信息网络安全 ›› 2021, Vol. 21 ›› Issue (5): 74-81.doi: 10.3969/j.issn.1671-1122.2021.05.009

• 技术研究 • 上一篇    下一篇

隐式证书的国密算法应用研究

王开轩1,2, 滕亚均1,2, 王琼霄1,2(), 王伟2   

  1. 1.中国科学院大学网络空间安全学院,北京 100049
    2.中国科学院信息工程研究所信息安全国家重点实验室,北京 100093
  • 收稿日期:2020-12-30 出版日期:2021-05-10 发布日期:2021-06-22
  • 通讯作者: 王琼霄 E-mail:wangqiongxiao@iie.ac.cn
  • 作者简介:王开轩(1995—),男,山东,硕士研究生,主要研究方向为网络认证|滕亚均(1996—),男,山东,博士研究生,主要研究方向为网络空间安全|王琼霄(1982—),女,辽宁,高级工程师,博士,主要研究方向为网络认证、密码应用|王伟(1988—),男,河北,助理研究员,博士,主要研究方向为密码技术应用
  • 基金资助:
    国家重点研发计划(2018YFB0804600);国家密码发展基金(MMJJ20180221)

Research on the Application of SM Algorithms of Implicit Certificate

WANG Kaixuan1,2, TENG Yajun1,2, WANG Qiongxiao1,2(), WANG Wei2   

  1. 1. Chinese Academy of Sciences University, School of Cyberspace Security, Beijing 100049, China
    2. Institute of Information Engineering, Chinese Academy of Sciences, State Key Laboratory of Information Security, Beijing 100093, China
  • Received:2020-12-30 Online:2021-05-10 Published:2021-06-22
  • Contact: WANG Qiongxiao E-mail:wangqiongxiao@iie.ac.cn

摘要:

随着5G技术的发展,万物互联成为当今科技领域的主流发展方向。在物联网设备节点日益增加的同时,物联网的安全认证问题变得更加重要。近几年,物联网领域的安全问题频出,大量的微型物联网设备缺乏网络认证机制。相较于传统的认证方案,对于物联网设备而言,隐式证书方案在内存占用和计算量上更符合内存和计算资源受限的物联网应用环境。文章基于SM2、SM3国密算法,设计了一种国密隐式证书的方案,利用OpenSSL实现了国密隐式证书颁发、签名和验签的功能,并将传统数字证书与国密隐式证书方案进行对比。实验显示文章方案在验签耗时上明显优于传统的数字证书。

关键词: 物联网安全, 网络认证, 隐式证书, 国密算法, OpenSSL

Abstract:

With the development of 5G technology, Internet of Everything has become the mainstream development direction in today's science and technology field.With the increasing number of device nodes in Internet of Thing, the security authentication of the Internet of Things becomes more and more important.In recent years, there have been frequent security problems in the field of Internet of Things,a large number of micro IoT devices have no corresponding authentication mechanism. For IoT devices, compared with traditional authentication schemes, implicit certificate schemes are more suitable for memory resource-constrained application environments in terms of computation. Based on SM2 and SM3,this paper designs an implicit certificate scheme,and uses OpenSSL to implement the functions of issuing,signing and verifying the implicit certificate.At the same time, based on the implementation of traditional digital certificate scheme and SM algorithms implicit certificate scheme,this paper carries out performance test and analysis and comparison on the same platform, the results show that the proposed scheme is significantly better than the traditional scheme on the verification in terms of time consumption.

Key words: IoT security, network authentication, implicit certificate, SM algorithms, OpenSSL

中图分类号: