信息网络安全 ›› 2021, Vol. 21 ›› Issue (6): 1-10.doi: 10.3969/j.issn.1671-1122.2021.06.001

• 等级保护 •    下一篇

一种基于SGX的工业物联网身份认证协议

刘忻1(), 郭振斌1, 宋宇宸2   

  1. 1. 兰州大学信息科学与工程学院,兰州 730000
    2. 应急管理部通信信息中心,北京 100013
  • 收稿日期:2021-03-08 出版日期:2021-06-10 发布日期:2021-07-01
  • 通讯作者: 刘忻 E-mail:xinl@lzu.edu.cn
  • 作者简介:刘忻(1988—),男,甘肃,讲师,博士,主要研究方向为认证协议、零信任体系架构、机密计算|郭振斌(1994—),男,山东,硕士研究生,主要研究方向为认证协议、机密计算|宋宇宸(1991—),男,北京,工程师,硕士,主要研究方向为区块链、机器学习、无线传感器网络
  • 基金资助:
    中央高校基本科研业务费专项资金(lzujbky-2020-6);甘肃省科技计划项目(20YF3FA024);兰州市科技计划项目(2019-4-47)

An Authentication Scheme Based on SGX for Industrial Internet of Things

LIU Xin1(), GUO Zhenbin1, SONG Yuchen2   

  1. 1. School of Information Science & Engineering, Lanzhou University, Lanzhou 730000, China;
    2. Ministry of Emergency Management Communication and Information Center, Beijing 100013, China
  • Received:2021-03-08 Online:2021-06-10 Published:2021-07-01
  • Contact: LIU Xin E-mail:xinl@lzu.edu.cn

摘要:

工业物联网广泛应用于制造、物流、石油和航空等领域,为现代工业的生产运营带来了革命性的机遇。但由于工业物联网通信信道的开放性和终端设备的资源有限性,数据和控制指令传输的安全性、实时性及高效性变得尤为重要。因此,专门设计一种适用于工业物联网的认证协议十分重要。目前,大部分认证协议不能很好地抵抗来自内部的特权用户攻击,且没有实现终端节点的不可追踪性,因此,文章设计了一种基于SGX技术的工业物联网认证协议。该协议采用SGX存储主密钥,同时借助SGX内存保密的特点实现机密计算。该协议可以有效抵抗特权用户攻击和终端节点的追踪攻击。最后,文章通过AVISPA仿真工具和非形式化安全分析证明了协议的安全性,并通过性能对比分析和NS3仿真证明了协议具有更好的实用性及先进性。

关键词: 工业物联网安全, 认证协议, 机密计算, 特权用户攻击

Abstract:

Industrial internet of things is widely used in manufacturing, logistics, petroleum, aviation and other fields, which brings revolutionary opportunities for the production and operation of modern industry. However, due to the openness of the communication channel of the industrial Internet of things and the limited resources of the terminal equipment, the security, real-time and high efficiency of data and control instruction transmission are particularly important. Therefore, a secure and efficient authentication scheme for industrial Internet of things is indispensable. In recent years, most of the authentication schemes are vulnerable to privileged user attacks and terminal equipment tracking attacks. This paper designs an authentication scheme based on SGX for industrial Internet of things. The scheme uses SGX to store the master key and realizes the confidential computing by the characteristics of SGX memory confidentiality, which can effectively resist the privileged user attacks and the terminal equipment tracking attacks. Finally, the AVISPA simulation tool and the formal security analysis prove that the proposed scheme has more comprehensive security. The performance comparison and NS3 simulation prove that the scheme has better practicability and advanced nature.

Key words: industrial internet of things security, authentication scheme, confidential computing, privileged user attacks

中图分类号: