基于PPSK的物联网终端可信准入认证系统设计与实现  

作　　者：劳凤丹[1] 杨月 安杰 马云龙 LAO Fengdan;YANG Yue;AN Jie;MA Yunlong(Network Technology Center,China Agricultural University,Beijing 100083,China;Information Technology Center,Beijing Foreign Studies University,Beijing 100081,China;Network and Information Office,North China Electric Power University,Beijing 102206,China;Information Technology Center,Tsinghua University,Beijing 100084,China)

机构地区：[1]中国农业大学网络技术中心,北京100083 [2]北京外国语大学信息技术中心,北京100081 [3]华北电力大学网络与信息化工作处,北京102206 [4]清华大学信息化技术中心,北京100084

出　　处：《福州大学学报（自然科学版）》2023年第5期647-651,共5页Journal of Fuzhou University(Natural Science Edition)

基　　金：中国教育技术协会高等农业院校分会2021年度智慧校园专项重点课题(C21ZD01)。

摘　　要：物联网技术在有力推进智慧校园建设的同时,也对网络安全提出了更高的要求.目前,物联网终端准入可信认证机制尚未成熟,现有的基于MAC地址认证模式难以避免地址伪冒的问题,IEEE 802.1x认证模式存在终端适用性不强、管理维护难度高的缺点,而预共享密钥模式(PSK)则不满足接入设备及身份具有不可否认性等合规性要求.为解决此类问题,基于私有预共享密钥模式(PPSK)+用户预注册系统设计并实现了物联网终端准入可信认证系统.该系统可有效减少身份冒用、地址假冒等方面的安全问题,可大幅增强物联网终端管理安全.此外,进一步给出了在校园网内如何提高物联网系统的高可用性、高安全性的具体实践经验.The internet of things(IoT)technology not only effectively promotes the construction of smart campus,but also puts forward higher requirements for network security.At present,the trusted authentication mechanism of IoT is not yet mature.MAC address authentication is difficult to avoid the fake address authentication.IEEE 802.1x authentication has the shortcomings of weak terminal applicability and high management and maintenance,while the pre-shared key mode does not meet the undeniable compliance requirements of access equipment and identity.To solve these problems,the paper designs and implements the internet of things terminal access authentication system based on PPSK+user pre-registration system.The system can effectively reduce the security problems of identity fraud,address counterfeiting and other aspects,and enhance the security management.In addition,the paper further gives the practical experience on how to improve availability and security of the system.

关 键 词：物联网 网络安全 准入认证 预共享密钥模式 私有预共享密钥模式 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]