面向物联网的轻量级可验证群组认证方案
Lightweight Verifiable Group Authentication Scheme for the Internet of Things
- 电子学报 2022年50卷第4期 页码:990-1001
- 作者机构:
1.江苏师范大学计算机科学与技术学院,江苏徐州 221116
2.福建师范大学福建省网络安全与密码技术重点实验室,福建福州 350007
3.河南省网络密码技术重点实验室,河南郑州 450001
- 作者简介:
[ "陈书仪 女,1998年生,江苏淮安人.江苏师范大学计算机科学与技术学院硕士研究生.主要研究方向为群组认证技术、物联网安全和区块链.E-mail: chenshuyi@jsnu.edu.cn" ]
[ "刘亚丽(通讯作者) 女,1981年生,江苏徐州人.博士,副教授,硕士生导师,CCF会员.主要研究方向为信息安全、物联网认证和隐私保护技术、区块链安全和隐私、车载自组织网络、密码算法和协议及其在物联网和移动通信中的应用等." ]
[ "林昌露 男,1978年生,福建大田人.博士,副教授,博士生导师.主要研究方向为密码学和网络安全、秘密共享、安全多方计算、公钥密码学及其应用等.E-mail: cllin@fjnu.edu.cn" ]
[ "李 涛 男,1998年生,湖北黄冈人.江苏师范大学计算机科学与技术学院硕士研究生.主要研究方向为RFID认证技术、物联网安全和区块链.E-mail: taoli@jsnu.edu.cn" ]
[ "董永权 男,1979年生,江苏宿迁人.博士,教授,硕士生导师.主要研究方向为Web信息管理和Web信息安全等.E-mail: tomdyq@163.com" ]
- 基金信息:国家自然科学青年基金(61702237);国家自然科学基金面上项目(61872168);国家自然科学基金促进海峡两岸科技合作联合基金(U1705264);福建省网络安全与密码技术重点实验室(福建师范大学)开放课题(NSCL-KF2021-04);河南省网络密码技术重点实验室研究课题(LNCT2021-A07);江苏省研究生科研与实践创新计划项目(KYCX20_2381);江苏师范大学研究生科研与实践创新计划项目(2021XKT1387);江苏省自然科学青年基金(BK20150241);徐州市推动科技创新专项资金项目(KC18005);江苏省高校自然科学基金(14KJB520010);福建省自然科学基金(2019J01275);江苏政府留学奖学金
DOI:10.12263/DZXB.20211028
中图分类号: TP309;收稿:2021-08-01,
修回:2022-01-05,
纸质出版:2022-04-25
- 稿件说明:
移动端阅览
陈书仪,刘亚丽,林昌露等.面向物联网的轻量级可验证群组认证方案[J].电子学报,2022,50(04):990-1001.
CHEN Shu-yi,LIU Ya-li,LIN Chang-lu,et al.Lightweight Verifiable Group Authentication Scheme for the Internet of Things[J].ACTA ELECTRONICA SINICA,2022,50(04):990-1001.
陈书仪,刘亚丽,林昌露等.面向物联网的轻量级可验证群组认证方案[J].电子学报,2022,50(04):990-1001. DOI: 10.12263/DZXB.20211028.
CHEN Shu-yi,LIU Ya-li,LIN Chang-lu,et al.Lightweight Verifiable Group Authentication Scheme for the Internet of Things[J].ACTA ELECTRONICA SINICA,2022,50(04):990-1001. DOI: 10.12263/DZXB.20211028.
