一种基于EAP-IBTLS的无证书物联网终端认证协议
|
摘要
针对物联网中终端设备安全认证机制薄弱、安全威胁较多的问题,提出了一个轻量化的物联网终端认证协议。由于物联网中感知终端资源受限,根据身份标识密码技术的思想,对互联网中广泛使用的EAP-TLS(Extensible Authentication Protocol-Transport Layer Security)认证标准进行改进,提出了轻量化的无证书认证协议:EAP-IBTLS,设计了认证协议的系统架构以及具体的实现流程。在此基础上,提出了一种轻量化的标识密码认证算法。最后,设计了物联网终端设备认证系统原型,通过具体的应用实现,验证了所提出协议的安全性与高效性。
Aiming at the problem of weak security authentication mechanism and security threats of terminal devices in the Internet of Things(IoT),a lightweight IoT terminal authentication protocol is proposed.Due to the limited resource of the terminal device in the IoT environment,a lightweight authentication protocol is required.According to the idea of identity-based cryptograph,a certificateless authentication protocol,called the EAP-IBTLS,is improved based on the EAP-TLS in the Internet.Also,the system architecture and the specific implementation process of the protocol are designed.Based on it,a lightweight algorithm on IBC is proposed.Finally,the prototype of the terminal device authentication system in IoT is designed,and the security and the efficiency of the proposed protocol are verified by the specific application.
Aiming at the problem of weak security authentication mechanism and security threats of terminal devices in the Internet of Things(IoT),a lightweight IoT terminal authentication protocol is proposed.Due to the limited resource of the terminal device in the IoT environment,a lightweight authentication protocol is required.According to the idea of identity-based cryptograph,a certificateless authentication protocol,called the EAP-IBTLS,is improved based on the EAP-TLS in the Internet.Also,the system architecture and the specific implementation process of the protocol are designed.Based on it,a lightweight algorithm on IBC is proposed.Finally,the prototype of the terminal device authentication system in IoT is designed,and the security and the efficiency of the proposed protocol are verified by the specific application.
引文
[1] 赵跃华,钱强.EAP-TLS协议安全分析与改进[J].软件导刊,2017,16(8):178-182.ZHAO Yuehua,QIAN Qiang.Security analysis and improvement of EAP-TLS protocol[J].Software Guide,2017,16(8):178-182.(in Chinese)
[2] 付金平.基于EAP-TLS的无线局域网接入控制技术的研究与改进[D].西安:长安大学,2014.FU Jinping.Research and improvement of wireless LAN access control technology based on EAP-TLS[D].Xi’an:Chang’an University,2014.(in Chinese)
[3] 池亚平.基于EAP-TLS的可信网络连接认证方案设计与实现[J].计算机工程与科学,2011,33(4):8-12.CHI Yaping.Design and implementation of trusted network connection authentication scheme based on EAP-TLS[J].Computer Enginerring and Science,2011,33(4):8-12.(in Chinese)
[4] SHOJAIE B,SABERI I,SALLEH M,et al.Improving EAP-TLS performance using cryptographic methods[C]//IEEE International Conference on Computer & Information Science.2012.
[5] GHILEN A,AZIZI M,BOUALLEGUE R.Integration of a quantum authenticated key distribution scheme in the EAP-TLS protocol[C]//IEEE Computer Systems & Applications.2016.
[6] GUENANE F A,SAMET N,PUJOLLE G,et al.A strong authentication for virtual networks using EAP-TLS smart cards[C]//IEEE Global Information Infrastructure & Networking Symposium.2012.
[7] TING P Y,TSAI J L,WU T S.Signcryption method suitable for low-power IoT devices in a wireless sensor network[J].IEEE Systems Journal,2017,99:1-10.
[8] HSU C H,WANG S,ZHANG D,et al.Efficient identity authentication and encryption technique for high throughput RFID system[J].Security and Communication Networks,2016,9(15):2581-2591.
[9] XIE J,YUPU H U,GAO J,et al.Efficient identity-based signature over NTRU lattice[J].Frontiers of Information Technology & Electronic Engineering,2016,17(2):135-142.
