Design of Reconfigurable Key Security Authentication Protocol for IoT Based on National Cryptography SM9

doi:10.3969/j.issn.1671-1122.2024.07.003

Abstract

Abstract:

To enhance the security and reliability of communication protocols and improve user privacy, a secure authentication protocol for IoT was designed based on the national cryptographic SM9. This protocol aimed to ensure both data source security and data transmission security. Using only point doubling, point addition, and Hash operations, the protocol achieved the encapsulation and reconstruction of shared keys. Additionally, it integrated pseudo one-time-one-key and one-time-one-identity mechanisms to enhance the security and efficiency of key transmission. The protocol guaranteed the security of ciphertext data transmission and identity authentication. The proposed scheme has been formally verified through ProVerif to satisfy nine critical security properties. Compared to other protocols, it incurs lower computational and communication overheads, making it highly suitable for resource-constrained industrial IoT devices.

Key words: SM9, identity authentication, key encapsulation, key reconstruction

CLC Number:

TP309

HUANG Wangwang, ZHOU Hua, WANG Daiqiang, ZHAO Qi. Design of Reconfigurable Key Security Authentication Protocol for IoT Based on National Cryptography SM9[J]. Netinfo Security, 2024, 24(7): 1006-1014.

Figures/Tables 15

References 14

[1]	WU Chuankun. An Overview on the Security Techniques and Challenges of the Internet of Things[J]. Journal of Cryptologic Research, 2015, 2(1): 40-53.
	武传坤. 物联网安全关键技术与挑战[J]. 密码学报, 2015, 2(1): 40-53. doi: 10.13868/j.cnki.jcr.000059
[2]	FANG He, QI A, WANG Xianbin. Fast Authentication and Progressive Authorization in Large-Scale IoT: How to Leverage AI for Security Enhancement[J]. IEEE Network, 2020, 34(3): 24-29.
[3]	TEDESCHI P, SCIANCALEPORE S, ELIYAN A, et al. LiKe: Lightweight Certificateless Key Agreement for Secure IoT Communications[J]. IEEE Internet of Things Journal, 2020, 7(1): 621-638.
[4]	QIU Fan, HU Kaiyu, ZUO Liming, et al. Distributed Control Identity Authentication Technology Based on SM9[J]. Computer Applications and Software, 2020, 37(9): 291-295.
	邱帆, 胡凯雨, 左黎明, 等. 基于国密SM9的配电网分布式控制身份认证技术[J]. 计算机应用与软件, 2020, 37(9): 291-295.
[5]	ODELU V, DAS A K, WAZID M, et al. Provably Secure Authenticated Key Agreement Scheme for Smart Grid[J]. IEEE Transactions on Smart Grid, 2018, 9(3): 1900-1910.
[6]	ABBASINEZHAD-MOOD D, NIKOOGHADAM M. Design and Hardware Implementation of a Security-Enhanced Elliptic Curve Cryptography Based Lightweight Authentication Scheme for Smart Grid Communications[J]. Future Generation Computer Systems, 2018, 84: 47-57.
[7]	GONG Xiang, FENG Tao. Lightweight Anonymous Authentication and Key Agreement Protocol Based on CoAP of Internet of Things[EB/OL]. (2022-09-22)[2024-04-21]. https://pubmed.ncbi.nlm.nih.gov/36236290/.
[8]	ABOSATA N, AL-RUBAYE S, INALHAN G. Lightweight Payload Encryption-Based Authentication Scheme for Advanced Metering Infrastructure Sensor Networks[J]. Sensors, 2022, 22(2): 534-544.
[9]	QURESHI N M F, SIDDIQUI I F, ABBAS A, et al. Stream-Based authentication Strategy Using IoT Sensor Data in Multi-Homing Sub-Aqueous Big Data Network[J]. Wireless Personal Communications, 2021, 116(2): 1217-1229.
[10]	DAS A K, WAZID M, YANNAM A R, et al. Provably Secure ECC-Based Device Access Control and Key Agreement Protocol for IoT Environment[J]. IEEE Access, 2019, 7: 55382-55397.
[11]	KHAN A A, KUMAR V, AHMAD M, et al. PALK: Password-Based Anonymous Lightweight Key Agreement Framework for Smart Grid[EB/OL]. (2020-05-14)[2024-04-21]. https://www.sciencedirect.com/science/article/abs/pii/S0142061519340621.
[12]	SAHIL G, KAUR K, KADDOUM G, et al. Secure and Lightweight Authentication Scheme for Smart Metering Infrastructure in Smart Grid[J]. IEEE Transactions on Industrial Informatics, 2020, 16(5): 3548-3557.
[13]	CHEN Yanru, YIN Fengming, HU Shunfang, et al. ECC-Based Authenticated Key Agreement Protocol for Industrial Control System[J]. IEEE Internet of Things Journal, 2023, 10(6): 4688-4697.
[14]	ZHAI Peng, HE Jingsha, ZHANG Yu. An Identity Authentication Method Based on SM9 and Blockchain in the IoT Environment[J]. Netinfo Security, 2024, 24(2): 179-187.

符号	解释
D_list	设备列表
D_list _iP	设备i参数
S_ks	服务器私钥
P_ks	服务器公钥
D_sx	服务器当前会话权限
P{sj}	服务器参数集
R₃₂(i)	32字节随机数
P_kni	节点i公钥
S_kni	节点i私钥
D_nix	端点i当前会话权限
P{ij}	节点i参数集
A\|B	拼接数据AB
Hash	摘要算法
Key	对称加密密钥
M \| M_enc	消息明文\|消息密文

安全特征	文献[5] 协议	文献[11]协议	文献[12] 协议	文献[13] 协议	本文协议
双向认证	√	√	√	√	√
抗未知共享密钥攻击	√	√	√	√	√
主体匿名性	×	×	×	√	√
消息完整性	×	×	×	√	√
完美的前向安全性	√	×	√	√	√
已知密钥安全性	√	√	√	√	√
抗重放攻击	×	√	×	√	√
抗假冒攻击	√	×	√	√	√
抗已知特定的临时会话信息攻击	×	×	√	√	√

协议	操作	计算开销/ms
文献[5]协议	5Tpm+2Tpa+12Th+2Tbp+2TXOR+2Tem	10.313
文献[11]协议	8Tpm+19Th+9TXOR+4Tsec	6.979
文献[12]协议	8Tpm+8Th+2Tpa	6.778
文献[13]协议	7Tpm+2Tpa+10Th+ 6TXOR	5.971
本文协议	9Tpm+12Th+5Tpa+2Tpv+4Tsec +2To	5.053

协议	消息	通信开销/bit
文献[5]协议	2Lp+3Lh+Lr+Lg+Lid	2432
文献[11]协议	2Lp+2Lsec+2Lt+3Lid+4Lh	2336
文献[12]协议	2Lp+6Lh+2Lid+2Lr+4Lt	2304
文献[13]协议	4Lp+6Lh	2240
本文协议	3Lp+5Lh+2Lr	2016

[1]	OUYANG Mengdi, SUN Qinshuo, LI Fagen. Subversion Attacks and Countermeasures of SM9 Encryption [J]. Netinfo Security, 2024, 24(6): 831-842.
[2]	DING Yong, LUO Shidong, YANG Changsong, LIANG Hai. An Identity-Based Deniable Ring Signature Scheme Based on SM9 Signature Algorithm [J]. Netinfo Security, 2024, 24(6): 893-902.
[3]	ZHANG Xuefeng, CHEN Tingting, MIAO Meixia, CHENG Yexia. Multi-Receiver Chaotic Key Generation Scheme Based on SM9 [J]. Netinfo Security, 2024, 24(4): 555-563.
[4]	ZHAI Peng, HE Jingsha, ZHANG Yu. An Identity Authentication Method Based on SM9 and Blockchain in the IoT Environment [J]. Netinfo Security, 2024, 24(2): 179-187.
[5]	ZHU Guocheng, HE Debiao, AN Haoyang, PENG Cong. The Proxy Voting Scheme Based on the Blockchain and SM9 Digital Signature [J]. Netinfo Security, 2024, 24(1): 36-47.
[6]	ZHOU Quan, CHEN Minhui, WEI Kaijun, ZHENG Yulong. Blockchain Access Control Scheme with SM9-Based Attribute Encryption [J]. Netinfo Security, 2023, 23(9): 37-46.
[7]	AN Haoyang, HE Debiao, BAO Zijian, PENG Cong. A Certificate-Based Digital Signature Scheme [J]. Netinfo Security, 2023, 23(3): 13-21.
[8]	ZHANG Xuefeng, HU Yixiu. A Revocable Identity-Based Broadcast Encryption Scheme Based on SM9 [J]. Netinfo Security, 2023, 23(1): 28-35.
[9]	WANG Shengwen, HU Aiqun. Design of E-mail Encryption System Based on SM9 Algorithm [J]. Netinfo Security, 2022, 22(6): 53-60.
[10]	WANG Shushuang, MA Zhaofeng, LIU Jiawei, LUO Shoushan. Research and Implementation of Cross-Chain Security Access and Identity Authentication Scheme of Blockchain [J]. Netinfo Security, 2022, 22(6): 61-72.
[11]	WU Kehe, CHENG Rui, JIANG Xiaochen, ZHANG Jiyu. Security Protection Scheme of Power IoT Based on SDP [J]. Netinfo Security, 2022, 22(2): 32-38.
[12]	WU Kehe, CHENG Rui, ZHENG Bihuang, CUI Wenchao. Research on Security Communication Protocol of Power Internet of Things [J]. Netinfo Security, 2021, 21(9): 8-15.
[13]	SHEN Zhuowei, GAO Peng, XU Xinyu. Design of DDS Secure Communication Middleware Based on Security Negotiation [J]. Netinfo Security, 2021, 21(6): 19-25.
[14]	ZHANG Yu, SUN Guangmin, LI Yu. Research on Mobile Internet Authentication Scheme Based on SM9 Algorithm [J]. Netinfo Security, 2021, 21(4): 1-9.
[15]	WANG Jian, ZHAO Manli, CHEN Zhihao, SHI Bo. An Authentication Scheme for Conditional Privacy Preserving Based on Pseudonym in Intelligent Transportation [J]. Netinfo Security, 2021, 21(4): 49-61.