摘要
随着物联网应用的广泛扩展,越来越多的物联网设备出现在人们的日常生活中,包括智能电表、智能家居、智能穿戴等.它们在带给人民生活便利的同时,由于物联网设备通过无线开放信道进行交互,造成诸多安全和隐私问题的出现.身份认证是解决物联网安全和隐私问题的关键技术之一.传统的点对点认证方案没有考虑到物联网海量节点和节点资源受限的情况,而群组认证是一种一次验证一组成员身份的认证技术,为物联网节点的身份认证提供了新的思路.然而,现有适用于物联网场景的群组认证方案存在安全隐患,无法抵抗伪造、重放等恶意攻击并且无法防止群组管理者对组成员的欺骗.本文利用可验证秘密共享技术设计了一种适用于物联网场景的轻量级可验证群组认证方案以抵抗群组管理者的欺骗行为.另外,在物联网场景下,节点可能会动态地加入和撤出网络,针对这种情况,本文在可验证群组认证方案的基础上设计密钥更新环节以更新组成员的权限.安全性分析表明,本文方案满足正确性、机密性,能够抵抗重放、伪造、冒充等恶意攻击.性能分析和实验仿真表明,与现有典型的物联网群组认证方案相比,本文方案在保证安全性的同时降低了组成员的计算代价.
Abstract
With the wide spread of the applications of the internet of things (IoT)
more and more IoT devices appear in our lives
including smart meters
smart homes
smart wear and so on. While they bring convenience to people
'
s lives
many security and privacy issues arise because of the interaction of IoT devices through wireless open channels. Identity authentication is one of the key technologies to solve the security and privacy issues of IoT. The traditional point-to-point authentication schemes do not consider the massive resource-limited nodes
while group authentication is an authentication technology that can simultaneously verify a group of members
which provides a new idea for the authentication of IoT nodes. However
the existing group authentication schemes for IoT are vulnerable to some security risks
which cannot resist malicious attacks such as forgery attack
replay attack and cannot prevent the group manager from cheating group members. In this paper
a lightweight verifiable group authentication scheme for IoT based on verifiable secret sharing technology is proposed
which resists the deception of the group manager. In addition
nodes may dynamically join or leave the network in IoT scenarios. Given this situation
key updating based on the verifiable group authentication scheme is designed to update group members
'
authority. Security analysis shows that this scheme satisfies the correctness and confidentiality
and it can resist malicious attacks such as replay attack
forgery attack
impersonation attack. Performance analysis and experimental simulation show that this scheme reduces the computational cost of group members while it ensures security compared with the existing typical group authentication schemes for IoT.
关键词
Keywords
references
武传坤 . 物联网安全关键技术与挑战 [J]. 密码学报 , 2015 , 2 ( 1 ): 40 - 53 .
WU C K . An overview on the security techniques and challenges of the internet of things [J]. Journal of Cryptologic Research , 2015 , 2 ( 1 ): 40 - 53 . (in Chinese)
陈亮 , 李峰 , 任保全 , 等 . 软件定义物联网研究综述 [J]. 电子学报 , 2021 , 49 ( 5 ): 1019 - 1032 .
CHEN L , LI F , REN B Q , et al . Software-defined internet of things: a survey [J]. Acta Electronica Sinica , 2021 , 49 ( 5 ): 1019 - 1032 . (in Chinese)
张顺 , 范鸿丽 , 仲红 , 等 . 无线体域网中高效可撤销的无证书远程匿名认证协议 [J]. 通信学报 , 2018 , 39 ( 4 ): 100 - 111 .
ZHANG S , FAN H L , ZHONG H , et al . Efficient revocable certificateless remote anonymous authentication protocol for wireless body area network [J]. Journal on Communications , 2018 , 39 ( 4 ): 100 - 111 . (in Chinese)
FOUDA M M , FADLULLAH Z M , KATO N , et al . A lightweight message authentication scheme for smart grid communications [J]. IEEE Transactions on Smart grid , 2011 , 2 ( 4 ): 675 - 685 .
房卫东 , 张武雄 , 杨旸 , 等 . 基于生物特征标识的无线传感器网络三因素用户认证协议 [J]. 电子学报 , 2018 , 46 ( 3 ): 702 - 713 .
FANG W D , ZHANG W X , YANG Y , et al . Biometric-based three-factor user authentication protocol for wireless sensor network [J]. Acta Electronica Sinica , 2018 , 46 ( 3 ): 702 - 713 . (in Chinese)
张文芳 , 雷丽婷 , 王小敏 , 等 . 面向云服务的安全高效无证书聚合签名车联网认证密钥协商协议 [J]. 电子学报 , 2020 , 48 ( 9 ): 1814 - 1823 .
ZHANG W F , LEI L T , WANG X M , et al . Secure and efficient authentication and key agreement protocol using certificateless aggregate signature for cloud service oriented VANET [J]. Acta Electronica Sinica , 2020 , 48 ( 9 ): 1814 - 1823 . (in Chinese)
李涛 , 刘亚丽 . 一种基于双PUF的RFID认证协议 [J]. 计算机研究与发展 , 2021 , 58 ( 8 ): 1801 - 1810 .
LI T , LIU Y L . A double PUF-based RFID authentication protocol [J]. Journal of Computer Research and Development , 2021 , 58 ( 8 ): 1801 - 1810 . (in Chinese)
HARN L . Group authentication [J]. IEEE Transactions on Computers , 2012 , 62 ( 9 ): 1893 - 1898 .
SHAMIR A . How to share a secret [J]. Communications of the ACM , 1979 , 22 ( 11 ): 612 - 613 .
AHMADIAN Z , JAMSHIDPOUR S . Linear subspace cryptanalysis of Harn's secret sharing-based group authentication scheme [J]. IEEE Transactions on Information Forensics and Security , 2017 , 13 ( 2 ): 502 - 510 .
CHIEN H Y . Group authentication with multiple trials and multiple authentications [J]. Security and Communication Networks , 2017 , 2017 : 1 - 7 .
XIA Z , LIU Y N , HSU C F , et al . Cryptanalysis and improvement of a group authentication scheme with multiple trials and multiple authentications [J]. Security and Communication Networks , 2020 , 2020( 3 ): 1 - 8 .
AYDIN Y , KURT G K , OZDEMIR E , et al . A flexible and lightweight group authentication scheme [J]. IEEE Internet of Things Journal , 2020 , 7 ( 10 ): 10277 - 10287 .
XIONG H , QIN Z . Revocable and scalable certificateless remote authentication protocol with anonymity for wireless body area networks [J]. IEEE Transactions on Information Forensics and Security , 2015 , 10 ( 7 ): 1442 - 1455 .
JIANG S , ZHU X , WANG L . An efficient anonymous batch authentication scheme based on HMAC for VANETs [J]. IEEE Transactions on Intelligent Transportation Systems , 2016 , 17 ( 8 ): 2193 - 2204 .
ZHANG L , ZHANG F T , HUANG X Y . A secure and effcient certificateless signature scheme using bilinear pairing [J]. Chinese Journal of Electronics , 2009 , 18 ( 1 ): 145 - 148 .
WANG F , CHANG C C , CHOU Y C . Group authentication and group key distribution for ad hoc networks [J]. International Journal of Network Security , 2015 , 17 ( 2 ): 199 - 207 .
MAHMOOD K , CHAUDHRY S A , NAQVI H , et al . An elliptic curve cryptography based lightweight authentication scheme for smart grid communication [J]. Future Generation Computer Systems , 2018 , 81 : 557 - 565 .
0
浏览量
8
下载量
3
CSCD
- 网络PDF下载
- Meta-XML下载
- BibTeX下载
- Endnote下载
- RefMan 下载
- NoteExpress下载
- NoteFirst下载
关联资源
相关文章
相关作者
相关机构
- 技术支持由北京北大方正电子有限公司提供 京ICP备09064830号-19
京公网安备11010802024621 - 本系统建议在Chrome、 IE9+ 以上版本浏览器阅读本站内容,360浏览器请切换至极速模式
- Cookies帮助我们提供服务并提供个性化体验。使用本网站,即表示您同意我们使用Cookies