隐式证书的国密算法应用研究

doi:10.3969/j.issn.1671-1122.2021.05.009

信息网络安全 ›› 2021, Vol. 21 ›› Issue (5): 74-81.doi: 10.3969/j.issn.1671-1122.2021.05.009

隐式证书的国密算法应用研究

王开轩¹^,², 滕亚均¹^,², 王琼霄¹^,²(), 王伟²

1.中国科学院大学网络空间安全学院,北京 100049
2.中国科学院信息工程研究所信息安全国家重点实验室,北京 100093

收稿日期:2020-12-30 出版日期:2021-05-10 发布日期:2021-06-22
通讯作者: 王琼霄 E-mail:wangqiongxiao@iie.ac.cn
作者简介:王开轩（1995—）,男,山东,硕士研究生,主要研究方向为网络认证|滕亚均（1996—）,男,山东,博士研究生,主要研究方向为网络空间安全|王琼霄（1982—）,女,辽宁,高级工程师,博士,主要研究方向为网络认证、密码应用|王伟（1988—）,男,河北,助理研究员,博士,主要研究方向为密码技术应用
基金资助:
国家重点研发计划(2018YFB0804600);国家密码发展基金(MMJJ20180221)

Research on the Application of SM Algorithms of Implicit Certificate

WANG Kaixuan¹^,², TENG Yajun¹^,², WANG Qiongxiao¹^,²(), WANG Wei²

1. Chinese Academy of Sciences University, School of Cyberspace Security, Beijing 100049, China
2. Institute of Information Engineering, Chinese Academy of Sciences, State Key Laboratory of Information Security, Beijing 100093, China

Received:2020-12-30 Online:2021-05-10 Published:2021-06-22
Contact: WANG Qiongxiao E-mail:wangqiongxiao@iie.ac.cn

摘要/Abstract

摘要：

随着5G技术的发展,万物互联成为当今科技领域的主流发展方向。在物联网设备节点日益增加的同时,物联网的安全认证问题变得更加重要。近几年,物联网领域的安全问题频出,大量的微型物联网设备缺乏网络认证机制。相较于传统的认证方案,对于物联网设备而言,隐式证书方案在内存占用和计算量上更符合内存和计算资源受限的物联网应用环境。文章基于SM2、SM3国密算法,设计了一种国密隐式证书的方案,利用OpenSSL实现了国密隐式证书颁发、签名和验签的功能,并将传统数字证书与国密隐式证书方案进行对比。实验显示文章方案在验签耗时上明显优于传统的数字证书。

关键词: 物联网安全, 网络认证, 隐式证书, 国密算法, OpenSSL

Abstract:

With the development of 5G technology, Internet of Everything has become the mainstream development direction in today's science and technology field.With the increasing number of device nodes in Internet of Thing, the security authentication of the Internet of Things becomes more and more important.In recent years, there have been frequent security problems in the field of Internet of Things,a large number of micro IoT devices have no corresponding authentication mechanism. For IoT devices, compared with traditional authentication schemes, implicit certificate schemes are more suitable for memory resource-constrained application environments in terms of computation. Based on SM2 and SM3,this paper designs an implicit certificate scheme,and uses OpenSSL to implement the functions of issuing,signing and verifying the implicit certificate.At the same time, based on the implementation of traditional digital certificate scheme and SM algorithms implicit certificate scheme,this paper carries out performance test and analysis and comparison on the same platform, the results show that the proposed scheme is significantly better than the traditional scheme on the verification in terms of time consumption.

Key words: IoT security, network authentication, implicit certificate, SM algorithms, OpenSSL

中图分类号:

TP309

王开轩, 滕亚均, 王琼霄, 王伟. 隐式证书的国密算法应用研究[J]. 信息网络安全, 2021, 21(5): 74-81.

WANG Kaixuan, TENG Yajun, WANG Qiongxiao, WANG Wei. Research on the Application of SM Algorithms of Implicit Certificate[J]. Netinfo Security, 2021, 21(5): 74-81.

