基于密码学累加器的电力物联网设备接入管理  被引量：4

作　　者：陈彬[1] 徐欢[1] 奚建飞 雷美炼 张锐[3] 秦诗涵 CHEN Bin;XU Huan;XI Jian-fei;LEI Mei-lian;ZHANG Rui;QIN Shi-han(China Southern Power Grid,Guangzhou 510663,China;China Southern Power Grid Digital Power Grid Research Institute,Guangzhou 510663,China;Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China)

机构地区：[1]中国南方电网有限责任公司,广州510663 [2]南方电网数字电网研究院,广州510663 [3]中国科学院信息工程研究所,北京100093

出　　处：《计算机科学》2022年第S02期750-755,共6页Computer Science

基　　金：国家自然科学基金(61772520,61802392,61972094)

摘　　要：设备安全接入是电力物联网安全防护的第一道防线,是实现访问控制、入侵检测等安全机制的前提。完备的设备接入管理涵盖设备的可信认证和安全撤销两个关键环节,现行系统大多依赖PKI来建立可信基础设施,通过公钥证书的颁发、验证及撤销实现接入管理。然而,在电力物联网场景下,该方案为数量众多、资源受限的设备带来了额外的开销负担和效率问题,随之提出的轻量级认证方案实现了开销及效率的优化,但在功能上存在不足,无法实现安全撤销这一关键环节。针对以上不足,基于密码学累加器及布隆过滤器提出了一种电力物联网设备接入管理方案,同时实现了设备的可信认证及安全撤销,并有效地兼顾功能和效率。通过安全性分析,本方案实现了设备对网关的匿名认证、身份凭证的不可伪造性以及强制撤销安全性。实验结果表明,与主流的基于PKI的设备接入管理方案相比,本方案在设备身份验证及凭证撤销环节大大降低了通信开销和存储开销,在电力物联网场景下具备更高的实用性。Device access is the first line of defense for the security protection of the power Internet of Things,and it is the premise for realizing security mechanisms such as access control and intrusion detection.Complete device access management covers two key links:trusted authentication and secure revocation.Most existing systems rely on PKI to establish trusted infrastructure,and realize access management through the issuance,verification and revocation of public key certificates.However,in the scenario of power Internet of Things,this scheme brings extra overhead burden and efficiency problems to a large number of devices with limited resources.The lightweight authentication scheme has realized the optimization of overhead and efficiency,but it is not functional enough to realize the key link of safe revocation.In view of the above shortcomings,this paper proposes an access management scheme for power Internet of Things devices based on cryptography accumulator and Bloom filter,which simultaneously realizes trusted authentication and security revocation of devices,and effectively considers both functions and efficiency.Through security analysis,this scheme realizes anonymous authentication of gateway,unforgeability of identity certificate and security of forced revocation.Experimental results show that,compared with the mainstream PKI-based device access management scheme,this scheme greatly reduces the communication overhead and storage overhead in the process of device authentication and revocation,and has higher practicability in the power Internet of Things scene.

关 键 词：密码学累加器 电力物联网 接入认证 安全撤销 匿名 

分 类 号：TM73[电气工程—电力系统及自动化] TN929.5[电子电信—通信与信息系统] TP391.44[电子电信—信息与通信工程]