Communication method based on trusted third party authenticationTechnical Field
The invention relates to a communication method, in particular to a communication method based on trusted third party authentication.
Background
Data information is widely spread in networks, confidentiality of the communication process is a focus of social concern, and communication protocols are the first lines of defense to ensure reliable transmission of information over unsafe channels. When information interaction is carried out, the two communication parties can observe a pre-agreed safety protocol, but the process of information interaction cannot be ensured to be absolutely safe, and a lot of important information still faces the risk of being stolen. The protocol itself may have some security holes that others exploit to develop attacks, and the communication partners may therefore suffer significant losses.
In the communication process, key encryption is generally adopted to ensure safety, and key encryption algorithms have two main types: symmetric encryption algorithms and asymmetric encryption algorithms. The symmetric key encryption protocol always uses the same key to penetrate through the encryption and decryption processes of the message, and has the advantages of high encryption speed, incapability of carrying out identity authentication of a user, and easiness in causing the problem that the number of the keys held by a communication agency is too large to be easily managed; the asymmetric key encryption protocol can realize legal identity authentication of the user, and has higher security. However, due to the high complexity of the key, this encryption scheme is slow in handling large volume messages.
In the prior art, two kinds of communication protocols mixed by encryption modes are adopted, and two parties of communication adopt asymmetric keys for communication identity authentication, so that each user is required to store a large number of keys, and the burden on key storage and management is brought to the user. Therefore, the key distribution center is used for managing the key used for identity authentication, and then the symmetric key used in the communication process is distributed to the two communication parties, so that the problem of storing the key by the users is solved, and when the key distribution center is invaded, the communication security among all users is threatened.
Disclosure of Invention
Aiming at the defects of the prior art, the invention aims to provide a communication method based on trusted third party authentication, which improves communication efficiency in a mode of mixing a symmetric key and an asymmetric key, reduces the burden of users and ensures the communication safety among the users by storing and managing the key by a feasible third party, not only solves the problem that encryption and decryption processes in an asymmetric encryption protocol are complicated, but also solves the problem that a communication agent cannot perform identity authentication under a symmetric key system.
The technical scheme of the invention is as follows: a communication method based on trusted third party authentication comprises the following steps:
step 1, a first direction trusted third party in two parties needing to establish communication applies for request information for establishing communication with a second party in two parties needing to establish communication;
step 2, the trusted third party sends information containing the identity information of the first party to the second party according to the request information sent by the first party and by using an asymmetric key encryption mode;
step 3, the second party decrypts the information sent by the trusted third party and sends information containing a temporary key to the first party by using an asymmetric key encryption mode, wherein the temporary key is a key of a symmetric key encryption mode;
and 4, the first party decrypts the information sent by the second party and acquires the temporary key therein, and the first party and the second party communicate through the temporary key.
Further, in step 1, when the first party sends the request information, the request information is encrypted by using an asymmetric key encryption mode, and in step 2, the trusted party decrypts the request information.
In step 1, the first party uses the asymmetric key encryption mode to send the request information, which is to encrypt the request information by using the public key of the trusted third party, and in step 2, the trusted third party decrypts the request information sent by the first party by using the private key of the trusted third party.
In step 2, the trusted third party uses the asymmetric key encryption mode to send information, which is to encrypt the information by using the public key of the second party, and in step 3, the second party decrypts the information of the trusted third party by using the private key of the second party.
Further, in step 3, the second party uses the asymmetric key encryption to send information, which is to encrypt information by using the public key of the first party, and in step 4, the first party decrypts the information sent by the second party by using the private key of the first party.
Further, in step 1, the request information includes an ID of the first party, an ID of the second party, and a first random number generated by the first party.
Further, in step 2, the information sent by the third party to the second party includes the ID of the first party, the public key of the first party, and the first random number, and in step 3, the information including the temporary key sent by the second party to the first party further includes the first random number-1.
Further, in step 4, the first party obtains the temporary key and then encrypts a message containing a second random number with the temporary key to the second party, and the second party decrypts the message with the temporary key and then encrypts a message containing a second random number-1 with the temporary key to the first party.
Further, the first party destroys the temporary key after communication with the second party is completed.
