基于一次哈希签名和联盟链的密钥分发协议  

作　　者：陈青青 刘蕾 王志伟 CHEN Qing-qing;LIU Lei;WANG Zhi-wei(School of Computer Science,Nanjing University of Posts and Telecommunications,Nanjing 210023,China;Jiangsu Key Laboratory of Big Data Security and Intelligent Processing,Nanjing University of Posts and Telecommunications,Nanjing 210023,China;Yunnan Provincial Key Laboratory of Blockchain Application Technology,Yunnan Innovation Research Institute,Beihang University,Kunming 650233,China)

机构地区：[1]南京邮电大学计算机学院、软件学院、网络空间安全学院,江苏南京210023 [2]南京邮电大学江苏省大数据安全与智能处理重点实验室,江苏南京210023 [3]北京航空航天大学云南创新研究院云南省区块链应用技术重点实验室,云南昆明650233

出　　处：《计算机技术与发展》2024年第6期73-80,共8页Computer Technology and Development

基　　金：2022年信息安全国家重点实验室开放课题项目(2022-MS-5);江苏省研究生科研与实践创新计划项目(KYCX22_0987);云南省区块链应用技术重点实验室开放课题项目(202105AG070005);国家自然科学基金面上项目(62372245)。

摘　　要：在物联网环境中,为了确保通信数据的机密性和完整性,数据加密密钥的安全性尤为重要。密钥一般采用中心化的存储机制,当中心实体不可信时会造成密钥泄露的风险,因此在分发过程中需要保证密钥的完整性,但普通的签名方案往往较为复杂。针对密钥分发中心化及密钥分发算法复杂等问题,提出了一种基于一次哈希签名和联盟链的密钥分发协议。首先,利用轻量级的一次哈希签名进行用户注册和认证,同时,为了有效检测和防御使用一次哈希签名过程中可能出现的中间人攻击,协议中使用了Hyperledger Fabric联盟链存储签名凭证,用户可以从联盟链上获取签名凭证以供认证;然后,基于Hyperledger Fabric链和ElGamal密码体制设计了一个对称密钥分发方案;最后,从理论分析和Scyther形式化协议分析工具两个方面分析了密钥分发协议的安全性,结果表明该协议在保证密钥分发安全性的情况下,提高了密钥分发的效率。In the IoT environment,in order to ensure the confidentiality and integrity of communication data,the security of data encryption keys is particularly important.The key generally adopts a centralized storage mechanism.When the central entity is untrustworthy,it will cause the risk of key leakage.Therefore,the integrity of the key needs to be guaranteed during the distribution process,but ordinary signature schemes are often more complicated.Aiming at the problems of centralization of key distribution and complex key distribution algorithm,a key distribution protocol based on one-time hash signature and consortium blockchain is proposed.Firstly,a lightweight one-time hash signature is used for user registration and authentication.Meanwhile,in order to effectively detect and defend against man-in-the-middle attacks that may occur in the process of using one-time hash signature,Hyperledger Fabric federation chain is used to store signature credentials.Users can obtain signature credentials from the federation chain for authentication.Then,a symmetric key distribution scheme is designed based on Hyperledger Fabric chain and ElGamal cryptosystem.Finally,the security of the key distribution protocol is analyzed from two aspects of theoretical analysis and Scyther formalized protocol analysis tool,and the results show that the protocol improves the efficiency of key distribution while ensuring the security of key distribution.

关 键 词：一次哈希签名 联盟链 对称密钥分发协议 通信数据保护 安全性 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]