面向轻量级物联网设备的高效匿名身份认证协议设计

doi:10.11959/j.issn.1000-436x.2022125

通信学报 ›› 2022, Vol. 43 ›› Issue (7): 49-61.doi: 10.11959/j.issn.1000-436x.2022125

面向轻量级物联网设备的高效匿名身份认证协议设计

王振宇¹, 郭阳¹, 李少青¹, 侯申², 邓丁¹

¹ 国防科技大学计算机学院，湖南长沙 410000
² 信息工程大学，河南洛阳 471003

修回日期:2022-03-15 出版日期:2022-07-25 发布日期:2022-06-01
作者简介:王振宇（1995- ），男，湖南长沙人，国防科技大学博士生，主要研究方向为硬件安全、物联网协议、安全认证协议、物理不可克隆函数等
郭阳（1971- ），男，湖南长沙人，博士，国防科技大学研究员、博士生导师，主要研究方向为微处理设计、嵌入式系统设计等
李少青（1963- ），男，陕西西安人，国防科技大学研究员、博士生导师，主要研究方向为硬件安全、硬件木马检测、IP 核安全检测等
侯申（1983- ），男，河南洛阳人，博士，信息工程大学讲师，主要研究方向为物理不可克隆函数设计、微处理器设计、物联网安全等
邓丁（1993- ），男，湖南长沙人，博士，国防科技大学讲师，主要研究方向为硬件木马、物理不可克隆函数设计、高性能处理器扫描测试等
基金资助:
国家自然科学基金资助项目(61832018)

Design of efficient anonymous identity authentication protocol for lightweight IoT devices

Zhenyu WANG¹, Yang GUO¹, Shaoqing LI¹, Shen HOU², Ding DENG¹

¹ College of Computer Science and Technology, National University of Defense Technology, Changsha 410000, China
² Information Engineering University, Luoyang 471003, China

Revised:2022-03-15 Online:2022-07-25 Published:2022-06-01
Supported by:
The National Natural Science Foundation of China(61832018)

摘要/Abstract

摘要：

针对现有方案中复杂安全原语不适合资源受限的物联网设备的问题，基于物理不可克隆函数（PUF）为物联网设备设计了一种轻量级高效匿名身份认证协议。通过形式化安全模型和ProVerif协议分析工具，证明该协议满足信息传输机密性、完整性、不可追踪和前向/后向保密等13种安全属性。与近几年认证方案的性能对比分析表明，该协议在设备端与服务器端的计算开销分别为0.468 ms和0.072 ms，设备存储开销与通信开销分别为256 bit和896 bit，高度适用于资源受限的轻量级物联网设备。

关键词: 物理不可克隆函数, 轻量级, 匿名性, 双向认证, 物联网

Abstract:

Aiming at the problem that complex security primitives in existing schemes were not suitable for resource-constrained IoT devices, a lightweight efficient anonymous identity authentication protocol for IoT devices was designed based on physical unclonable function (PUF).Through the formal security model and ProVerif tool, it was proved that the protocol satisfies 13 security properties such as information confidentiality, integrity, un-traceability, and forward/backward secrecy.Compared with existing relevant protocols, the computing overhead of the protocol on the device side and the server side is 0.468 ms and 0.072 ms respectively, and the device storage and communication overheads are 256 bit and 896 bit respectively, which is highly suitable for lightweight IoT devices with limited resources.

Key words: physical unclonable function, lightweight, anonymity, mutual authentication, Internet of things

中图分类号:

TN918.9

王振宇, 郭阳, 李少青, 侯申, 邓丁. 面向轻量级物联网设备的高效匿名身份认证协议设计[J]. 通信学报, 2022, 43(7): 49-61.

Zhenyu WANG, Yang GUO, Shaoqing LI, Shen HOU, Ding DENG. Design of efficient anonymous identity authentication protocol for lightweight IoT devices[J]. Journal on Communications, 2022, 43(7): 49-61.

图/表 11

图1

表1

符号说明"

符号	含义
${PID}_{D}^{i}$	设备D在第i轮认证的伪随机身份
${ID}_{D}$	设备D的真实身份
${ID}_{TM}$	设备D临时认证身份
$CRP (C_{i}, R_{i})$	第i轮认证激励-响应对
${PUF}_{D} (\cdot)$	设备D中的物理不可克隆函数
$H (\cdot)$	单向Hash函数
$\oplus$	异或操作
$\| \|$	级联操作
$a_{i}, b_{i}$	伪随机数

表1

图2

图3

图4

图5

图6

表2

表3

表4

图7

参考文献 29

[1]	HAGHI K M , MADANIPOUR M , NIKRAVAN M ,et al. A systematic review of IoT in healthcare:applications,techniques,and trends[J]. Journal of Network and Computer Applications, 2021,192: 103-164.
[2]	SHAFIQUE K , KHAWAJA B A , SABIR F ,et al. Internet of things (IoT) for next-generation smart systems:a review of current challenges,future trends and prospects for emerging 5G-IoT Scenarios[J]. IEEE Access, 2020,8: 23022-23040.
[3]	BEDI G , VENAYAGAMOORTHY G K , SINGH R . Review of Internet of things (IoT) in electric power and energy systems[J]. IEEE Internet of Things Journal, 2018,5(2): 847-870.
[4]	毅宇, 周威, 赵尚儒 ,等. 物联网安全研究综述：威胁、检测与防御[J]. 通信学报, 2021,42(8): 188-205.
	YANG Y Y , ZHOU W , ZHAO S R ,et al. Survey of IoT security research:threats,detection and defense[J]. Journal on Communications, 2021,42(8): 188-205.
[5]	IBRAHIM A , DALKILIC G . Review of different classes of RFID authentication protocols[J]. Wireless Networks, 2019,25(3): 961-974.
[6]	LI W , LI X L , GAO J T ,et al. Design of secure authenticated key management protocol for cloud computing environments[J]. IEEE Transactions on Dependable and Secure Computing, 2021,18(3): 1276-1290.
[7]	IU S M , WANG D , XU G A ,et al. Practical and provably secure three-factor authentication protocol based on extended chaotic-maps for mobile lightweight devices[J]. IEEE Transactions on Dependable and Secure Computing, 2022,19(2): 1338-1351.
[8]	AO Y S , AL-SARAWI S F , ABBOTT D . Physical unclonable functions[J]. Nature Electronics, 2020,3(2): 81-91.
[9]	ELVAUX J . Machine-learning attacks on PolyPUFs,OB-PUFs,RPUFs,LHS-PUFs,and PUF-FSMs[J]. IEEE Transactions on Information Forensics and Security, 2019,14(8): 2043-2058.
[10]	叶靖, 胡瑜, 李晓维 . 非确定性仲裁型物理不可克隆函数设计[J]. 计算机辅助设计与图形学学报, 2017,29(1): 166-171.
	YE J , HU Y , LI X W . Nondeterministic logic based arbiter physical unclonable function[J]. Journal of Computer-Aided Design ＆ Computer Graphics, 2017,29(1): 166-171.
[11]	PRADA-DELGADO M A , VáZQUEZ-REYES A , BATURONE I . Trustworthy firmware update for Internet-of-thing devices using physical unclonable functions[C]// Proceedings of 2017 Global Internet of Things Summit (GIoTS). Piscataway:IEEE Press, 2017: 1-5.
[12]	MALL P , AMIN R , DAS A K ,et al. PUF-based authentication and key agreement protocols for IoT,WSNs,and smart grids:a comprehensive survey[J]. IEEE Internet of Things Journal, 2022,9(11): 8205-8228.
[13]	GU C Y , CHANG C H , LIU W Q ,et al. A modeling attack resistant deception technique for securing lightweight-PUF-based authentication[J]. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 2021,40(6): 1183-1196.
[14]	GOPE P , LEE J , QUEK T Q S . Lightweight and practical anonymous authentication protocol for RFID systems using physically unclonable functions[J]. IEEE Transactions on Information Forensics and Security, 2018,13(11): 2831-2843.
[15]	HOSSAIN M , NOOR S , HASAN R . HSC-IoT:a hardware and software co-verification based authentication scheme for Internet of things[C]// Proceedings of 2017 5th IEEE International Conference on Mobile Cloud Computing,Services,and Engineering (MobileCloud). Piscataway:IEEE Press, 2017: 109-116.
[16]	AKGüN M , ?A?LAYAN M U , . Providing destructive privacy and scalability in RFID systems using PUFs[J]. Ad Hoc Networks, 2015,32: 32-42.
[17]	ZHOU L , LI X , YEH K H ,et al. Lightweight IoT-based authentication scheme in cloud computing circumstance[J]. Future Generation Computer Systems, 2019,91: 244-251.
[18]	MORIYAMA D , MATSUO S , YUNG M . PUF-based RFID authentication secure and private under memory leakage[R]. 2014.
[19]	PATIL A S , HAMZA R , HASSAN A ,et al. Efficient privacy-preserving authentication protocol using PUFs with blockchain smart contracts[J]. Computers ＆ Security, 2020,97:101958.
[20]	XIE Q , HU B , TAN X ,et al. Robust anonymous two-factor authentication scheme for roaming service in global mobility network[J]. Wireless Personal Communications, 2014,74(2): 601-614.
[21]	DOLEV D , YAO A . On the security of public key protocols[J]. IEEE Transactions on Information Theory, 1983,29(2): 198-208.
[22]	WANG W Z , CHEN Q , YIN Z M ,et al. Blockchain and PUF-based lightweight authentication protocol for wireless medical sensor networks[J]. IEEE Internet of Things Journal, 2022,9(11): 8883-8891.
[23]	BIAN W X , GOPE P , CHENG Y Q ,et al. Bio-AKA:an efficient fingerprint based two factor user authentication and key agreement scheme[J]. Future Generation Computer Systems, 2020,109: 45-55.
[24]	QURESHI M A , MUNIR A . PUF-RAKE:a PUF-based robust and lightweight authentication and key establishment protocol[J]. IEEE Transactions on Dependable and Secure Computing, 2021,PP(99): 1.
[25]	黄可可, 刘亚丽, 殷新春 . 一种基于PUF的超轻量级RFID标签所有权转移协议[J]. 密码学报, 2020,7(1): 115-133.
	HUANG K K , LIU Y L , YIN X C . A PUF-based ultra-lightweight ownership transfer protocol for low-cost RFID tags[J]. Journal of Cryptologic Research, 2020,7(1): 115-133.
[26]	FEISTEL H , NOTZ W A , SMITH J L . Some cryptographic techniques for machine-to-machine data communications[J]. Proceedings of the IEEE, 1975,63(11): 1545-1554.
[27]	SCHNEIER B . Applied cryptography:protocols,algorithms,and source code in C[M]. New York: Wiley, 1996.
[28]	HOU S , DENG D , WANG Z Y ,et al. A dynamically configurable LFSR-based PUF design against machine learning attacks[J]. CCF Transactions on High Performance Computing, 2021,3(1): 31-56.
[29]	AYSU A , GULCAN E , MORIYAMA D . End-to-end design of a PUF-based privacy preserving authentication protocol[C]// Cryptographic Hardware and Embedded Systems. Berlin:Springer, 2015: 556-576.

协议	双向认证	不可追踪性	可扩展性	前向/后向安全性	数据完整性	不可克隆性	DoS攻击	重放攻击	物理攻击	建模攻击	假冒攻击	中间人攻击	去同步攻击
Wang等^[22]	√	√	×	√	√	√	√	√	×	×	√	√	×
Patil等^[19]	√	√	×	√	√	√	×	√	×	×	√	√	×
Gope等^[14]	√	×	√	√	√	√	√	√	√	×	√	√	√
Bian等^[23]	√	×	×	√	√	√	×	√	×	√	√	√	√
Qureshi等^[24]	√	√	√	√	×	√	×	√	×	×	√	√	√
黄可可等^[25]	√	√	×	√	×	√	×	√	×	×	×	√	√
本文协议	√	√	√	√	√	√	√	√	√	√	√	√	√

操作	T_H/ms	T_P/ms	T_M/ms	T_F/ms	T_SK/ms	T_FE.GEN/ms	T_FE.REP/ms
设备端操作	0.028	0.15	0.686	0.036	0.075	1.67	2.85
服务器端操作	0.012	—	0.332	0.013	0.038	0.82	1.43

协议	设备端	服务器端
Wang等^[22]	6T_H+3T_P+T_R+T_FE.REP	8T_M+T_P
Gope等^[14]	4T_H+2T_P+T_R+T_FE.REP	5T_H+T_R+T_FE.REP
Bian等^[23]	11T_H+T_P+T_R+T_FE.REP	10T_H+T_R+T_FE.REP
Qureshi等^[24]	5T_M+T_P+3T_R	5T_M+2T_P+T_SK
黄可可等^[25]	2T_P+8T_F+2T_R	2T_R+8T_F
本文协议	4T_H+2T_P+2T_R	4T_H+2T_R

面向轻量级物联网设备的高效匿名身份认证协议设计

Design of efficient anonymous identity authentication protocol for lightweight IoT devices

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 11

参考文献 29

相关文章 15

Metrics

推荐阅读 0

[1]	金彪, 李逸康, 姚志强, 陈瑜霖, 熊金波. GenFedRL：面向深度强化学习智能体的通用联邦强化学习框架[J]. 通信学报, 2023, 44(6): 183-197.
[2]	王圣宝, 周鑫, 文康, 翁柏森. 适用于智能电网的三方认证密钥交换协议[J]. 通信学报, 2023, 44(2): 210-218.
[3]	刘帅, 关杰, 胡斌, 马宿东. 基于MILP的轻量级密码算法ACE的差分分析[J]. 通信学报, 2023, 44(1): 39-48.
[4]	廖海君, 贾泽晗, 周振宇, 刘念, 王飞, 甘忠, 姚贤炯. 面向调控信息新鲜度保障的电力至简物联网资源优化[J]. 通信学报, 2022, 43(7): 203-214.
[5]	殷新春, 王梦宇, 宁建廷. 轻量级可搜索医疗数据共享方案[J]. 通信学报, 2022, 43(5): 110-122.
[6]	杨小东, 田甜, 王嘉琪, 李梅娟, 王彩芬. 基于云边协同的无证书多用户多关键字密文检索方案[J]. 通信学报, 2022, 43(5): 144-154.
[7]	蒋梓龙, 金晨辉. Saturnin算法的不可能差分分析[J]. 通信学报, 2022, 43(3): 53-62.
[8]	孙海丽, 龙翔, 韩兰胜, 黄炎, 李清波. 工业物联网异常检测技术综述[J]. 通信学报, 2022, 43(3): 196-210.
[9]	张琳, 魏新艳, 刘茜萍, 黄海平, 王汝传. 基于协作信誉和设备反馈的物联网边缘服务器信任评估算法[J]. 通信学报, 2022, 43(2): 118-130.
[10]	张晓茜, 徐勇军. 面向零功耗物联网的反向散射通信综述[J]. 通信学报, 2022, 43(11): 199-212.
[11]	梁晓艳, 杜瑞忠. IoT下CapBAC规则语义表示及其时间间隔粗糙性分析[J]. 通信学报, 2021, 42(9): 43-53.
[12]	杨毅宇, 周威, 赵尚儒, 刘聪, 张宇辉, 王鹤, 王文杰, 张玉清. 物联网安全研究综述：威胁、检测与防御[J]. 通信学报, 2021, 42(8): 188-205.
[13]	王化群, 刘哲, 何德彪, 李继国. 公有云中身份基多源IoT终端数据PDP方案[J]. 通信学报, 2021, 42(7): 52-60.
[14]	范平志, 李里, 陈欢, 程高峰, 杨林杰, 汤小波. 面向大规模物联网的随机接入：现状、挑战与机遇[J]. 通信学报, 2021, 42(4): 1-21.
[15]	田辉, 伍浩, 田洋, 任建阳, 崔亚娟, 艾文宝, 袁健华. 工业物联网中大规模受损边缘计算网络修复机制[J]. 通信学报, 2021, 42(4): 89-99.