CN103338448A - Wireless local area network security communication method based on quantum key distribution - Google Patents

Abstract

The invention provides a wireless local area network security communication method based on quantum key distribution. The method comprises the following steps that: (1) identity authentication based on quantum keys is carried out; (2) quantum key negotiation is carried out; and (3) encryption is started. With the method of the invention adopted, information exchange between a faked access point and an applicant, the waste of system resources or a caused denial of service attack can be can avoided; bidirectional authentication between the applicant and an authentication server as well as between the applicant and an authenticator can be realized, and therefore, the security of the identity authentication is greatly improved; keys produced in the identity authentication can be adopted to protect message authentication in key negotiation, and therefore, attacks such as the tamper of a intermediary can be prevented; the security of key negotiation based on quantum technology is guaranteed by physical laws, and therefore, the key negotiation based on quantum technology has undecodability, and can withstand the decoding of a quantum computer with strong computational ability, and therefore, the security of a whole system can be enhanced.

Description

Translated fromChinese

一种基于量子密钥分发的无线局域网安全通信方法A secure communication method for wireless local area network based on quantum key distribution

技术领域technical field

本发明属于通信领域，具体涉及一种基于量子密钥技术实现电力系统无线局域网安全通信的身份认证和密钥协商实现方法。The invention belongs to the communication field, and in particular relates to a method for implementing identity authentication and key negotiation for realizing secure communication of a wireless local area network in a power system based on quantum key technology.

背景技术Background technique

在无线局域网中，申请者（无线接入终端STA）和无线接入点（AP）之间的信息是通过无线传播的，因此STA和AP之间信息极容易被截获、窃听、篡改和伪造，需要对传输的信息进行加密，认证等操作，以保证通信安全性。然而，目前被广泛使用的无线局域网通信标准IEEE802.11从诞生那一刻起在安全性上就存在很大的隐患，虽然工作组陆续推出多种方案进行补充和完善，但仍然被认为是没有足够安全保障的通信协议。为了增强WLAN的数据加密和认证性能，国际上提出802.11i标准，而国内则提出WAPI标准。In the wireless local area network, the information between the applicant (the wireless access terminal STA) and the wireless access point (AP) is transmitted wirelessly, so the information between the STA and the AP is extremely easy to be intercepted, eavesdropped, tampered with and forged. It is necessary to perform encryption, authentication and other operations on the transmitted information to ensure communication security. However, IEEE802.11, the currently widely used wireless LAN communication standard, has had great hidden dangers in security since its birth. Safe and secure communication protocol. In order to enhance the data encryption and authentication performance of WLAN, the 802.11i standard is proposed internationally, while the WAPI standard is proposed domestically.

802.11i标准的认证和密钥管理流程如下：The authentication and key management process of the 802.11i standard is as follows:

1.AP和认证服务器（AS）通过相互认证，创建一个安全通道，一般推荐使用RADIUS。1. The AP and the authentication server (AS) establish a secure channel through mutual authentication, and RADIUS is generally recommended.

2.STA和AS通过相互认证，产生一个EAP主密钥。2. STA and AS generate an EAP master key through mutual authentication.

3.STA和AP通过各自EAP主密钥产生对等主密钥（Pairwise Master Key,PMK）。AP是在认证成功后，由认证服务器向申请者发送EAP主密钥时得到主密钥的。3. STA and AP generate a peer-to-peer master key (Pairwise Master Key, PMK) through their respective EAP master keys. After successful authentication, the AP obtains the master key when the authentication server sends the EAP master key to the applicant.

4.STA和AP之间采用四步握手，确认PMK的存在性及正确性，并由PMK产生对等传输密钥（Pairwise Transient Key,PTK），同时按需要加载加密/整体性校验。4. A four-step handshake is adopted between the STA and the AP to confirm the existence and correctness of the PMK, and the PMK generates a peer-to-peer transmission key (Pairwise Transient Key, PTK), and loads encryption/integrity verification as required.

5.无线接入点通过二次握手协议将组密钥（Group Transient Key,GTK）分发给申请者，以允许申请者传送和接收广播消息。5. The wireless access point distributes the Group Transient Key (GTK) to the applicant through the two-way handshake protocol to allow the applicant to transmit and receive broadcast messages.

WAPI的身份认证基于公钥密码技术，其认证机制是完整的无线用户和无线接入点的双向认证，身份凭证为基于公钥密码体系的公钥数字证书；采用192/224/256位的椭圆曲线签名算法；集中式或分布集中式认证管理，认证过程简单。WAPI的密钥协商过程非常简单，仅需要两个步骤，在协商双方交换两串随机数后，通过异或随机数，即可得到会话密钥。The identity authentication of WAPI is based on public key cryptography technology, and its authentication mechanism is a complete two-way authentication of wireless users and wireless access points. Curve signature algorithm; centralized or distributed centralized authentication management, the authentication process is simple. The key negotiation process of WAPI is very simple. It only needs two steps. After the negotiating parties exchange two strings of random numbers, the session key can be obtained by XORing the random numbers.

802.11i在安全性方面的局限性在于：The limitations of 802.11i in terms of security are:

1.在身份认证阶段，其实现的是STA和AS之间的单向或者双向认证，STA无法认证AP的身份，对于假AP的攻击没有抵御能力。1. In the identity authentication stage, it implements one-way or two-way authentication between STA and AS. STA cannot authenticate the identity of AP, and has no ability to resist attacks from fake APs.

2.在密钥协商阶段，其安全性基于计算安全，一旦窃听者具有非常强的计算能力，例如量子计算机，则可以在短时间内破解加密密钥，使得无线局域网的通信安全受到威胁。2. In the key agreement stage, its security is based on computing security. Once an eavesdropper has very strong computing power, such as a quantum computer, he can crack the encryption key in a short time, threatening the communication security of the wireless LAN.

WAPI在安全性方面的局限性在于：The limitations of WAPI in terms of security are:

1.认证与密钥协商部分脱节，缺乏密钥确认的过程。1. Authentication and key negotiation are partly disconnected, and there is no process of key confirmation.

2.在STA和AP之间进行密钥协商的过程过于简单，缺乏相应的安全性质，不能抵抗重放攻击、中间人攻击等常见的攻击手段。2. The key negotiation process between STA and AP is too simple, lacks corresponding security properties, and cannot resist common attack means such as replay attack and man-in-the-middle attack.

发明内容Contents of the invention

为了克服上述现有技术的不足，本发明提供一种基于量子密钥分发的安全通信方法。In order to overcome the shortcomings of the prior art above, the present invention provides a secure communication method based on quantum key distribution.

为了实现上述发明目的，本发明采取如下技术方案：In order to realize the above-mentioned purpose of the invention, the present invention takes the following technical solutions:

本发明提供一种基于量子密钥分发的无线局域网安全通信方法，其特征在于，所述方法包括以下步骤：The present invention provides a wireless local area network secure communication method based on quantum key distribution, characterized in that the method comprises the following steps:

(1)进行基于量子密钥的身份认证；(1) Carry out identity authentication based on quantum key;

(2)进行量子密钥协商；(2) Carry out quantum key agreement;

(3)开始加密。(3) Start encryption.

