工业物联网系统基于混沌映射三因素认证与密钥协商协议  

作　　者：张晓均[1,2] 张楠[1,2] 郝云溥 王周阳 薛婧婷 ZHANG Xiaojun;ZHANG Nan;HAO Yunpu;WANG Zhouyang;XUE Jingting(School of Computer Science and Software Engineering,Southwest Petroleum University,Chengdu 610500,China;Engineering Research Center for Intelligent Oil&Gas Exploration and Development of Sichuan Province,Southwest Petroleum University,Chengdu 610500,China)

机构地区：[1]西南石油大学计算机与软件学院,成都610500 [2]西南石油大学四川省油气勘探开发智能化工程研究中心,成都610500

出　　处：《信息网络安全》2024年第7期1015-1026,共12页Netinfo Security

基　　金：国家自然科学基金[61902327];四川省自然科学基金[2023NSFSC1398];中国博士后科学基金[2020M681316];油气勘探开发软件国家工程研究中心开放课题[DFWT-ZYRJ-2024-JS-81]。

摘　　要：工业物联网系统通过各类终端传感器设备,将采集的关键工业数据实时传输到工业物联网平台,提供数据智能分析与决策。然而,对工业数据的非法访问将导致数据或敏感身份标识泄露、数据篡改等信息安全问题,影响工业物联网系统的正常运行。基于此,文章面向工业物联网系统,搭建多用户、多网关、多工业物联网平台下的分布式数据匿名传输架构,提出基于混沌映射的三因素认证与密钥协商协议。协议实现了用户到移动终端设备的智能卡、口令、生物特征信息的三因素登录认证。在网关协助下,用户利用移动终端设备,基于混沌映射技术与关键凭证,实现了用户到工业物联网平台的双向匿名认证,并协商了用于后续保密通信的会话密钥。文章对协议进行了应用拓展,包括用户口令与生物特征信息的更新、智能卡撤销的功能,基于中国剩余定理实现了对多网关的密钥同步更新。安全性分析与性能评估表明,该设计协议能够安全高效地部署在工业物联网系统。Through various terminal sensor devices,Industrial Internet of Things (IIoT) system transmits the collected key industrial data to the industrial Internet of things platform in real time,to provide data intelligent analysis and decision-making.However,illegal access to industrial data will lead to information security issues,such as data or sensitive identity leakage,data tampering,which will affect the normal operation of IIoT system.To this end,for IIoT system,this paper built a distributed data anonymous transmission architecture under multi-user,multi-gateway and multi-industrial Internet of Things platform,and proposed a three-factor anonymous authentication and key agreement protocol based on chaotic map.The protocol realized the three-factor login authentication of smart card,password,and biometric information from the user to the mobile terminal device.Under the assistance of the gateway,the user utilized the mobile terminal device to realize two-way anonymous authentication from the user to the IIoT platform based on chaotic map technology and key credentials,and simultaneous achieved the session key agreement for subsequent secure communication.The application of the protocol was extended,including the update of each user’s password and biometric information,the revocation function of smart card,and the synchronous update of multi-gateway key based on Chinese remainder theorem.Security analysis and performance evaluation demonstrate that the proposed protocol can be securely and efficiently deployed in IIoT system.

关 键 词：工业物联网 三因素认证 密钥协商 混沌映射 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]