图/表 11

表1

图1

表2

图2

图3

图4

图5

表3

图6

图7

图8

参考文献 18

[1]	FARAZ I K, SUFIAN H. Understanding Security Requirements and Challenges in Internet of Things (IoT): A Review[J]. Journal of Computer Networks and Communications, 2019,19(1):14-15.
[2]	PANAGIOTIS R G, PANAGIOTIS G. Sarigiannidis, IOANNIS D. Moscholios. Securing the Internet of Things: Challenges, Threats and Solutions[J]. Internet of Things, 2019,5(3):41-70. doi: 10.1016/j.iot.2018.11.003 URL
[3]	HA D A, NGUYEN K T, ZAO J K. Efficient Authentication of Resource-constrained IoT Devices Based on ECQV Implicit Certificates and Datagram Transport Layer Security Protocol[C]// SoICT. Proceedings of the Seventh Symposium on Information and Commun ication Technology, December 8-9, 2016, New York, USA. New York: Association for Computing Machinery, 2016: 173-179.
[4]	AKESTORIDIS D G, HARISHANKAR M, WEBER M, et al. Zigator: Analyzing the Security of Zigbee-enabled Smart Homes[C]// WiSec. Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks, July 8-10, 2020, New York, USA. New York: Association for Computing Machinery, 2020: 77-88.
[5]	WASEF A, JIANG Yixin, SHEN Xuemin. DCS: An Efficient Distributed-certificate-service Scheme for Vehicular Networks[J]. IEEE. Transactions on Vehicular Technology, 2009,59(2):533-549. doi: 10.1109/TVT.2009.2028893 URL
[6]	VAN T, HENK C, SUSHIL J. Encyclopedia of Cryptography and Security[M]. Berlin: Springer Science & Business Media, 2014.
[7]	ERGEN S C. ZigBee/IEEE 802.15.4 Summary[J]. UC Berkeley. 2004,10(17):10-11.
[8]	U.S. Department of Transportation. Security Credential Management System[EB/OL]. https://www.its.dot.gov/resources/scms.htm, 2020-12-15.
[9]	China Industrial Development Research Institute. Industrial Internet of Things Information Security Protection Technology[EB/OL]. http://www.zfcyy.com.cn/, 2019-06-03.
	中国产业发展研究院. 工业物联网信息安全防护技术[EB/OL]. http://www.zfcyy.com.cn/, 2019-06-03.
[10]	CHRISTOPH G GÜNTHER. , An Identity-based Key-exchange Protocol[EB/OL]. https://link.sprin ger.com/content/pdf/10.1007%2F3-540-46885-4_5.pdf, 2002-10-26.
[11]	BROWN DANIEL R L, GALLANT ROBERT P, VANSTONE SCOTT A. Provably Secure Implicit Certificate Schemes[C]// FC. In Proceedings of the 5th International Conference on Financial Cryptography, February 19-22, 2002, Verlag, Berlin. Heidelberg: Springer, 2002: 156-165.
[12]	RABAD I, NADER M. Anonymous Group Implicit Certificate Scheme[EB/OL]. http://citeseerx.ist.psu.edu/viewdoc/download? doi=10.1.1.32.2221&rep=rep1&type=pdf, 2020-10-26.
[13]	LI Wenhao, LI Haibo, CHEN Haibo, et al. AdAttester: Secure Online Mobile Advertisement Attestation Using Trustzone[EB/OL]. https://www.trustkernel.org/uploads/pubs/AdAttester_MobiSys15.pdf, 2015-05-01.
[14]	CAMPAGNA M. SEC 4: Elliptic Curve Qu-vanstone Implicit Certificate Scheme (ECQV)[EB/OL]. https://www.secg.org/draft-sec4-1.1.pdf, 2013-11-06.
[15]	MELNIKOV A, CHUANG W. Internationalized Email Addresses in X. 509 Certificates[EB/OL]. https://www.rfceditor.org/info/rfc8 398, 2018-05-01.
[16]	HOUSLEY R, POLK W, FORD W, et al. RFC3280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile[EB/OL]. https://tools.ietf.org/html/rfc3280, 2020-12-28.
[17]	GM/T0003-2012. SM2 Elliptic Curve Public Key Cryptographic Algorithm[S]. Beijing: State Cryptography Administration, 2012.
	GM/T0003-2012. SM2椭圆曲线公钥密码算法[S]. 北京:国家密码管理局, 2012.
[18]	GM/T0004-2012. SM3 cryptographic hash algorithm[S]. Beijing: State Cryptography Administration, 2012.
	GM/T0004-2012. SM3密码杂凑算法[S]. 北京:国家密码管理局, 2012.

参数定义	参数说明
${{R}_{U}}/{{k}_{U}}$	用户的公/私钥
${{Q}_{CA}}/{{d}_{CA}}$	CA的公/私钥
${{P}_{U}}/r$	公钥/私钥重构值
${{Q}_{U}}/{{d}_{U}}$	最终公钥/私钥值
$\text{ }\!\!~\!\!\text{ }e$	证书杂凑值
${{H}_{n}}$	密码杂凑算法
$Cer{{t}_{U}}$	用户证书

参数定义	参数说明
Type	证书类型
SerialNumber	证书序列号
SubjectID	证书主体标识
IssuerID	颁发者标识
ValidFrom	证书起始时间
ValidDuration	证书有效时间
KeyUsage	密钥用途
$\text{PublicReconKey}$	公钥重构值

相关参数	参数指标
CPU	Intel(R) Core i7-8750H
主频	2.20 GHz
操作系统	Windows 10 64位
集成开发环境	Visual Studio 2019

隐式证书的国密算法应用研究

Research on the Application of SM Algorithms of Implicit Certificate

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 11

参考文献 18

相关文章 9

编辑推荐

Metrics

本文评价

[1]	吴志红, 赵建宁, 朱元, 陆科. 国密算法和国际密码算法在车载单片机上应用的对比研究[J]. 信息网络安全, 2019, 19(8): 68-75.
[2]	陈付龙, 张紫阳, 王涛春, 谢冬. 一种基于联络信号的物联网安全身份认证方法[J]. 信息网络安全, 2018, 18(11): 40-48.
[3]	李兆斌, 刘丹丹, 黄鑫, 曹浩. 基于国密算法的安全接入设备设计与实现[J]. 信息网络安全, 2016, 16(11): 19-27.
[4]	张晓惠, 林柏钢. 基于平衡二叉决策树SVM算法的物联网安全研究[J]. 信息网络安全, 2015, 15(8): 20-25.
[5]	王毓娜, 吕秋云. 基于生物识别的网络身份认证新方案[J]. 信息网络安全, 2014, 14(8): 1-5.
[6]	沈亮;张艳;顾健. 物联网网络层中基于IPv6的信息安全产品发展趋势研究[J]. , 2012, 12(8): 0-0.
[7]	任伟;赵俊阁. 智能电网安全架构与分析[J]. , 2012, 12(8): 0-0.
[8]	任伟;马良荔;叶敏. M2M技术及其安全性讨论[J]. , 2012, 12(7): 0-0.
[9]	任伟. 物联网安全架构与技术路线研究[J]. , 2012, 12(5): 0-0.