+

CN111130775A - Key negotiation method, device and equipment - Google Patents

Key negotiation method, device and equipment Download PDF

Info

Publication number
CN111130775A
CN111130775A CN201911382702.XA CN201911382702A CN111130775A CN 111130775 A CN111130775 A CN 111130775A CN 201911382702 A CN201911382702 A CN 201911382702A CN 111130775 A CN111130775 A CN 111130775A
Authority
CN
China
Prior art keywords
responder
initiator
key
load
cryptographic algorithm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911382702.XA
Other languages
Chinese (zh)
Inventor
林丹生
曾智勇
胡春潮
周永言
刘剑锋
向谆
潘君镇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Electric Power Research Institute of Guangdong Power Grid Co Ltd
Original Assignee
Electric Power Research Institute of Guangdong Power Grid Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Electric Power Research Institute of Guangdong Power Grid Co Ltd filed Critical Electric Power Research Institute of Guangdong Power Grid Co Ltd
Priority to CN201911382702.XA priority Critical patent/CN111130775A/en
Publication of CN111130775A publication Critical patent/CN111130775A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The application discloses a key negotiation method, a device and equipment, wherein the method comprises the following steps: a first stage negotiation and a second stage negotiation; in the first-stage negotiation, an initiator negotiates with a responder through a security alliance load to obtain a first cryptographic algorithm; then the initiator and the responder obtain a working key for the two parties to communicate by adopting a first cryptographic algorithm and the interaction of the two parties; in the second-stage negotiation, the initiator sends the first hash load to the responder, so that the responder returns the second hash load; the initiator calculates a first session key according to the second hash load, and simultaneously sends a verification hash load to the responder, so that the responder calculates the second session key, and simultaneously judges whether the verification hash load is consistent with the first hash load or not. The method and the device solve the technical problem that in the prior art, the key calculation process is complex, so that time consumption of negotiation between two communication parties is long, and meanwhile safety is poor.

Description

Key negotiation method, device and equipment
Technical Field
The present application relates to the field of data security technologies, and in particular, to a key agreement method, apparatus, and device.
Background
The key agreement is a key establishment technology, two or more participants in the system provide information together, and each participant derives a shared key of which any party can not determine a result in advance, and particularly, with the increasing complexity of a communication environment, the increasing development of an information technology and the increasing of computing capacity, attacking means in the communication environment are also continuously developed, so that a plurality of key agreement methods have different degrees of challenges.
In the prior art, the key calculation process is complex, so that the negotiation between two communication parties is long in time consumption, the key safety is poor, and the problem that business data information is easily leaked or maliciously tampered is caused.
Disclosure of Invention
The application provides a key agreement method, a device and equipment, which are used for solving the technical problems of long time consumption and poor safety of agreement between two communication parties caused by the complex key calculation process in the prior art.
In view of this, a first aspect of the present application provides a key agreement method, including: a first stage negotiation and a second stage negotiation;
the first stage negotiation comprises:
a1: the initiator negotiates with a responder through a security alliance load to obtain a first cryptographic algorithm, wherein the security alliance load comprises a related cryptographic algorithm suggestion;
a2: the initiator sends the initiator key identification and the initiator certificate which are obtained by calculation through the first cryptographic algorithm to the responder, so that the responder returns the responder key identification which is obtained by calculation through the first cryptographic algorithm to the initiator, and calculates a first working key for communication between the initiator and the responder;
a3: the initiator calculates a second working key for communication between the initiator and the responder according to the responder key identifier;
the second stage negotiation comprises:
s1: the initiator sends a first hash load to the responder, so that the responder returns a second hash load, wherein the first hash load comprises the second working key, an initiator identity verification identifier, an initiator nonce and a first security association, and the second hash load comprises the second working key, a responder identity verification identifier, a responder nonce and a second security association;
s2: and the initiator calculates a first session key according to the second hash load and simultaneously sends a verification hash load to the responder, so that the responder calculates a second session key and simultaneously judges whether the verification hash load is consistent with the first hash load or not.
Preferably, the first cryptographic algorithm comprises at least one cryptographic algorithm.
Preferably, the initiator sends the initiator key identifier and the initiator certificate calculated by the first cryptographic algorithm to the responder, so that the responder verifies the accuracy of the initiator certificate through a key management system.
Preferably, step a3 is followed by:
a4: and the initiator encrypts the verification exchange data calculated by adopting the second cryptographic algorithm through a third cryptographic algorithm and then sends the verification exchange data to the responder, so that the responder sends the analyzed and verified result to the initiator.
Preferably, step a1 is preceded by:
a0: the initiator detects whether the responder supports NAT-T or not, so that the responder adjusts the port type according to the received detection result.
A second aspect of the present application provides a key agreement apparatus, including: the first-stage negotiation module and the second-stage negotiation module;
the first stage negotiation module comprises:
the algorithm negotiation module is used for negotiating with a responder by a security alliance load by an initiator to obtain a first cryptographic algorithm, wherein the security alliance load comprises a related cryptographic algorithm suggestion;
the first interaction module is used for the initiator to send the initiator key identifier and the initiator certificate which are obtained by calculation through the first cryptographic algorithm to the responder, so that the responder returns the responder key identifier which is obtained by calculation through the first cryptographic algorithm to the initiator, and calculates a first working key for communication between the initiator and the responder;
the first calculation module is used for calculating a second working key for the communication between the initiator and the responder according to the responder key identifier by the initiator;
the second stage negotiation module comprises:
a second interaction module, configured to send a first hash load to the responder by the initiator, so that the responder returns a second hash load, where the first hash load includes the second working key, an initiator identity authentication identifier, an initiator nonce and a first security association, and the second hash load includes the second working key, a responder identity authentication identifier, a responder nonce and a second security association;
a second calculating module, configured to calculate, by the initiator, a first session key according to the second hash load, and send a verification hash load to the responder, so that the responder calculates a second session key, and meanwhile, determines whether the verification hash load is consistent with the first hash load.
Preferably, the first interaction module further comprises:
and the first verification module is used for sending the initiator key identifier and the initiator certificate which are obtained by adopting the first cryptographic algorithm to the responder by the initiator, so that the responder verifies the accuracy of the initiator certificate through a key management system.
Preferably, the first calculation module further comprises:
and the second verification module is used for encrypting the verification exchange data obtained by calculation by adopting the second cryptographic algorithm through a third cryptographic algorithm by the initiator and then sending the verification exchange data to the responder, so that the responder sends the analyzed and verified result to the initiator.
Preferably, the method further comprises the following steps:
a detecting module, configured to detect, by the initiator, whether the responder supports NAT-T, so that the responder adjusts a port type according to a received detection result.
A second aspect of the present application provides a key agreement device, the device comprising a processor and a memory:
the memory is used for storing program codes and transmitting the program codes to the processor;
the processor is configured to execute any one of the key agreement methods provided in the first aspect according to instructions in the program code.
According to the technical scheme, the embodiment of the application has the following advantages:
in this application, a key agreement method is provided, including: the first stage negotiation and the second stage negotiation; the first stage of negotiation comprises: the initiator negotiates with a responder according to the security alliance load comprising the cipher algorithm suggestion to obtain a first cipher algorithm; the initiator sends the initiator key identification and the initiator certificate which are obtained by calculation through the first cryptographic algorithm to the responder, so that the responder returns the responder key identification obtained by calculation through the first cryptographic algorithm to the initiator, and calculates a first working key for communication between the initiator and the responder; the initiator calculates a second working key for the communication between the initiator and the responder according to the responder key identifier; the second stage negotiation includes: the initiator sends the first hash load to the responder, so that the responder returns a second hash load, wherein the first hash load comprises a second working key, an initiator identity verification identifier, an initiator nonce and a first security alliance, and the second hash load comprises the second working key, a responder identity verification identifier, a responder nonce and a second security alliance; the initiator calculates a first session key according to the second hash load, and simultaneously sends a verification hash load to the responder, so that the responder calculates the second session key, and simultaneously judges whether the verification hash load is consistent with the first hash load or not.
The key agreement method provided by the application divides the whole agreement process into two stages, wherein in the first stage of agreement, a first cryptographic algorithm is determined according to the agreement of communication between an initiator and a responder, then the initiator encrypts a key identifier of the initiator according to the first cryptographic algorithm, and sends the encrypted key identifier load and a related certificate of the initiator to the responder for analysis, so that the responder also carries out the encryption operation of the key identifier of the responder according to the first cryptographic algorithm and sends the encrypted key identifier load to the initiator, and meanwhile, the responder can calculate a first working key for communication between the initiator and the responder according to the obtained key identifier of the initiator and the certificate of the initiator; after receiving the responder key identifier and the responder certificate, the initiator can obtain a second working key for communication between the initiator and the responder; the negotiation and calculation operation at this stage is to obtain the working keys of both parties, which is used to protect the negotiation process of the session keys of both parties of communication, and realize the identity confirmation and key negotiation of both parties; the second stage negotiation is to check the integrity of the data and the identity of the data source; the two parties carry out interactive negotiation through the hash load to obtain session keys of the two parties, and the hash data exchanged by negotiation needs to be verified by adopting the hash load so as to ensure that the responders before and after communication are not changed, negotiation in the two stages is lack of one and can not be carried out, the security in the negotiation process of the two parties of communication is ensured through key negotiation, algorithm negotiation and security alliance load, the interaction process of negotiation is simple, and complicated calculation or operation actions of the two parties are not involved. Therefore, the method and the device solve the problem that in the prior art, the time consumed for negotiation between two communication parties is long due to the fact that the key calculation process is complex, and meanwhile solve the technical problem of poor safety.
Drawings
Fig. 1 is a schematic flowchart of a key agreement method according to a first embodiment of the present application;
fig. 2 is a flowchart illustrating a second embodiment of a key agreement method provided in the present application;
fig. 3 is a schematic structural diagram of an embodiment of a key agreement device provided in the present application.
Detailed Description
In order to make the technical solutions of the present application better understood, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Interpretation of terms:
and (4) a working key: the key obtained in the first stage of key agreement is used for protecting the session key agreement process.
Session key: the key obtained in the second stage of key negotiation is used for encryption and integrity protection of the data message.
Master key: the SM1 algorithm symmetric key, which is an SJK1121-B crypto card, is used to encrypt and protect the device private key so that it can be stored in the memory card securely.
For easy understanding, please refer to fig. 1, a first embodiment of a key agreement method provided in the present application includes: first stage negotiation and second stage negotiation.
The first stage of negotiation comprises:
step 101, the initiator negotiates with the responder through a security alliance load to obtain a first cryptographic algorithm, wherein the security alliance load comprises a related cryptographic algorithm suggestion.
It should be noted that the cryptographic algorithm may include at least one of the following: an asymmetric cryptographic algorithm SM2, a symmetric cryptographic algorithm SM1, a cryptographic hash algorithm SM3, and a randomly generated temporary password; the initiator encapsulates the proposal of the cryptographic algorithm into a security association load and sends the security association load to the responder, and the responder replies a response security association load which comprises the proposal of the cryptographic algorithm and the certificate of the responder, so as to determine the first cryptographic algorithm; the responder certificate includes a responder encrypted certificate and a responder signed certificate.
And 102, the initiator sends the initiator key identifier and the initiator certificate which are obtained by calculation through the first cryptographic algorithm to the responder, so that the responder returns the responder key identifier which is obtained by calculation through the first cryptographic algorithm to the initiator, and calculates a first working key for communication between the initiator and the responder.
It should be noted that, the initiator explicitly uses the first cryptographic algorithm to calculate its own key identifier according to the received response security association load of the responder, and sends its own key identifier and the related certificate to the responder, where the initiator key identifier includes: the initiator temporary key, the initiator nonce and the initiator identity ID, wherein the related certificate comprises an initiator encryption certificate and an initiator signature certificate; the initiator key identification and the initiator certificate are also packaged into a load for transmission; after the responder obtains the initiator information encrypted by the initiator by adopting the first cryptographic algorithm, the responder also calculates the own key identifier according to the first cryptographic algorithm and replies the key identifier to the initiator, and meanwhile, the responder can also obtain a first working key for communication between the initiator and the responder according to the obtained initiator information and the own information; the responder key identification includes: the responder temporary secret key, the responder nonce and the responder identity ID; the first work key comprises a master key work key.
And 103, the initiator calculates a second working key for the communication between the initiator and the responder according to the responder key identifier.
It should be noted that the initiator also needs to calculate a second working key for the initiator and the responder to communicate by combining with the information of the initiator after receiving the relevant information of the responder; the first working key is the same as the second working key; the negotiation at this stage is mainly to obtain a working key, establish an isdmp SA through the working key, and thus protect the negotiation process at the second stage through the isdmp SA, or, establish an IPSEC SA on the isdmp SA established at the first stage.
The second stage negotiation includes:
and 104, the initiator sends the first hash load to the responder, so that the responder returns the second hash load.
The first hash load comprises a second working key, an initiator identity verification identifier, an initiator nonce and a first security alliance, and the second hash load comprises the second working key, a responder identity verification identifier, a responder nonce and a second security alliance.
It should be noted that, the first hash load is obtained by calculating, by using the cryptographic hash algorithm SM3, a second working key for verifying the integrity of the message and the identity of the data source, the identifier of the initiator, the first security association load, and the nonce of the initiator; the second hash load has the same principle as the first hash load, and is obtained by the cryptographic hash algorithm SM3 calculating the first working key for verifying message integrity and data source identity, the response identifier, the second security association load, and the initiator nonce.
And 105, the initiator calculates the first session key according to the second hash load and simultaneously sends the verification hash load to the responder, so that the responder calculates the second session key and simultaneously judges whether the verification hash load is consistent with the first hash load or not.
It should be noted that, the first session key is calculated according to the hash key algorithm SM 3; verifying that the hash load is the same as the first hash load; the verification hash load is the same as the first hash load, the response party compares the received hash load with the first hash load received before to verify the accuracy of the response party exchanging the information before, so that the original response party is ensured to receive the information, the third party attack is not ensured, and the safety in the communication process is improved. The session key includes a session key that can be used for encryption and a session key for integrity check, and can be selected from the calculated session keys according to the key length. After the negotiation in the first stage, the ISKMP SA may be established through the working key, so as to protect the negotiation process in the second stage through the ISKMP SA, or in other words, establish the IPSEC SA on the ISKMP SA established in the first stage, and determine the IPSEC security policy and the session key of both parties of communication.
SA is Security Association (SA), which is a combination of Security association, Security group, and Security parameters, and refers to a shared network Security attribute established between two network entities to provide a secure communication environment. In a security association, before the network is connected, the network data parameters, including the encryption mode and algorithm, the security encryption key, etc., are exchanged. Network security association and key management protocols provide the basic framework for security association. The Internet key exchange provides a key exchange mechanism; ISAKMP is one of internet security association and Key Management protocols (ISAKM or ISAKMP), and is used to establish security association and encryption keys on the internet. This protocol is defined in RFC2408 and provides a framework for authorization and key exchange, primarily designed for key exchange. The Internet key exchange and the Kerberized Internet negotiation of Key and other protocols provide the data of the authorized key, which can be used in ISAKMP; IPSEC is Internet Protocol Security (IPSEC), a Protocol packet that protects the network transport Protocol suite (a collection of interrelated protocols) of the IP Protocol by encrypting and authenticating packets of the IP Protocol.
The key agreement method provided in this embodiment divides the whole agreement process into two stages, in the first stage of agreement, a first cryptographic algorithm is determined according to the agreement between the initiator and the responder, then the initiator encrypts its own key identifier according to the first cryptographic algorithm, and sends the encrypted key identifier load and its related certificate to the responder for analysis, so that the responder also performs the encryption operation of its own key identifier according to the first cryptographic algorithm and sends the encrypted key identifier load to the initiator, and at the same time, the responder can calculate a first working key for communication between the initiator and the responder according to the obtained initiator key identifier and the initiator certificate; after receiving the responder key identifier and the responder certificate, the initiator can obtain a second working key for communication between the initiator and the responder; the negotiation and calculation operation at this stage is to obtain the working keys of both parties, which is used to protect the negotiation process of the session keys of both parties of communication, and realize the identity confirmation and key negotiation of both parties; the second stage negotiation is to check the integrity of the data and the identity of the data source; the two parties carry out interactive negotiation through the hash load to obtain session keys of the two parties, and the hash data exchanged by negotiation needs to be verified by adopting the hash load so as to ensure that the responders before and after communication are not changed, negotiation in the two stages is lack of one and can not be carried out, the security in the negotiation process of the two parties of communication is ensured through key negotiation, algorithm negotiation and security alliance load, the interaction process of negotiation is simple, and complicated calculation or operation actions of the two parties are not involved. Therefore, the embodiment solves the problem that in the prior art, the time consumed for negotiation between two communication parties is long due to the complex key calculation process, and also solves the technical problem of poor safety.
For easy understanding, please refer to fig. 2, an embodiment two of a key agreement method is provided in the embodiment of the present application, including: first stage negotiation and second stage negotiation.
The first stage of negotiation comprises:
step 201, the initiator detects whether the responder supports NAT-T, so that the responder adjusts the port type according to the received detection result.
It should be noted that, detecting whether the opposite side supports NAT-T can be realized by exchanging vendor ID load, if it supports NAT-T, NAT _ D load is sent in the first stage of key negotiation, after the responder receives the packet, decrypts and authenticates, it changes the original 500 port state into 4500 port, the following negotiation process is performed by using 4500 port, and the packets received by 500 port which are not newly negotiated are discarded; the other four messages and the second stage do not need to be changed; and when NAT traversal is adopted, the data packet in the tunnel mode is encapsulated by using UDP.
Step 202, the initiator negotiates with the responder through the security alliance load to obtain a first cryptographic algorithm, wherein the security alliance load comprises a related cryptographic algorithm suggestion.
It should be noted that the first cryptographic algorithm includes at least one cryptographic algorithm, which may be an asymmetric cryptographic algorithm SM2, a symmetric cryptographic algorithm SM1, a cryptographic hash algorithm SM3, and a randomly generated temporary cipher; the initiator encapsulates the proposal of the cryptographic algorithm into a security association load and sends the security association load to the responder, and the responder replies a response security association load which comprises the proposal of the cryptographic algorithm and the certificate of the responder, so as to determine the first cryptographic algorithm; the responder certificate includes a responder encrypted certificate and a responder signed certificate.
Step 203, the initiator sends the initiator key identifier and the initiator certificate calculated by the first cryptographic algorithm to the responder, so that the responder returns the responder key identifier calculated by the first cryptographic algorithm to the initiator, and calculates a first working key for communication between the initiator and the responder.
It should be noted that, after the initiator confirms the cryptographic algorithm, the initiator calculates the key identifier of the initiator according to the first cryptographic algorithm, and sends the obtained key identifier and the initiator certificate to the responder, where the initiator key identifier includes: the initiator temporary key, the initiator nonce and the initiator identity ID, wherein the initiator certificate comprises an initiator encryption certificate and an initiator signature certificate; the initiator key identification and the initiator certificate are also packaged into a load for transmission; after the responder obtains initiator information encrypted by the initiator by adopting a first cryptographic algorithm, the responder needs to decrypt the received load to obtain an initiator key identifier and an initiator certificate, and verifies the accuracy of the initiator certificate through a key management system, then the responder calculates the own key identifier according to the first cryptographic algorithm and replies the key identifier to the initiator, and meanwhile, the responder can also obtain a first working key for communication between the initiator and the responder according to the obtained initiator information and the own information; the responder key identification includes: the responder temporary secret key, the responder nonce and the responder identity ID; the first work key comprises a master key work key.
And step 204, the initiator calculates a second working key for the communication between the initiator and the responder according to the responder key identifier.
It should be noted that the initiator also needs to calculate a second working key for the initiator and the responder to communicate by combining with the information of the initiator after receiving the relevant information of the responder; the first working key is the same as the second working key; the negotiation at this stage is mainly to obtain a working key, establish an isdmp SA through the working key, and thus protect the negotiation process at the second stage through the isdmp SA, or, establish an IPSEC SA on the isdmp SA established at the first stage.
And step 205, the initiator encrypts the verification exchange data calculated by the second cryptographic algorithm through a third cryptographic algorithm and sends the encrypted verification exchange data to the responder, so that the responder sends the analyzed and verified result to the initiator.
It should be noted that, verifying the exchange data refers to the initiator related information, such as the initiator key identifier, the initiator certificate, etc., which is sent to the responder by the initiator in the above steps; the second cryptographic algorithm is an asymmetric cryptographic algorithm SM2, the third cryptographic algorithm is a symmetric cryptographic algorithm SM1, the verification exchange data obtained by the second cryptographic algorithm is to perform packing calculation processing on the information such as the key identification, the related certificate, the working key and the like in the interaction process of the initiator and the responder, which is equivalent to re-encryption of the whole information, and then the third cryptographic algorithm is used for encrypting into a packet or sending a load to the responder, the responder obtains the root source data of the load by using the same algorithm through decryption, compares the analyzed data with the data in the previous exchange process again to determine whether the data are consistent, thereby ensuring that two communication parties are not attacked by a third party, ensuring the consistency between the two communication parties, improving the communication safety and ensuring the communication environment of the next negotiation process.
The second stage negotiation includes:
step 206, the initiator sends the first hash load to the responder, so that the responder returns the second hash load.
The first hash load comprises a second working key, an initiator identity verification identifier, an initiator nonce and a first security alliance, and the second hash load comprises the second working key, a responder identity verification identifier, a responder nonce and a second security alliance.
It should be noted that, the first hash load is obtained by calculating, by using the cryptographic hash algorithm SM3, a second working key for verifying the integrity of the message and the identity of the data source, the identifier of the initiator, the first security association load, and the nonce of the initiator; the second hash load has the same principle as the first hash load, and is obtained by the cryptographic hash algorithm SM3 calculating the first working key for verifying message integrity and data source identity, the response identifier, the second security association load, and the initiator nonce.
Step 207, the initiator calculates the first session key according to the second hash load, and sends the verification hash load to the responder, so that the responder calculates the second session key, and at the same time, determines whether the verification hash load is consistent with the first hash load.
It should be noted that, the first session key is calculated according to the hash key algorithm SM 3; verifying that the hash load is the same as the first hash load; the verification hash load is the same as the first hash load, and the comparison between the verification hash load and the first hash load is used for verifying the accuracy of the exchange responder of the previous information, so that the responder of the communication is ensured to be the original responder instead of a third party attack, and the safety in the communication process is improved. The session key includes a session key that can be used for encryption and a session key for integrity check, and can be selected from the calculated session keys according to the key length. After the negotiation in the first stage, the ISKMP SA may be established through the working key, so as to protect the negotiation process in the second stage through the ISKMP SA, or in other words, establish the IPSEC SA on the ISKMP SA established in the first stage, and determine the IPSEC security policy and the session key of both parties of communication. The verification is used for determining that the responder receiving the information is not the third party, verifying whether the responder really receives the first hash load in the last operation by sending the hash load again, and comparing the responder with the previously received first hash load after receiving the verification hash load, so that the communication information is replaced or stolen to avoid the attack of the third party and the responder communicating is confirmed to be unchanged.
For ease of understanding, please refer to fig. 3, an embodiment of a key agreement apparatus is further provided in the present application, including: a first stage negotiation module 301 and a second stage negotiation module 302;
the first stage negotiation module 301 includes:
an algorithm negotiation module 3011, configured to perform negotiation with a responder through a security alliance load by an initiator to obtain a first cryptographic algorithm, where the security alliance load includes a related cryptographic algorithm suggestion;
the first interaction module 3012 is configured to send, by the initiator, the initiator key identifier and the initiator certificate, which are calculated by using the first cryptographic algorithm, to the responder, so that the responder returns, to the initiator, the responder key identifier, which is calculated by using the first cryptographic algorithm, and calculates a first working key for the initiator and the responder to perform communication;
the first calculation module 3013, configured to calculate, by the initiator, a second work key for the initiator and the responder to perform communication according to the responder key identifier;
the second stage negotiation module 302 includes:
a second interaction module 3021, configured to send the first hash load to the responder by the initiator, so that the responder returns a second hash load, where the first hash load includes a second working key, an initiator identity authentication identifier, an initiator nonce and a first security association, and the second hash load includes a second working key, a responder identity authentication identifier, a responder nonce and a second security association;
the second calculating module 3022 is configured to calculate the first session key according to the second hash load by the initiator, and send the verification hash load to the responder at the same time, so that the responder calculates the second session key, and meanwhile, determines whether the verification hash load is consistent with the first hash load.
Further, the first interaction module 3012 further includes:
the first verification module 30121 is configured to send, by the initiator, the initiator key identifier and the initiator certificate calculated by using the first cryptographic algorithm to the responder, so that the responder verifies the accuracy of the initiator certificate through the key management system.
Further, the first calculation module 3013 further includes:
and the second authentication module 3014 is configured to send, to the responder, the encrypted authentication exchange data obtained by computing using the second cryptographic algorithm through the third cryptographic algorithm, so that the responder sends the analyzed and authenticated result to the initiator.
Further, still include:
the detecting module 3010 is configured to detect, by the initiator, whether the responder supports NAT-T, so that the responder adjusts the port type according to the received detection result.
To facilitate understanding, the present application also provides a key agreement device comprising a processor and a memory:
the memory is used for storing the program codes and transmitting the program codes to the processor;
the processor is configured to execute any one of the key agreement method embodiments described above according to instructions in the program code.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed to by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for executing all or part of the steps of the method described in the embodiments of the present application through a computer device (which may be a personal computer, a server, or a network device). And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions in the embodiments of the present application.

Claims (10)

1. A method of key agreement, comprising: a first stage negotiation and a second stage negotiation;
the first stage negotiation comprises:
a1: the initiator negotiates with a responder through a security alliance load to obtain a first cryptographic algorithm, wherein the security alliance load comprises a related cryptographic algorithm suggestion;
a2: the initiator sends the initiator key identification and the initiator certificate which are obtained by calculation through the first cryptographic algorithm to the responder, so that the responder returns the responder key identification which is obtained by calculation through the first cryptographic algorithm to the initiator, and calculates a first working key for communication between the initiator and the responder;
a3: the initiator calculates a second working key for communication between the initiator and the responder according to the responder key identifier;
the second stage negotiation comprises:
s1: the initiator sends a first hash load to the responder, so that the responder returns a second hash load, wherein the first hash load comprises the second working key, an initiator identity verification identifier, an initiator nonce and a first security association, and the second hash load comprises the second working key, a responder identity verification identifier, a responder nonce and a second security association;
s2: and the initiator calculates a first session key according to the second hash load and simultaneously sends a verification hash load to the responder, so that the responder calculates a second session key and simultaneously judges whether the verification hash load is consistent with the first hash load or not.
2. The key agreement method according to claim 1, characterized in that the first cryptographic algorithm comprises at least one cryptographic algorithm.
3. The key agreement method according to claim 1, wherein the initiator sends the initiator key id and the initiator certificate calculated by the first cryptographic algorithm to the responder, so that the responder verifies the accuracy of the initiator certificate through a key management system.
4. The key agreement method according to claim 1, wherein step a3 is followed by further comprising:
a4: and the initiator encrypts the verification exchange data calculated by adopting the second cryptographic algorithm through a third cryptographic algorithm and then sends the verification exchange data to the responder, so that the responder sends the analyzed and verified result to the initiator.
5. The key agreement method according to claim 1, wherein step a1 is preceded by the steps of:
a0: the initiator detects whether the responder supports NAT-T or not, so that the responder adjusts the port type according to the received detection result.
6. A key agreement apparatus, comprising: the first-stage negotiation module and the second-stage negotiation module;
the first stage negotiation module comprises:
the algorithm negotiation module is used for negotiating with a responder by a security alliance load by an initiator to obtain a first cryptographic algorithm, wherein the security alliance load comprises a related cryptographic algorithm suggestion;
the first interaction module is used for the initiator to send the initiator key identifier and the initiator certificate which are obtained by calculation through the first cryptographic algorithm to the responder, so that the responder returns the responder key identifier which is obtained by calculation through the first cryptographic algorithm to the initiator, and calculates a first working key for communication between the initiator and the responder;
the first calculation module is used for calculating a second working key for the communication between the initiator and the responder according to the responder key identifier by the initiator;
the second stage negotiation module comprises:
a second interaction module, configured to send a first hash load to the responder by the initiator, so that the responder returns a second hash load, where the first hash load includes the second working key, an initiator identity authentication identifier, an initiator nonce and a first security association, and the second hash load includes the second working key, a responder identity authentication identifier, a responder nonce and a second security association;
a second calculating module, configured to calculate, by the initiator, a first session key according to the second hash load, and send a verification hash load to the responder, so that the responder calculates a second session key, and meanwhile, determines whether the verification hash load is consistent with the first hash load.
7. The key agreement device according to claim 6, wherein the first interaction module further comprises:
and the first verification module is used for sending the initiator key identifier and the initiator certificate which are obtained by adopting the first cryptographic algorithm to the responder by the initiator, so that the responder verifies the accuracy of the initiator certificate through a key management system.
8. The key agreement device according to claim 6, wherein the first calculation module is followed by further comprising:
and the second verification module is used for encrypting the verification exchange data obtained by calculation by adopting the second cryptographic algorithm through a third cryptographic algorithm by the initiator and then sending the verification exchange data to the responder, so that the responder sends the analyzed and verified result to the initiator.
9. The key agreement device according to claim 6, further comprising:
a detecting module, configured to detect, by the initiator, whether the responder supports NAT-T, so that the responder adjusts a port type according to a received detection result.
10. A key agreement device, characterized in that the device comprises a processor and a memory:
the memory is used for storing program codes and transmitting the program codes to the processor;
the processor is configured to perform the key agreement method of any one of claims 1-5 according to instructions in the program code.
CN201911382702.XA 2019-12-27 2019-12-27 Key negotiation method, device and equipment Pending CN111130775A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911382702.XA CN111130775A (en) 2019-12-27 2019-12-27 Key negotiation method, device and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911382702.XA CN111130775A (en) 2019-12-27 2019-12-27 Key negotiation method, device and equipment

Publications (1)

Publication Number Publication Date
CN111130775A true CN111130775A (en) 2020-05-08

Family

ID=70505210

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911382702.XA Pending CN111130775A (en) 2019-12-27 2019-12-27 Key negotiation method, device and equipment

Country Status (1)

Country Link
CN (1) CN111130775A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111294212A (en) * 2020-05-12 2020-06-16 广东纬德信息科技股份有限公司 Security gateway key negotiation method based on power distribution
CN111865564A (en) * 2020-07-29 2020-10-30 北京浪潮数据技术有限公司 IPSec communication establishing method and system
CN114268473A (en) * 2021-12-10 2022-04-01 北京天融信网络安全技术有限公司 Method, system, terminal and storage medium for defending DDOS attack by IKEv1 protocol main mode
CN114553507A (en) * 2022-02-10 2022-05-27 新华三信息安全技术有限公司 Security authentication method, device, equipment and machine readable storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101742491A (en) * 2009-12-04 2010-06-16 同济大学 A key exchange negotiation method between a mobile device and a security access gateway
CN102904861A (en) * 2011-07-28 2013-01-30 中兴通讯股份有限公司 An Extended Authentication Method and System Based on ISAKMP
CN103441839A (en) * 2013-08-15 2013-12-11 国家电网公司 Method and system for using quantum cryptography in safe IP communication
US20170054555A1 (en) * 2015-08-20 2017-02-23 Alibaba Group Holding Limited Method, apparatus, terminal device and system for generating shared key
CN109802831A (en) * 2019-02-26 2019-05-24 安徽皖通邮电股份有限公司 A kind of method that IKEv1 negotiation uses quantum key
CN109981272A (en) * 2019-04-19 2019-07-05 鼎信信息科技有限责任公司 Cryptographic key negotiation method, device, computer equipment and storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101742491A (en) * 2009-12-04 2010-06-16 同济大学 A key exchange negotiation method between a mobile device and a security access gateway
CN102904861A (en) * 2011-07-28 2013-01-30 中兴通讯股份有限公司 An Extended Authentication Method and System Based on ISAKMP
CN103441839A (en) * 2013-08-15 2013-12-11 国家电网公司 Method and system for using quantum cryptography in safe IP communication
US20170054555A1 (en) * 2015-08-20 2017-02-23 Alibaba Group Holding Limited Method, apparatus, terminal device and system for generating shared key
CN109802831A (en) * 2019-02-26 2019-05-24 安徽皖通邮电股份有限公司 A kind of method that IKEv1 negotiation uses quantum key
CN109981272A (en) * 2019-04-19 2019-07-05 鼎信信息科技有限责任公司 Cryptographic key negotiation method, device, computer equipment and storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
郭彦涛: "《面向国密新标准的IPsec VPN服务器软件研究》", 《中国优秀硕士论文全文数据库》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111294212A (en) * 2020-05-12 2020-06-16 广东纬德信息科技股份有限公司 Security gateway key negotiation method based on power distribution
CN111865564A (en) * 2020-07-29 2020-10-30 北京浪潮数据技术有限公司 IPSec communication establishing method and system
CN114268473A (en) * 2021-12-10 2022-04-01 北京天融信网络安全技术有限公司 Method, system, terminal and storage medium for defending DDOS attack by IKEv1 protocol main mode
CN114553507A (en) * 2022-02-10 2022-05-27 新华三信息安全技术有限公司 Security authentication method, device, equipment and machine readable storage medium
CN114553507B (en) * 2022-02-10 2024-02-09 新华三信息安全技术有限公司 Security authentication method, device, equipment and machine-readable storage medium

Similar Documents

Publication Publication Date Title
CN109309565B (en) Security authentication method and device
US11533297B2 (en) Secure communication channel with token renewal mechanism
US8275989B2 (en) Method of negotiating security parameters and authenticating users interconnected to a network
CN104168267B (en) A kind of identity identifying method of access SIP security protection video monitoring systems
CN106656503B (en) Method for storing cipher key, data encryption/decryption method, electric endorsement method and its device
US20050149732A1 (en) Use of static Diffie-Hellman key with IPSec for authentication
CN110635901B (en) Local Bluetooth dynamic authentication method and system for Internet of things equipment
WO2017097041A1 (en) Data transmission method and device
WO2016180204A1 (en) Method and device for secure communication
WO2016058404A1 (en) Entity authentication method and device based on pre-shared key
CN111130775A (en) Key negotiation method, device and equipment
CN113806772A (en) Information encryption transmission method and device based on block chain
CN114143117B (en) Data processing method and device
CN112351037B (en) Information processing method and device for secure communication
US20250202688A1 (en) Quantum key transmission method, apparatus, and system
CN110493177B (en) Method and system for quantum communication service station AKA key negotiation based on asymmetric key pool pair and serial number
CN116633530A (en) Quantum key transmission method, device and system
CN108683498A (en) A kind of cloud terminal management-control method based on changeable key national secret algorithm
KR101531662B1 (en) Method and system for mutual authentication between client and server
CN111836260A (en) Authentication information processing method, terminal and network device
CN114928491A (en) Internet of things security authentication method, device and system based on identification cryptographic algorithm
CN117675285A (en) An identity verification method, chip and device
CN105591748B (en) A kind of authentication method and device
CN117714185A (en) Bank counter data processing method and system based on cryptographic algorithm
CN112787990B (en) Power terminal trusted access authentication method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20200508

RJ01 Rejection of invention patent application after publication
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载