计算机科学

计算机科学 ›› 2023, Vol. 50 ›› Issue (5): 363-371.doi: 10.11896/jsjkx.220400193

• 信息安全 • 上一篇    下一篇

可证明安全的异构无线传感器秘钥管理协议

张凌浩1, 唐勇1, 邓东2, 刘洋洋2, 唐超1, 桂盛霖2   

  1. 1 国网四川省电力公司电力科学研究院 成都 610000
    2 电子科技大学计算机科学与工程学院 成都 611731
  • 收稿日期:2022-04-20 修回日期:2022-09-13 出版日期:2023-05-15 发布日期:2023-05-06
  • 通讯作者: 桂盛霖(shenglin_gui@uestc.edu.cn)
  • 作者简介:(16100178@qq.com)
  • 基金资助:
    国家自然科学基金(61401067);四川省科技重大专项(2018GZDZX0009);国网四川省电力公司科技项目(52199719001F)

Provably Secure Key Management Protocol for Heterogeneous WSN

ZHANG Linghao1, TANG Yong1, DENG Dong2, LIU Yangyang2, TANG Chao1, GUI Shenglin2   

  1. 1 State Grid Sichuan Eletric Power Research Institute,Chengdu 610000
    2 School of Computer Science and Engineering,University of Electronic Science and Technology of China,Chengdu 611731,China
  • Received:2022-04-20 Revised:2022-09-13 Online:2023-05-15 Published:2023-05-06
  • About author:ZHANG Linghao,born in 1985,Ph.D,senior engineer,is a member of China Computer Federation.His main research interests include cybersecurity and big data analysis.
    GUI Shenglin,born in 1983,Ph.D,associate professor,is a member of China Computer Federation.His main research interests include information security and artificial intelligence.
  • Supported by:
    National Natural Science Foundation of China(61401067),Sichuan Province Science and Technology Major Project(2018GZDZX0009) and Science and Technology Project of State Gird Sichuan Electric Power Company(52199719001F).

PDF (PC)

55

摘要: 认证和秘钥协商协议是解决无线传感器网络中设备安全通信的主流方法,而目前主流的无线传感器网络秘钥协商协议考虑的场景为对等节点之间的认证和协商,存在计算量高、通信效率低的问题。针对以上问题,提出了适用于异构无线传感器网络中的认证与秘钥管理协议,通信终端节点(L节点)双方首先与各自所在簇的管理节点(H节点)协商会话秘钥,若未通过身份认证,则拒绝L节点接入网络,解决了大多数协议缺少应对拒绝服务攻击的问题;然后借助通信路径所经过的H节点转发会话秘钥协商信息,完成通信双方端到端的会话秘钥协商,使得协议具有安全网关和访问控制的能力。该协议还支持对被捕获节点的节点注销,并减少对其他通信链路安全性的影响。基于求解椭圆曲线上的离散对数问题和Diffie-Hellman问题的困难性假设,在随机预言机模型中证明了该方案可以满足前向安全、抗秘钥泄露伪装攻击、未知秘钥共享安全、无秘钥托管、已知秘钥安全等更完整的安全属性,与已有文献相比,所提协议在应对拒绝服务攻击上具有最低的计算开销,整体计算量和通信量适中。

关键词: 异构网络, 秘钥管理, 安全网关, 随机预言机

Abstract: Authentication and key agreement protocol is the mainstream method to solve the secure communication of devices in wireless sensor networks.For the current mainstream secret key agreement protocol in wireless sensor networks,the scenario considered is authentication and agreement between peer nodes,which has the problems of high computation and low communication efficiency.To solve the above problems,this paper proposes an authentication and secret key management protocol suitable for heterogeneous wireless sensor networks.Both communication terminal nodes(L node) first establish the session secret key with the management node(H node) of their respective cluster.If they fail to pass the identity authentication,the L node will be denied access to the network,which solves the problem that most protocols lack to deal with denial of service attacks.Then,with the help of the H node through which the communication path passes,the session key agreement information is forwarded to complete the end-to-end session key agreement between the communication parties,so that the protocol has the abilities of security gateway and access control.The protocol also supports the revocation of the captured node and reduces the impact on the security of other communication links.Based on the difficult assumption of solving the discrete logarithm problem and Diffie Hellman problem on elliptic curve,it is proved in the random oracle model that the scheme can meet more complete security attributes such as forward security,anti secret key leakage camouflage attack,unknown secret key sharing security,no secret key escrow,known secret key security and so on.Compared with the existing literature,the protocol has the lowest computational overhead in dealing with denial of service attack,and the overall amount of computation and communication is moderate.

