计算机科学

计算机科学 ›› 2022, Vol. 49 ›› Issue (11A): 210900218-6.doi: 10.11896/jsjkx.210900218

• 信息安全 • 上一篇    下一篇

基于密码学累加器的电力物联网设备接入管理

陈彬1, 徐欢1, 奚建飞2, 雷美炼2, 张锐3, 秦诗涵3   

  1. 1 中国南方电网有限责任公司 广州 510663
    2 南方电网数字电网研究院 广州 510663
    3 中国科学院信息工程研究所 北京 100093
  • 出版日期:2022-11-10 发布日期:2022-11-21
  • 通讯作者: 秦诗涵(qinshihan@iie.ac.cn)
  • 作者简介:(chenbin@csg.cn)
  • 基金资助:
    国家自然科学基金(61772520,61802392,61972094)

Power Internet of Things Device Access Management Based on Cryptographic Accumulator

CHEN Bin1, XU Huan1, XI Jian-fei2, LEI Mei-lian2, ZHANG Rui3, QIN Shi-han3   

  1. 1 China Southern Power Grid,Guangzhou 510663,China
    2 China Southern Power Grid Digital Power Grid Research Institute,Guangzhou 510663,China
    3 Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China
  • Online:2022-11-10 Published:2022-11-21
  • About author:CHEN Bin,born in 1983,Ph.D.His main research interests include power grid big data security and so on.
    QIN Shi-han,born in 1997,master.Her main research interests include cryptography technology and application,security certification agreement.
  • Supported by:
    National Natural Science Foundation of China(61772520,61802392,61972094).

PDF (PC)

385

摘要: 设备安全接入是电力物联网安全防护的第一道防线,是实现访问控制、入侵检测等安全机制的前提。完备的设备接入管理涵盖设备的可信认证和安全撤销两个关键环节,现行系统大多依赖PKI来建立可信基础设施,通过公钥证书的颁发、验证及撤销实现接入管理。然而,在电力物联网场景下,该方案为数量众多、资源受限的设备带来了额外的开销负担和效率问题,随之提出的轻量级认证方案实现了开销及效率的优化,但在功能上存在不足,无法实现安全撤销这一关键环节。针对以上不足,基于密码学累加器及布隆过滤器提出了一种电力物联网设备接入管理方案,同时实现了设备的可信认证及安全撤销,并有效地兼顾功能和效率。通过安全性分析,本方案实现了设备对网关的匿名认证、身份凭证的不可伪造性以及强制撤销安全性。实验结果表明,与主流的基于PKI的设备接入管理方案相比,本方案在设备身份验证及凭证撤销环节大大降低了通信开销和存储开销,在电力物联网场景下具备更高的实用性。

关键词: 密码学累加器, 电力物联网, 接入认证, 安全撤销, 匿名

Abstract: Device access is the first line of defense for the security protection of the power Internet of Things,and it is the pre-mise for realizing security mechanisms such as access control and intrusion detection.Complete device access management covers two key links:trusted authentication and secure revocation.Most existing systems rely on PKI to establish trusted infrastructure,and realize access management through the issuance,verification and revocation of public key certificates.However,in the scenario of power Internet of Things,this scheme brings extra overhead burden and efficiency problems to a large number of devices with limited resources.The lightweight authentication scheme has realized the optimization of overhead and efficiency,but it is not functional enough to realize the key link of safe revocation.In view of the above shortcomings,this paper proposes an access ma-nagement scheme for power Internet of Things devices based on cryptography accumulator and Bloom filter,which simultaneously realizes trusted authentication and security revocation of devices,and effectively considers both functions and efficiency.Through security analysis,this scheme realizes anonymous authentication of gateway,unforgeability of identity certificate and security of forced revocation.Experimental results show that,compared with the mainstream PKI-based device access management scheme,this scheme greatly reduces the communication overhead and storage overhead in the process of device authentication and revocation,and has higher practicability in the power Internet of Things scene.

