通信学报 ›› 2020, Vol. 41 ›› Issue (7): 213-222.doi: 10.11959/j.issn.1000-436x.2020131
• 学术通信 • 上一篇
修回日期:
2020-05-26
出版日期:
2020-07-25
发布日期:
2020-08-01
作者简介:
闫宏强(1972- ),男,河北卢龙人,中国科学院博士生,主要研究方向为个人信息与隐私保护|王琳杰(1981- ),男,山东平度人,贵州大学博士生,主要研究方向为网络与信息安全
基金资助:
Hongqiang YAN1,2,Linjie WANG3,4()
Revised:
2020-05-26
Online:
2020-07-25
Published:
2020-08-01
Supported by:
摘要:
物联网认证技术是物联网安全领域的关键技术,它确保接入物联网的用户和设备节点身份信息的真实性。由于物联网设备的低成本、低功耗、小存储和网络的异构性等特点,使传统计算机网络中的身份认证机制往往无法适用。首先介绍了物联网发展历程,分析了物联网安全风险和认证工作面临的挑战,着重比较了5种典型的认证协议的优缺点,进而对 RFID、智能电网、车联网、智能家居等几种实践场景下的认证技术进行总结和对比分析。最后,讨论了未来物联网认证技术的研究方向。
中图分类号:
闫宏强,王琳杰. 物联网中认证技术研究[J]. 通信学报, 2020, 41(7): 213-222.
Hongqiang YAN,Linjie WANG. Research of authentication techniques for the Internet of things[J]. Journal on Communications, 2020, 41(7): 213-222.
表1
物联网网络认证模型描述"
认证模型 | 描述 |
模型1 | 用户将身份认证请求发送给GWN,GWN将用户信息发送给传感器,传感器确认用户信息并将信息反馈给GWN,GWN收到信息后对用户进行身份认证 |
模型2 | 用户将认证请求发送给GWN,GWN将其认证密钥发送给用户,并同时将用户信息发送给传感器,然后传感器对用户进行身份认证 |
模型3 | 用户将认证请求发送给GWN,GWN将用户信息发送到传感器,然后传感器将自己的密钥反馈给GWN并同时认证用户 |
模型4 | 用户将身份认证请求发送给传感器,然后传感器将请求返回给GWN,GWN向传感器发送确认信息,最后传感器认证用户 |
模型5 | 用户将身份认证请求发送给传感器,然后传感器将请求返回给GWN,GWN对用户进行身份认证,并向传感器发送一个确认信息 |
表2
物联网不同应用领域认证方案的分析"
领域 | 认证协议 | 密码技术 | 实现目标 | 需要防范的攻击类型 | 文献 |
RFID | 轻量级的相互认证 | 物理不可克隆函数(PUF,physical unclonable function)和轻量级密码 | 实现单个标签的高效认证 | 窃取、重放、溯源、克隆、异步 | 文献[ |
轻量级隐私保护身份认证 | 理想的PUF环境 | 实现匿名认证和前向安全 | 隐私窃听、异步、模仿、物理、克隆 | 文献[ | |
轻量级的RFID读写器缓存互认证 | GNY逻辑证明认证协议的正确性 | 实现降低计算和传输成本 | 拒绝服务、追踪、欺骗、重放、窃听 | 文献[ | |
匿名的超轻量NFC相互认证 | 移位和XOR操作 | 实现低计算和存储开销 | 匿名、追踪、重放、异步 | 文献[ | |
智能电网 | 轻量级的相互认证 | Merkle-hash tree | 实现高效计算和低通信开销 | 消息注入和重放 | 文献[ |
隐私保护的身份认证 | HMAC | 实现传输和签名认证时延低 | 篡改设备和伪造身份 | 文献[ | |
智能电网互认证和智能电网管理 | 基于身份加密的公钥管理协议和基于PKI的通信 | 实现相互认证和密钥管理 | 防止各种攻击 | 文献[ | |
轻量级的相互认证 | Diffie-Hellman、RSA、AES和HMAC | 消息完整性、总体通信和计算开销低 | 重播和中间人攻击 | 文献[ | |
隐私保护和网关辅助身份认证 | HMAC和同态加密技术 | 隐私保护、不可否认性和可追踪性 | 内部攻击和流量攻击 | 文献[ | |
车联网 | 分布式聚合隐私保护身份认证 | 聚合签名技术 | 密钥托管自由,低消息认证时延和丢失率,高效消息处理 | 消息认证和条件可链接性、错误信息 | 文献[ |
预测双重认证的广播身份认证 | 椭圆曲线数字签名算法签名和时间有效流损失容忍(TESLA,time efficient stream loss tolerant authentication) | 保证消息的及时真实性和不可否认性 | 数据分组丢失和内存拒绝攻击 | 文献[ | |
身份认证和重新身份认证方案 | 增强的双重认证和密钥管理技术 | 实现机密性和最优身份认证时延 | 重放攻击、拒绝服务、位置追踪、伪装攻击、不可否认 | 文献[ | |
车辆驾驶员身份认证 | 椭圆曲线密码术和隐写术技术 | 实现车辆驾驶员身份认证和隐私保护 | 信息窃听 | 文献[ | |
多跳认证的代理移动IP | 对称多项式密钥生成技术 | 实现及时切换,在不影响正在进行会话的情况下减少可能的攻击 | 伪造和串谋、重放、中间人和拒绝服务 | 文献[ | |
智能家居 | 基于设备物理特性的IoT网设备安全部署新方法 | PUF和物理密钥生成的组合 | 篡改证据的安全保证 | 防篡改和不可克隆性 | 文献[ |
基于 PUF 的物联网终端设备相互认证协议 | BAN逻辑证明对象生命周期的正确性 | 解决物理-网络空间映射过程中的机密性 | 模拟攻击、重放攻击、窃听攻击 | 文献[ | |
基于 PUF 的物联网设备认证方案 | 利用存储在网关内的挑战响应对(CRP,challenge response pair)数据,实现终端设备与网关之间的相互认证 | 用网关进行身份认证,并生成会话密钥与终端设备通信 | 重放攻击 | 文献[ | |
轻量级的物联网环境中真实物理对象的相互认证 | AES和CoAP | 计算效率高、连接开销小 | 资源耗尽、拒绝服务、重放和物理篡改 | 文献[ |
[1] | GUBBI J , BUYYA R , MARUSIC S ,et al. Internet of things (IoT):a vision,architectural elements,and future directions[J]. Future Generation Computer Systems, 2013,29(7): 1645-1660. |
[2] | EL-HAJJ M , CHAMOUN M , FADLALLAH A ,et al. Analysis of authentication techniques in Internet of things (IoT)[C]// In Proceedings of the 2017 1st Cyber Security in Networking Conference. Piscataway:IEEE Press, 2017: 1-3. |
[3] | EL-HAJJ M , CHAMOUN M , FADLALLAH A ,et al. Taxonomy of authentication techniques in Internet of things (IoT)[C]// IEEE 15th Student Conference on Research and Development. Piscataway:IEEE Press, 2017: 67-71. |
[4] | 思科. 2020年全球网络趋势[R].(2019-10-24)[2020-03-20]. |
CISCO.2019 networking report[R].(2019-10-24)[2020-03-20]. | |
[5] | BUGHIN J , CHUI M , MANYIKA J . An executive’s guide to the Internet of things[J]. McKinsey Quart, 2015(4): 92-101. |
[6] | McKinsey & Company. The Internet of things:mapping the value beyond the hype[R].(2015-06-01)[2020-03-20]. |
[7] | MARESCH D , GARTNER J . Make disruptive technological change happen—the case of additive manufacturing[J]. Technological Forecasting and Social Change, 2018,doi:10.1016/j.techfore.2018.02.009. |
[8] | HERNANDEZ G , ARIAS O , BUENTELLO D ,et al. Smart nest thermostat:a smart spy in your home-black hat[R].(2014-08)[2020-03-20]. |
[9] | TRAPPE W , HOWARD R , MOORE R S . Low-energy security:limits and opportunities in the Internet of things[J]. IEEE Security Privacy, 2015(13): 14-21. |
[10] | AHMED M E , KIM H . DDoS attack mitigation in Internet of things using software defined networking[C]// IEEE Third International Conference on Big Data Computing Service and Applications (Big Data Service). Piscataway:IEEE Press, 2017: 271-276. |
[11] | McAfee. McAfee labs threats report[R].(2017-06)[2020-03-20]. |
[12] | PANARELLO A , TAPAS N , MERLINO G ,et al. Blockchain and IoT integration:a systematic survey[J]. Sensors, 2018,18(8): 25-75. |
[13] | WAZID M , DAS A K , ODELU V ,et al. Secure remote user authenticated key establishment protocol for smart home environment[J]. IEEE Transactions on Dependable and Secure Computing, 2020,17(2): 391-406. |
[14] | BERTINO E , ISLAM N . Botnets and Internet of things security[J]. Computer, 2017,50(2): 76-79. |
[15] | YANG Y , PENG H , LI L ,et al. General theory of security and a study case in Internet of things[J]. IEEE Internet Things Journal, 2017,4(2): 592-600. |
[16] | GUPTA A , TRIPATHI M . Poster:a lightweight mutually authenticated key-agreement scheme for wireless body area networks in Internet of things environment[C]// Proceedings of the 24th Annual International Conference on Mobile Computing and Networking. Piscataway:IEEE Press, 2018: 804-806. |
[17] | GOPE P , AMIN R , HAFIZUL ISLAM S K ,et al. Lightweight and privacy-preserving RFID authentication scheme for distributed IoT infrastructure with secure localization services for smart city environment[J]. Future Generation Computer Systems, 2018(83): 29-37. |
[18] | KUMARI S , M KARUPPIAH , DAS A K ,et al. A secure authentication scheme based on elliptic curve cryptography for IoT and cloud servers[J]. Journal of Supercomputing, 2018(74): 6428-6453. |
[19] | NANDY T , IDRIS I B , NOOR R M ,et al. Review on security of Internet of things authentication mechanism[J]. IEEE Access, 2019,(7): 151054-151089. |
[20] | ATWADY Y , HAMMOUDEH M . A survey on authentication techniques for the Internet of things[C]// 2019 International Conference on Computer and Information Sciences. Piscataway:IEEE Press, 2019: 1-5. |
[21] | HOSSAIN M M , FOTOUHI M , HASAN R . Towards an analysis of security issues,challenges,and open problems in the Internet of things[C]// IEEE World Congress on Services. Piscataway:IEEE Press, 2015: 21-28. |
[22] | EL-HAJJ M , FADLALLAH A , CHAMOUN M ,et al. A survey of Internet of things (IoT) authentication schemes[J]. Sensors, 2019(19): 1-43. |
[23] | HONG S . Authentication techniques in the Internet of things environment:a survey[J]. International Journal of Network Security, 2019,21(3): 462-470. |
[24] | HONG S . P2P networking based Internet of things (IoT) sensor node authentication by blockchain[J]. Peer-to-Peer Networking and Applications, 2020(13): 579-589. |
[25] | LETSOALO E , OJO S . Survey of media access control address spoofing attacks detection and prevention techniques in wireless networks[C]// IST-Africa Week Conference.[S.n.:s.l]. 2016: 1-10. |
[26] | LEE J Y , LIN W C , HUANG Y H . A lightweight authentication protocol for Internet of things[C]// 2014 International Symposium on Next-Generation Electronics. Piscataway:IEEE Press, 2014: 1-2. |
[27] | FAN K , GONG Y , LIANG C ,et al. Lightweight and ultralightweight RFID mutual authentication protocol with cache in the reader for IoT in 5G[J]. Security and Communication Networks, 2016(9): 3095-3104. |
[28] | LI H , LU R , ZHOU L ,et al. An efficient merkle-tree-based authentication scheme for smart grid[J]. IEEE Systems Journal, 2014(8): 655-663. |
[29] | CHIM T , YIU S , HUI L C ,et al. PASS:privacy-preserving authentication scheme for smart grid network[C]// 2011 IEEE International Conference on Smart Grid Communications. Piscataway:IEEE Press, 2011: 196-201. |
[30] | FOUDA M M , FADLULLAH Z M , KATO N ,et al. Towards a light-weight message authentication mechanism tailored for Smart Grid communications[C]// 2011 IEEE Conference on Computer Communications Workshops. Piscataway:IEEE Press, 2011: 1018-1023. |
