面向物联网的轻量级可验证群组认证方案  被引量：4

作　　者：陈书仪 刘亚丽[1,2,3] 林昌露 李涛[1,2,3] 董永权 CHEN Shu-yi;LIU Ya-li;LIN Chang-lu;LI Tao;DONG Yong-quan(College of Computer Science and Technology,Jiangsu Normal University,Xuzhou,Jiangsu 221116,China;Fujian Provincial Key Laboratory of Network Security and Cryptology,Fujian Normal University,Fuzhou,Fujian 350007,China;Henan Key Laboratory of Network Cryptography Technology,Zhengzhou,Henan 450001,China)

机构地区：[1]江苏师范大学计算机科学与技术学院,江苏徐州221116 [2]福建师范大学福建省网络安全与密码技术重点实验室,福建福州350007 [3]河南省网络密码技术重点实验室,河南郑州450001

出　　处：《电子学报》2022年第4期990-1001,共12页Acta Electronica Sinica

基　　金：国家自然科学青年基金(No.61702237);国家自然科学基金面上项目(No.61872168);国家自然科学基金促进海峡两岸科技合作联合基金(No.U1705264);福建省网络安全与密码技术重点实验室(福建师范大学)开放课题(No.NSCL-KF2021-04);河南省网络密码技术重点实验室研究课题(No.LNCT2021-A07);江苏省研究生科研与实践创新计划项目(No.KYCX20_2381);江苏师范大学研究生科研与实践创新计划项目(No.2021XKT1387);江苏省自然科学青年基金(No.BK20150241);徐州市推动科技创新专项资金项目(No.KC18005);江苏省高校自然科学基金(No.14KJB520010);福建省自然科学基金(No.2019J01275);江苏政府留学奖学金。

摘　　要：随着物联网应用的广泛扩展,越来越多的物联网设备出现在人们的日常生活中,包括智能电表、智能家居、智能穿戴等.它们在带给人民生活便利的同时,由于物联网设备通过无线开放信道进行交互,造成诸多安全和隐私问题的出现.身份认证是解决物联网安全和隐私问题的关键技术之一.传统的点对点认证方案没有考虑到物联网海量节点和节点资源受限的情况,而群组认证是一种一次验证一组成员身份的认证技术,为物联网节点的身份认证提供了新的思路.然而,现有适用于物联网场景的群组认证方案存在安全隐患,无法抵抗伪造、重放等恶意攻击并且无法防止群组管理者对组成员的欺骗.本文利用可验证秘密共享技术设计了一种适用于物联网场景的轻量级可验证群组认证方案以抵抗群组管理者的欺骗行为.另外,在物联网场景下,节点可能会动态地加入和撤出网络,针对这种情况,本文在可验证群组认证方案的基础上设计密钥更新环节以更新组成员的权限.安全性分析表明,本文方案满足正确性、机密性,能够抵抗重放、伪造、冒充等恶意攻击.性能分析和实验仿真表明,与现有典型的物联网群组认证方案相比,本文方案在保证安全性的同时降低了组成员的计算代价.With the wide spread of the applications of the internet of things(IoT),more and more IoT devices appear in our lives,including smart meters,smart homes,smart wear and so on.While they bring convenience to people’s lives,many security and privacy issues arise because of the interaction of IoT devices through wireless open channels.Identity authentication is one of the key technologies to solve the security and privacy issues of IoT.The traditional point-to-point authentication schemes do not consider the massive resource-limited nodes,while group authentication is an authentication technology that can simultaneously verify a group of members,which provides a new idea for the authentication of IoT nodes.However,the existing group authentication schemes for IoT are vulnerable to some security risks,which cannot resist malicious attacks such as forgery attack,replay attack and cannot prevent the group manager from cheating group members.In this paper,a lightweight verifiable group authentication scheme for IoT based on verifiable secret sharing technology is proposed,which resists the deception of the group manager.In addition,nodes may dynamically join or leave the network in IoT scenarios.Given this situation,key updating based on the verifiable group authentication scheme is designed to update group members’authority.Security analysis shows that this scheme satisfies the correctness and confidentiality,and it can resist malicious attacks such as replay attack,forgery attack,impersonation attack.Performance analysis and experimental simulation show that this scheme reduces the computational cost of group members while it ensures security compared with the existing typical group authentication schemes for IoT.

关 键 词：群组认证 物联网 轻量级 可验证秘密共享 动态群组 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]