Key words: Cryptographic accumulator, Power Internet of things, Access authentication, Secure revocation, Anonymous

中图分类号: 

  • TP309
[1]FU Z X,LI X Y,YUAN Y.Research on Key Technologies of Ubiquitous Power Internet of Things [J].Electric Power Construction,2019,40(5):1-12.
[2]REN T Y,WANG X H,GUO G X,et al.Design of power Internet of Things data security system based on multiple authentication and lightweight password[J].Journal of Nanjing University of Posts and Telecommunications,2020,40(6):12-19.
[3]ZHANG L,ZHAO L,YIN S,et al.A lightweight authentication scheme with privacy protection for smart grid communications[J].Future Generation Computer Systems,2019,100(Nov.):770-778.
[4]ZUO J Y.A privacy-preserving data aggregation algorithm inSmart Grid networks[J].Journal of Terahertz Science and Electronic Information Technology,2021,19(3):485-489.
[5]HOUSLEY R,POLK W,FORD W,et al.RFC,3280.InternetX.509 Public Key Infrastructure Certificate and Certificate Revocation List(CRL) Profile[J].Rfc,2002.
[6]SHAMIR A.Identity Based Cryptosystems and SignatureScheme[M].Blakley G R,Chaum D,eds.,1984.
[7]TAN C,CHEN M J,AMUAH E A.Research on distributedidentity authentication mechanism of IoT device based on blockchain[J].Chinese Journal on Internet of Things,2020,4(2):70-77.
[8]LI H,LU R,LIANG Z,et al.An Efficient Merkle-Tree-Based Authentication Scheme for Smart Grid[J].IEEE Systems Journal,2014,8(2):655-663.
[9]CHIM T,YIU S,HUI L,et al.PASS:Privacy-preserving au-thentication scheme for smart grid network[C]//Proceedings of the 2011 IEEE International Conference on Smart Grid Communications.IEEE,2011.
[10]FOUDA M M,FADLULLAH Z M,et al.A Lightweight Message Authentication Scheme for Smart Grid Communications[J].IEEE Transactions on Smart Grid,2011,2(4):675-685.
[11]KHALI D,MAHMOO D,SHEHZA D,et al.An elliptic curve cryptography based lightweight authentication scheme for smart grid communication[J].Future Generations Computer Systems:FGCS,2018,81:557-565.
[12]LIAO H M,YU G,BAN G M,et al.Research on Identity Authentication Technology in Power Internet of Things Based on SM9 Algorithm[J].Shandong Electric Power,2020,47(10):1-5.
[13]SHEN H P,CHEN Y C.Study of Authentication Mechanism in Federated Internet of Things[J].Computer Engineering,2016,42(9):110-115.
[14]YAN H Q,WANG L J.Research of authentication techniques for the Internet of things[J].Journal on Communications,2020,41(7):213-222.
[15]MAHMOUD M M E A,MIŠIĆ J, AKKAYA K, et al. Investigating public-key certificate revocation in smart grid[J]. IEEE Internet of Things Journal, 2015, 2(6): 490-503.
[16]MC A,KA B.Communication-efficient certificate revocationmanagement for Advanced Metering Infrastructure and IoT Integration[J].Future Generation Computer Systems,2021,115:267-278.
[17]BLOOLM B H.Space/time trade-offs in hash coding with allowable errors[J].Communications of the ACM,1970,13(7):422-426.
[18]BENALOH J,MARE M D.One-Way Accumulators:A Decentralized Alternative to Digital Signatures[C]//Workshop on the Theory and Application of Cryptographic Techniques on Advances in Cryptology.1995.
[19]CAMENISCH J,LYSYANSKAYA A.Dynamic Accumulatorsand Application to Efficient Revocation of Anonymous Credentials[C]//22nd Annual International Cryptology Conference(CRYPTO 2002).Santa Barbara,California,USA,2002:18-22.
