An Identity Authentication Method Based on SM9 and Blockchain in the IoT Environment

doi:10.3969/j.issn.1671-1122.2024.02.002

Abstract

Abstract:

Terminal devices in the Internet of Things (IoT) environment need to identify and authenticate each other to ensure network security and data security, and authentication is the first line of defense for IoT security, and the existing traditional public key cryptosystem (PKI) is cumbersome and computationally intensive, which can not satisfy the resource-constrained, open, and distributed IoT environment well. In this paper, a blockchain-based two-way authentication scheme for IoT terminals was designed based on the SM9 identity cryptography algorithm, which could greatly satisfy the confidentiality and unforgeability based on the assumptions of the computational Diffie-Hellman hard problem, the q-Diffie-Hellman inverse problem, and the bilinear Diffie-Hellman hard problem, and was more in line with the practical application environment of the IoT. The scheme adopted the device identity as the public key, which simplified the key distribution management process. In addition, the blockchain, as a decentralized underlying storage database used to record information such as keys, certificates, signatures, etc., could be used to carry out credible endorsement for the authentication process. Through performance and Proverif formalized security analysis, and comparing several current mainstream authentication methods, the scheme can meet the time, performance and security requirements in the IoT environment.

Key words: Internet of Things, SM9, identity authentication, blockchain

CLC Number:

TP309

ZHAI Peng, HE Jingsha, ZHANG Yu. An Identity Authentication Method Based on SM9 and Blockchain in the IoT Environment[J]. Netinfo Security, 2024, 24(2): 179-187.

Figures/Tables 6

References 28

[1]	PORAMBAGE P, KUMAR P, SCHMITT C, et al. Certificate-Based Pairwise Key Establishment Protocol for Wireless Sensor Networks[C]// IEEE. 2013 IEEE 16th International Conference on Computational Science and Engineering. New York: IEEE, 2013: 667-674.
[2]	DIAZ-SANCHEZ D, MARIN-LOPEZ A, ALMENAREZ F. TLS/PKI Challenges and Certificate Pinning Techniques for IoT and M2M Secure Communications[C]// IEEE. IEEE Communications Surveys & Tutorials. New York: IEEE, 2019: 3502-3531.
[3]	KUMAR P, GURTOV A, IINATTI J, et al. Lightweight and Secure Session-Key Establishment Scheme in Smart Home Environments[J]. IEEE Sensors Journal, 2016, 16(1): 254-264. doi: 10.1109/JSEN.2015.2475298 URL
[4]	GE Chunpeng, XIA Jinyue, FANG Liming. Key-Private Identity-Based Proxy Re-Encryption[J]. Cmc-Computers Materials & Continua, 2020, 63(2): 633-647.
[5]	RIVEST R L, SHAMIR A, ADLEMAN L. A Method for Obtaining Digital Signatures and Public-Key Cryptosystems[J]. Communications of the ACM, 1978, 21(2): 120-126. doi: 10.1145/359340.359342 URL
[6]	CHENG Xu, ZHANG Ziyang, CHEN Fulong, et al. Secure Identity Authentication of Community Medical Internet of Things[J]. IEEE Access, 2019, 7: 115966-115977. doi: 10.1109/ACCESS.2019.2935782
[7]	SHAMIR A. Identity-Based Cryptosystems and Signature Schemes[C]// Springer. Workshop on the Theory and Application of Cryptographic Techniques. Heidelberg: Springer, 1984: 47-53.
[8]	XIAO Hao, WEI Ren, FEI Yangyang, et al. A Blockchain-Based Cross-Domain and Autonomous Access Control Scheme for Internet of Things[J]. IEEE Transactions on Services Computing, 2023, 16(2): 773-786. doi: 10.1109/TSC.2022.3179727 URL
[9]	XIE Yong, XU Fang, LI Xiang, et al. EIAS: An Efficient Identity-Based Aggregate Signature Scheme for WSNs against Coalition Attack[J]. Cmc-Computers Materials & Continua, 2019, 59(3): 903-924.
[10]	YAN Hongyang, WANG Yu, JIA Chunfu, et al. IoT-FBAC: Function-Based Access Control Scheme Using Identity-Based Encryption in IoT[J]. Future Generation Computer Systems-the International Journal of Escience, 2019, 95: 344-353.
[11]	SIDDHARTHA V G, KANSAL L. A Lightweight Authentication Protocol Using Implicit Certificates for Securing IoT Systems[J]. Procedia Computer Science, 2020, 16(7): 9-17.
[12]	CUI Zhihua, XUE Fei, ZHANG Shiqiang, et al. A Hybrid BlockChain-Based Identity Authentication Scheme for Multi-WSN[J]. IEEE Transactions on Services Computing, 2020, 13(2): 241-251.
[13]	PUTRA G, DEDEOGLU V, KANHERE S, et al. Trust-Based Blockchain Authorization for IoT[J]. IEEE Transactions on Network and Service Management, 2021, 18(2): 1646-1658. doi: 10.1109/TNSM.2021.3077276 URL
[14]	CHENG Guanjie, CHEN Yan, DENG Shuiguang, et al. A Blockchain-Based Mutual Authentication Scheme for Collaborative Edge Computing[J]. IEEE Transactions on Computational Social Systems, 2022, 9(1): 146-158. doi: 10.1109/TCSS.2021.3056540 URL
[15]	XUE Kaiping, LUO Xinyi, MA Yongjin, et al. A Distributed Authentication Scheme Based on Smart Contract for Roaming Service in Mobile Vehicular Networks[J]. IEEE Transactions on Vehicular Technology, 2022, 71(5): 5284-5297. doi: 10.1109/TVT.2022.3148303 URL
[16]	GU Pengpeng, CHEN Liquan. An Efficient Blockchain-Based Cross-Domain Authentication and Secure Certificate Revocation Scheme[C]// IEEE. 2020 IEEE 6th International Conference on Computer and Communications (ICCC). New York:IEEE, 2020: 1776-1782.
[17]	LAI Jianchang, HUANG Xinyi, HE Debiao, et al. Security Analysis of SM9 Digital Signature and Key Encapsulation[J]. Science China: Information, 2021, 51(11): 1900-1913.
	赖建昌, 黄欣沂, 何德彪, 等. 国密 SM9 数字签名和密钥封装算法的安全性分析[J]. 中国科学:信息科学, 2021, 51(11): 1900-1913.
[18]	YANG Yatao, ZHANG Xiaowei, YUAN Zheng. Privacy Preserving Scheme in Block Chain with Provably Secure Based on SM9 Algorithm[J]. Journal of Software, 2019, 30(6): 1692−1704.
	杨亚涛, 张筱薇, 袁征. 基于SM9算法可证明安全的区块链隐私保护方案[J]. 软件学报, 2019, 30(6): 1692-1704.
[19]	YUAN Feng, CHENG Chaohui. Overview on SM9 Identity-Based Cryptographic Algorithm[J]. Journal of Information Security Research. 2016, 2(11): 18-27.
	袁峰, 程朝辉. SM9标识密码算法综述[J]. 信息安全研究, 2016, 2(11): 18-27.
[20]	PENG Cong, HE Debiao, LUO Min. An Identity-Based Ring Signature Scheme for SM9 Algorithm[J]. Journal of Cryptologic Research, 2021, 8(4): 724-734.
	彭聪, 何德彪, 罗敏. 基于SM9标识密码算法的环签名方案[J]. 密码学报, 2021, 8(4): 724-734.
[21]	ZHANG Xiaoshuai, LIU Chao, CHAI K, et al. A Privacy-Preserving Consensus Mechanism for an Electric Vehicle Charging Scheme[J]. Journal of Network and Computer Applications, 2021, 174: 161-174.
[22]	LI Yue. Design of a Key Establishment Protocol for Smart Home Energy Management System[C]// IEEE. 2013 Fifth International Conference on Computational Intelligence, Communication Systems and Networks. New York: IEEE, 2013: 88-93.
[23]	BINOD V D M, HUSSEIN T, MOUFTAH. Device Authentication Mechanism for Smart Energy Home Area Networks[C]// IEEE. 2011 IEEE International Conference on Consumer Electronics (ICCE). New York:IEEE, 2011: 787-788.
[24]	SCIANCALEPORE S, PIRO G, BOGGIA G, et al. Public Key Authentication and Key Agreement in IoT Devices with Minimal Airtime Consumption[C]// IEEE. IEEE Embedded Systems Letters. New York: IEEE, 2017: 1-4.
[25]	HAN K, KIM J, SHON T, et al. A Novel Secure Key Paring Protocol for RF4CE Ubiquitous Smart Home Systems[J]. Personal and Ubiquitous Computing, 2012, 17(5): 945-965. doi: 10.1007/s00779-012-0541-2 URL
[26]	HOSSAIN M, NOOR S, HASAN R. HSC-IoT: A Hardware and Software Co-Verification Based Authentication Scheme for Internet of Things[C]// IEEE. 2017 5th IEEE International Conference on Mobile Cloud Computing, Services, and Engineering (MobileCloud). New York:IEEE, 2017: 212-219.
[27]	KUMAR P, BRAEKEN A, GURTOV A, et al. Anonymous Secure Framework in Connected Smart Home Environments[J]. IEEE Transactions on Information Forensics and Security, 2017, 12(4): 968-979. doi: 10.1109/TIFS.2016.2647225 URL
[28]	PATEL S P D R, NAVIK A P. Energy Efficient Integrated Authentication and Access Control Mechanisms for Internet of Things[C]// IEEE. 2016 International Conference on Internet of Things and Applications (IOTA). New York:IEEE, 2016: 304-319.

符号	符号含义	符号	符号含义
$N$	${{G}_{1}}$，${{G}_{2}}$，${{G}_{T}}$的阶，均为素数	$I{{D}_{A}}$	终端A的标识
${{P}_{1}}$	${{G}_{1}}$的生成元	$I{{D}_{B}}$	终端B的标识
${{P}_{2}}$	${{G}_{2}}$的生成元	${{Q}_{A}}$	终端A的公钥
KGC	标识密码认证机构的密钥生成中心	${{d}_{A}}$	终端A的私钥
$KDF$	密钥派生函数	${{Q}_{B}}$	终端B的公钥
$K$	密钥派生函数生成的字符串	${{d}_{B}}$	终端B的私钥
CA	标识密码认证机构	${{r}_{A}},{{r}_{B}},{{r}_{1}},{{r}_{2}}$	随机数
$hid$	私钥生成函数识别符	$TS$	时间戳
$I{{D}_{S}}$	标识密码认证机构服务器的标识	$LT$	生存时间
${{P}_{pub}}$	标识密码认证机构服务器的主公钥	$Enc\left( {{k}_{1}},m \right)$	用密钥${{k}_{1}}$对$m$的对称加密算法
$s$	标识密码认证机构服务器的主私钥	$Dec\left( {{k}_{1}},m \right)$	用密钥${{k}_{1}}$对$m$的对称解密算法

模型	抵御重放攻击	抵御篡改攻击	抵御串谋攻击	抵御仿冒攻击	抵御中间人攻击	抵御拒绝服务攻击	前向安全
文献^[1]	No	No	Yes	Yes	No	Yes	Yes
文献^[3]	Yes	Yes	Yes	No	Yes	Yes	No
文献^[21]	Yes	No	No	Yes	Yes	No	Yes
文献^[22]	Yes	No	No	Yes	No	No	Yes
文献^[23]	No	No	No	Yes	No	No	Yes
文献^[24]	Yes	Yes	Yes	No	Yes	Yes	No
文献^[26]	Yes	No	No	No	No	No	Yes
文献^[28]	No	No	Yes	No	Yes	Yes	Yes
本文	Yes	Yes	Yes	Yes	Yes	Yes	Yes