一种面向WSN的双向身份认证协议及串空间模型  被引量：10

作　　者：刘静 赖英旭 杨胜志 Lina Xu LIU Jing;LAI Ying-xu;YANG Sheng-zhi;Lina XU(Faculty of Information Technology,Beijing University of Technology,Beijing 100124,China;Beijing Key Laboratory of Trusted Computing,Beijing 100124,China;National Engineering Laboratory for Critical Technologies of Information Security Classified Protection,Beijing 100072,China;Information Technology Support Center,Beijing University of Technology,Beijing 100124,China;School of Computer Science,University College Dublin,Dublin 999014,Ireland)

机构地区：[1]北京工业大学信息学部,北京100124 [2]可信计算北京市重点实验室,北京100124 [3]信息保障技术重点实验室,北京100072 [4]北京工业大学信息化建设与管理中心,北京100124 [5]爱尔兰都柏林大学计算机学院,都柏林999014

出　　处：《计算机科学》2019年第9期169-175,共7页Computer Science

基　　金：青海省自然科学基金(2017-ZJ-912);北京工业大学国际科研合作种子基金(2018-B9);信息保障技术重点实验室基金(614211204031117);北京市自然科学基金(4162006);国防科技实验信息安全实验室对外开放项目(2015XXAQ09)资助

摘　　要：随着工业互联网、智慧农业、智能家居等领域的发展,无线传感网络(WSN)得到了更广泛的应用,但安全问题也随之凸显。针对无线传感网络中传感器节点易失效、能量和计算存储能力受限等问题,构建了一种基站与传感器节点间的基于状态信息的双向身份认证协议,其能在满足无线传感网络轻量级和低成本要求的同时确保安全性。协议首先在节点接入阶段基于可信网络连接进行平台可信情况的认证,以验证节点的可信情况并实现节点的加密注册。然后在运行阶段通过重要数据双向认证过程对重要数据的传输过程进行保护,利用定时更新认证确认传感器节点的状态和可靠性。协议允许基站定时检测节点的运行状态信息,及时监测到节点的物理损坏,并利用节点的运行状态信息进行认证,以进一步增强协议的安全性。同时,该协议还引入了报警机制,该机制可以区分通信错误、节点的物理损坏以及攻击者攻击。本协议降低了认证过程的通信量,引入的报警消息可以增强排障能力。利用串空间模型对协议进行形式化分析,证明了协议的安全性。最后通过实验验证了设计的双向身份认证协议能提供较好的安全性,而且发送数据增加的延迟时间在可接受的范围内,网络可扩展性好。所提方案能够加强网络接入安全并且有效防御来自节点系统内部的攻击,具有较好的应用价值。With the development of industrial Internet,smart agriculture,smart home and other fields,wireless sensor networks (WSN) have been more widely used.However,its security issues have become prominent.Aiming at the problems of the vulnerability to failure as well as the limited capacity of energy and computational storage of sensor nodes in the wireless sensor networks (WSN),this paper constructed a two-way identity authentication protocol based on state information between base station and sensor nodes ,which can ensure safety while meeting the requirements of lightweight and low cost of wireless sensor networks.First,the protocol authenticates the trusted situation of the platform based on the trusted network connection in the node access phase,verifies the trusted condition of the node and implements its encrypted registration.Then,during the operation phase,the transmission process of the important data is protected by the two-way authentication process of the data,and the status and reliability of the sensor nodes are confirmed by the timing update authentication.Meanwhile,the protocol allows the base station to periodically detect the running state information of the node, which is used for authentication to further enhance the protocol security ,and to timely monitor the physical damage of the node.The proposed protocol reduces the communication process of the authentication process, while the introduced alarm message can enhance the troubleshooting capability,and the serial space model is used to formally analyze the protocol,proving the security of the protocol.Finally,the experimental results show that under a reasonable safety condition,the designed two- way identity authentication protocol has a good network scalability,and the increased delay time of sending data is within an acceptable range. The solution can enhance network access security and effectively defend against attacks from the inside node system,having good application value.

关 键 词：身份认证协议 无线传感器网络 串空间模型 报警机制 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]