面向移动边缘计算的广播身份认证协议  

作　　者：周彦伟[1,2,3] 许渊 杨波 顾纯祥[3] 夏喆 张明武 Yanwei ZHOU;Yuan XU;Bo YANG;Chunxiang GU;Zhe XIA;Mingwu ZHANG(School of Computer Science,Shaanxi Normal University,Xi'an 710062,China;State Key Laboratory of Cryptology,Beijing 100878,China;Henan Key Laboratory of Network Cryptography Technology,Zhengzhou 450040,China;School of Computer Science and Technology,Wuhan University of Technology,Wuhan 430070,China;School of Computer,Hubei University of Technology,Wuhan 430068,China)

机构地区：[1]陕西师范大学计算机科学学院,西安710062 [2]密码科学技术国家重点实验室,北京100878 [3]河南省网络密码技术重点实验室,郑州450040 [4]武汉理工大学计算机科学与技术学院,武汉430070 [5]湖北工业大学计算机学院,武汉430068

出　　处：《中国科学：信息科学》2023年第9期1734-1749,共16页Scientia Sinica(Informationis)

基　　金：国家自然科学基金(批准号:62272287,U2001205);广西密码学与信息安全重点实验室开放课题(批准号:GCIS202108);河南省网络密码技术重点实验室开放课题(批准号:LNCT2021-A04);陕西省教育厅专项科研计划项目(批准号:21JK0590);中央高校基本科研业务费专项资金(批准号:GK202301009)项目资助。

摘　　要：随着无线通信技术在各领域的普及,基于该技术演进的移动边缘计算(mobile edge computing,MEC)引起了诸多研究者的关注.在MEC中,为确保边缘节点接入过程的安全性,近年来多个身份认证协议相继被提出,然而上述传统方案仅支持一对一的身份合法性认证,即实现了一个边缘节点与一个边缘服务器间的相互认证.由于需要通过重复认证操作以满足边缘节点在多个边缘服务器间的迁移需求,导致传统协议的工作效率较低、用户的通信体验欠佳.针对传统协议无法高效地解决MEC中边缘节点的移动性问题,本文基于无证书公钥密码体制,提出支持广播通信的身份认证机制,实现一个边缘节点同时与多个边缘服务器完成身份合法性认证的目标,确保边缘节点在多服务器间迁移过程的服务连贯性,提高MEC环境下的身份认证效率.此外,在随机谕言机模型下,基于离散对数问题和计算性Diffie-Hellman问题分别证明了本文协议中通信消息的不可伪造性和协商密钥的安全性;同时使用形式化分析工具ProVerif对协议的安全性进行了模拟验证,结果表明本文协议具有其所声称的安全性.与现有传统方案的性能对比结果表明本文协议具有更优的计算效率,更加适合在MEC等终端计算资源受限的网络环境下部署.With the rapid advancement of wireless communication technology, mobile edge computing(MEC)has garnered increasing attention from researchers. To ensure the security of mobile edge nodes, several identity authentication schemes have been proposed. However, these earlier methods primarily support one-to-one identity authentication. In this scenario, users must repeatedly undergo identity authentication to fulfill the migration requirements of mobile edge nodes across multiple servers. This traditional identity authentication approach results in low service efficiency and a subpar communication experience for users. Consequently, existing identity authentication schemes within MEC fail to meet the mobility demands of edge nodes. In this study, to address the aforementioned issues comprehensively, we propose an identity authentication scheme employing broadcast communication based on certificateless cryptography. This scheme achieves seamless migration service continuity for edge nodes across multiple servers. Furthermore, our proposal enables mutual authentication between a single user and multiple servers simultaneously, significantly enhancing the efficiency of identity authentication.Moreover, we provide formal proof of the unforgeability of the message and the security of session keys within the random oracle model, relying on the discrete logarithm problem and the computational Diffie-Hellman problem,respectively. Additionally, we utilize formal analysis tools, such as ProVerif, to simulate the security aspects of our proposal. When compared to existing schemes, our proposal exhibits superior computational efficiency, making it better suited for deployment in the context of MEC.

关 键 词：身份认证 移动边缘计算 无证书密码机制 可证明安全性 

分 类 号：TN929.5[电子电信—通信与信息系统]