[31] | MAHMOOD K , CHAUDHRY S A , NAQVI H ,et al. A lightweight message authentication scheme for Smart Grid communications in power sector[J]. Computers & Electrical Engineering, 2016(52): 114-124. |
[32] | JI C , KIM J , LEE J Y ,et al. Review of one-time signatures for multicast authentication in smart grid[C]// 2015 12th International Conference & Expo on Emerging Technologies for a Smarter World. Piscataway:IEEE Press, 2015: 1-4. |
[33] | CHIM T W , YIU S M , LI V O ,et al. PRGA:privacy-preserving recording & gateway-assisted authentication of power usage information for smart grid[J]. IEEE Transactions on Dependable and Secure Computing, 2015(12): 85-97. |
[34] | LI Q , CAO G . Multicast authentication in the smart grid with one-time signature[J]. IEEE Transactions Smart Grid, 2011(2): 686-696. |
[35] | LIN X , LI X . Achieving efficient cooperative message authentication in vehicular Ad Hoc networks[J]. IEEE Transactions on Vehicular Technology, 2013,62(7): 3339-3348. |
[36] | JIANG S , ZHU X , WANG L . A conditional privacy scheme based on anonymized batch authentication in vehicular Ad Hoc networks[C]// IEEE Wireless Communications and Networking Conference. Piscataway:IEEE Press, 2013: 2375-2380. |
[37] | CHEON J , YI J . Fast batch verification of multiple signatures[C]// Public Key Cryptography-PKC. Berlin:Springer, 2007: 442-457. |
[38] | MIETTINEN M , NGUYEN T D , SADEGHI A ,et al. Revisiting context-based authentication in IoT[C]// 55th ACM/ESDA/IEEE Design Automation Conference. Piscataway:IEEE Press, 2018: 1-6. |
[39] | SUN X , MEN S , ZHAO C ,et al. A security authentication scheme in machine-to-machine home network service[J]. Security and Communication Networks, 2012(8): 2678-2686. |
[40] | JAN M A , KKAN F , ALAM M ,et al. A payload-based mutual authentication scheme for Internet of things[J]. Future Generation Computer Systems, 2019(92): 1028-1039. |
[41] | XU H , DING J , LI P ,et al. A lightweight RFID mutual authentication protocol based on physical unclonable function[J]. Sensors, 2018,18(3):760. |
[42] | GOPE P , LEE J , QUEK T Q S . Lightweight and practical anonymous authentication protocol for RFID systems using physically unclonable functions[J]. IEEE Transactions on Information Forensics and Security, 2018(13): 2831-2843. |
[43] | FAN K , SONG P , YANG Y . ULMAP:ultralightweight NFC mutual authentication protocol with pseudonyms in the tag for IoT in 5G[J]. Mobile Information Systems, 2017: 1-7. |
[44] | NICANFAR H , JOKAR P , BEZNOSOV K ,et al. Efficient authentication and key management mechanisms for smart grid communications[J]. IEEE Systems Journal, 2014,8(2): 629-640. |
[45] | ZHANG L , WU Q , DOMINGO-FERRER J ,et al. Distributed aggregate privacy-preserving authentication in VANETs[J]. IEEE Transactions on Intelligent Transportation Systems, 2017(18): 516-526. |
