检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:Lei Meng Daochao Huang Jiahang An Xianwei Zhou Fuhong Lin
机构地区:[1]School of Computer and Communication Engineering,University of Science and Technology Beijing,Beijing 100083,China [2]National Computer Network Emergency Response Technical Team/Coordination Center of China(CNCERT/CC),Beijing 100029,China [3]Shunde Graduate School of University of Science and Technology Beijing,Guangdong,528399,China
出 处:《China Communications》2022年第8期198-213,共16页中国通信(英文版)
基 金:supported in part by the National Science Foundation Project of China(No.61931001);the Scientific and Technological Innovation Foundation of Foshan,USTB(No.BK20AF003).
摘 要:Zero-trust security is a novel concept to cope with intricate access,which can not be handled by the conventional perimeter-based architecture anymore.The device-to-device continuous authentication protocol is one of the most crucial cornerstones,especially in the IoT scenario.In the zero-trust architecture,trust does not rely on any position,person or device.However,to the best of our knowledge,almost all existing device-to-device continuous authentication relies on a trust authority or a node to generate secret keys or secret values.This is betrayed by the principle of zero-trust architecture.In this paper,we employ the blockchain to eliminate the trusted node.One node is chosen to produce the public parameter and secret keys for two entities through the practical Byzantine fault tolerance consensus mechanism.Additionally,the devices are categorized into three folds:trusted device,suspected device and untrusted device.Only the first two can participate in authentication,and they have different lengths of security parameters and intervals to reach a better balance between security and efficiency.Then we prove the security of the initial authentication part in the eCK model and give an informal analysis of the continuous authentication part.Finally,we implement the proposed protocol on simulated devices.The result illustrates that our scheme is highly efficient,and the continuous authentication only costs around 0.1ms.
关 键 词:continuous authentication zero-trust architecture device-to-device blockchain IoT
分 类 号:TN915.08[电子电信—通信与信息系统]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:18.219.24.193