[10] ISLAM S H,BISWAS G P.A pairing-free identity-based two-party authenticated key agreement protocol for secure and efficient communication[J].Journal of King Saud University:Computer and Information Sciences,2015,29(1):63-73.
[11] ISLAM S H,AMIN R,BISWAS G P,et al.Provably secure pairing-free identity-based partially blind signature scheme and its application in online E-cash system[J].Arabian Journal for Science and Engineering,2016,41(8):3163-3176.
[12] GUPTA S,GUPTA V.Revocable key identity based cryptography without key Escrow problem[C]//IEEE International Conference on Computing.2017.
[13] TEH T Y,LEE Y S,CHEAH Z Y,et al.IBI-Mobile authentication:a prototype to facilitate access control using identity-based identification on mobile smart devices[J].Wireless Personal Communications,2017,94(1):127-144.
[14] CHEAH Z Y,LEE Y S,THE T Y,et al.Simulation of a pairing-based identity-based identification scheme in IOS[C]//IEEE International Conference on Signal & Image Processing Applications.2015.
[15] ISMAIL S.Authentication mechanisms ina control grid computing environment using identity based identification(IBI)[J].Advanced Science Letters,2017,23(6):5506-5510.
[2] 付金平.基于EAP-TLS的无线局域网接入控制技术的研究与改进[D].西安:长安大学,2014.FU Jinping.Research and improvement of wireless LAN access control technology based on EAP-TLS[D].Xi’an:Chang’an University,2014.(in Chinese)
[3] 池亚平.基于EAP-TLS的可信网络连接认证方案设计与实现[J].计算机工程与科学,2011,33(4):8-12.CHI Yaping.Design and implementation of trusted network connection authentication scheme based on EAP-TLS[J].Computer Enginerring and Science,2011,33(4):8-12.(in Chinese)
[4] SHOJAIE B,SABERI I,SALLEH M,et al.Improving EAP-TLS performance using cryptographic methods[C]//IEEE International Conference on Computer & Information Science.2012.
[5] GHILEN A,AZIZI M,BOUALLEGUE R.Integration of a quantum authenticated key distribution scheme in the EAP-TLS protocol[C]//IEEE Computer Systems & Applications.2016.
[6] GUENANE F A,SAMET N,PUJOLLE G,et al.A strong authentication for virtual networks using EAP-TLS smart cards[C]//IEEE Global Information Infrastructure & Networking Symposium.2012.
[7] TING P Y,TSAI J L,WU T S.Signcryption method suitable for low-power IoT devices in a wireless sensor network[J].IEEE Systems Journal,2017,99:1-10.
[8] HSU C H,WANG S,ZHANG D,et al.Efficient identity authentication and encryption technique for high throughput RFID system[J].Security and Communication Networks,2016,9(15):2581-2591.
[9] XIE J,YUPU H U,GAO J,et al.Efficient identity-based signature over NTRU lattice[J].Frontiers of Information Technology & Electronic Engineering,2016,17(2):135-142.
[10] ISLAM S H,BISWAS G P.A pairing-free identity-based two-party authenticated key agreement protocol for secure and efficient communication[J].Journal of King Saud University:Computer and Information Sciences,2015,29(1):63-73.
[11] ISLAM S H,AMIN R,BISWAS G P,et al.Provably secure pairing-free identity-based partially blind signature scheme and its application in online E-cash system[J].Arabian Journal for Science and Engineering,2016,41(8):3163-3176.
[12] GUPTA S,GUPTA V.Revocable key identity based cryptography without key Escrow problem[C]//IEEE International Conference on Computing.2017.
[13] TEH T Y,LEE Y S,CHEAH Z Y,et al.IBI-Mobile authentication:a prototype to facilitate access control using identity-based identification on mobile smart devices[J].Wireless Personal Communications,2017,94(1):127-144.
[14] CHEAH Z Y,LEE Y S,THE T Y,et al.Simulation of a pairing-based identity-based identification scheme in IOS[C]//IEEE International Conference on Signal & Image Processing Applications.2015.
[15] ISMAIL S.Authentication mechanisms ina control grid computing environment using identity based identification(IBI)[J].Advanced Science Letters,2017,23(6):5506-5510.