计算机科学

计算机科学 ›› 2023, Vol. 50 ›› Issue (11A): 230700075-10.doi: 10.11896/jsjkx.230700075

• 信息安全 • 上一篇    下一篇

面向工业物联网的轻量级群组密钥协商方案

王子宸1, 袁程胜1, 王一力1, 郭萍1, 付章杰1,2   

  1. 1 南京 信息工程大学计算机学院数字取证教育部工程研究中心 南京 210044
    2 西安电子科技大学综合业务网理论及关键技术国家重点实验室 西安 710071
  • 发布日期:2023-11-09
  • 通讯作者: 袁程胜(yuancs@nuist.edu.cn)
  • 作者简介:(princechenwzc@gmail.com)
  • 基金资助:
    国家自然科学基金(62102189);国家社会科学基金(2022GKJJGCG082);江苏省大学生创新创业训练计划支持项目(202210300107Y);南京信息工程大学大学生创新创业训练计划项目(XJDC202210300191)

Lightweight Group Key Agreement for Industrial Internet of Things

WANG Zichen1, YUAN Chengsheng1, WANG Yili1, GUO Ping1, FU Zhangjie1,2   

  1. 1 School of Computer Science, Nanjing University of Information Science, Technology, Engineering Research Center of Digital Forensics Ministry of Education, Nanjing 210044,China
    2 State Key Laboratory of Integrated Services Networks,Xidian University,Xi'an 710071,China
  • Published:2023-11-09
  • About author:WANG Zichen,born in 2003,postgraduate.His main research interests include information security and so on.
    YUAN Chengsheng,born in 1989,Ph.D,associate professor,MA supervisor,is a member of China Computer Federation.His main interests include information security and so on.
  • Supported by:
    National Natural Science Foundation of China(62102189),National Social Sciences Foundation of China(2022GKJJGCG082),Jiangsu Province Higher Education College Student Innovation and Entrepreneurship Training Program Project (202210300107Y) and NUIST Students’ Platform for Innovation and Entrepreneurship Training Program(XJDC202210300191).

PDF (PC)

589

摘要: 近年来,基于群组信息共享的工业物联网技术因具有实时、安全和信息互通等特性,被广泛应用于工业制造和金融贸易等领域。但是,该技术大多基于群组密钥协商协议,存在开销大、安全性弱、可拓展性低等缺陷。因此,如何设计安全高效的群组密钥协商协议成为当前亟需解决的科学难题,为此文中利用平衡不完全区组设计的数学结构和椭圆曲线Qu Vanstone认证协议,提出了一种全新的基于结构化的群组密钥协商协议。首先,为了降低协议的计算开销,使用ECQV认证协议,避免执行配对运算。然后,为了证明协议的安全性,借助ECDDH假设,对所提协议进行了安全性证明。最后,为了降低协议的通信开销,提高协议的可拓展性,利用非对称平衡不完全区组设计,对现有的群组密钥协商协议进行了拓展,将所支持的成员数从p2拓展为p2p2+p+1。实验结果表明,所提协议能够将计算开销降低至O(nnm),将通信开销降低至O(nn)。该协议在保证抵抗选择明文攻击时安全性的同时,还能使参与群组密钥协商的人数灵活地自适应扩展,进一步提升了群组密钥协商协议的安全性和执行效率。

关键词: 群组密钥协商, 平衡不完全区组设计, 无配对运算, 工业物联网, 椭圆曲线Qu Vanstone认证

Abstract: In recent years,the industrial Internet of Things based on group information sharing has been widely used in industrial manufacturing,financial trade and other fields due to its real-time,security and information exchange characteristics.However,this technology is based on the group key agreement protocol,which has defects such as high overhead,weak security,and low scalability.Therefore,how to design a safe and efficient group key agreement protocol has become a scientific problem that needs to be solved urgently.In this paper,using the mathematical structure of balanced incomplete block design and the elliptic curve Qu Vanstone authentication protocol,a new method based on structured group key agreement protocol is proposed.First,in order to reduce the computational overhead of the protocol,the ECQV authentication protocol is used to avoid performing pairing operations.Then,the security of the proposed protocol is proved with the help of ECDDH assumption.Finally,in order to reduce the communication overhead of the protocol and improve the scalability of the protocol,the existing group key agreement protocol is extended by using the asymmetric balanced incomplete block design.And the number of supported members is changed from p2 to p2 and p2+p+1.Experimental results show that the proposed protocol can reduce the computational overhead to O(nnm),and the communication overhead to O(nn).While ensuring security against chosen plaintext attacks,the protocol can flexibly and adaptively expand the number of participants in group key agreement,which further improves the security and efficiency of the group key agreement protocol.

Key words: Group key agreement, Balanced incomplete block design, Pairing-free computing, Industrial Internet of Things, Elliptic curve Qu Vanstone certificate

中图分类号: 

  • TP309
[1]VINOTH R,DEBORAH L J.An efficient key agreement and authentication protocol for secure communication in industrial IoT applications[J].Journal of Ambient Intelligence and Humanized Computing,2023,14(3):1431-1443.
[2]DIFFIE W,HELLMAN M E.New directions in cryptography[J].IEEE Transactions on Information Theory,1976,22(6):644-654.
[3]BLAKE-WILSON S,JOHNSON D,MENEZES A.Key agreement protocols and their security analysis[J].Lecture Notes in Computer Science,1997,1355:30-45.
[4]YI X.Identity-based fault-tolerant conference key agreement[J].IEEE Transactions on Dependable and Secure Computing,2004,1(3):170-178.
[5]SHEN J,ZHOU T,CHEN X,et al.Anonymous and traceablegroup data sharing in cloud computing[J].IEEE Transactions on Information Forensics and Security,2017,13(4);912-925.
[6]ZHANG R,ZHANG L,CHOO K K R,et al.Dynamic authenticated asymmetric group key agreement with sender non-repudiation and privacy for grouporiented applications[J].IEEE Transactions on Dependable and Secure Computing,2021,20(1):492-505.
[7]SHEN J,ZHOU T,HE D,et al.Block design-based key agreement for group data sharing in cloud computing[J].IEEE Transactions on Dependable and Secure Computing,2017,16(6):996-1010.
[8]LXV W R.An illusion of size[J].The London,Edinburgh,and Dublin Philosophical Magazine and Journal of Science,1946,37(272):643-648.
[9]CAMPAGNA M.Sec 4:Elliptic curve qu-vanstone implicit certificate scheme(ecqv)[J].Standards for Efficient Cryptography,Version,2013,4(1):1-28.
[10]INGEMARSSON I,TANG D,WONG C.A conference key distribution system[J].IEEE Transactions on Information Theory,1982,28(5):714-720.
[11]KIM Y,PERRIG A,TSUDIK G.Tree-based group key agreement-[J].ACM Transactions on Information and System Security(TISSEC),2004,7(1):60-96.
[12]BARUA R,DUTTA R,SARKAR P.Extending joux’s protocol to multi party key agreement(extended abstract)[J].Lecture Notes in Computer Science,2003,2003:205-217.
[13]BURMESTER M,DESMEDT Y.A secure and efficient conference key distribution system[C]//Advances in Cryptology EUROCRYPT’94:Workshop on the Theory and Application of Cryptographic Techniques Perugia.Italy,Springer,1995:275-286.
[14]BRESSON E,CHEVASSUT O,POINTCHEVAL D.Group diffie-hellman key exchange secure against dictionary attacks[C]//Advances in Cryptology ASIACRYPT 2002:8th International Conference on the Theory and Application of Cryptology and Information Security Queenstown.New Zealand,Springer,2002:497- 514.
[15]ZHANG R,ZHANG L,CHOO K K R,et al.Dynamic Authenticated Asymmetric Group Key Agreement With Sender Non-Repudiation and Privacy for Group-Oriented Applications[J].IEEE Transactions on Dependable and Secure Computing,2021:492-505.
[16]SHEN J,ZHOU T,LIU X,et al.A novel latinsquare- based secret sharing for m2m communications[J].IEEE Transactions on Industrial Informatics,2018,14(8):3659-3668.
[17]SHEN J,MOH S,CHUNG I.Identity-based key agreement protocol employing a symmetric balanced incomplete block design[J].Journal of Communications and Networks,2012,14(6):682-691.
[18]ZHANG J,ZHONG H,CUI J,et al.SMAKA:Secure Many-to-Many Authentication and Key Agreement Scheme for Vehicular Networks[J].IEEE Transactions on Information Forensics and Security,2020,16:1810-1824.
[19]BRAEKEN A.Pairing free asymmetric group key agreementprotocol[J].Computer Communications,2022,181:267-273.
[20]PORAMBAGE P,KUMAR P,SCHMITT C,et al.Certificate-based pairwise key establishment protocol for wireless sensor networks[C]//2013 IEEE 16th International Conference on Computational Science and Engineering.IEEE,2013:667-674.
[21]SHEN H.Combinatorial design theory[M].Shanghai:Shanghai Jiaotong University Press,1996:1-63.
[22]ELGAMAL T.A public key cryptosystem and a signaturescheme based on discrete logarithms[J].IEEE Transactions on Information Theory,1985,31(4):469-472.
[23]STRANGIO M A.On the resilience of key agreement protocols to key compromise impersonation[C]//EuroPKI.Springer,2006:233-247.
[24]XIE M,WANG L.One-round identity-based key exchange with perfect forward security[J].Information Processing Letters,2012,112(14/15):587-591.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发