信息网络安全 ›› 2024, Vol. 24 ›› Issue (2): 179-187.doi: 10.3969/j.issn.1671-1122.2024.02.002

• 物联网安全 • 上一篇    下一篇

物联网环境下基于SM9算法和区块链技术的身份认证方法

翟鹏1,2, 何泾沙1,2(), 张昱2   

  1. 1.北京工业大学信息学部,北京100124
    2.济宁学院计算机科学与工程学院,济宁 273100
  • 收稿日期:2023-02-27 出版日期:2024-02-10 发布日期:2024-03-06
  • 通讯作者: 何泾沙 E-mail:jhe@bjut.edu.cn
  • 作者简介:翟鹏(1978—),男,山东,副教授,博士,主要研究方向为网络安全、物联网及区块链技术|何泾沙(1961—),男,陕西,教授,博士,主要研究方向为计算机和网络安全、测试与分析和云计算|张昱(1978—),男,山东,讲师,博士,主要研究方向为网络安全、隐私保护
  • 基金资助:
    北京市自然科学基金(IS23054)

An Identity Authentication Method Based on SM9 and Blockchain in the IoT Environment

ZHAI Peng1,2, HE Jingsha1,2(), ZHANG Yu2   

  1. 1. Faculty of Information Technology, Beijing University of Technology, Beijing 100124, China
    2. School of Computer Science and Engineering, Jining University, Jining 273100, China
  • Received:2023-02-27 Online:2024-02-10 Published:2024-03-06
  • Contact: HE Jingsha E-mail:jhe@bjut.edu.cn

摘要:

物联网环境下的终端设备需要进行相互识别和身份认证来保障网络安全和数据安全,身份认证是物联网安全保障的第一道防线,现有的传统公钥密码体制(PKI)过程繁琐、计算量大,不能很好地满足资源受限、开放、分布式物联网环境。文章基于SM9标识密码算法设计了一种基于区块链的物联网终端身份认证方案,基于计算性 Diffie-Hellman困难问题、q-Diffie-Hellman逆问题和双线性DH困难问题的假设下,可以极大满足机密性和不可伪造性,更加符合物联网实际应用环境。该方案采用设备身份标识作为公钥,简化了密钥分发管理流程,另外区块链作为一种去中心化的底层存储数据库,用来记录密钥、证书、签名等信息,可以为认证流程进行可信背书。通过性能和Proverif形式化安全性分析,并与目前主流的几种认证方式进行比较,证明该方案可以满足物联网环境下时间、性能及安全性的需求。

关键词: 物联网, SM9算法, 身份认证, 区块链

Abstract:

Terminal devices in the Internet of Things (IoT) environment need to identify and authenticate each other to ensure network security and data security, and authentication is the first line of defense for IoT security, and the existing traditional public key cryptosystem (PKI) is cumbersome and computationally intensive, which can not satisfy the resource-constrained, open, and distributed IoT environment well. In this paper, a blockchain-based two-way authentication scheme for IoT terminals was designed based on the SM9 identity cryptography algorithm, which could greatly satisfy the confidentiality and unforgeability based on the assumptions of the computational Diffie-Hellman hard problem, the q-Diffie-Hellman inverse problem, and the bilinear Diffie-Hellman hard problem, and was more in line with the practical application environment of the IoT. The scheme adopted the device identity as the public key, which simplified the key distribution management process. In addition, the blockchain, as a decentralized underlying storage database used to record information such as keys, certificates, signatures, etc., could be used to carry out credible endorsement for the authentication process. Through performance and Proverif formalized security analysis, and comparing several current mainstream authentication methods, the scheme can meet the time, performance and security requirements in the IoT environment.

Key words: Internet of Things, SM9, identity authentication, blockchain

中图分类号: