计算机科学 ›› 2022, Vol. 49 ›› Issue (11A): 210900218-6.doi: 10.11896/jsjkx.210900218
陈彬1, 徐欢1, 奚建飞2, 雷美炼2, 张锐3, 秦诗涵3
CHEN Bin1, XU Huan1, XI Jian-fei2, LEI Mei-lian2, ZHANG Rui3, QIN Shi-han3
摘要: 设备安全接入是电力物联网安全防护的第一道防线,是实现访问控制、入侵检测等安全机制的前提。完备的设备接入管理涵盖设备的可信认证和安全撤销两个关键环节,现行系统大多依赖PKI来建立可信基础设施,通过公钥证书的颁发、验证及撤销实现接入管理。然而,在电力物联网场景下,该方案为数量众多、资源受限的设备带来了额外的开销负担和效率问题,随之提出的轻量级认证方案实现了开销及效率的优化,但在功能上存在不足,无法实现安全撤销这一关键环节。针对以上不足,基于密码学累加器及布隆过滤器提出了一种电力物联网设备接入管理方案,同时实现了设备的可信认证及安全撤销,并有效地兼顾功能和效率。通过安全性分析,本方案实现了设备对网关的匿名认证、身份凭证的不可伪造性以及强制撤销安全性。实验结果表明,与主流的基于PKI的设备接入管理方案相比,本方案在设备身份验证及凭证撤销环节大大降低了通信开销和存储开销,在电力物联网场景下具备更高的实用性。
中图分类号:
[1]FU Z X,LI X Y,YUAN Y.Research on Key Technologies of Ubiquitous Power Internet of Things [J].Electric Power Construction,2019,40(5):1-12. [2]REN T Y,WANG X H,GUO G X,et al.Design of power Internet of Things data security system based on multiple authentication and lightweight password[J].Journal of Nanjing University of Posts and Telecommunications,2020,40(6):12-19. [3]ZHANG L,ZHAO L,YIN S,et al.A lightweight authentication scheme with privacy protection for smart grid communications[J].Future Generation Computer Systems,2019,100(Nov.):770-778. [4]ZUO J Y.A privacy-preserving data aggregation algorithm inSmart Grid networks[J].Journal of Terahertz Science and Electronic Information Technology,2021,19(3):485-489. [5]HOUSLEY R,POLK W,FORD W,et al.RFC,3280.InternetX.509 Public Key Infrastructure Certificate and Certificate Revocation List(CRL) Profile[J].Rfc,2002. [6]SHAMIR A.Identity Based Cryptosystems and SignatureScheme[M].Blakley G R,Chaum D,eds.,1984. [7]TAN C,CHEN M J,AMUAH E A.Research on distributedidentity authentication mechanism of IoT device based on blockchain[J].Chinese Journal on Internet of Things,2020,4(2):70-77. [8]LI H,LU R,LIANG Z,et al.An Efficient Merkle-Tree-Based Authentication Scheme for Smart Grid[J].IEEE Systems Journal,2014,8(2):655-663. [9]CHIM T,YIU S,HUI L,et al.PASS:Privacy-preserving au-thentication scheme for smart grid network[C]//Proceedings of the 2011 IEEE International Conference on Smart Grid Communications.IEEE,2011. [10]FOUDA M M,FADLULLAH Z M,et al.A Lightweight Message Authentication Scheme for Smart Grid Communications[J].IEEE Transactions on Smart Grid,2011,2(4):675-685. [11]KHALI D,MAHMOO D,SHEHZA D,et al.An elliptic curve cryptography based lightweight authentication scheme for smart grid communication[J].Future Generations Computer Systems:FGCS,2018,81:557-565. [12]LIAO H M,YU G,BAN G M,et al.Research on Identity Authentication Technology in Power Internet of Things Based on SM9 Algorithm[J].Shandong Electric Power,2020,47(10):1-5. [13]SHEN H P,CHEN Y C.Study of Authentication Mechanism in Federated Internet of Things[J].Computer Engineering,2016,42(9):110-115. [14]YAN H Q,WANG L J.Research of authentication techniques for the Internet of things[J].Journal on Communications,2020,41(7):213-222. [15]MAHMOUD M M E A,MIŠIĆ J, AKKAYA K, et al. Investigating public-key certificate revocation in smart grid[J]. IEEE Internet of Things Journal, 2015, 2(6): 490-503. [16]MC A,KA B.Communication-efficient certificate revocationmanagement for Advanced Metering Infrastructure and IoT Integration[J].Future Generation Computer Systems,2021,115:267-278. [17]BLOOLM B H.Space/time trade-offs in hash coding with allowable errors[J].Communications of the ACM,1970,13(7):422-426. [18]BENALOH J,MARE M D.One-Way Accumulators:A Decentralized Alternative to Digital Signatures[C]//Workshop on the