计算机应用 ›› 2016, Vol. 36 ›› Issue (11): 3108-3112.DOI: 10.11772/j.issn.1001-9081.2016.11.3108

• 网络空间安全 • 上一篇    下一篇

物联网环境下移动节点可信接入认证协议

张鑫1,2, 杨晓元1,2,3, 朱率率1,2, 杨海滨1,3   

  1. 1. 武警工程大学 电子技术系, 西安 710086;
    2. 武警工程大学 网络与信息安全武警部队重点实验室, 西安 710086;
    3. 武警工程大学 信息安全研究所, 西安 710086
  • 收稿日期:2016-05-12 修回日期:2016-06-15 出版日期:2016-11-10 发布日期:2016-11-12
  • 通讯作者: 张鑫
  • 作者简介:张鑫(1991-),男,安徽合肥人,硕士研究生,主要研究方向:信息安全、可信计算;杨晓元(1959-),男,湖南湘潭人,教授,硕士,主要研究方向:信息安全、密码学;朱率率(1985-),男,山东淄博人,讲师,主要研究方向:信息安全、可信计算、密码学;杨海滨(1982-),男,河北林榆人,讲师,硕士,主要研究方向:信息安全、密码学。
  • 基金资助:
    国家自然科学基金资助项目(61402530,61272492,61572521);武警工程大学基础研究基金资助项目(WJY201520)。

Trusted access authentication protocol for mobile nodes in Internet of things

ZHANG Xin1,2, YANG Xiaoyuan1,2,3, ZHU Shuaishuai1,2, YANG Haibing1,3   

  1. 1. Department of Electronic Technology, Engineering College of Chinese People's Armed Police Force, Xi'an Shaanxi 710086, China;
    2. Key Laboratory of Network & Information Security under People's Armed Police, Engineering College of Chinese People's Armed Police Force, Xi'an Shaanxi 710086, China;
    3. Institute of Information Security, Engineering College of Chinese People's Armed Police Force, Xi'an Shaanxi 710086, China
  • Received:2016-05-12 Revised:2016-06-15 Online:2016-11-10 Published:2016-11-12
  • Supported by:
    This work is partially supported by the National Natural Science Foundation of China (61402530,61272492,61572521), the Basic Research Foundation of Engineering College of PAP (WJY201520).

摘要: 无线传感器网络(WSN)中的移动节点缺乏可信性验证,提出一种物联网(IoT)环境下移动节点可信接入认证协议。传感器网络中移动汇聚节点(Sink节点)同传感器节点在进行认证时,传感器节点和移动节点之间完成相互身份验证和密钥协商。传感器节点同时完成对移动节点的平台可信性验证。认证机制基于可信计算技术,给出了接入认证的具体步骤,整个过程中无需基站的参与。在认证时利用移动节点的预存的假名和对应公私钥实现移动节点的匿名性,并在CK(Canetti-Krawczyk)模型下给出了安全证明。在计算开销方面与同类移动节点认证接入方案相比,该协议快速认证的特点更适合物联网环境。

关键词: 物联网, 可信认证, 移动节点, CK安全模型

Abstract: In view of the problem that mobile nodes lack trusted verification in Wireless Sensor Network (WSN), a mobile node access authentication protocol was proposed in Internet of Things (IoT). Mutual authentication and key agreement between the sensor nodes and mobile sink nodes were realized, when they wre authenticated. At the same time, the trustness of mobile node platform was authenticated by sensor nodes. The authentication scheme was based on trusted computing technology without using base station and its concrete steps were described in detail. Pseudonyms and the corresponding public/private keys were used in authentication to achieve the protection of the user privacy. The proposed scheme was provably secure in the CK (Canetti-Krawczyk) security model. Compared to similar mobile node schemes, the protocol is more suitable for fast authentication in IoT, with less computation and communication overhead.

Key words: Internet of Things (IoT), trusted authentication, mobile node, Canetti-Krawczyk (CK) security model

中图分类号: