Bilinear-group-based cross-domain union authentication method

Abstract

The invention relates to a bilinear-group-based cross-domain union authentication method, which comprises the following steps of: 1, the initialization of a system, namely, randomly selecting different mutually isomorphic subgroups Gk as key generating parameters of corresponding domains by using each domain, wherein k is more than or equal to 1 and less than or equal to R; 2, the generation of keys of each domain, constructing an authentication center private key / public key pair by mapping the generating parameters and a Hash function; 3, the key distribution of a domain authentication center (DAC) to members in the domains; and 4, cross-domain key verification, namely, the member UD1 in the union domain D1 is supposed to be required to access the member UD2 in the union domain D2, performing the cross-domain key verification between UD1 and UD2, and if the UD1 and UD2 pass the cross-domain key verification, determining that UD1 is an internal member with the union domain public key of PD1 so as to achieve the authentication effect of crossing a plurality of domains. By the method, multi-domain resource sharing is realized, simultaneously, the security and entity anonymous properties of resources of each domain can be ensured, the bidirectional entity anonymous authentication of resource access among the plurality of domains is supported, and the privacy of each entity is relatively better protected; and the method is relatively more flexible, secure and practicable.

Description

technical field The invention relates to a network security authentication method, in particular to a bilinear group-based cross-domain alliance authentication method, which belongs to the field of network communication security. Background technique Multi-Domain Union (MDU) occurs in large networks where services and access points are distributed across multiple domains. In a distributed network environment, companies and institutions have their own shared resources. In order to prevent unauthorized users from accessing these shared resources, each institution sets up local authentication service devices to provide authentication services. Therefore, each organization has formed a relatively independent trust domain. Internal users in each domain trust the local authentication center, and the authentication center in each domain provides convenient authentication services for local users to access shared resources. However, in the case of a large number of service requirem...

AI Technical Summary

Problems solved by technology

There are two main cross-trust domain authentication frameworks in the existing specific environment: one is the authentication framework based on the symmetric key system (such as Kerberos), this scheme involves the complexity of symmetric key management and key agreement, and cannot be effective anonymity

Second, based on the traditional PKI authentication framework, the certificate processing work of the public key cryptography system is too heavy, especially the certificate status query, certificate path construction, and certificate transfer all bring overhead. network bottleneck

In addition, a new identity-based multi-trust domain authentication model is proposed in an authentication protocol literature. Due to the limitations of the authentication center, it cannot defend against the behavior of the authentication center pretending to be a member of the domain

The internal resource access authentication problem of the same domain can be realized by adopting the signcryption scheme based on the identity signature. Since it is limited to the scope of a domain, it has been extended in the relevant literature of the identity-based multi-trust domain grid authentication model. To achieve authentication between domains, the premise of this scheme is to assume that the PKG of all parties is honest, because the PKG has the private key of the internal members of the domain. If the PKG is malicious, the authenticity of the user's identity and the confidentiality of the private key sex is not guaranteed

Images