Key words: Heterogeneous network, Key management, Security gateway, Random oracle mode

中图分类号: 

  • TN918.91
[1]HUANG H,GONG T,YE N,et al.Private and secured medical data transmission and analysis for wireless sensing healthcare system[J].IEEE Transactions on Industrial Informatics,2017,13(3):1227-1237.
[2]KE Z,KAI X,FUSHAN W.A Provably Secure AnonymousAuthenticated Key Exchange Protocol Based on ECC for Wireless Sensor Networks[J].Wireless Communications and Mobile Computing,2018,2018:1-9.
[3]SAMIR A,AZEDDINE B,DJALLEL E B.EDAK:An Efficient Dynamic Authentication and Key Management Mechanism for heterogeneous WSNs[J].Future Generation Computer Systems,2019,92(2019):789-799.
[4]WU C,HUANG H,ZHOU K,et al.Cryptanalysis and improvement of a new certificateless signature scheme in the standard model[J].China Communications,2021,18(1):151-160.
[5]WU J D,TSENG Y M,HUANG S S.An Identity-Based Authenticated Key Exchange Protocol Resilient to Continuous Key Leakage[J].IEEE Systems Journal,2019,13(4):3968-3979.
[6]AL-RIYAMI S S,PATERSON K G.Certificateless public keycryptography[C]//9th International Conference on the Theory and Application of Cryptology and Information Security.Taipei,China,2003:452-473.
[7]HUANG X Y,WILLY S,YI M,et al.On the security of a certificateless signature scheme[C]//Proceedings of the CANS 2005.Xiamen,China,2005:13-25.
[8]SWANSON C,JAO D.A Study of Two-Party CertificatelessAuthenticated Key-Agreement Protocols[C]//Proceedings of International Conference on Cryptology in India:Progress in Cryptology.New Delhi,India,2009:57-71.
[9]LAMACCHIA B,LAUTER K,MITYAGIN A.Stronger Secu-rity of Authenticated Key Exchange[C]//Proceedings of International Conference on Provable Security.Wollong,Australia,2007:1-16.
[10]MANDT T K,TAN C H.Certificateless Authenticated Two-Party Key Agreement Protocols[C]//Proceedings of Advances in Computer Science-ASIAN 2006.Secure Software and Rela-ted Issues,11th Asian Computing Science Conference.Tokyo,Japan:Springer-Verlag,2006:37-44.
[11]WANG S B,CAO Z G,WANG L C,et al.Efficient certificateless authenticated key agreement protocol from pairings[J].Wuhan University Journal of Natural Science,2006,11(5):1278-1282.
[12]SHAO Z H.Efficient authenticate key agreement protocol using self-certified public keys from pairings[J].Wuhan University Journal of Natural Sciences,2005,10(1):267-270.
[13]SHI Y,LI J H.Two-party authenticated key agreement in certificateless public key cryptography[J].Wuhan University Journal of Natural Sciences,2007,12(1):71-74.
[14]LIU W H,XU C X.Two Party Certificateless Key Agreement Schemes[J].Journal of Software,2011,22(11):2843-2852.
[15]ZHOU Y W,YANG B,ZHANG W Z.An Improved Two-Party Authenticated Certificateless Key Agreement Protocol[J].Chinese Journal of Computers,2017,40(5):1181-1191.
[16]SEO S H,WON J,SULTANA S.Effective Key Management in Dynamic Wireless Sensor Networks[J].IEEE Transactions on Information Forensics and Security,2015,10(2):371-383.
[17]XU S W,REN X P,CHEN C,et al.Provably Secure Certificateless Two-Party Authenticated Key Agreement Protocol[J].Journal of Cryptologic Research,2020,7(6):886-898.
[18]WU T,JING X.Two-party certificateless authenticated keyagreement protocol with enhanced security[J].The Journal of China Universities of Posts and Telecommunications(English version),2019,26(1):12-20.
[19]LI N,DONG Y,CHE T,et al.Research and improvement on certificateless authenticated key agreement[J].Engineering Journal of Wuhan University,2017,50(1):146-149.
[20]ZENG P,GUO R F,MA Y J,et al.Provable Security Certificateless Authentication Scheme for Vehicular Ad hoc Network[J].Journal of Electronics and Information Technology,2020,42(12):2873-2881.
