ticket from the TGS; the device A obtains a service authorization ticket SGT; device a requests communication service from device B. The invention can prevent key leakage caused by physical attacks such as intrusion, semi-intrusion, side channel attack and the like by an attacker, simultaneously overcomes the problems of high computation complexity, low speed and excessive communication bandwidth occupation of a public key, and is suitable for network application with limited resources.)
1. A Kerberos authentication system based on a physical unclonable function is characterized by comprising a device A, a device B and a key distribution center KDC, wherein the key distribution center KDC comprises: the system comprises an authentication server AS, a bill authorization server TGS and a database DB;
PUF chips are installed in the device A and the device B, and excitation response pairs of the PUF chips are stored in the database DB; the device A and the device B perform bidirectional authentication with a key distribution center KDC; the key distribution center KDC distributes a symmetric session key K between the devices A and BA,B。
2. A Kerberos authentication method based on a physical unclonable function is characterized by comprising the following steps: the method comprises the following steps:
step S1: registering the device A and the device B in a key distribution center KDC;
step S2: the device A requests a bill authorization bill (TGT) from an Authentication Server (AS);
step S3: the device A obtains a bill authorization note TGT;
step S4: the device A requests a service authorization ticket SGT from a ticket authorization server TGS;
step S5: the device A obtains a service authorization ticket SGT;
step S6: device a requests communication service from device B.
3. A method of Kerberos authentication based on a physically unclonable function according to claim 2, characterized in that: the step 1 specifically comprises the following steps:
s11: the device A and the device B are respectively provided with a physical unclonable function PUF chip: PUF (physical unclonable function)A、PUFB;
S12: the device A and the device B respectively generate a plurality of random numbers as excitation sets, and each excitation is input into the PUF chip to generate a corresponding response;
s13: and indexing the CRP congregation of the excitation response pairs of the equipment A and the equipment B according to the equipment identification, and storing the CRP congregation in a database DB of the KDC, wherein the authentication server AS and the bill authorization server TGS in the KDC can access the CRP congregation of the excitation response pairs in the database DB.
4. A method of Kerberos authentication based on a physically unclonable function according to claim 3, characterized in that: the step 2 specifically comprises the following steps:
s21: the equipment A sends a TGT request to an authentication server AS, and the sending information contains an identifier A _ id of the equipment A;
s22: after receiving the message, the authentication server AS generates a random session key between the device a and the TGS: kA,TGS;
S23: the authentication server AS aggregates CRP according to the identification of the equipment A and the excitation response of the equipment A<ChalA,ResA>N, any one of the excitation response pairs 1<ChalA,ResA>Generating a temporary key K for the device AA=Hash(ResA) In combination with KAEncryption KA,TGSObtaining:
s24: authentication server AS accesses master key K of TGSTGSAnd generating a ticket permission ticket TGT: kA,TGSIn combination with KA,TGSLicense the billTicketable TGT encryption:
wherein, A _ id represents the identification of the device A, A _ address represents the address of the device A, TGS _ name represents the name (or identification) of the TGS server, time _ stamp represents the timestamp, life represents the validity period, K represents the validity periodA,TGSRepresents a random session key between device a and TGS;
s25: the authentication server AS will encourage value ChalA,And TGT is sent to device a.
5. A Kerberos authentication method based on physical unclonable functions according to claim 4, characterized in that: the step S3 specifically includes:
s31: device A receives Chal sent by authentication server ASA,And TGT;
s32: device A PUF using a physically unclonable function structureAGenerating an excitation value ChalACorresponding response value ResA;
S33: the device A generates a temporary key K according to the responseA=Hash(ResA) In combination with KADecryptionTo obtain KA,TGS;
S34: device A generates verifier AuthA,TGSVerifying whether the device A sending the request is the device A declared in the TGT through a verifier;
6. a Kerberos authentication method based on physical unclonable functions according to claim 5, characterized in that: the step S4 specifically includes:
s41: device A identifies B _ id, Auth of device BA,TGSAnd TGT is sent to TGS;
s42: TGS uses master key KTGSDecrypting the TGT yields:
{A_id,A_address,TGS_name,time_stamp,lifetime,KA,TGS};
s43: TGS uses a random session key KA,TGSAuth decryptionA,TGSAnd verify
Whether { A _ id, A _ address, time _ stamp, lifetime } is consistent with TGT or not is judged, and if the verification is passed, the process is continued; otherwise, quitting;
s44: TGS generates a random session key K between device A and device BA,B;
S45: random session key K for TGSA,TGSEncrypting a random session key KA,BObtaining:
s46: TGS responds to CRP rendezvous from device B based on device B's identity<ChalB,ResB>N, any one of the excitation response pairs 1<ChalB,ResB>Generating a temporary key K for the device BB=Hash(ResB) And generating a service authorization ticket SGT: t isA,BIn combination with KBEncryption:
wherein B _ id represents the identity of device B, KA,BRepresents a random session key between device a and device B;
s47: TGS will
7. A Kerberos authentication method based on physical unclonable functions according to claim 6, characterized in that: the step S5 specifically includes:
s51: device A receives TGS transmission
s52: device a uses a random session key K shared with TGSA,TGSDecrypting to obtain random session key KA,B;
S53: device A generates verifier Auth according to identification, address, timestamp and validity periodA,B:
S54: it is verified by the verifier whether the device a that sent the request is the device a declared in the SGT.
8. A Kerberos authentication method based on physical unclonable functions according to claim 7, characterized in that: the step S6 specifically includes:
s61: device A will AuthA,BAnd ChalBThe SGT sends the information to the device B;
s62: device B utilizes its own physically unclonable function fabric PUFBGenerating an excitation value ChalBCorresponding response value ResB;
S63: device B generates a temporary key KB=Hash(ResB) In combination with KBDecrypting SGT to get
{A_id,A_address,B_id,time_stamp,lifetime,KA,B};
S64: device B uses KA,BAuth decryptionA,BAnd verifies whether the { A _ id, A _ address, time _ stamp, lifetime } and SGT are in the same stateIf the verification is passed, the access of the equipment A is allowed, otherwise, the equipment A exits;
s65: use of K between device A and device BA,BCommunication is performed.
Technical Field
The invention belongs to the technical field of information security and cryptographic protocols, and particularly relates to a Kerberos authentication system and method based on a physical unclonable function.
Background
The Kerberos protocol provides a two-way authentication mechanism between a client and a server or between a server and a server, and provides authentication and key distribution services using a key distribution center KDC as a trusted third party. The system is designed to execute bidirectional authentication service by symmetric cryptographic technology, namely, the client and the server can authenticate each other by means of KDC. The system can be used for preventing eavesdropping, preventing replay attack, protecting data integrity and the like, and is a system for carrying out key management by applying a symmetric key system. In 1988, Bryant et al extended Kerberos and authenticated using public key cryptography. In addition, Windows Server 2003 also extends this protocol by using the smart card's public key certificate for initial authentication.
However, the traditional authentication and key management mechanism based on the keystore or public key infrastructure is not efficient: on one hand, an attacker can cause key leakage through physical attacks such as intrusion, semi-intrusion, side channel attack and the like, so that the whole security system is crashed; on the other hand, the public key has high computation complexity and low speed, and the communication bandwidth occupies excessive resources, which affects the availability of the equipment and the system. Therefore, for the resource-limited device, a lightweight terminal protection mechanism is sought, and the secure authentication and key management of the device are realized, which is a key problem that needs to be solved urgently.
Disclosure of Invention
Aiming at the defects of the prior art, the PUF structure is used for replacing a main key stored in equipment in the traditional Kerberos protocol, so that the bidirectional authentication and key distribution between the equipment and a key distribution center KDC are realized, the situations of forgery attack, counterfeit attack and man-in-the-middle attack caused by the leakage of the main key of the equipment can be prevented, and the Kerberos authentication system and the Kerberos authentication method based on the physical unclonable function are provided.
In order to achieve the technical purpose, the technical scheme adopted by the invention is as follows:
a Kerberos authentication system based on a physically unclonable function, wherein: the key distribution center KDC comprises: the system comprises an authentication server AS, a bill authorization server TGS and a database DB;
PUF chips are installed in the device A and the device B, and excitation response pairs of the PUF chips are stored in the database DB; the device A and the device B perform bidirectional authentication with a key distribution center KDC; the key distribution center KDC distributes a symmetric session key K between the devices A and BA,B。
A Kerberos authentication method based on a physical unclonable function comprises the following steps:
step S1: registering the device A and the device B in a key distribution center KDC;
step S2: the device A requests a bill authorization bill (TGT) from an Authentication Server (AS);
step S3: the device A obtains a bill authorization note TGT;
step S4: the device A requests a service authorization ticket from the TGS;
step S5: the device A obtains a service authorization ticket SGT;
step S6: device a requests communication service from device B.
In order to optimize the technical scheme, the specific measures adopted further comprise:
further, step 1 specifically comprises:
s11: the device A and the device B are respectively provided with a physical unclonable function PUF chip: PUF (physical unclonable function)A、PUFB;
S12: the device A and the device B respectively generate a plurality of random numbers as an excitation set, and each excitation is input into the PUF chip to generate a corresponding response;
s13: the CRP congregation of the excitation response pairs of the equipment A and the equipment B is indexed according to the equipment identification and is safely stored in a database DB of the KDC, and an authentication server AS and a bill authorization server TGS in the KDC can access the CRP congregation of the excitation response pairs in the database DB.
