计算机科学

计算机科学 ›› 2023, Vol. 50 ›› Issue (5): 363-371.doi: 10.11896/jsjkx.220400193

• 信息安全 • 上一篇    下一篇

可证明安全的异构无线传感器秘钥管理协议

张凌浩1, 唐勇1, 邓东2, 刘洋洋2, 唐超1, 桂盛霖2   

  1. 1 国网四川省电力公司电力科学研究院 成都 610000
    2 电子科技大学计算机科学与工程学院 成都 611731
  • 收稿日期:2022-04-20 修回日期:2022-09-13 出版日期:2023-05-15 发布日期:2023-05-06
  • 通讯作者: 桂盛霖(shenglin_gui@uestc.edu.cn)
  • 作者简介:(16100178@qq.com)
  • 基金资助:
    国家自然科学基金(61401067);四川省科技重大专项(2018GZDZX0009);国网四川省电力公司科技项目(52199719001F)

Provably Secure Key Management Protocol for Heterogeneous WSN

ZHANG Linghao1, TANG Yong1, DENG Dong2, LIU Yangyang2, TANG Chao1, GUI Shenglin2   

  1. 1 State Grid Sichuan Eletric Power Research Institute,Chengdu 610000
    2 School of Computer Science and Engineering,University of Electronic Science and Technology of China,Chengdu 611731,China
  • Received:2022-04-20 Revised:2022-09-13 Online:2023-05-15 Published:2023-05-06
  • About author:ZHANG Linghao,born in 1985,Ph.D,senior engineer,is a member of China Computer Federation.His main research interests include cybersecurity and big data analysis.
    GUI Shenglin,born in 1983,Ph.D,associate professor,is a member of China Computer Federation.His main research interests include information security and artificial intelligence.
  • Supported by:
    National Natural Science Foundation of China(61401067),Sichuan Province Science and Technology Major Project(2018GZDZX0009) and Science and Technology Project of State Gird Sichuan Electric Power Company(52199719001F).

PDF (PC)

260

摘要: 认证和秘钥协商协议是解决无线传感器网络中设备安全通信的主流方法,而目前主流的无线传感器网络秘钥协商协议考虑的场景为对等节点之间的认证和协商,存在计算量高、通信效率低的问题。针对以上问题,提出了适用于异构无线传感器网络中的认证与秘钥管理协议,通信终端节点(L节点)双方首先与各自所在簇的管理节点(H节点)协商会话秘钥,若未通过身份认证,则拒绝L节点接入网络,解决了大多数协议缺少应对拒绝服务攻击的问题;然后借助通信路径所经过的H节点转发会话秘钥协商信息,完成通信双方端到端的会话秘钥协商,使得协议具有安全网关和访问控制的能力。该协议还支持对被捕获节点的节点注销,并减少对其他通信链路安全性的影响。基于求解椭圆曲线上的离散对数问题和Diffie-Hellman问题的困难性假设,在随机预言机模型中证明了该方案可以满足前向安全、抗秘钥泄露伪装攻击、未知秘钥共享安全、无秘钥托管、已知秘钥安全等更完整的安全属性,与已有文献相比,所提协议在应对拒绝服务攻击上具有最低的计算开销,整体计算量和通信量适中。

关键词: 异构网络, 秘钥管理, 安全网关, 随机预言机

Abstract: Authentication and key agreement protocol is the mainstream method to solve the secure communication of devices in wireless sensor networks.For the current mainstream secret key agreement protocol in wireless sensor networks,the scenario considered is authentication and agreement between peer nodes,which has the problems of high computation and low communication efficiency.To solve the above problems,this paper proposes an authentication and secret key management protocol suitable for heterogeneous wireless sensor networks.Both communication terminal nodes(L node) first establish the session secret key with the management node(H node) of their respective cluster.If they fail to pass the identity authentication,the L node will be denied access to the network,which solves the problem that most protocols lack to deal with denial of service attacks.Then,with the help of the H node through which the communication path passes,the session key agreement information is forwarded to complete the end-to-end session key agreement between the communication parties,so that the protocol has the abilities of security gateway and access control.The protocol also supports the revocation of the captured node and reduces the impact on the security of other communication links.Based on the difficult assumption of solving the discrete logarithm problem and Diffie Hellman problem on elliptic curve,it is proved in the random oracle model that the scheme can meet more complete security attributes such as forward security,anti secret key leakage camouflage attack,unknown secret key sharing security,no secret key escrow,known secret key security and so on.Compared with the existing literature,the protocol has the lowest computational overhead in dealing with denial of service attack,and the overall amount of computation and communication is moderate.

Key words: Heterogeneous network, Key management, Security gateway, Random oracle mode

中图分类号: 

  • TN918.91
[1]HUANG H,GONG T,YE N,et al.Private and secured medical data transmission and analysis for wireless sensing healthcare system[J].IEEE Transactions on Industrial Informatics,2017,13(3):1227-1237.
[2]KE Z,KAI X,FUSHAN W.A Provably Secure AnonymousAuthenticated Key Exchange Protocol Based on ECC for Wireless Sensor Networks[J].Wireless Communications and Mobile Computing,2018,2018:1-9.
[3]SAMIR A,AZEDDINE B,DJALLEL E B.EDAK:An Efficient Dynamic Authentication and Key Management Mechanism for heterogeneous WSNs[J].Future Generation Computer Systems,2019,92(2019):789-799.
[4]WU C,HUANG H,ZHOU K,et al.Cryptanalysis and improvement of a new certificateless signature scheme in the standard model[J].China Communications,2021,18(1):151-160.
[5]WU J D,TSENG Y M,HUANG S S.An Identity-Based Authenticated Key Exchange Protocol Resilient to Continuous Key Leakage[J].IEEE Systems Journal,2019,13(4):3968-3979.
[6]AL-RIYAMI S S,PATERSON K G.Certificateless public keycryptography[C]//9th International Conference on the Theory and Application of Cryptology and Information Security.Taipei,China,2003:452-473.
[7]HUANG X Y,WILLY S,YI M,et al.On the security of a certificateless signature scheme[C]//Proceedings of the CANS 2005.Xiamen,China,2005:13-25.
[8]SWANSON C,JAO D.A Study of Two-Party CertificatelessAuthenticated Key-Agreement Protocols[C]//Proceedings of International Conference on Cryptology in India:Progress in Cryptology.New Delhi,India,2009:57-71.
[9]LAMACCHIA B,LAUTER K,MITYAGIN A.Stronger Secu-rity of Authenticated Key Exchange[C]//Proceedings of International Conference on Provable Security.Wollong,Australia,2007:1-16.
[10]MANDT T K,TAN C H.Certificateless Authenticated Two-Party Key Agreement Protocols[C]//Proceedings of Advances in Computer Science-ASIAN 2006.Secure Software and Rela-ted Issues,11th Asian Computing Science Conference.Tokyo,Japan:Springer-Verlag,2006:37-44.
[11]WANG S B,CAO Z G,WANG L C,et al.Efficient certificateless authenticated key agreement protocol from pairings[J].Wuhan University Journal of Natural Science,2006,11(5):1278-1282.
[12]SHAO Z H.Efficient authenticate key agreement protocol using self-certified public keys from pairings[J].Wuhan University Journal of Natural Sciences,2005,10(1):267-270.
[13]SHI Y,LI J H.Two-party authenticated key agreement in certificateless public key cryptography[J].Wuhan University Journal of Natural Sciences,2007,12(1):71-74.
[14]LIU W H,XU C X.Two Party Certificateless Key Agreement Schemes[J].Journal of Software,2011,22(11):2843-2852.
[15]ZHOU Y W,YANG B,ZHANG W Z.An Improved Two-Party Authenticated Certificateless Key Agreement Protocol[J].Chinese Journal of Computers,2017,40(5):1181-1191.
[16]SEO S H,WON J,SULTANA S.Effective Key Management in Dynamic Wireless Sensor Networks[J].IEEE Transactions on Information Forensics and Security,2015,10(2):371-383.
[17]XU S W,REN X P,CHEN C,et al.Provably Secure Certificateless Two-Party Authenticated Key Agreement Protocol[J].Journal of Cryptologic Research,2020,7(6):886-898.
[18]WU T,JING X.Two-party certificateless authenticated keyagreement protocol with enhanced security[J].The Journal of China Universities of Posts and Telecommunications(English version),2019,26(1):12-20.
[19]LI N,DONG Y,CHE T,et al.Research and improvement on certificateless authenticated key agreement[J].Engineering Journal of Wuhan University,2017,50(1):146-149.
[20]ZENG P,GUO R F,MA Y J,et al.Provable Security Certificateless Authentication Scheme for Vehicular Ad hoc Network[J].Journal of Electronics and Information Technology,2020,42(12):2873-2881.
[21]HE D B,CHEN Y T,CHEN J H,et al.A new two-round certi-ficateless authenticated key agreement protocol without bilinear pairings[J].Mathematical & Computer Modelling,2011,54(11/12):3143-3152.
[22]ZHANG L,ZHANG F T.A Method to Construct a Class ofCertificateless Signature Schemes[J].Chinese Journal of Computers,2009,32(5):940-945.
[23]CUI W,CHENG R,WU K,et al.A Certificateless Authenticated Key Agreement Scheme for the Power IoT[J].Energies,2021,14(19):6317.
[24]TEDESCHI P,SCIANCALEPORE S,ELIYAN A,et al.LiKe:Lightweight certificateless key agreement for secure IoT communications[J].IEEE Internet of Things Journal,2019,7(1):621-638.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发