[21]HE D B,CHEN Y T,CHEN J H,et al.A new two-round certi-ficateless authenticated key agreement protocol without bilinear pairings[J].Mathematical & Computer Modelling,2011,54(11/12):3143-3152.
[22]ZHANG L,ZHANG F T.A Method to Construct a Class ofCertificateless Signature Schemes[J].Chinese Journal of Computers,2009,32(5):940-945.
[23]CUI W,CHENG R,WU K,et al.A Certificateless Authenticated Key Agreement Scheme for the Power IoT[J].Energies,2021,14(19):6317.
[24]TEDESCHI P,SCIANCALEPORE S,ELIYAN A,et al.LiKe:Lightweight certificateless key agreement for secure IoT communications[J].IEEE Internet of Things Journal,2019,7(1):621-638.
[1] 黄丽, 朱焱, 李春平.
基于异构网络表征学习的作者学术行为预测
Author’s Academic Behavior Prediction Based on Heterogeneous Network Representation Learning
计算机科学, 2022, 49(9): 76-82. https://doi.org/10.11896/jsjkx.210900078
[2] 蒲实, 赵卫东.
一种面向动态科研网络的社区检测算法
Community Detection Algorithm for Dynamic Academic Network
计算机科学, 2022, 49(1): 89-94. https://doi.org/10.11896/jsjkx.210100023
[3] 程云飞, 田红心, 刘祖军.
NOMA系统异构网络中联合用户关联和功率控制协同优化
Collaborative Optimization of Joint User Association and Power Control in NOMA Heterogeneous Network
计算机科学, 2021, 48(3): 269-274. https://doi.org/10.11896/jsjkx.191100213
[4] 肖勇, 金鑫, 冯俊豪.
一种适用于电力异构通信的链路速率跨层匹配机制
Cross-layer Matching Mechanism of Link Communication Rate for Heterogeneous Communication in Power System
计算机科学, 2021, 48(11A): 495-499. https://doi.org/10.11896/jsjkx.200500113
[5] 曾德泽, 李跃鹏, 赵宇阳, 顾琳.
基于强化学习的高能效基站动态调度方法
Reinforcement Learning Based Dynamic Basestation Orchestration for High Energy Efficiency
计算机科学, 2021, 48(11): 363-371. https://doi.org/10.11896/jsjkx.201000008
[6] 叶胜男, 陈建华.
一个强安全的无证书签名方案的分析和改进
Security Analysis and Improvement of Strongly Secure Certificateless Digital Signature Scheme
计算机科学, 2021, 48(10): 272-277. https://doi.org/10.11896/jsjkx.201200117
[7] 方旭愿, 田红心, 孙德春, 杜文丛, 祁婷.
基于绿色能源感知的效用函数异构网络接入算法
Utility Function Heterogeneous Network Access Algorithm Based on Green Energy Perception
计算机科学, 2019, 46(8): 127-132. https://doi.org/10.11896/j.issn.1002-137X.2019.08.021
[8] 左黎明, 陈祚松, 夏萍萍, 汤鹏志, 康文洋.
一种改进的高效无证书短签名方案
Improved Efficient Certificateless Short Signature Scheme
计算机科学, 2019, 46(4): 172-176. https://doi.org/10.11896/j.issn.1002-137X.2019.04.027
[9] 张建安.
基于移动切换认证的分层异构网络中的用户敏感信息隐藏方法
Users’ Sensitive Information Hiding Method in Hierarchical Heterogeneous Network Based on Mobile Switching Authentication
计算机科学, 2019, 46(3): 217-220. https://doi.org/10.11896/j.issn.1002-137X.2019.03.032
[10] 张绘娟, 张达敏, 闫威, 陈忠云, 辛梓芸.
异构网络中基于吞吐量优化的资源分配机制
Throughput Optimization Based Resource Allocation Mechanism in Heterogeneous Networks
计算机科学, 2019, 46(10): 109-115. https://doi.org/10.11896/jsjkx.180901787
[11] 庄陵,尹耀虎.
认知异构网络中基于不完全频谱感知的资源分配算法
Resource Allocation Algorithm for Cognitive Heterogeneous Networks Based on Imperfect Spectrum Sensing
计算机科学, 2018, 45(5): 49-53. https://doi.org/10.11896/j.issn.1002-137X.2018.05.008
[12] 王振朝,侯欢欢,连蕊.
抑制CMT中乱序程度的路径优化方案
Path Optimization Scheme for Restraining Degree of Disorder in CMT
计算机科学, 2018, 45(4): 122-125. https://doi.org/10.11896/j.issn.1002-137X.2018.04.019
[13] 王瑞云,赵国磊,常朝稳,王雪健.
典型安全网关的形式化设计与证明
Formal Design and Verification for Typical Security Gateway
计算机科学, 2017, 44(9): 142-147. https://doi.org/10.11896/j.issn.1002-137X.2017.09.028
[14] 高秀娥,李克秋.
基于改进多属性判决的异构网络接入选择算法
Research on Heterogeneous Network Access Selection Algorithm Based on Improved Multiple Attribute
计算机科学, 2017, 44(6): 97-101. https://doi.org/10.11896/j.issn.1002-137X.2017.06.017
[15] 吴卫祖,刘利群,谢冬青.
基于神经网络的异构网络向量化表示方法
Vectorized Representation of Heterogeneous Network Based on Neural Networks
计算机科学, 2017, 44(5): 272-275. https://doi.org/10.11896/j.issn.1002-137X.2017.05.049
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发