电子学报 ›› 2022, Vol. 50 ›› Issue (4): 990-1001.DOI: 10.12263/DZXB.20211028

所属专题: 网络空间及网络通信中的安全问题

• 学术论文 • 上一篇    下一篇

面向物联网的轻量级可验证群组认证方案

陈书仪1,2,3, 刘亚丽1,2,3(), 林昌露2, 李涛1,2,3, 董永权1   

  1. 1.江苏师范大学计算机科学与技术学院,江苏 徐州 221116
    2.福建师范大学福建省网络安全与密码技术重点实验室,福建 福州 350007
    3.河南省网络密码技术重点实验室,河南 郑州 450001
  • 收稿日期:2021-08-01 修回日期:2022-01-05 出版日期:2022-04-25
    • 通讯作者:
    • 刘亚丽
    • 作者简介:
    • 陈书仪 女,1998年生,江苏淮安人.江苏师范大学计算机科学与技术学院硕士研究生.主要研究方向为群组认证技术、物联网安全和区块链.E-mail: chenshuyi@jsnu.edu.cn
      刘亚丽(通讯作者) 女,1981年生,江苏徐州人.博士,副教授,硕士生导师,CCF会员.主要研究方向为信息安全、物联网认证和隐私保护技术、区块链安全和隐私、车载自组织网络、密码算法和协议及其在物联网和移动通信中的应用等.
      林昌露 男,1978年生,福建大田人.博士,副教授,博士生导师.主要研究方向为密码学和网络安全、秘密共享、安全多方计算、公钥密码学及其应用等.E-mail: cllin@fjnu.edu.cn
      李 涛 男,1998年生,湖北黄冈人.江苏师范大学计算机科学与技术学院硕士研究生.主要研究方向为RFID认证技术、物联网安全和区块链.E-mail: taoli@jsnu.edu.cn
      董永权 男,1979年生,江苏宿迁人.博士,教授,硕士生导师.主要研究方向为Web信息管理和Web信息安全等.E-mail: tomdyq@163.com
    • 基金资助:
    • 国家自然科学青年基金 (61702237); 国家自然科学基金面上项目 (61872168); 国家自然科学基金促进海峡两岸科技合作联合基金 (U1705264); 福建省网络安全与密码技术重点实验室 (福建师范大学)开放课题 (NSCL-KF2021-04); 河南省网络密码技术重点实验室研究课题 (LNCT2021-A07); 江苏省研究生科研与实践创新计划项目 (KYCX20_2381); 江苏师范大学研究生科研与实践创新计划项目 (2021XKT1387); 江苏省自然科学青年基金 (BK20150241); 徐州市推动科技创新专项资金项目 (KC18005); 江苏省高校自然科学基金 (14KJB520010); 福建省自然科学基金 (2019J01275); 江苏政府留学奖学金

Lightweight Verifiable Group Authentication Scheme for the Internet of Things

CHEN Shu-yi1,2,3, LIU Ya-li1,2,3(), LIN Chang-lu2, LI Tao1,2,3, DONG Yong-quan1   

  1. 1.College of Computer Science and Technology, Jiangsu Normal University, Xuzhou, Jiangsu 221116, China
    2.Fujian Provincial Key Laboratory of Network Security and Cryptology, Fujian Normal University, Fuzhou, Fujian 350007, China
    3.Henan Key Laboratory of Network Cryptography Technology, Zhengzhou, Henan 450001, China
  • Received:2021-08-01 Revised:2022-01-05 Online:2022-04-25 Published:2022-04-25
    • Corresponding author:
    • LIU Ya-li
    • Supported by:
    • Youth Fund of National Natural Science Foundation of China (61702237); National Natural Science Foundation of China (61872168); Straits Exchange Foundation of National Natural Science Foundation of China (U1705264); Open Project of Fujian Key Laboratory of Network Security and Cryptography (Fujian Normal University) (NSCL-KF2021-04); Henan Key Laboratory of Network Cryptography Technology (LNCT2021-A07); Postgraduate Research and Practice Innovation Program of Jiangsu Province (KYCX20_2381); Science Research and Practice Innovation Program for Graduate Students of Jiangsu Normal University (2021XKT1387); Natural Science Youth Foundation of Jiangsu Province (BK20150241); Science and Technology Innovation Promotion Project of Xuzhou City (KC18005); Natural Science Foundation of the Jiangsu Higher Education Institutions of China (14KJB520010); Natural Science Foundation of Fujian Province (2019J01275); Jiangsu Government Scholarship Program

摘要:

随着物联网应用的广泛扩展,越来越多的物联网设备出现在人们的日常生活中,包括智能电表、智能家居、智能穿戴等.它们在带给人民生活便利的同时,由于物联网设备通过无线开放信道进行交互,造成诸多安全和隐私问题的出现.身份认证是解决物联网安全和隐私问题的关键技术之一.传统的点对点认证方案没有考虑到物联网海量节点和节点资源受限的情况,而群组认证是一种一次验证一组成员身份的认证技术,为物联网节点的身份认证提供了新的思路.然而,现有适用于物联网场景的群组认证方案存在安全隐患,无法抵抗伪造、重放等恶意攻击并且无法防止群组管理者对组成员的欺骗.本文利用可验证秘密共享技术设计了一种适用于物联网场景的轻量级可验证群组认证方案以抵抗群组管理者的欺骗行为.另外,在物联网场景下,节点可能会动态地加入和撤出网络,针对这种情况,本文在可验证群组认证方案的基础上设计密钥更新环节以更新组成员的权限.安全性分析表明,本文方案满足正确性、机密性,能够抵抗重放、伪造、冒充等恶意攻击.性能分析和实验仿真表明,与现有典型的物联网群组认证方案相比,本文方案在保证安全性的同时降低了组成员的计算代价.

关键词: 群组认证, 物联网, 轻量级, 可验证秘密共享, 动态群组

Abstract:

With the wide spread of the applications of the internet of things (IoT), more and more IoT devices appear in our lives, including smart meters, smart homes, smart wear and so on. While they bring convenience to people's lives, many security and privacy issues arise because of the interaction of IoT devices through wireless open channels. Identity authentication is one of the key technologies to solve the security and privacy issues of IoT. The traditional point-to-point authentication schemes do not consider the massive resource-limited nodes, while group authentication is an authentication technology that can simultaneously verify a group of members, which provides a new idea for the authentication of IoT nodes. However, the existing group authentication schemes for IoT are vulnerable to some security risks, which cannot resist malicious attacks such as forgery attack, replay attack and cannot prevent the group manager from cheating group members. In this paper, a lightweight verifiable group authentication scheme for IoT based on verifiable secret sharing technology is proposed, which resists the deception of the group manager. In addition, nodes may dynamically join or leave the network in IoT scenarios. Given this situation, key updating based on the verifiable group authentication scheme is designed to update group members' authority. Security analysis shows that this scheme satisfies the correctness and confidentiality, and it can resist malicious attacks such as replay attack, forgery attack, impersonation attack. Performance analysis and experimental simulation show that this scheme reduces the computational cost of group members while it ensures security compared with the existing typical group authentication schemes for IoT.

Key words: group authentication, the internet of things, lightweight, verifiable secret sharing, dynamic group

中图分类号: