物联网WSS簇间节点安全链路模型
|
摘要
针对物联网无线服务系统通信中易遭受数据窃听、恶意行为攻击和用户平台隐私泄露问题,提出了一个基于可信第三方的簇间节点安全链路模型.该模型基于离散对数困难问题和双线性对映射建立节点可信匿名认证及簇形结构地址查询机制,利用杂凑函数和随机数生成的临时身份代替节点的真实身份以实现匿名性,将可信第三方嵌入认证机制以防止匿名认证机构与协调器共谋对用户平台实施Rudolph攻击,同时仅对控制中心授权的可信簇形结构提供查询服务.通过源簇形结构与链路中各节点的证书验证、密钥协商和填充机制实现数据的嵌套加解密及防流量分析服务,保证簇间节点数据传输安全.在此基础上,给出了链路模型的UC安全性证明.理论分析和实验结果表明:该模型在抑制数据窃听、流量分析和保护节点匿名性方面有明显优势.
To overcome the problem that the security capabilities of the communication deteriorate significantly in the presence of eavesdropping,malicious behaviors and privacy disclosure of user platform in wireless service system of IoT,a secure transmission model among clusters is proposed based on the trusted third party.A model for trusted authentication and mechanism for the enquiry of cluster address are constructed based on the condition of discrete logarithm problem and the bilinear mapping.This model generates the temporary identity according to the Hash function and random number to achieve anonymity and only provides enquiry service to the trusted clusters authorized by control center.The suppression of Rudolph attack between user platform and coordinator is taken into consideration by setting the trusted third party in authentication mechanism.In accordance with the key agreement between source cluster and clusters in the link,certificate validation and data filling mechanism,the nested encryption and decryption and flow analysis defense are achieved to guarantee the transmission security among clusters.On this basis,the security proof of data transmission model is presented.The theoretical analysis and experimental results show that the developed model performs well in terms of eavesdropping suppression,flow analysis inhibition and anonymity protection.
To overcome the problem that the security capabilities of the communication deteriorate significantly in the presence of eavesdropping,malicious behaviors and privacy disclosure of user platform in wireless service system of IoT,a secure transmission model among clusters is proposed based on the trusted third party.A model for trusted authentication and mechanism for the enquiry of cluster address are constructed based on the condition of discrete logarithm problem and the bilinear mapping.This model generates the temporary identity according to the Hash function and random number to achieve anonymity and only provides enquiry service to the trusted clusters authorized by control center.The suppression of Rudolph attack between user platform and coordinator is taken into consideration by setting the trusted third party in authentication mechanism.In accordance with the key agreement between source cluster and clusters in the link,certificate validation and data filling mechanism,the nested encryption and decryption and flow analysis defense are achieved to guarantee the transmission security among clusters.On this basis,the security proof of data transmission model is presented.The theoretical analysis and experimental results show that the developed model performs well in terms of eavesdropping suppression,flow analysis inhibition and anonymity protection.
引文
[1]Tao Fei,Zuo Ying,Xu Lida,et al.IoT-based intelligent perception and access of manufacturing resource toward cloud manufacturing[J].IEEE Trans on Industrial Informatics,2014,10(2):1547-1557
[2]Padma E,Rajalakshmi S.An efficient strategy to provide secure authentication on using TPM[J].Indian Journal of Science and Technology,2015,8(35):104-112
[3]Roy D,Das P.Trusted and secured routing protocol for vehicular ad-hoc networks[J].Indian Journal of Science and Technology,2017,10(17):1-12
[4]Ekberg J E,Kostiainen K,Asokan N.The untapped potential of trusted execution environments on mobile devices[J].IEEE Security&Privacy,2014,12(4):29-37
[5]Moreno V R,Montero R S,Llorente I M.Key challenges in cloud computing:Enabling the future Internet of services[J].IEEE Internet Computing,2013,17(4):18-25
[6]Gong Bei,Zhang Jianbiao,Ye Xiaolie,et al.A trusted measurement scheme suitable for the clients in the trusted network[J].China Communications,2014,4(11):143-153
[7]Guin U,Shi Q,Forte D,et al.FORTIS:A comprehensive solution for establishing forward trust for protecting IPs and ICs[J].ACM Trans on Design Automation of Electronic Systems,2016,21(4):1162-1181
[8]Tsai J L,Lo N W.A privacy-aware authentication scheme for distributed mobile cloud computing services[J].IEEESystems Journal,2015,9(3):805-815
[9]Jiang Qi,Ma Jianfeng,Wei Fushan.On the security of a privacy-aware authentication scheme for distributed mobile cloud computing services[J].IEEE Systems Journal,2018,12(2):2039-2042
[10]Manjusha R,Ramachandran R.Secure authentication and access system for cloud computing auditing services using associated digital certificate[J].Indian Journal of Science and Technology,2015,8(S7):220-227
[11]Zhou Xiangyun,McKay M R.Secure transmission with artificial noise over fading channels:Achievable rate and optimal power allocation[J].IEEE Trans on Vehicular Technology,2010,59(8):3831-3842
[12]Yao Jianping,Feng Suili,Zhou Xiangyun,et al.Secure routing in multihop wireless ad-hoc networks with decodeand-forward relaying[J].IEEE Trans on Communications,2016,64(2):753-764
[13]Feng Renhai,Li Quanzhong,Zhang Qi,et al.Robust secure transmission in MISO simultaneous wireless information and power transfer system[J].IEEE Trans on Vehicular Technology,2015,64(1):400-405
[14]Lu Huang,Li Jie,Guizani M.Secure and efficient data transmission for cluster-based wireless sensor networks[J].IEEE Trans on Parallel and Distributed Systems,2014,25(3):750-761
[15]He Daojing,Chan S,Zhang Yan,et al.An enhanced public key infrastructure to secure smart grid wireless communication networks[J].IEEE Network,2014,28(1):10-16
[16]He Daojing,Chan S,Tang Shaohua.A novel and lightweight system to secure wireless medical sensor networks[J].IEEE Journal of Biomedical and Health Informatics,2014,18(1):316-326
[17]Saxena N,Chaudhari N S.EasySMS:A protocol for end-toend secure transmission of SMS[J].IEEE Trans on Information Forensics and Security,2014,9(7):1157-1168
[18]Heydari M,Sadough S,Chaudhry S.An improved one-tomany authentication scheme based on bilinear pairings with provable security for mobile pay-TV systems[J].Multimedia Tools and Applications,2017,76(6):14225-14245
[19]Hayashi M.Tight exponential analysis of universally composable privacy amplification and its applications[J].IEEE Trans on Information Theory,2013,59(11):7728-7746
[20]Gao Chunjie,Yang Chao,Ma Jianfeng,et al.An authentication protocol for station roaming in WLAN Mesh[J].Journal of Computer Research and Development,2009,46(7):1102-1108(in Chinese)(曹春杰,杨超,马建峰,等.WLAN Mesh漫游接入认证协议[J].计算机研究与发展,2009,46(7):1102-1108)
[21]Hu Lingbi,Tan Liang.Research on the trusted virtual platform remote attestation method in cloud computing[J].Journal of Software,2017,12(7):1862-1880(in Chinese)(胡玲碧,谭良.云环境中可信虚拟平台的远程证明方案研究[J].软件学报,2017,12(7):1862-1880)
[22]Yang Yatao,Cao Lulin,Li Zichen.A novel direct anonymous attestation protocol based on zero knowledge proof for different trusted domains[J].China Communications,2010,51(10):172-175
[23]Zhu Chen,Huang Kaizhi,Kang Xiaolei,et al.Jamming based secure relay-aided D2Dtransmission method[J].Acta Electronica Sinica,2017,45(6):1443-1448(in Chinese)(朱宸,黄开枝,康小磊,等.基于链路间干扰辅助的中继D2D系统安全通信方法[J].电子学报,2017,45(6):1443-1448)
[24]Gao Baojian,Huang Shiya,Jing Li,et al.Physical layer double key matrix encryption for DFT-S-OFDM transmission mode[J].Chinese Journal of Computers,2017,40(7):368-381(in Chinese)(高宝建,黄士亚,景利,等.基于DTF-S-OFDM传输方式的物理层双矩阵密钥加密算法[J].计算机学报,2017,40(7):368-381)
[2]Padma E,Rajalakshmi S.An efficient strategy to provide secure authentication on using TPM[J].Indian Journal of Science and Technology,2015,8(35):104-112
[3]Roy D,Das P.Trusted and secured routing protocol for vehicular ad-hoc networks[J].Indian Journal of Science and Technology,2017,10(17):1-12
