一种面向物联网设备的口令认证密钥协商协议

doi:10.3969/j.issn.1671-1122.2021.10.012

信息网络安全 ›› 2021, Vol. 21 ›› Issue (10): 83-89.doi: 10.3969/j.issn.1671-1122.2021.10.012

一种面向物联网设备的口令认证密钥协商协议

肖帅¹^,², 张翰林¹(), 咸鹤群¹, 陈飞¹

1.青岛大学计算机科学技术学院,青岛 266071
2.贵州大学贵州省公共大数据重点实验室,贵阳 550025

收稿日期:2021-05-31 出版日期:2021-10-10 发布日期:2021-10-14
通讯作者: 张翰林 E-mail:hanlin@qdu.edu.cn
作者简介:肖帅（1993—）,男,山东,硕士研究生,主要研究方向为密钥认证协议|张翰林（1988—）,男,山东,讲师,博士,主要研究方向为密码协议|咸鹤群（1979—）,男,山东,副教授,博士,主要研究方向为密码学|陈飞（1984—）,男,山东,副教授,博士,主要研究方向为云计算
基金资助:
国家自然科学基金青年基金(62102212);青岛市自主创新重大专项(21-1-2-21-XX)

A Password Authentication Key Agreement Protocol for IoT Devices

XIAO Shuai¹^,², ZHANG Hanlin¹(), XIAN Hequn¹, CHEN Fei¹

1. College of Computer Science and Technology, Qingdao University, Qingdao 266071, China
2. Guizhou Provincial Key Laboratory of Public Big Data, Guizhou University, Guiyang 550025, China

Received:2021-05-31 Online:2021-10-10 Published:2021-10-14
Contact: ZHANG Hanlin E-mail:hanlin@qdu.edu.cn

摘要/Abstract

摘要：

建立高能效、高安全性的水下无线传感器网络（Underwater Wireless Sensor Network,UWSN）对于监控资源丰富的海洋、湖泊具有重要意义。而UWSN自身能量资源有限且水下无线通信能量消耗高,目前对无线通信的研究大多从低能耗出发,从而忽视安全问题。身份认证作为通信安全的第一道防线,在UWSN的安全交互中发挥着重要作用。文章提出一种新的基于口令的身份认证方案,该方案利用口令认证的优点来减少对公钥基础设施的依赖。利用哈希函数模拟密钥分配中心（Key Distribution Centre,KDC）,可减少对KDC的依赖,避免额外的通信代价和单点失败,可实现更好的安全性。最后,对提出的认证密钥交换协议进行实现,并评估了认证方案的性能。

关键词: 水下无线传感器网络, 通信安全, 基于口令的身份认证, 认证密钥交换

Abstract:

Establishing an underwater wireless sensor network (UWSN) with high energy efficiency and high security is of great significance for monitoring resource-rich oceans and lakes. Due to the resource-constraint of UWSN and the high-energy consumption of underwater wireless communication, most of the current research on wireless communication starts with low energy consumption and ignores security issues. As the first line of defense for Communications security, identity authentication plays an important role in the secure interaction of UWSN. This paper proposes a new password-based identity authentication scheme for UWSN, which uses the advantages of password authentication to reduce the dependence on public key infrastructure. Utilizing the hash function simulation key distribution center (KDC) reduces the dependence on the KDC, which avoids additional communication costs and single point of failure, achieves a higher security. Finally, the proposed authentication key exchange protocol is implemented, and the performance of the authentication scheme is evaluated.

Key words: underwater wireless sensor network, communications security, password-based identity authentication, authenticated key exchange

中图分类号:

TP309

肖帅, 张翰林, 咸鹤群, 陈飞. 一种面向物联网设备的口令认证密钥协商协议[J]. 信息网络安全, 2021, 21(10): 83-89.

XIAO Shuai, ZHANG Hanlin, XIAN Hequn, CHEN Fei. A Password Authentication Key Agreement Protocol for IoT Devices[J]. Netinfo Security, 2021, 21(10): 83-89.

图/表 4

表1

表2

表3

表4

参考文献 17

[1]	LIU Meiqin, HAN Xueyan, ZHANG Senlin, et al. Research Status and Prospect of Target Tracking Technologies via Underwater Sensor Networks[J]. Acta Automatica Sinica, 2021, 47(2):235-251.
	刘妹琴, 韩学艳, 张森林, 等. 基于水下传感器网络的目标跟踪技术研究现状与展望[J]. 自动化学报, 2021, 47(2):235-251.
[2]	GALINDO D, ROMAN R, LOPEZ J. A Killer Application for Pairings: Authenticated Key Establishment in Underwater Wireless Sensor Networks [C]// Springer. CANS 2008: Cryptology and Network Security, December 2-4, 2008, Hong Kong, China. Berlin: Springer, 2008: 120-132.
[3]	ZHENG Junjie, LI Yanbin, YIN Lu, et al. Research of Structure and Architecture for Underwater Sensor Networks[J]. Computer Science, 2013, 40(S1):251-254.
	郑君杰, 李延斌, 尹路, 等. 水下传感器网络系统架构与体系结构研究[J]. 计算机科学, 2013, 40(S1):251-254.
[4]	BELLOVIN S M, MERRITT M. Encrypted Key Exchange:Password-based Protocols Secure Against Dictionary Attacks [C]//IEEE. 1992 IEEE Symposium on Security and Privacy, May 4-6, 1992, Oakland, CA, USA. Piscataway: IEEE, 1992: 72-84.
[5]	LI Zengpeng, WANG Ding. Achieving One-round Password-based Authenticated Key Exchange over Lattices[EB/OL]. https://doi.org/10.1109/TSC.2019.2939836, 2021-04-15.
[6]	LI Zengpeng, WANG Ding, MORAIS E. Quantum-safe Round-optimal Password Authentication for Mobile Devices[EB/OL]. https://doi.org/10.1109/TDSC.2020.3040776, 2021-04-15.
[7]	HAO F, SHAHANDASHTI S F. The SPEKE Protocol Revisited [C]//Springer. SSR 2014: Security Standardisation Research, October 22-24, 2014, Heraklion, Crete, Greece. Cham: Springer, 2014: 26-38.
[8]	HAO F, RYAN P. J-PAKE:Authenticated Key Exchange without PKI [C]//Springer. Transactions on Computational Science XI, December 12-14, 2010, Kuala Lumpur, Malaysia. Berlin: Springer, 2010: 192-206.
[9]	SHIN S, KOBARA K. Efficient Augmented Password-only Authentication and Key Exchange for IKEv2[EB/OL]. https://www.rfc-editor.org/rfc/pdfrfc/rfc6628.txt.pdf, 2021-05-08.
[10]	LI Zengpeng, YANG Zheng, SZALACHOWSKI P, et al. Building Low-interactivity Multifactor Authenticated Key Exchange for Industrial Internet of Things[J]. IEEE Internet of Things Journal, 2021, 8(2):844-859. doi: 10.1109/JIoT.6488907 URL
[11]	ABDALLA M, POINTCHEVAL D. Simple Password-based Encrypted Key Exchange Protocols [C]//Springer. CT-RSA 2005, December 14-16, 2005, Xiamen, China. Berlin: Springer, 2005: 191-208.
[12]	ABDALLA M, BARBOSA M. Perfect Forward Security of SPAKE2[EB/OL]. https://eprint.iacr.org/2019/1194.pdf, 2021-04-15.
[13]	FIORE D, GENNARO R. Identity-based Key Exchange Protocols without Pairings [C]//Springer. Transactions on Computational Science X, December 12-14, 2010, Kuala Lumpur, Malaysia. Berlin: Springer, 2010: 42-77.
[14]	NAOR M, PAZ S, RONEN E. CHIP and CRISP: Compromise Resilient Identity-based Symmetric PAKEs[EB/OL]. https://eprint.iacr.org/2020/529.pdf, 2021-04-15.
[15]	WAN Changsheng, PHOHA V V, TANG Yuzhe, et al. Non-interactive Identity-based Underwater Data Transmission with Anonymity and Zero Knowledge[J]. IEEE Transactions on Vehicular Technology, 2018, 67(2):1726-1739. doi: 10.1109/TVT.25 URL
[16]	DIAMANT R, CASARI P, TOMASIN S. Cooperative Authentication in Underwater Acoustic Sensor Networks[J]. IEEE Transactions on Wireless Communications, 2019, 18(2):954-968. doi: 10.1109/TWC.2018.2886896 URL
[17]	SCHNORR C P. Efficient Signature Generation by Smart Cards[J]. Journal of Cryptology, 1991, 4(3):161-174. doi: 10.1007/BF00196725 URL

符号	含义	符号	含义
P_A, _PB	参与协议用户	Adv	攻击敌手
pw	口令	r_A, r_B	随机私钥
p	大素数	k	安全参数
id_A,id_B	用户身份标识	K	会话密钥
G	循环群	H_i(·)	单向哈希函数

口令长度/Byte 密钥长度/bit	4	6	8	10
128	1.549	1.638	1.692	1.659
256	6.559	6.492	6.755	6.495
512	14.436	14.413	14.375	14.418
1024	99.125	99.449	95.046	95.184
2048	675.921	679.367	683.874	680.275

方案	通信轮数	用户计算代价	服务器计算代价	是否需要KDC
文献[8]方案	同步2轮	5_τ_e	5τ_e	是
文献[9]方案	异步4轮	2τ_e	2τ_e	否
文献[11]方案	同步1轮	4τ_e	4τ_e	是
文献[13]方案	同步1轮	4τ_e	4τ_e	是
本文方案	同步1轮	6τ_e	6τ_e	否

方案	抵抗冒充攻击	会话密钥安全	零知识证明	抵抗重放攻击	前向安全
文献[8]方案	是	是	是	是	是
文献[11]方案	是	是	否	是	是
本文方案	是	是	是	是	是

一种面向物联网设备的口令认证密钥协商协议

A Password Authentication Key Agreement Protocol for IoT Devices

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 4

参考文献 17

相关文章 5

编辑推荐

Metrics

本文评价

[1]	王超, 韩益亮, 段晓巍, 李鱼. 基于密钥封装机制的RLWE型认证密钥交换协议[J]. 信息网络安全, 2021, 21(6): 80-88.
[2]	张骁, 刘吉强. 基于硬件指纹和生物特征的多因素身份认证协议[J]. 信息网络安全, 2020, 20(8): 9-15.
[3]	李鱼, 韩益亮, 李喆, 朱率率. 基于LWE的抗量子认证密钥交换协议[J]. 信息网络安全, 2020, 20(10): 92-99.
[4]	黎水林, 陈广勇, 陶源. 网络安全等级保护测评中网络和通信安全测评研究[J]. 信息网络安全, 2018, 18(9): 19-24.
[5]	胡金山;陈庆荣. 基于口令协商密钥的应急通信安全传输方案[J]. , 2013, 13(10): 0-0.