优选地，所述方法包括生成组密钥GTK以进行所述加密。Advantageously, said method comprises generating a group key GTK for said encryption.

优选地，所述身份认证包括如下步骤：（1.1）申请者通过无线接入点AP实现和认证服务器AS之间的双向认证；（1.2）申请者和无线接入点AP之间通过交换信息确立量子成对主密钥PMK。Preferably, the identity authentication includes the following steps: (1.1) The applicant implements two-way authentication with the authentication server AS through the wireless access point AP; (1.2) The applicant and the wireless access point AP exchange information to establish Quantum pairwise master key PMK.

优选地，所述确立量子成对主密钥包括以下步骤：Preferably, said establishment of quantum pairwise master key comprises the following steps:

（1.2.1）检测申请者和无线接入点AP之间是否存在共享的量子密钥库；若不存在则进行量子密钥分发，生成共享的量子密钥库；若存在则执行步骤（1.2.2）；(1.2.1) Detect whether there is a shared quantum key library between the applicant and the wireless access point AP; if it does not exist, perform quantum key distribution to generate a shared quantum key library; if it exists, execute the step (1.2 .2);

（1.2.2）申请者和无线接入点AP交换各自生成的随机数，并根据所述随机数计算密钥库中指针的指向，确定双方共享的成对主密钥PMK；(1.2.2) The applicant and the wireless access point AP exchange the random numbers generated by each, and calculate the pointing of the pointer in the key store according to the random numbers, and determine the paired master key PMK shared by both parties;

（1.2.3）无线接入点AP产生随机数randomB并发给申请者，申请者产生随机数randomA，并利用伪随机函数PRF对randomA、randomB、申请者的MAC地址、无线接入点AP的MAC地址和所述成对主密钥PMK进行计算得到申请者的密钥确认密钥KCK；(1.2.3) The wireless access point AP generates a random number randomB and sends it to the applicant. The applicant generates a random number randomA, and uses the pseudo-random function PRF to compare randomA, randomB, the MAC address of the applicant, and the MAC address of the wireless access point AP. Calculate the address and the paired master key PMK to obtain the applicant's key confirmation key KCK;

（1.2.4）申请者将自己的KCK和所述PMK经Hmac算法得到自己的消息完整性认证码MIC，并将该MIC和randomA发送给无线接入点AP；(1.2.4) The applicant obtains its own message integrity authentication code MIC through the Hmac algorithm through its KCK and the PMK, and sends the MIC and randomA to the wireless access point AP;

（1.2.5）无线接入点AP利用伪随机函数PRF将randomA、randomB、申请者的MAC地址、无线接入点AP的MAC地址和所述PMK进行计算得到无线接入点AP的密钥确认密钥KCK；(1.2.5) The wireless access point AP uses the pseudo-random function PRF to calculate randomA, randomB, the MAC address of the applicant, the MAC address of the wireless access point AP and the PMK to obtain the key confirmation of the wireless access point AP Key KCK;

（1.2.6）无线接入点AP将自己的KCK和所述PMK经Hmac算法得到自己的消息完整性认证码MIC；(1.2.6) The wireless access point AP uses its own KCK and the PMK to obtain its own message integrity authentication code MIC through the Hmac algorithm;

（1.2.7）无线接入点AP将自己的MIC和申请者的MIC进行比较，若一致，则身份认证成功；若不一致，则终止身份认证。(1.2.7) The wireless access point AP compares its own MIC with the applicant's MIC. If they are consistent, the identity authentication is successful; if they are inconsistent, the identity authentication is terminated.

优选地，所述量子密钥协商包括如下步骤：（2.1）无线接入点AP和申请者交换量子密钥协商的控制消息；（2.2）双方根据BB84协议产生量子密钥；（2.3）双方得到共享的量子分段传输密钥Q-PTK，进一步将Q-PTK分解为密钥加密密钥KEK和临时密钥TK。Preferably, the quantum key negotiation includes the following steps: (2.1) the wireless access point AP and the applicant exchange quantum key negotiation control messages; (2.2) both parties generate quantum keys according to the BB84 protocol; (2.3) both parties obtain The shared quantum segment transmission key Q-PTK further decomposes Q-PTK into key encryption key KEK and temporary key TK.

优选地，所述密钥加密密钥KEK加密所述组密钥GTK，所述临时密钥TK加密申请者和无线接入点AP之间的通信数据；无线接入点AP分配由KEK加密的所述组密钥GTK以实现加密过程。Preferably, the key encryption key KEK encrypts the group key GTK, and the temporary key TK encrypts the communication data between the applicant and the wireless access point AP; the wireless access point AP distributes the data encrypted by KEK The group key GTK is used to implement the encryption process.

优选地，所述根据BB84协议产生量子密钥包括以下步骤：Preferably, said generating a quantum key according to the BB84 protocol comprises the following steps:

（2.3.1）申请者向无线接入点AP发送极化光子，并于所述光子极化态上加载信息；(2.3.1) The applicant sends polarized photons to the wireless access point AP, and loads information on the polarized state of the photons;

（2.3.2）无线接入点AP接收所述光子并解码以提取所述信息；(2.3.2) The wireless access point AP receives the photon and decodes it to extract the information;

（2.3.3）无线接入点AP向申请者发送第1条消息，公布其在步骤（2.3.2）的光子接收中所使用的基；(2.3.3) The wireless access point AP sends the first message to the applicant, announcing the base used in the photon reception in step (2.3.2);

（2.3.4）申请者根据该第1条消息，比对无线接入点AP公布的基与其发送极化光子所选用的基，并将比对一致的基通过第2条消息返回给无线接入点AP；(2.3.4) According to the first message, the applicant compares the base announced by the wireless access point AP with the base selected for sending polarized photons, and returns the base that is consistent with the comparison to the wireless access point through the second message. Entry point AP;

（2.3.5）无线接入点AP选取测试基，并发送第3条消息向申请者公布该测试值；(2.3.5) The wireless access point AP selects the test base, and sends the third message to announce the test value to the applicant;

（2.3.6）申请者将收到的测试值与其在步骤（2.3.1）中发送的所述极化光子的原始值进行比较，并发送第4条消息向无线接入点AP确认所述测试值；(2.3.6) The applicant compares the received test value with the original value of the polarized photon sent in step (2.3.1), and sends the 4th message to the wireless access point AP to confirm the test value;

（2.3.7）用下式估算错误率：(2.3.7) Estimate the error rate with the following formula:

式中，p为测试用的总比特数；若错误率Er低于阈值Emax，则没有窃听存在，该步骤完成；否则存在窃听，丢弃全部光子信息，终止量子握手；In the formula, p is the total number of bits used for testing; if the error rate Er is lower than the threshold Emax, then there is no eavesdropping, and this step is completed; otherwise, there is eavesdropping, all photon information is discarded, and the quantum handshake is terminated;

所述第1-4条消息均包括：基于该条消息内容和根据申请者与无线接入点AP预共享的密钥所计算出的消息完整性认证码MIC。The first to fourth messages all include: the message integrity authentication code MIC calculated based on the content of the message and the key pre-shared between the applicant and the wireless access point AP.

优选地，所述双向认证包括以下步骤：Preferably, the two-way authentication includes the following steps:

（1.1.1）所述申请者通过客户端发起连接请求；(1.1.1) The applicant initiates a connection request through the client;

（1.1.2）无线接入点AP收到请求认证，回应一个请求帧要求传输用户名；(1.1.2) The wireless access point AP receives the request for authentication, and responds with a request frame to request the transmission of the user name;

（1.1.3）客户端响应无线接入点AP发出的请求，无线接入点AP收到信息后传给认证服务器AS进行处理；(1.1.3) The client responds to the request sent by the wireless access point AP, and the wireless access point AP receives the information and sends it to the authentication server AS for processing;

（1.1.4）认证服务器AS将收到的信息与数据库中用户名信息进行比对，找到该用户名对应的口令信息，用随机生成的加密字对其进行加密处理，同时将该加密字传给无线接入点AP，并通过无线接入点AP传给客户端；(1.1.4) The authentication server AS compares the received information with the user name information in the database, finds the password information corresponding to the user name, encrypts it with a randomly generated encrypted word, and transmits the encrypted word to To the wireless access point AP, and pass it to the client through the wireless access point AP;

（1.1.5）客户端收到无线接入点AP转传来的加密字后，用该加密字对口令信息进行加密处理，并通过无线接入点AP转发给认证服务器AS；(1.1.5) After receiving the encrypted word from the wireless access point AP, the client uses the encrypted word to encrypt the password information and forwards it to the authentication server AS through the wireless access point AP;

（1.1.6）认证服务器AS将送上来的加密后的口令信息和之前自身加密运算后的口令信息进行对比；如果相同，则认为该用户为合法用户，发出认证通过信息，并向无线接入点AP发出打开控制端口的命令，允许申请者的业务流通过端口访问网络；否则，保持无线接入点AP的端口关闭，只允许认证信息数据流通过而不允许业务数据流通过；(1.1.6) The authentication server AS compares the encrypted password information sent up with the previously encrypted password information; if they are the same, it considers the user as a legitimate user, sends an authentication pass message, and sends a message to the wireless access Point the AP to issue a command to open the control port, allowing the applicant's business flow to access the network through the port; otherwise, keep the port of the wireless access point AP closed, only allowing the authentication information data flow to pass but not the business data flow;

（1.1.7）认证成功后，认证服务器AS向无线接入点AP发送信息确认认证成功，完成认证，并执行所述步骤（1.2）。(1.1.7) After the authentication is successful, the authentication server AS sends a message to the wireless access point AP to confirm that the authentication is successful, completes the authentication, and executes the step (1.2).

与现有技术相比，本发明的有益效果在于：Compared with prior art, the beneficial effect of the present invention is:

基于量子密钥的身份认证在量子密钥协商之前进行，避免了伪造接入点和申请者进行信息交换，浪费系统资源，或造成拒绝服务攻击。Quantum key-based identity authentication is performed before quantum key negotiation, which avoids information exchange between fake access points and applicants, wastes system resources, or causes denial of service attacks.

实现申请者和认证服务器，以及申请者和认证者之间的双向认证，身份认证的安全性大大提高。The two-way authentication between the applicant and the authentication server, and between the applicant and the authenticator is realized, and the security of identity authentication is greatly improved.

基于量子密钥的身份认证和之后的密钥协商紧密连接，密钥协商中的消息验证采用身份认证中产生的密钥进行保护，可防范中间人篡改等攻击。Quantum key-based identity authentication is closely connected with subsequent key agreement. The message verification in key agreement is protected by the key generated in identity authentication, which can prevent man-in-the-middle attacks such as tampering.

基于量子技术的密钥协商，其安全性由物理定律保证，具有不可破解性，可抵御计算能力强的量子计算机的破译，提升了整个系统的安全性。The security of key agreement based on quantum technology is guaranteed by the laws of physics. It is unbreakable and can resist the deciphering of quantum computers with strong computing power, which improves the security of the entire system.

附图说明Description of drawings

图1是融合量子技术的身份认证和密钥协商流程图；Figure 1 is a flow chart of identity authentication and key agreement of fusion quantum technology;

图2是本发明方法的流程图；Fig. 2 is a flow chart of the inventive method;

图3是本发明中Q-WLAN网络身份认证及密钥生成总体结构图；Fig. 3 is Q-WLAN network identity authentication among the present invention and key generation overall structural diagram;

图4是本发明中802.1x认证流程图；Fig. 4 is 802.1x authentication flowchart among the present invention;

图5是本发明中量子密钥认证原理图；Fig. 5 is a schematic diagram of quantum key authentication in the present invention;

图6是本发明中基于量子密钥的身份认证流程图；Fig. 6 is the flowchart of identity authentication based on quantum key in the present invention;

图7是本发明中量子握手建立密钥架构图；Fig. 7 is a key architecture diagram for establishing a quantum handshake in the present invention;

图8是本发明中量子密钥协商流程图；Fig. 8 is a flowchart of quantum key agreement in the present invention;

图9是本发明中BB84协议流程图；Fig. 9 is the flow chart of BB84 agreement among the present invention;

图10是本发明中无线局域网安全通信方案整体框架；Fig. 10 is the overall framework of the wireless local area network security communication scheme in the present invention;

具体实施方式Detailed ways

下面结合附图对本发明作进一步详细说明。The present invention will be described in further detail below in conjunction with the accompanying drawings.

本发明提出新的基于量子密钥的身份认证和握手协议方法，如图2所示，完整的基于量子密钥的身份认证和密钥协商过程分为四个部分，第一部分进行基于量子密钥的身份认证，第二部分通过量子密钥分发得到双方共享的量子分段传输密钥Q-PTK，进一步将Q-PTK分成KEK和TK。第三部产生组暂时密钥GTK，组暂时密钥是用来加密广播信息的，是协议中的可选部分。最后一部分加密过程开始。The present invention proposes a new identity authentication and handshake protocol method based on quantum keys, as shown in Figure 2, the complete identity authentication and key agreement process based on quantum keys is divided into four parts, the first part is based on quantum keys The second part obtains the quantum segment transmission key Q-PTK shared by both parties through quantum key distribution, and further divides Q-PTK into KEK and TK. The third part generates group temporary key GTK, which is used to encrypt broadcast information and is an optional part of the protocol. The last part of the encryption process begins.

在身份认证与安全接入技术中，参与认证的三个部分是申请者（无线接入终端STA）、认证者（即无线接入点AP）、认证服务器（AS）。申请者对应于需要接入网的移动终端；认证者对应于实现接入控制和管理请求者产生数据流量的接入点；认证服务器是个可以访问认证密钥数据库的集中认证服务器。身份认证可以分为请求者与认证服务器之间的身份认证，请求者与认证者之间的身份认证。同时，在认证方案中融入量子密钥来提供申请者和认证者之间的成对主密钥PMK，使密钥的分发过程不经过网络传输，而是基于无条件安全的量子密钥分发过程，大大增强了认证的安全性。In identity authentication and security access technology, the three parts involved in authentication are applicant (wireless access terminal STA), authenticator (ie wireless access point AP), and authentication server (AS). The applicant corresponds to the mobile terminal that needs to access the network; the authenticator corresponds to the access point that implements access control and manages the data traffic generated by the requester; the authentication server is a centralized authentication server that can access the authentication key database. Identity authentication can be divided into identity authentication between the requester and the authentication server, and identity authentication between the requester and the authenticator. At the same time, the quantum key is integrated into the authentication scheme to provide the paired master key PMK between the applicant and the authenticator, so that the distribution process of the key is not transmitted through the network, but based on the unconditionally secure quantum key distribution process. The security of authentication is greatly enhanced.

如图3所示，在基于量子密钥的身份认证过程中，身份认证过程分为两个步骤：第一步申请者通过接入点AP实现和认证服务器AS之间的双向认证，当认证服务器确认申请者的身份之后，向接入点发送接入成功的指示；第二步申请者和接入点之间通过交换信息确定一个共同的密钥指针，确立一个共享的量子成对主密钥PMK。As shown in Figure 3, in the quantum key-based identity authentication process, the identity authentication process is divided into two steps: the first step is that the applicant implements two-way authentication with the authentication server AS through the access point AP, when the authentication server After confirming the identity of the applicant, an indication of successful access is sent to the access point; the second step is to exchange information between the applicant and the access point to determine a common key pointer and establish a shared quantum pairwise master key PMK.

身份认证的第一步基于802.1x协议，申请者和认证服务器之间的认证流程如图4所示：The first step of identity authentication is based on the 802.1x protocol, and the authentication process between the applicant and the authentication server is shown in Figure 4:

1.当用户有上网需求时打开802.1x客户端程序，输入已经申请、登记过的用户名和口令，发起连接请求。此时，客户端程序将发出请求认证的报文给接入点AP，开始启动一次认证过程；1. When the user needs to access the Internet, open the 802.1x client program, enter the user name and password that have been applied and registered, and initiate a connection request. At this time, the client program will send a message requesting authentication to the access point AP, and start an authentication process;

2.AP收到请求认证的数据帧后，发出一个请求帧要求用户的客户端程序将输入的用户名传过来；2. After the AP receives the data frame requesting authentication, it sends a request frame to request the user's client program to pass the input user name;

3.客户端程序响应AP发出的请求，将“用户名”（也可能为空或其他相关字段，根据不同认证协议有所区别）信息通过响应帧送给AP，AP将该帧重新经过封包处理后传给认证服务器进行处理；3. The client program responds to the request sent by the AP, and sends the "username" (maybe empty or other related fields, which are different according to different authentication protocols) information to the AP through the response frame, and the AP repackages the frame Then pass it to the authentication server for processing;

4.认证服务器收到AP发来的“用户名”信息后，将该信息与数据库中“用户名”表比对，找到该“用户名”对应的“口令”信息，用随机生成的加密字对其进行加密处理，同时将此加密字传给AP，并通过AP传给客户端；4. After the authentication server receives the "username" information sent by the AP, it compares the information with the "username" table in the database, finds the "password" information corresponding to the "username", and uses the randomly generated encrypted word Encrypt it, and at the same time pass the encrypted word to the AP, and pass it to the client through the AP;

5.客户端程序收到AP转传来的加密字后，用该加密字对“口令”部分进行加密处理，并通过AP转发给认证服务器；5. After receiving the encrypted word from the AP, the client program uses the encrypted word to encrypt the "password" part, and forwards it to the authentication server through the AP;

6.认证服务器将送上来的加密后的口令信息和之前自身加密运算后的口令信息进行对比。如果相同，则认为该用户为合法用户，发出认证通过信息，并向AP发出打开控制端口的命令，允许用户的业务流通过端口访问网络；否则，保持AP的端口关闭，仍然只允许认证信息数据流通过而不允许业务数据流通过；6. The authentication server compares the encrypted password information sent up with the previously encrypted password information. If they are the same, the user is considered to be a legitimate user, and the authentication pass information is issued, and the command to open the control port is issued to the AP to allow the user's business flow to access the network through the port; otherwise, keep the port of the AP closed, and still only allow the authentication information data The flow passes without allowing the flow of business data;

7.认证成功后，认证服务器向AP发送信息确认认证成功，完成认证功能，AP与用户进行后续通信，产生共享的量子成对主密钥PMK。7. After the authentication is successful, the authentication server sends information to the AP to confirm that the authentication is successful, and the authentication function is completed. The AP communicates with the user to generate a shared quantum paired master key PMK.

身份认证的第二步中，申请者和认证者已经确认了对方的合法身份，他们之间通过交换信息得到一个相同的密钥库指针，生成PMK。In the second step of identity authentication, the applicant and the authenticator have confirmed the legal identity of each other, and they exchange information to obtain the same keystore pointer and generate PMK.

身份认证的第二步需要借助预先分配好的共享量子密钥，以提高安全性。如果双方在开始认证时还没有建立起共享量子密钥库，则首先进行一次量子密钥分发过程，使得认证双方具有一段共享的量子密钥。然后开始身份认证。假设双方为Alice和Bob，这里Alice既可以是身份认证的申请者也可以是认证者，Bob同样如此。他们预先保留有一组相同的密钥，称为成对主密钥PMK。如图5所示，在基于量子密钥的身份认证过程中Alice和Bob拥有相同的密钥库，认证之前通过经典通信方式沟通密钥库指针的指向。通过这种方式，只要双方的密钥库相同，他们得到的密钥PMK就是相同的。The second step of authentication requires a pre-assigned shared quantum key for increased security. If the two parties have not established a shared quantum key store when starting the authentication, a quantum key distribution process is performed first, so that both parties to the authentication have a shared quantum key. Then start authentication. Assuming that the two parties are Alice and Bob, here Alice can be either an applicant or an authenticator for identity authentication, and the same is true for Bob. They reserve a set of identical keys in advance, called pairwise master key PMK. As shown in Figure 5, Alice and Bob have the same keystore in the identity authentication process based on the quantum key, and communicate the pointing of the keystore pointer through classical communication before authentication. In this way, as long as both parties have the same keystore, they get the same key PMK.

第二步的具体流程如图6所示:The specific process of the second step is shown in Figure 6:

1.检测Alice和Bob之间是否具有共享的量子密钥库，如果没有则进行量子密钥分发协议，直到产生的共享量子密钥能够满足双方的身份认证需求后，停止量子密钥分发。1. Detect whether there is a shared quantum key store between Alice and Bob, if not, carry out the quantum key distribution protocol until the generated shared quantum key can meet the identity authentication requirements of both parties, and then stop the quantum key distribution.

2.Alice产生一个随机数ANonce发送给Bob，同时Bob发送一个随机数BNonce给Alice，根据ANonce和BNonce，双方计算密钥库中指针的指向，确定双方共享的成对主密钥PMK。2. Alice generates a random number ANonce and sends it to Bob. At the same time, Bob sends a random number BNonce to Alice. According to ANonce and BNonce, both parties calculate the pointer in the keystore and determine the paired master key PMK shared by both parties.

3.Bob产生随机数randomB并发给Alice,Alice产生随机数randomA。将randomA,randomB,Alice的MAC地址，Bob的MAC地址以及在第一步产生的PMK输入伪随机函数PRF得到密钥确认密钥KCK。3. Bob generates a random number randomB and sends it to Alice, and Alice generates a random number randomA. Input randomA, randomB, Alice's MAC address, Bob's MAC address and the PMK generated in the first step into the pseudo-random function PRF to obtain the key confirmation key KCK.

4.Alice将KCK和PMK经过Hmac算法后得到32比特MIC消息完整性认证码。随后Alice将MIC和randomA发送给Bob。4. Alice passes KCK and PMK through the Hmac algorithm to obtain a 32-bit MIC message integrity authentication code. Alice then sends MIC and randomA to Bob.

5.Bob得到randomA后，将randomA,randomB,Alice的MAC地址，Bob的MAC地址以及在第一步产生的PMK输入伪随机函数PRF得到KCK。5. After Bob obtains randomA, he inputs randomA, randomB, Alice's MAC address, Bob's MAC address and the PMK generated in the first step into the pseudo-random function PRF to obtain KCK.

6.Bob将KCK和PMK经过Hmac算法后得到32比特MIC消息完整性认证码。6. Bob passes KCK and PMK through the Hmac algorithm to obtain a 32-bit MIC message integrity authentication code.

Bob将计算所得的MIC和Alice发送给Bob的MIC比较。如果验证成功，则Bob将他的MIC发送给Alice，此时Alice将此MIC与自己的MIC相比较，如果验证成功则基于量子密钥的身份认证过程结束，开始量子密钥分发过程。Bob compares the calculated MIC with the MIC sent to Bob by Alice. If the verification is successful, Bob sends his MIC to Alice. At this time, Alice compares this MIC with her own MIC. If the verification is successful, the quantum key-based identity authentication process ends and the quantum key distribution process begins.

在这个身份认证机制中，第一步实现了申请者和认证服务器之间的认证，第二步实现申请者和认证者之间的认证；而且第二步中融合了量子密钥以导出PMK。与之前的802.11i相比增强了假接入点攻击的低于能力，与WAPI相比避免公约数字证书体系不成熟造成的安全漏洞，实现了无条件安全的特性。In this identity authentication mechanism, the first step realizes the authentication between the applicant and the authentication server, and the second step realizes the authentication between the applicant and the authenticator; and in the second step, the quantum key is fused to derive the PMK. Compared with the previous 802.11i, it has enhanced the attack capability of false access points, and compared with WAPI, it avoids security holes caused by the immaturity of the conventional digital certificate system, and realizes the feature of unconditional security.

完成基于量子密钥的身份认证之后，开始使用量子握手协议进行密钥协商。用于保护无线局域网通信安全的各种密钥的产生方式，如图7所示，是量子握手过程中不同密钥的产生过程。KCK由PMK产生，以应用于STA和认证服务器之间的相互认证，保护量子密钥分发协议免受中间人攻击。一旦相互认证结束后，STA和认证服务器开始执行量子密钥分发协议，由协议产生256bit的Q-PTK。然后，Q-PTK分成128bit的KEK和128bit的TK。After the quantum key-based identity authentication is completed, the quantum handshake protocol is used for key agreement. The generation of various keys used to protect the security of WLAN communication, as shown in Figure 7, is the generation process of different keys in the quantum handshake process. KCK is generated by PMK to apply to mutual authentication between STA and authentication server, protecting the quantum key distribution protocol from man-in-the-middle attacks. Once the mutual authentication is over, the STA and the authentication server start to execute the quantum key distribution protocol, and the 256bit Q-PTK is generated by the protocol. Then, Q-PTK is divided into 128bit KEK and 128bit TK.

量子密钥协商阶段的目的是产生密钥加密密钥KEK和临时密钥TK。这个阶段使用量子密钥协商产生量子分段传输密钥Q-PTK，然后由Q-PTK产生KEK和TK，分别用来加密组密钥和数据。The purpose of the quantum key agreement phase is to generate a key encryption key KEK and a temporary key TK. In this stage, quantum key agreement is used to generate quantum segment transmission key Q-PTK, and then Q-PTK generates KEK and TK, which are used to encrypt group key and data respectively.

假设量子密钥协商协议采用的是BB84协议，首先得到的是原始密钥Kr，经过密钥协商后得到Kc，然后再经过私密放大过程得到Q-PTK。将Q-PTK分成KEK和TK，密钥生成过程结束。生成组密钥的过程是可选的，因为组密钥是用来为广播通信加密的。Assuming that the quantum key agreement protocol adopts the BB84 protocol, the original key Kr is first obtained, Kc is obtained after key negotiation, and then Q-PTK is obtained through the private amplification process. Divide Q-PTK into KEK and TK, and the key generation process ends. The process of generating a group key is optional because group keys are used to encrypt broadcast communications.

如图8所示是包含基于量子密钥的身份认证和量子握手的协议流程图。执行该协议时，STA和接入点之间首先使用基于量子密钥的身份认证技术实现双方身份认证，产生KCK。而后量子握手协议执行双方的密钥分配。As shown in Figure 8, it is a protocol flow chart including quantum key-based identity authentication and quantum handshake. When executing the protocol, the STA and the access point firstly use the identity authentication technology based on the quantum key to realize the identity authentication of both parties, and generate KCK. Then the quantum handshake protocol executes the key distribution between the two parties.

STA通过认证服务器的认证之后，AP和STA首先交换量子密钥协商的控制消息。在双方根据控制信息配置好量子设备后，双方根据BB84协议开始产生量子密钥。执行完BB84协议后，双方得到共享的量子分段传输密钥Q-PTK，Q-PTK将进一步分解为KEK和TK两部分。至此，量子握手过程已完成了最终的目标：STA和AP之间的相互认证及密钥分配。在下一条消息中，认证服务器AS将握手协议用于分配由KEK加密的GTK。该消息也可以用于携带一些（量子密钥分配）QKD系统的控制信号，如QKD停止信令，保证STA和AP状态机的内部信号的同步。在接收到QKD的停止信号和AS的GTK信号后，STA将发送最后一条消息，保证用户数据加密的同步启动。之后通过发送用新产生的密钥加密的信息，确认双方密钥均可用，最后使用这些密钥进行组密钥分发或者数据加密等操作。After the STA is authenticated by the authentication server, the AP and the STA first exchange control messages for quantum key negotiation. After the two parties configure the quantum equipment according to the control information, the two parties start to generate the quantum key according to the BB84 protocol. After executing the BB84 protocol, both parties will obtain the shared quantum segment transmission key Q-PTK, which will be further decomposed into two parts, KEK and TK. So far, the quantum handshake process has completed the ultimate goal: mutual authentication and key distribution between STA and AP. In the next message, the authentication server AS uses the handshake protocol to distribute the GTK encrypted by the KEK. This message can also be used to carry some (quantum key distribution) control signals of the QKD system, such as QKD stop signaling, to ensure the synchronization of the internal signals of the STA and AP state machines. After receiving the stop signal of QKD and the GTK signal of AS, STA will send the last message to ensure the synchronous start of user data encryption. Afterwards, by sending information encrypted with the newly generated key, it is confirmed that the keys of both parties are available, and finally these keys are used for operations such as group key distribution or data encryption.

下面详细介绍STA执行BB84协议的光子传输步骤。BB84协议过程如图9所示。在本文中，STA对应于Alice（发送方），AP对应与BoB(接收方)。Alice和Bob可以互换。The photon transmission steps of the STA implementing the BB84 protocol are introduced in detail below. The BB84 protocol process is shown in Figure 9. In this article, STA corresponds to Alice (sender), and AP corresponds to BoB (receiver). Alice and Bob are interchangeable.

在开始执行量子传输时，STA发送给AP一系列极化光子。发送的光子数与所需要的Q-PTK的长度、密钥协调和保密放大的算法有关。假设需要发送N个光子，在产生每个光子之初，STA随机选择0或1，然后将此信息通过所选择的“基”加载到光子的极化态上。至于所选择的“基”和信息编码的规则是STA和AP提前经过协商的，在系统的技术规范中有所定义。To start quantum transmission, the STA sends a series of polarized photons to the AP. The number of photons sent is related to the required Q-PTK length, key coordination and security amplification algorithm. Assuming that N photons need to be sent, at the beginning of generating each photon, STA randomly selects 0 or 1, and then loads this information into the polarization state of the photon through the selected "base". As for the selected "base" and information encoding rules, the STA and the AP negotiate in advance and are defined in the system's technical specifications.

AP接受到经过信息加载的极化光子后，通过随机的选取“基”进行解码，以提取STA加载在光子极化态上的信息。AP接完成N个光子的接收过程后，量子传输步骤就此结束。该步骤参考图9中的双箭头图标。其它步骤是在无线链路上实现，如前所述，具体通过封装在EAPOL-Key帧内的BB84协议公共协商部分完成。After the AP receives the polarized photons loaded with information, it randomly selects the "base" to decode, so as to extract the information loaded by the STA on the photon polarization state. After the AP completes the receiving process of N photons, the quantum transmission step ends. This step refers to the double arrow icon in Figure 9 . Other steps are implemented on the wireless link, as mentioned above, specifically through the public negotiation part of the BB84 protocol encapsulated in the EAPOL-Key frame.

AP在其完成N个光子接收之后发起公开协商过程。公开协商的第1条消息通过无线链路发送给STA，该消息附加了1条基于消息内容和STA与AP之间的预共享密钥所计算出来的MIC值。MIC值可确保认证消息的完整性。The AP initiates a public negotiation process after it finishes receiving N photons. The first message of the public negotiation is sent to the STA through the wireless link, and a MIC value calculated based on the message content and the pre-shared key between the STA and the AP is attached to the message. The MIC value ensures the integrity of the authentication message.

在接收到AP所公布的“基”后，STA将这些AP公布的“基”与其发送信息所选用的“基”进行比较，假设有M（M<N）个光子的接收“基”和发送“基”是一致的，那么公开协商的第2条消息中，STA将告诉AP，它所选用的正确基的个数为M。该消息同样由MIC和KCK进行保护。After receiving the "base" announced by the AP, the STA compares the "base" announced by these APs with the "base" selected for sending information, assuming that there are M (M<N) photon receiving "bases" and sending The "basis" is consistent, then in the second message of the public negotiation, the STA will tell the AP that the number of correct bases it chooses is M. This message is also protected by MIC and KCK.

根据比对后的结果，STA和AP最终选取M个正确的基所产生的M比特信息。在理想情况下，这M比特信息将作为双方的共享秘密。但是，通常需要考虑量子信道是否存在窃听或噪声干扰的情景。STA和AP根据误码估算探测出发生窃听行为的可能性。鉴于此，AP还需在M比特信息中选取P（P<M）比特的信息，用于保密放大。BB84协议中，P一般为M的1/3。因此，公开协商的第3条消息是，AP向STA公布p比特的测试值。According to the comparison result, the STA and the AP finally select the M bits of information generated by M correct bases. Ideally, this Mbit of information would serve as a shared secret for both parties. However, it is usually necessary to consider whether there is an eavesdropping or noise interference scenario in the quantum channel. The STA and AP detect the possibility of eavesdropping based on bit error estimation. In view of this, the AP also needs to select P (P<M) bits of information from the M bits of information for security amplification. In the BB84 protocol, P is generally 1/3 of M. Therefore, the third message of the open negotiation is that the AP announces the test value of p bits to the STA.

理论上，STA和AP如果采用的是相同的测量基，那么就可以得到完全相同的信息。同理，STA和AP也应该具有相同的测试比特P。实际上，量子信道上存在噪声干扰，可能导致双方所采用的测试比特值不匹配。接收到P比特的测试值之后，STA需要与其发送的极化光子的原始值进行比较。因此，公开协商的第4条消息是，由STA向AP确认P比特的测试值。错误率的估算公式如下：Theoretically, if the STA and the AP use the same measurement base, they can obtain exactly the same information. Similarly, the STA and the AP should also have the same test bit P. In fact, there is noise interference on the quantum channel, which may cause a mismatch in the test bit values adopted by both parties. After receiving the P-bit test value, the STA needs to compare it with the original value of the polarized photon it sent. Therefore, the fourth message of the open negotiation is that the STA confirms the test value of P bits to the AP. The formula for estimating the error rate is as follows:

如果错误率Er低于阈值Emax，则认为没有窃听存在，其错误干扰是由量子信道噪声所引起。否则，量子信道将出现一个异常高的误码率。误码阈值Emax与QKD系统和量子信道质量本身有关。如果一个量子信道通过误码估算之后被判定为“无窃听”，那么将从M比特原始比特中移除P比特的测试值。剩余的（M-P）比特称之为筛选密钥Kr。筛选密钥由STA和AP共享。该步骤标志BB84协议的过程完成了。如果探测到窃听行为，那么该阶段传输的所有的光子信息将丢弃，同时终止量子握手过程。If the error rate Er is lower than the threshold Emax, it is considered that there is no eavesdropping, and the error interference is caused by quantum channel noise. Otherwise, the quantum channel will exhibit an abnormally high bit error rate. The error threshold Emax is related to the QKD system and the quantum channel quality itself. If a quantum channel is judged as "no eavesdropping" after passing the bit error estimation, then the test value of P bits will be removed from the M bits of original bits. The remaining (M-P) bits are called the screening key Kr. The screening key is shared by STA and AP. This step marks the completion of the process of the BB84 protocol. If eavesdropping is detected, all photon information transmitted at this stage will be discarded and the quantum handshake process will be terminated.

