基于PUF的电力物联网智能终端认证协议  

作　　者：袁征 张跃飞 冯笑 乔雅馨 YUAN Zheng;ZHANG Yuefei;FENG Xiao;QIAO Yaxin(Department of Cryptography Science and Technology,Beijing Institute of Electronic Science and Technology,Beijing 100070,China;China StarNet Network System Research Institute Co.,Ltd.,Beijing 100029,China;State Grid Information&Telecommunication Industry Co.,Ltd.,Beijing 100031,China)

机构地区：[1]北京电子科技学院密码科学与技术系,北京100070 [2]中国星网网络系统研究院有限公司,北京100029 [3]国网信息通信产业集团有限公司,北京100031

出　　处：《信息网络安全》2025年第1期13-26,共14页Netinfo Security

基　　金：国家密码发展基金[MMJJ20180217];国家电网有限公司总部科技项目[5700-202341290A-1-1-ZN]。

摘　　要：电力系统逐步向智能化和数字化转型,越来越多的终端设备通过物联网技术实现互联和数据共享,但由于设备多样性、资源受限、通信环境复杂、物理分布广泛等特点以及高实时性需求,电力物联网智能终端安全验证在密码破解、仿冒攻击和复杂性等方面面临严峻的挑战。为应对电力物联网智能终端在通信中的认证安全性挑战,引入PUF技术并设计扩展CRP结构,提出一种基于物理不可克隆函数(PUF)的电力物联网智能终端认证协议。使用ProVerif工具和Tamarin工具进行模拟实验,证明该协议能够有效抵御常见攻击,如中间人攻击和仿冒攻击等,对轻量级和双向认证等协议特征进行理论分析,并与相似方案进行比较,结果显示该方案在多方面具有显著优势。该研究为电力物联网智能终端的安全认证提供了一种高效的解决方案,不仅弥补了传统认证方案的不足,还为未来的电力物联网系统提供更为安全可靠的技术基础,有助于提升电力系统的整体安全水平和运行效率。The power system is gradually transforming towards intelligence and digitalization.More and more terminal devices are interconnected and sharing data through the Internet of things technology.However,due to the characteristics of device diversity,resource constraints,complex communication environment,wide physical distribution,and high real-time requirements,its security verification faces severe challenges in password cracking,counterfeit attacks,and complexity.In order to cope with the authentication security challenges of power Internet of things smart terminals in communication,PUF technology was introduced and an extended CRP structure was designed.A power Internet of things smart terminal authentication protocol based on physical unclonable function(PUF)was proposed.Simulation experiments are carried out using ProVerif tools and Tamarin tools,which prove that the protocol can effectively resist common attacks such as man-in-the-middle attacks and counterfeit attacks.The protocol features such as lightweight and two-way authentication are theoretically analyzed and compared with similar schemes.The results show that the scheme has significant advantages in many aspects.This study provides an innovative and efficient solution for the security authentication of power Internet of things smart terminals,which not only makes up for the shortcomings of traditional authentication schemes,but also provides a more secure and reliable technical foundation for future power Internet of things systems,which helps to improve the overall security level and operation efficiency of the power system.

关 键 词：电力物联网 智能终端 物理不可克隆函数 身份认证 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]