Further,
s21: the equipment A sends a TGT request to an authentication server AS, and the sending information contains an identifier A _ id of the equipment A;
s22: after receiving the message, the authentication server AS generates a random session key between the device a and the TGS: kA,TGS;
S23: the authentication server AS aggregates CRP according to the identification of the equipment A and the excitation response of the equipment A<ChalA,ResA>N, any one of the excitation response pairs 1<ChalA,ResA>Generating a temporary key K for the device AA=Hash(ResA) In combination with KAEncryption KA,TGSObtaining:
s24: authentication server AS accesses master key K of TGSTGSAnd generating a ticket permission ticket TGT: kA,TGSIn combination with KA,TGSEncrypting the ticket license ticket TGT:
wherein, A _ id represents the identification of the device A, A _ address represents the address of the device A, TGS _ name represents the name (or identification) of the TGS server, time _ stamp represents the timestamp, life represents the validity period, K represents the validity periodA,TGSRepresents a random session key between device a and TGS;
s25: the authentication server AS will encourage value ChalA,
Further, step S3 is specifically:
s31: device A receives Chal sent by authentication server ASA,And TGT;
s32: device A PUF using a physically unclonable function structureAGenerating an excitation value ChalACorresponding response value ResA;
S33: the device A generates a temporary key K according to the responseA=Hash(ResA) In combination with KADecryption
S34: device A generates verifier AuthA,TGSVerifying, by the verifier, whether the device a sending the request is the device a declared in the TGT:
further, step S4 is specifically:
s41: device A identifies B _ id, Auth of device BA,TGSAnd TGT is sent to TGS;
s42: TGS uses master key KTGSDecrypting the TGT yields:
{A_id,A_address,TGS_name,time_stamp,lifetime,KA,TGS};
s43: TGS uses a random session key KA,TGSAuth decryptionA,TGSAnd verify
Whether { A _ id, A _ address, time _ stamp, lifetime } is consistent with TGT or not is judged, and if the verification is passed, the process is continued; otherwise, quitting;
s44: TGS generates a random session key K between device A and device BA,B;
S45: random session key K for TGSA,TGSEncrypting a random session key KA,BObtaining:
s46: TGS responds to CRP rendezvous from device B based on device B's identity<ChalB,ResB>N, any one of the excitation response pairs 1<ChalB,ResB>Generating a temporary key K for the device BB=Hash(ResB) Generating a service authorization ticket SGT: t isA,BIn combination with KBEncryption:
wherein B _ id represents the identity of device B, KA,BRepresents a random session key between device a and device B;
s47: TGS willAnd ChalBThe SGT is sent to device A.
Further, step S5 is specifically:
s51: device A receives TGS transmission
s52: device a uses a random session key K shared with TGSA,TGSDecrypting to obtain random session key KA,B;
S53: device A generates verifier AuthA,B:
S54: it is verified by the verifier whether the device a that sent the request is the device a declared in the SGT.
Further, step S6 is specifically:
s61: device A will AuthA,BAnd ChalBThe SGT sends the information to the device B;
s62: device B utilizes its own physicsUnclonable function structure PUFBGenerating an excitation value ChalBCorresponding response value ResB;
S63: device B generates a temporary key KB=Hash(ResB) In combination with KBDecrypting SGT to get
{A_id,A_address,B_id,time_stamp,lifetime,KA,B};
S64: device B uses KA,BAuth decryptionA,BVerifying whether the { A _ id, A _ address, time _ stamp, lifetime } is consistent with the SGT, if the verification is passed, allowing the device A to access, and if not, quitting;
s65: use of K between device A and device BA,BCommunication is performed.
The invention has the beneficial effects that:
the invention combines a physical unclonable function PUF to effectively realize identity authentication in the information communication process, and constructs a temporary key according to the response hash value to realize the safe transmission of a session key; the invention can prevent key leakage caused by physical attacks such as intrusion, semi-intrusion, side channel attack and the like by an attacker, simultaneously overcomes the problems of high computation complexity, low speed and excessive communication bandwidth occupation of a public key, and is suitable for network application with limited resources.
Drawings
FIG. 1 is a schematic diagram of a device authentication and key distribution protocol extension of the present invention;
FIG. 2 is a schematic diagram of the present invention as a single sign-on;
fig. 3 is a schematic diagram of authentication and session key establishment of gateway nodes and terminal devices in the internet of things according to the present invention.
Detailed Description
Embodiments of the present invention are described in further detail below with reference to the accompanying drawings.
- 上一篇:一种医用注射器针头装配设备
- 下一篇:增强型CPK的密钥申请与分发方法及装置