如上所述，执行BB84协议过程中将产生筛选密钥Kr，然而由于量子信道中噪声的干扰，接收端和发送端的筛选密钥Kr会有所不同。因此，还需要进一步执行密钥协商和保密放大两个过程，以消除双方筛选密钥的差别。密钥协商是公开协商中STA和AP就两个版本的筛选密钥进行纠错的过程。Cascade协议具有简单和高效性，是实验系统和商用QKD系统中常用的纠错算法。保密放大过程是公开协商过程中用于降低窃听者所获取信息的概率。具体实现本文不再赘述，可参考其它相关文献。最终生成的协商密钥Kc<=Kr。保密放大之后，将由协商密钥Kc生成最终密钥Q-PTK(Q-PTK<Kc)。As mentioned above, the screening key Kr will be generated during the execution of the BB84 protocol. However, due to the interference of noise in the quantum channel, the screening key Kr at the receiving end and the sending end will be different. Therefore, two processes of key agreement and secrecy amplification need to be further implemented to eliminate the difference between the screening keys of the two parties. Key negotiation is a process in which STA and AP perform error correction on two versions of screening keys during public negotiation. The Cascade protocol is simple and efficient, and it is a commonly used error correction algorithm in experimental systems and commercial QKD systems. The secrecy amplification process is used in the open negotiation process to reduce the probability of information obtained by eavesdroppers. The specific implementation will not be described in detail in this paper, and other relevant documents may be referred to. The final generated negotiation key Kc<=Kr. After security amplification, the final key Q-PTK (Q-PTK<Kc) will be generated from the negotiated key Kc.

最后应当说明的是：以上实施例仅用以说明本发明的技术方案而非对其限制，尽管参照上述实施例对本发明进行了详细的说明，所属领域的普通技术人员应当理解：依然可以对本发明的具体实施方式进行修改或者等同替换，而未脱离本发明精神和范围的任何修改或者等同替换，其均应涵盖在本发明的权利要求范围当中。Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention and not to limit them. Although the present invention has been described in detail with reference to the above embodiments, those of ordinary skill in the art should understand that: the present invention can still be Any modification or equivalent replacement that does not depart from the spirit and scope of the present invention shall be covered by the scope of the claims of the present invention.

Claims (8)

Translated fromChinese

1.一种基于量子密钥分发的无线局域网安全通信方法，其特征在于，所述方法包括以下步骤：1. a wireless local area network security communication method based on quantum key distribution, it is characterized in that, described method comprises the following steps:(1)进行基于量子密钥的身份认证；(1) Carry out identity authentication based on quantum key;(2)进行量子密钥协商；(2) Carry out quantum key agreement;(3)开始加密。(3) Start encryption.2.如权利要求1所述的安全通信方法，其特征在于：所述方法包括生成组密钥GTK以进行所述加密。2. The secure communication method according to claim 1, characterized in that said method comprises generating a group key GTK for said encryption.3.如权利要求1所述的安全通信方法，其特征在于，所述身份认证包括如下步骤：（1.1）申请者通过无线接入点AP实现和认证服务器AS之间的双向认证；（1.2）申请者和无线接入点AP之间通过交换信息确立量子成对主密钥PMK。3. The secure communication method according to claim 1, wherein the identity authentication includes the following steps: (1.1) The applicant implements two-way authentication with the authentication server AS through the wireless access point AP; (1.2) The quantum pairwise master key PMK is established by exchanging information between the applicant and the wireless access point AP.4.如权利要求3所述的安全通信方法，其特征在于，所述确立量子成对主密钥包括以下步骤：4. The secure communication method according to claim 3, wherein said establishment of a quantum pairwise master key comprises the following steps:（1.2.1）检测申请者和无线接入点AP之间是否存在共享的量子密钥库；若不存在则进行量子密钥分发，生成共享的量子密钥库；若存在则执行步骤（1.2.2）；(1.2.1) Detect whether there is a shared quantum key library between the applicant and the wireless access point AP; if it does not exist, perform quantum key distribution to generate a shared quantum key library; if it exists, execute the step (1.2 .2);（1.2.2）申请者和无线接入点AP交换各自生成的随机数，并根据所述随机数计算密钥库中指针的指向，确定双方共享的成对主密钥PMK；(1.2.2) The applicant and the wireless access point AP exchange the random numbers generated by each, and calculate the pointing of the pointer in the key store according to the random numbers, and determine the paired master key PMK shared by both parties;（1.2.3）无线接入点AP产生随机数randomB并发给申请者，申请者产生随机数randomA，并利用伪随机函数PRF对randomA、randomB、申请者的MAC地址、无线接入点AP的MAC地址和所述成对主密钥PMK进行计算得到申请者的密钥确认密钥KCK；(1.2.3) The wireless access point AP generates a random number randomB and sends it to the applicant. The applicant generates a random number randomA, and uses the pseudo-random function PRF to compare randomA, randomB, the MAC address of the applicant, and the MAC address of the wireless access point AP. Calculate the address and the paired master key PMK to obtain the applicant's key confirmation key KCK;（1.2.4）申请者将自己的KCK和所述PMK经Hmac算法得到自己的消息完整性认证码MIC，并将该MIC和randomA发送给无线接入点AP；(1.2.4) The applicant obtains its own message integrity authentication code MIC through the Hmac algorithm through its KCK and the PMK, and sends the MIC and randomA to the wireless access point AP;（1.2.5）无线接入点AP利用伪随机函数PRF将randomA、randomB、申请者的MAC地址、无线接入点AP的MAC地址和所述PMK进行计算得到无线接入点AP的密钥确认密钥KCK；（1.2.6）无线接入点AP将自己的KCK和所述PMK经Hmac算法得到自己的消息完整性认证码MIC；(1.2.5) The wireless access point AP uses the pseudo-random function PRF to calculate randomA, randomB, the MAC address of the applicant, the MAC address of the wireless access point AP and the PMK to obtain the key confirmation of the wireless access point AP The key KCK; (1.2.6) The wireless access point AP obtains its own message integrity authentication code MIC through the Hmac algorithm through its own KCK and the PMK;（1.2.7）无线接入点AP将自己的MIC和申请者的MIC进行比较，若一致，则身份认证成功；若不一致，则终止身份认证。(1.2.7) The wireless access point AP compares its own MIC with the applicant's MIC. If they are consistent, the identity authentication is successful; if they are inconsistent, the identity authentication is terminated.5.如权利要求1所述的安全通信方法，其特征在于，所述量子密钥协商包括如下步骤：（2.1）无线接入点AP和申请者交换量子密钥协商的控制消息；（2.2）双方根据BB84协议产生量子密钥；（2.3）双方得到共享的量子分段传输密钥Q-PTK，进一步将Q-PTK分解为密钥加密密钥KEK和临时密钥TK。5. The secure communication method according to claim 1, wherein the quantum key agreement includes the following steps: (2.1) the wireless access point AP and the applicant exchange quantum key agreement control messages; (2.2) Both parties generate quantum keys according to the BB84 protocol; (2.3) Both parties obtain the shared quantum segment transmission key Q-PTK, and further decompose Q-PTK into key encryption key KEK and temporary key TK.6.如权利要求2或5所述的安全通信方法，其特征在于，所述密钥加密密钥KEK加密所述组密钥GTK，所述临时密钥TK加密申请者和无线接入点AP之间的通信数据；无线接入点AP分配由KEK加密的所述组密钥GTK以实现加密过程。6. The secure communication method according to claim 2 or 5, wherein the key encryption key KEK encrypts the group key GTK, and the temporary key TK encrypts the applicant and the wireless access point AP The communication data between; the wireless access point AP distributes the group key GTK encrypted by KEK to realize the encryption process.7.如权利要求5所述的安全通信方法，其特征在于，所述根据BB84协议产生量子密钥包括以下步骤：7. The secure communication method according to claim 5, wherein said generating quantum key according to the BB84 protocol comprises the following steps:（2.3.1）申请者向无线接入点AP发送极化光子，并于所述光子极化态上加载信息；(2.3.1) The applicant sends polarized photons to the wireless access point AP, and loads information on the polarized state of the photons;（2.3.2）无线接入点AP接收所述光子并解码以提取所述信息；(2.3.2) The wireless access point AP receives the photon and decodes it to extract the information;（2.3.3）无线接入点AP向申请者发送第1条消息，公布其在步骤（2.3.2）的光子接收中所使用的基；(2.3.3) The wireless access point AP sends the first message to the applicant, announcing the base used in the photon reception in step (2.3.2);（2.3.4）申请者根据该第1条消息，比对无线接入点AP公布的基与其发送极化光子所选用的基，并将比对一致的基通过第2条消息返回给无线接入点AP；(2.3.4) According to the first message, the applicant compares the base announced by the wireless access point AP with the base selected for sending polarized photons, and returns the base that is consistent with the comparison to the wireless access point through the second message. Entry point AP;（2.3.5）无线接入点AP选取测试基，并发送第3条消息向申请者公布该测试值；(2.3.5) The wireless access point AP selects the test base, and sends the third message to announce the test value to the applicant;（2.3.6）申请者将收到的测试值与其在步骤（2.3.1）中发送的所述极化光子的原始值进行比较，并发送第4条消息向无线接入点AP确认所述测试值；(2.3.6) The applicant compares the received test value with the original value of the polarized photon sent in step (2.3.1), and sends the 4th message to the wireless access point AP to confirm the test value;（2.3.7）用下式估算错误率：(2.3.7) Estimate the error rate with the following formula:

