基于群体认证的远程证明方案研究  被引量：1

作　　者：王冠 高壮[2] Wang Guan;Gao Zhuang(Faculty of Information Technology,Beijing University of Technology,Beijing 100124;Beijing Key Laboratory of Trusted Com puting(Beijing University of Technology),Beijing 100124)

机构地区：[1]北京工业大学信息学部,北京100124 [2]可信计算北京市重点实验室(北京工业大学),北京100124

出　　处：《信息安全研究》2022年第11期1121-1128,共8页Journal of Information Security Research

基　　金：国家自然科学基金项目(61170263);国家重点研发计划项目(2019YFB2102300)。

摘　　要：远程证明是一种识别物联网中威胁的安全技术,具有低开销、高适用性以及高检测率等优势.然而,现有的技术在实际部署到物联网系统后存在一些潜在问题.首先,物联网系统的感知层节点没有较强的计算能力,因此无法针对终端服务器进行有效的远程证明;其次,远程证明方案通常具有不可中断性,而现有的方案会打断设备所进行的主要工作,导致设备的关键性数据丢失.针对以上问题,提出了一种基于群体认证的远程证明方案.该方案将终端服务器度量工作的负担分配到各个汇聚节点中,利用汇聚节点单独对每部分内容进行可信评估,最后通过一致性协议将全部度量结果进行统一,完成针对终端服务器的可信评估,解决节点计算能力有限的问题.同时,采取了主动式的自我度量方案,很好地解决了传统被动远程证明技术对设备关键性数据造成的损失.通过安全性分析以及仿真实验,证明了该方案在现有环境中是可行的,解决了上述的问题并在性能上有较大提高.Remote attestation is a security technology to identify threats in the Internet of things.It has the advantages of low overhead,high applicability and high detection rate.However,the existing technology has some potential problems after being actually deployed to the Internet of things system.First of all,the nodes in the perception layer of the Internet of things system do not have strong computing power,so it is impossible to carry out effective remote attestation for the terminal server.Secondly,the remote attestation scheme is usually uninterruptible,and the existing scheme will interrupt the main work of the equipment,resulting in the loss of key data of the equipment.To solve the above problems,a remote attestation scheme based on group authentication is proposed.In this scheme,the burden of measurement work of terminal server is allocated to each sink node,and the sink node is used to evaluate the credibility of each part of the content separately.Finally,all measurement results are unified through the consistency protocol to complete the credibility evaluation for terminal server and solve the problem of limited computing power of nodes.At the same time,this paper adopts an active selfmeasurement scheme to solve the loss of key data caused by the traditional passive remote attestation technology.Through security analysis and simulation experiments,it is proved that the scheme proposed in this paper is feasible in the existing environment,solves the above problems and greatly improves the performance.

关 键 词：远程证明 群体认证 物联网 主动度量 一致性协议 

分 类 号：TP309.2[自动化与计算机技术—计算机系统结构]