The invention adopts an asymmetric key encryption technology in the identity authentication process between the first party and the second party, and adopts a symmetric key encryption technology in the main communication process, compared with the prior art, the invention has the advantages that: the trusted third party is used as a communication bridge between the two parties of the communication user, so that a guiding effect is achieved for the communication between the users. In a conventional asymmetric key encryption scheme, each user needs to store the public keys of all other users in order to establish a relationship. And the introduction of the trusted third party stores the public keys of all users, and the users only need to store the public keys of the trusted third party, so that the storage burden of the users is reduced. And because the public key of the user is not completely disclosed any more, the trusted third party can prevent harassment of illegal users to a certain extent as a first defense line, and the security is improved to a certain extent on the basis of the traditional public key encryption protocol. Unlike common key distributing method, the trusted third party has no temporary key, i.e. the session key used in the main communication, and the session key is completed by the communication main body, i.e. the user, without passing through the trusted third party, and has better privacy. Even if a trusted third party is invaded by an illegal user, the communication process of the main body cannot be completely destroyed.
Drawings
Fig. 1 is a schematic flow chart of a communication method based on trusted third party authentication according to an embodiment.
Detailed Description
The invention is further illustrated, but is not limited, by the following examples.
Referring to fig. 1, in order to establish a communication relationship between a user Tom and a user Dick in a distributed network, a specific message flow of the method of the present invention is as follows:
the user Tom is a first party of communication, the user Dick is a second party of communication, and the key distribution center KDC is a trusted third party.
Firstly, tom sends a request message to KDC, the request message is encrypted by using the public key of the KDC, and the message body of the request message comprises the name (Tom) of the user, the name (Dick) of the opposite party and a random number Nt generated randomly;
after receiving the message sent by Tom, the KDC decrypts the message using its own private key, and then forwards the message requesting communication to the Dick. The message body sent to the Dick by the KDC comprises the name of Tom, a random number Nt and a public key of the Tom of the user, and the message body is encrypted by using the public key of the Dick;
after receiving the message sent by the KDC, the Dick decrypts the message by using its own private key, and then sends a feedback message to Tom, indicating that it has received the request message. The message body of the feedback message sent to Tom by the Dick comprises a user name Dick, a random number Nt-1 and a randomly generated temporary key Temkey (the formal communication process adopts a symmetric key encryption mode, adopts the Temkey to encrypt the message body), and encrypts the message body by using the public key of Tom;
tom decrypts the message using its own public key after receiving the Dick feedback message. Tom obtains the temporary key Temkey and then generates a random number Nt' as a message. Tom uses a temporary key Temkey to encrypt the random number Nt 'and then sends the random number Nt' to Dick;
after the Dick receives the last message of Tom, it decrypts the message using the temp key. After the random number Nt 'is acquired, dick takes the random number (Nt' -1) as the message body and encrypts it using the temporary key temp, sending the encrypted message to Tom. So far, the last handshake is completed, and the communication between the users Tom and Dick is formally established.
The specific message interaction process can be described in the following semi-formal manner:
Message 1:Tom→KDC:Pubkey_K{Tom,Dick,Nt}
Message 2:KDC→Dick:Pubkey_D{Tom,Pubkey_T,Nt}
Message 3:Dick→Tom:Pubkey_T{Dick,Nt-1,Temkey}
Message 4:Tom→Dick:Temkey{Nt'}
Message 5:Dick→Tom:Temkey{Nt'-1}
for the communication method based on the trusted third party authentication, an theorem proving tool Isable/HOL is adopted to perform formal modeling on the protocol, a security primer is established, and correctness of the primer is unfolded and verified. By modeling the protocol in the theorem proving tool Isable/HOL, all protocol specifications relate to the grammar theory of messages. Modeling data objects in the protocol, mapping functions between users and secret keys, behavior description functions of users and spyware and message interaction flow, and describing the behavior of the protocol system in an event tracking mode. And finally, establishing two security quotations according to the protocol security requirements, and verifying the security of the quotations by adopting a way of inductive analysis. The verification result shows that compared with the traditional key protocol, the invention reduces the storage burden of the user and improves the information processing efficiency, and simultaneously has better security.