Theory and Application of Cryptographic Techniques on Advances in Cryptology.1995. [19]CAMENISCH J,LYSYANSKAYA A.Dynamic Accumulatorsand Application to Efficient Revocation of Anonymous Credentials[C]//22nd Annual International Cryptology Conference(CRYPTO 2002).Santa Barbara,California,USA,2002:18-22. [20]BARIC N,PFITZMANN B.Collision-free accumulators and fail-stop signature schemes without trees[C]//The 16th Annual International Conference on Theory and Application of Cryptographic Techniques.Konstanz,Germany,1997:480-494. [21]TRIANDOPOULOS N,PAPAMANTHOU C,TAMASSIA R.Authenticated hash tables[C]//Proceedings of the 15th ACM Conference on Computer and communications security.ACM Conference on Computer & Communications Security.DBLP,2008. |
[1] | 李利, 何欣, 韩志杰. 群智感知的隐私保护研究综述 Review of Privacy-preserving Mechanisms in Crowdsensing 计算机科学, 2022, 49(5): 303-310. https://doi.org/10.11896/jsjkx.210400077 |
[2] | 范家幸, 王志伟. 基于门限环签名的分级匿名表决方案 Hierarchical Anonymous Voting Scheme Based on Threshold Ring Signature 计算机科学, 2022, 49(1): 321-327. https://doi.org/10.11896/jsjkx.201000032 |
[3] | 王向宇, 杨挺. 智能合约定义路由目录服务器 Routing Directory Server Defined by Smart Contract 计算机科学, 2021, 48(6A): 504-508. https://doi.org/10.11896/jsjkx.200700210 |
[4] | 王锡龙, 李鑫, 秦小麟. 电力物联网下分布式状态感知的源网荷储协同调度 Collaborative Scheduling of Source-Grid-Load-Storage with Distributed State Awareness UnderPower Internet of Things 计算机科学, 2021, 48(2): 23-32. https://doi.org/10.11896/jsjkx.200900209 |
[5] | 符朕皓, 林定康, 姜皓晨, 颜嘉麒. 大零币匿名技术及追踪技术综述 Survey of Anonymous and Tracking Technology in Zerocash 计算机科学, 2021, 48(11): 62-71. https://doi.org/10.11896/jsjkx.210300025 |
[6] | 张王策, 范菁, 王渤茹, 倪旻. 面向缺损数据的(α,k)-匿名模型 (α,k)-anonymized Model for Missing Data 计算机科学, 2020, 47(6A): 395-399. https://doi.org/10.11896/JsJkx.190500131 |
[7] | 罗鹏宇, 吴乐, 吕扬, 袁堃平, 洪日昌. 基于时序推理的分层会话感知推荐模型 Temporal Reasoning Based Hierarchical Session Perception Recommendation Model 计算机科学, 2020, 47(11): 73-79. https://doi.org/10.11896/jsjkx.200700088 |
[8] | 吕志泉, 李昊, 张宗福, 张敏. 基于主题模型的社交网络匿名用户重识别 Topic-based Re-identification for Anonymous Users in Social Network 计算机科学, 2019, 46(6): 143-147. https://doi.org/10.11896/j.issn.1002-137X.2019.06.021 |
[9] | 赵梦瑶, 李晓宇. 基于洋葱路由的双向匿名秘密通信协议 Bidirectional Anonymous Secret Communication Protocol Based on Onion Routing 计算机科学, 2019, 46(4): 164-171. https://doi.org/10.11896/j.issn.1002-137X.2019.04.026 |
[10] | 王青龙, 乔瑞, 段宗涛. 针对车联网认证方案CPAV和ABV的安全分析 Security Analysis on VANETs Authentication Schemes:CPAV and ABV 计算机科学, 2019, 46(4): 177-182. https://doi.org/10.11896/j.issn.1002-137X.2019.04.028 |
[11] | 童海,白光伟,沈航. 基于双向拍卖的k-匿名激励机制 Double-auction-based Incentive Mechanism for k-anonymity 计算机科学, 2019, 46(3): 202-208. https://doi.org/10.11896/j.issn.1002-137X.2019.03.030 |
[12] | 杜浩瑞, 陈建华, 戚明平, 彭聪, 范青. 一个前向安全的基于RSA的多服务器的认证协议 Forward-secure RSA-based Multi-server Authentication Protocol 计算机科学, 2019, 46(11A): 409-413. |
[13] | 周艺华, 张冰, 杨宇光, 侍伟敏. 基于聚类的社交网络隐私保护方法 Cluster-based Social Network Privacy Protection Method 计算机科学, 2019, 46(10): 154-160. https://doi.org/10.11896/jsjkx.180901749 |
[14] | 陈虹云, 王杰华, 胡兆鹏, 贾露, 喻纪文. 面向医疗数据发布的动态更新隐私保护算法 Privacy Preserving Algorithm Based on Dynamic Update in Medical Data Publishing 计算机科学, 2019, 46(1): 206-211. https://doi.org/10.11896/j.issn.1002-137X.2019.01.032 |
[15] | 柴林鹏, 张斌. 一种抗不诚实第三方攻击的一次性公钥方案 One-off Public Key Scheme for Preventing Dishonest Third Party Attacking 计算机科学, 2018, 45(7): 139-142. https://doi.org/10.11896/j.issn.1002-137X.2018.07.023 |
|