[20]BARIC N,PFITZMANN B.Collision-free accumulators and fail-stop signature schemes without trees[C]//The 16th Annual International Conference on Theory and Application of Cryptographic Techniques.Konstanz,Germany,1997:480-494.
[21]TRIANDOPOULOS N,PAPAMANTHOU C,TAMASSIA R.Authenticated hash tables[C]//Proceedings of the 15th ACM Conference on Computer and communications security.ACM Conference on Computer & Communications Security.DBLP,2008.
[1] 李利, 何欣, 韩志杰.
群智感知的隐私保护研究综述
Review of Privacy-preserving Mechanisms in Crowdsensing
计算机科学, 2022, 49(5): 303-310. https://doi.org/10.11896/jsjkx.210400077
[2] 范家幸, 王志伟.
基于门限环签名的分级匿名表决方案
Hierarchical Anonymous Voting Scheme Based on Threshold Ring Signature
计算机科学, 2022, 49(1): 321-327. https://doi.org/10.11896/jsjkx.201000032
[3] 王向宇, 杨挺.
智能合约定义路由目录服务器
Routing Directory Server Defined by Smart Contract
计算机科学, 2021, 48(6A): 504-508. https://doi.org/10.11896/jsjkx.200700210
[4] 王锡龙, 李鑫, 秦小麟.
电力物联网下分布式状态感知的源网荷储协同调度
Collaborative Scheduling of Source-Grid-Load-Storage with Distributed State Awareness UnderPower Internet of Things
计算机科学, 2021, 48(2): 23-32. https://doi.org/10.11896/jsjkx.200900209
[5] 符朕皓, 林定康, 姜皓晨, 颜嘉麒.
大零币匿名技术及追踪技术综述
Survey of Anonymous and Tracking Technology in Zerocash
计算机科学, 2021, 48(11): 62-71. https://doi.org/10.11896/jsjkx.210300025
[6] 张王策, 范菁, 王渤茹, 倪旻.
面向缺损数据的(α,k)-匿名模型
(α,k)-anonymized Model for Missing Data
计算机科学, 2020, 47(6A): 395-399. https://doi.org/10.11896/JsJkx.190500131
[7] 罗鹏宇, 吴乐, 吕扬, 袁堃平, 洪日昌.
基于时序推理的分层会话感知推荐模型
Temporal Reasoning Based Hierarchical Session Perception Recommendation Model
计算机科学, 2020, 47(11): 73-79. https://doi.org/10.11896/jsjkx.200700088
[8] 吕志泉, 李昊, 张宗福, 张敏.
基于主题模型的社交网络匿名用户重识别
Topic-based Re-identification for Anonymous Users in Social Network
计算机科学, 2019, 46(6): 143-147. https://doi.org/10.11896/j.issn.1002-137X.2019.06.021
[9] 赵梦瑶, 李晓宇.
基于洋葱路由的双向匿名秘密通信协议
Bidirectional Anonymous Secret Communication Protocol Based on Onion Routing
计算机科学, 2019, 46(4): 164-171. https://doi.org/10.11896/j.issn.1002-137X.2019.04.026
[10] 王青龙, 乔瑞, 段宗涛.
针对车联网认证方案CPAV和ABV的安全分析
Security Analysis on VANETs Authentication Schemes:CPAV and ABV
计算机科学, 2019, 46(4): 177-182. https://doi.org/10.11896/j.issn.1002-137X.2019.04.028
[11] 童海,白光伟,沈航.
基于双向拍卖的k-匿名激励机制
Double-auction-based Incentive Mechanism for k-anonymity
计算机科学, 2019, 46(3): 202-208. https://doi.org/10.11896/j.issn.1002-137X.2019.03.030
[12] 杜浩瑞, 陈建华, 戚明平, 彭聪, 范青.
一个前向安全的基于RSA的多服务器的认证协议
Forward-secure RSA-based Multi-server Authentication Protocol
计算机科学, 2019, 46(11A): 409-413.
[13] 周艺华, 张冰, 杨宇光, 侍伟敏.
基于聚类的社交网络隐私保护方法
Cluster-based Social Network Privacy Protection Method
计算机科学, 2019, 46(10): 154-160. https://doi.org/10.11896/jsjkx.180901749
[14] 陈虹云, 王杰华, 胡兆鹏, 贾露, 喻纪文.
面向医疗数据发布的动态更新隐私保护算法
Privacy Preserving Algorithm Based on Dynamic Update in Medical Data Publishing
计算机科学, 2019, 46(1): 206-211. https://doi.org/10.11896/j.issn.1002-137X.2019.01.032
[15] 柴林鹏, 张斌.
一种抗不诚实第三方攻击的一次性公钥方案
One-off Public Key Scheme for Preventing Dishonest Third Party Attacking
计算机科学, 2018, 45(7): 139-142. https://doi.org/10.11896/j.issn.1002-137X.2018.07.023
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发