物联网中移动Sensor节点漫游的组合安全认证协议  被引量：12

作　　者：王良民[1,2] 姜顺荣[1] 郭渊博[3] 

机构地区：[1]江苏大学计算机科学系,镇江212013 [2]安徽大学计算机科学与技术学院,合肥230601 [3]解放军信息工程大学电子技术学院,郑州450004

出　　处：《中国科学：信息科学》2012年第7期815-830,共16页Scientia Sinica(Informationis)

基　　金：国家自然科学基金(批准号:51108209);江苏省自然科学基金(批准号:BK2011464);计算智能与信号处理教育部重点实验室开放课题(批准号:201107);江苏大学第十批学生科研立项(批准号:10A119)资助项目

摘　　要：物联网包含感知子网和传输骨干网,其感知子网中节点能力受限,往往利用移动的传感器节点跨区域访问来获取信息;而其传输骨干网络需要依托现有Internet的基础设施,并利用其提供的强大服务.在这种情况下,移动节点的漫游带来了新的安全问题,一方面移动节点在感知子网间跨区域漫游,虽和MANET中一样需要保证移动节点漫游时高效安全地加入新的拜访域,但因传感节点资源极端受限而对轻量级有更高数量级的要求;另一方面资源受限的感知子网间移动节点漫游仅能提供轻量级安全,但是在接入骨干传输网时,不可因此降低骨干网络已有的安全性,即轻量级的安全协议和传统骨干网协议综合运用时,需具有组合安全性.本文针对这种基于骨干传输网的移动节点漫游问题,提出了一个新的随机漫游认证协议(RMRAP),兼顾安全性和实际应用的可行性,实现了漫游的轻量级身份认证,保护了漫游节点的隐私,同时实现了具有前向安全性,会话密钥对;并针对衔接骨干网和感知子网的基站进行了组合安全性的认证测试,验证了RMRAP的安全性;最后,从理论分析和实验仿真两个方面,分析了RMRAP协议的性能,并和相近工作进行了对比,对比表明,具有组合安全性的RMRAP在计算、通信开销方面,依然具有和同类协议可比较的相近性能.Internet of Things is composed by sensor subnets and transmission backbone network. Because of the limited capacity of nodes in sensor subnets, the mobile sensor nodes often move from one cluster to another so that they can access and obtain cross-region information. The backbone transmission network depends on the existing Internet infrastructure and provides powerful services. In this case, the roaming of mobile nodes brings about some new security problems. On one hand, we should ensure that the mobile node joins the new foreign cluster efficiently and securely during roaming, which looks like roaming demand in MANET. However it should be much more light weight because sensor nodes’ resource is extremely limited. On the other hand, the security of mobile nodes is light weight which is different from that of backbone networks. The security level of backbone network should not be reduced by a mobile node roaming and joining a new cluster. So the authentication protocol should be composable security, when the light weight secure protocol connects with traditional backbone network protocol. In this paper, we focus on the sensor nodes roaming problem based on the Internet of Things, and propose a new random roaming authentication protocol （RMRAP）. Our RMRAP takes into account both the security and feasibility of practical application. The protocol achieves the light weight authentication and protects the privacy of the mobile node while roaming among the clusters and generates forward security session key. We also test the composable security at cluster head which connects the backbone network and the sensor subnet serving as a gateway. We also analyze the performance of RMRAP protocol in both the theoretical analysis and experiment simulations, and compare it with some related work. The comparison shows that our RMRAP has some advantages of compose security, computation and communication overheads over these related protocols.

关 键 词：无线传感网 网络安全 认证 隐私保护 轻量级 

分 类 号：TP391.44[自动化与计算机技术—计算机应用技术] TN915.08[自动化与计算机技术—计算机科学与技术]