式中，p为测试用的总比特数；若错误率Er低于阈值Emax，则没有窃听存在，该步骤完成；否则存在窃听，丢弃全部光子信息，终止量子握手；In the formula, p is the total number of bits used for testing; if the error rate Er is lower than the threshold Emax, then there is no eavesdropping, and this step is completed; otherwise, there is eavesdropping, all photon information is discarded, and the quantum handshake is terminated;所述第1-4条消息均包括：基于该条消息内容和根据申请者与无线接入点AP预共享的密钥所计算出的消息完整性认证码MIC。The first to fourth messages all include: the message integrity authentication code MIC calculated based on the content of the message and the key pre-shared between the applicant and the wireless access point AP.8.如权利要求3所述的安全通信方法，其特征在于，所述双向认证包括以下步骤：8. The secure communication method according to claim 3, wherein the two-way authentication comprises the following steps:（1.1.1）所述申请者通过客户端发起连接请求；(1.1.1) The applicant initiates a connection request through the client;（1.1.2）无线接入点AP收到请求认证，回应一个请求帧要求传输用户名；(1.1.2) The wireless access point AP receives the request for authentication, and responds with a request frame to request the transmission of the user name;（1.1.3）客户端响应无线接入点AP发出的请求，无线接入点AP收到信息后传给认证服务器AS进行处理；(1.1.3) The client responds to the request sent by the wireless access point AP, and the wireless access point AP receives the information and sends it to the authentication server AS for processing;（1.1.4）认证服务器AS将收到的信息与数据库中用户名信息进行比对，找到该用户名对应的口令信息，用随机生成的加密字对其进行加密处理，同时将该加密字传给无线接入点AP，并通过无线接入点AP传给客户端；(1.1.4) The authentication server AS compares the received information with the user name information in the database, finds the password information corresponding to the user name, encrypts it with a randomly generated encrypted word, and transmits the encrypted word to To the wireless access point AP, and pass it to the client through the wireless access point AP;（1.1.5）客户端收到无线接入点AP转传来的加密字后，用该加密字对口令信息进行加密处理，并通过无线接入点AP转发给认证服务器AS；(1.1.5) After receiving the encrypted word from the wireless access point AP, the client uses the encrypted word to encrypt the password information and forwards it to the authentication server AS through the wireless access point AP;（1.1.6）认证服务器AS将送上来的加密后的口令信息和之前自身加密运算后的口令信息进行对比；如果相同，则认为该用户为合法用户，发出认证通过信息，并向无线接入点AP发出打开控制端口的命令，允许申请者的业务流通过端口访问网络；否则，保持无线接入点AP的端口关闭，只允许认证信息数据流通过而不允许业务数据流通过；(1.1.6) The authentication server AS compares the encrypted password information sent up with the previously encrypted password information; if they are the same, it considers the user as a legitimate user, sends an authentication pass message, and sends a message to the wireless access Point the AP to issue a command to open the control port, allowing the applicant's business flow to access the network through the port; otherwise, keep the port of the wireless access point AP closed, only allowing the authentication information data flow to pass but not the business data flow;（1.1.7）认证成功后，认证服务器AS向无线接入点AP发送信息确认认证成功，完成认证，并执行所述步骤（1.2）。(1.1.7) After the authentication is successful, the authentication server AS sends a message to the wireless access point AP to confirm that the authentication is successful, completes the authentication, and executes the step (1.2).

Images