基于PUF的水下海洋观测仪器身份认证研究  

作　　者：杨英 钟杰 郑力 胡勇 YANG Ying;ZHONG Jie;ZHENG Li;HU Yong(School of Cyber Science and Engineering,Sichuan University,Chengdu Sichuan 610065,China;Chengdu Science and Technology Development Center,Chengdu Sichuan 610200,China)

机构地区：[1]四川大学网络空间安全学院,四川成都610065 [2]中物院成都科学技术发展中心,四川成都610200

出　　处：《通信技术》2021年第3期698-704,共7页Communications Technology

基　　金：国防科技创新特区H863计划项目(No.20-163-05-ZT-001-006-03)。

摘　　要：水下海洋观测仪器位于海底深处开放海域中,正常工作时处于无人值守状态,拥有功耗受限导致的休眠/激活模式,容易遭受假冒、侧信道分析攻击。针对休眠模式下仪器的不同唤醒方式,提出了基于PUF和伪随机序列的双向身份认证方案:外部唤醒时,认证服务器主动唤醒仪器进行认证;自主苏醒时,仪器主动通知认证服务器进行认证。该方案基于终端PUF,并使用序列号和轻量级哈希函数对其加密,完成双向身份认证。此外,通信中使用伪随机序列加密链路层数据,改变信息中“0”和“1”的分布规律。该方案无需仪器预先存储私密密钥,且只在特定时间窗口发送数据。安全性分析表明,该方案能抵抗多种常见攻击,适用于水下海洋观测仪器的双向身份认证。The underwater ocean observation instrument is located in the open sea in the depths of the sea floor,and is in unattended state during normal operation.It has the sleep/active mode caused by limited power consumption,and is vulnerable to the attack of impersonation and side channel.A mutual identity authentication scheme based on PUF and pseudo-random sequence is proposed for the different awakening modes of the instrument in the sleep mode:When the instrument is awakened externally,the authentication server actively awakens the instrument for authentication;When autonomously awake,the instrument actively notifies the authentication server for authentication.The scheme is based on the terminal PUF and uses the serial number and lightweight hash function to encrypt it to complete the mutual authentication.In communication,pseudo-random sequences are used to encrypt link layer data and change the distribution of“0”and“1”in information.The scheme does not require the instrument to store private keys in advance and only sends data in a specific time window.The security analysis indicates that the scheme can resist many common attacks and is suitable for mutual identification of underwater ocean observing instruments.

关 键 词：海底观测网 无人值守 PUF 伪随机序列 身份认证 

分 类 号：TP309.1[自动化与计算机技术—计算机系统结构]