[4]Ekberg J E,Kostiainen K,Asokan N.The untapped potential of trusted execution environments on mobile devices[J].IEEE Security&Privacy,2014,12(4):29-37
[5]Moreno V R,Montero R S,Llorente I M.Key challenges in cloud computing:Enabling the future Internet of services[J].IEEE Internet Computing,2013,17(4):18-25
[6]Gong Bei,Zhang Jianbiao,Ye Xiaolie,et al.A trusted measurement scheme suitable for the clients in the trusted network[J].China Communications,2014,4(11):143-153
[7]Guin U,Shi Q,Forte D,et al.FORTIS:A comprehensive solution for establishing forward trust for protecting IPs and ICs[J].ACM Trans on Design Automation of Electronic Systems,2016,21(4):1162-1181
[8]Tsai J L,Lo N W.A privacy-aware authentication scheme for distributed mobile cloud computing services[J].IEEESystems Journal,2015,9(3):805-815
[9]Jiang Qi,Ma Jianfeng,Wei Fushan.On the security of a privacy-aware authentication scheme for distributed mobile cloud computing services[J].IEEE Systems Journal,2018,12(2):2039-2042
[10]Manjusha R,Ramachandran R.Secure authentication and access system for cloud computing auditing services using associated digital certificate[J].Indian Journal of Science and Technology,2015,8(S7):220-227
[11]Zhou Xiangyun,McKay M R.Secure transmission with artificial noise over fading channels:Achievable rate and optimal power allocation[J].IEEE Trans on Vehicular Technology,2010,59(8):3831-3842
[12]Yao Jianping,Feng Suili,Zhou Xiangyun,et al.Secure routing in multihop wireless ad-hoc networks with decodeand-forward relaying[J].IEEE Trans on Communications,2016,64(2):753-764
[13]Feng Renhai,Li Quanzhong,Zhang Qi,et al.Robust secure transmission in MISO simultaneous wireless information and power transfer system[J].IEEE Trans on Vehicular Technology,2015,64(1):400-405
[14]Lu Huang,Li Jie,Guizani M.Secure and efficient data transmission for cluster-based wireless sensor networks[J].IEEE Trans on Parallel and Distributed Systems,2014,25(3):750-761
[15]He Daojing,Chan S,Zhang Yan,et al.An enhanced public key infrastructure to secure smart grid wireless communication networks[J].IEEE Network,2014,28(1):10-16
[16]He Daojing,Chan S,Tang Shaohua.A novel and lightweight system to secure wireless medical sensor networks[J].IEEE Journal of Biomedical and Health Informatics,2014,18(1):316-326
[17]Saxena N,Chaudhari N S.EasySMS:A protocol for end-toend secure transmission of SMS[J].IEEE Trans on Information Forensics and Security,2014,9(7):1157-1168
[18]Heydari M,Sadough S,Chaudhry S.An improved one-tomany authentication scheme based on bilinear pairings with provable security for mobile pay-TV systems[J].Multimedia Tools and Applications,2017,76(6):14225-14245
[19]Hayashi M.Tight exponential analysis of universally composable privacy amplification and its applications[J].IEEE Trans on Information Theory,2013,59(11):7728-7746
[20]Gao Chunjie,Yang Chao,Ma Jianfeng,et al.An authentication protocol for station roaming in WLAN Mesh[J].Journal of Computer Research and Development,2009,46(7):1102-1108(in Chinese)(曹春杰,杨超,马建峰,等.WLAN Mesh漫游接入认证协议[J].计算机研究与发展,2009,46(7):1102-1108)
[21]Hu Lingbi,Tan Liang.Research on the trusted virtual platform remote attestation method in cloud computing[J].Journal of Software,2017,12(7):1862-1880(in Chinese)(胡玲碧,谭良.云环境中可信虚拟平台的远程证明方案研究[J].软件学报,2017,12(7):1862-1880)
[22]Yang Yatao,Cao Lulin,Li Zichen.A novel direct anonymous attestation protocol based on zero knowledge proof for different trusted domains[J].China Communications,2010,51(10):172-175
[23]Zhu Chen,Huang Kaizhi,Kang Xiaolei,et al.Jamming based secure relay-aided D2Dtransmission method[J].Acta Electronica Sinica,2017,45(6):1443-1448(in Chinese)(朱宸,黄开枝,康小磊,等.基于链路间干扰辅助的中继D2D系统安全通信方法[J].电子学报,2017,45(6):1443-1448)
[24]Gao Baojian,Huang Shiya,Jing Li,et al.Physical layer double key matrix encryption for DFT-S-OFDM transmission mode[J].Chinese Journal of Computers,2017,40(7):368-381(in Chinese)(高宝建,黄士亚,景利,等.基于DTF-S-OFDM传输方式的物理层双矩阵密钥加密算法[J].计算机学报,2017,40(7):368-381)