Distributed authentication method based on pre-shared key

Abstract

The invention discloses a distributed authentication method based on a pre-shared key (PSK). The method comprises the following steps that the PSK is acquired before a request access network node accesses the network and a success access network node is selected to be an authentication node so as to carry out bidirectional authentication; during each bidirectional authentication, two parties generate random numbers respectively; according to the PSK and the random numbers, a temporary key and a verification key are generated and are used for encrypting an authentication interaction message and verifying an identity of an opposite side respectively; the two parties locally maintain one identification sequence number which is used for identifying an effective bidirectional authentication; during a bidirectional authentication process, one party recovers the temporary key and the verification key of the opposite side according to the PSK and the random number of the opposite side, receives and decrypts the opposite side identification sequence number and then compares with a local identification sequence number; whether a replay attack prevention condition is satisfied is verified; if the replay attack prevention condition is not satisfied, the bidirectional authentication is invalid; if the replay attack prevention condition is satisfied, the recovered verification key of the opposite side is sent to the opposite side; after receiving and decrypting, the opposite side verifies whether the verification key is the same with the verification key generated by the opposite side itself; if the verification key is not the same with the verification key generated by the opposite side itself, the authentication is failed; and if the verification key is the same with the verification key generated by the opposite side itself, the identity of one party is valid.

Description

technical field [0001] The invention relates to the field of wireless communication, in particular to a distributed authentication method based on a pre-shared key. Background technique [0002] The authentication mechanism in the IEEE802.11i standard is: first in the discovery phase, the station STA obtains the security information of the access node AP through the Probe process (or listens to the Beacon), negotiates the security function configuration, and establishes an association for it; In the authentication phase, the station STA and the authentication server AS perform the authentication process. The station STA and the authentication server AS prove their own signs to each other, and decide the use of STA's non-authenticated traffic according to the verification results. The access node AP does not participate in the authentication interaction process. , only forward the communication between the station STA and the authentication server AS. [0003] The authentica...

AI Technical Summary

Problems solved by technology

[0004] The defect of the above two existing authentication mechanisms is that: these two authentication methods are equipped with special authentication nodes, if the authentication node fails, it will cause the entire network to be unable to complete the node access

At the same time, the proprietary authentication node may become the bottleneck of network expansion

Images