面向物联网的三因子跨域签密访问控制方案  

作　　者：黄隆坤 田有亮[1,2,3] 谢洪涛 HUANG Long-kun;TIAN You-liang;XIE Hong-tao(School of Computer Science and Technology,Guizhou University,Guiyang,Guizhou 550025,China;Institute of Cryptography&Date Security,Guizhou University,Guiyang,Guizhou 550025,China;Guizhou Provincial Key Laboratory of Public Big Data,Guiyang,Guizhou 550025,China;School of Information Science and Technology,University of Science and Technology of China,Hefei,Anhui 230026,China)

机构地区：[1]贵州大学计算机科学与技术学院,贵州贵阳550025 [2]贵州大学密码学与数据安全研究所,贵州贵阳550025 [3]贵州省公共大数据重点实验室,贵州贵阳550025 [4]中国科学技术大学信息科学与技术学院,安徽合肥230026

出　　处：《电子学报》2023年第9期2578-2587,共10页Acta Electronica Sinica

基　　金：国家重点研发计划项目(No.2021YFB3101100);贵州省高层次创新型人才项目(No.黔科合平台人才[2020]6008);贵州省科技计划项目(No.黔科合平台人才[2020]5017)。

摘　　要：在5G的海量机器类通信(massive Machine Type Communication,mMTC)物联网环境下,存在跨安全域的公钥加密体制PKI(Public Key Infrastructure)的物联网用户对无证书加密体制CLC(CertificateLess Cryptosystem)的物联网设备跨域安全通信问题.本文基于用户口令、生物特征和用户智能设备等组成的三因子和国密SM2的加密和签名算法,提出三因子跨域签密的访问控制方案(Three-factor Cross-domain Signcryption Access Control scheme for IoT environment,TCSAC-IoT),用于在跨安全域的情况下实现PKI物联网用户对CLC物联网设备跨域安全通信.方案通过三因子跨域签密算法对PKI物联网用户进行认证,对合法的PKI物联网用户建立与CLC物联网设备之间的共享秘钥,避免非法用户对CLC物联网设备资源非法访问,并在真实或随机ROR(Real-Or-Random)模型下证明了该方案在DY(DolevYao)模型和CK(Cantti-Krawczyk)模型下满足语义安全性,同时具有抗伪装攻击、抗重放攻击、抗中间人攻击、抗内部特权攻击和抗盗用或丢失PKI用户智能设备攻击,与类似方案对比分析的结果表明本方案有较低的计算开销和通信开销.In the massive machine type communication(mMTC)internet of Things environment of 5G,there is the problem of cross-domain secure communication from IoT users with public key infrastructure(PKI)encryption scheme to IoT devices with certificateless cryptosystem(CLC)encryption regime across security domains.In this paper,we propose a three-factor cross-domain signed-encryption access control scheme in the Internet of things(TCSAC-IoT)for PKI users to CLC devices with cross-domain secure communication based on the signcryption algorithm of three-factor and national secret SM2 composed of user passwords,biometrics and user smart device.The scheme authenticates PKI IoT users through a three-factor cross-domain signcryption algorithm,and grants legitimate PKI IoT users a shared secret key with CLC IoT devices to avoid illegal access to CLC IoT device resources by illegal users.It is also demonstrated under the real-or-random(ROR)model that the scheme satisfies semantic security under the Dolev-Yao(DY)model and Cantti-Krawczyk(CK)model,and is also resistant to spoofing attacks,replay attacks,man-in-the-middle attacks,internal privilege attacks and theft or loss of PKI user smart device attacks.The results of the analysis in comparison with similar schemes show that this scheme has low computational overhead and communication overhead.

关 键 词：跨域签密 跨域访问控制 物联网安全 5G 

分 类 号：TN918.4[电子电信—通信与信息系统]