[46] | LALLI M , GRAPHY G.S . Prediction based dual authentication model for VANET[C]// 2017 International Conference on Computing Methodologies and Communication. Piscataway:IEEE Press, 2017: 693-699. |
[47] | REKIK M , MEDDEB-MAKHLOUF A , ZARAI F ,et al. Improved dual authentication and key management techniques in vehicular Ad Hoc networks[C]// IEEE/ACS 14th International Conference on Computer Systems and Applications. Piscataway:IEEE Press, 2017: 1133-1140. |
[48] | KUMAR A , PRAKASH A , SHARMA S ,et al. Vehicle authentication and message hiding protocol for vehicle to vehicle communication[C]// 2015 1st International Conference on Next Generation Computing Technologies. Piscataway:IEEE Press, 2015: 383-387. |
[49] | CESPEDES S , TAHA S , SHEN X . A multihop-authenticated proxy mobile ip scheme for asymmetric VANETs[J]. IEEE Transactions on Vehicular Technology, 2013(62): 3271-3286. |
[50] | HUTH C , ZIBUSCHKA J , DUPLYS P ,et al. Securing systems on the Internet of things via physical properties of devices and communications[C]// Proceedings of 2015 Annual IEEE Systems Conference. Piscataway:IEEE Press, 2015: 8-13. |
[51] | ZHAO M , YAO X , LIU H ,et al. Physical unclonable function based authentication protocol for unit IoT and ubiquitous IoT[C]// 2016 International Conference on Identification,Information and Knowledge in the Internet of Things. Piscataway:IEEE Press, 2016: 179-184. |
[52] | MUHAL M A , LUO X , MAHMOO Z ,et al. Physical unclonable function based authentication scheme for smart devices in Internet of things[C]// IEEE International Conference on Smart Internet of Things. Piscataway:IEEE Press, 2018: 160-165. |
[53] | KHAN M A , SALAH K . IoT security:review,blockchain solutions,and open challenges[J]. Future Generation Computer Systems, 2018(82): 395-411. |
[54] | 沈昌祥 . 用可信计算 3.0 为网络安全筑牢免疫系统[J].(2019-08-21)[2020-03-20]. |
SHEN C X . Using trusted computing 3.0 to build an immune system for network security[R].(2019-08-21)[2020-03-20]. | |
[55] | YANF T , ZHANG G H , LIU L ,et al. New features of authentication scheme for the IoT:a survey[C]// 2nd Workshop on the Internet of Things Security and Privacy. New York:ACM Press, 2019: 44-49. |
[1] | 金彪, 李逸康, 姚志强, 陈瑜霖, 熊金波. GenFedRL:面向深度强化学习智能体的通用联邦强化学习框架[J]. 通信学报, 2023, 44(6): 183-197. |
[2] | 王振宇, 郭阳, 李少青, 侯申, 邓丁. 面向轻量级物联网设备的高效匿名身份认证协议设计[J]. 通信学报, 2022, 43(7): 49-61. |
[3] | 廖海君, 贾泽晗, 周振宇, 刘念, 王飞, 甘忠, 姚贤炯. 面向调控信息新鲜度保障的电力至简物联网资源优化[J]. 通信学报, 2022, 43(7): 203-214. |
[4] | 杨小东, 田甜, 王嘉琪, 李梅娟, 王彩芬. 基于云边协同的无证书多用户多关键字密文检索方案[J]. 通信学报, 2022, 43(5): 144-154. |
[5] | 孙海丽, 龙翔, 韩兰胜, 黄炎, 李清波. 工业物联网异常检测技术综述[J]. 通信学报, 2022, 43(3): 196-210. |
[6] | 张琳, 魏新艳, 刘茜萍, 黄海平, 王汝传. 基于协作信誉和设备反馈的物联网边缘服务器信任评估算法[J]. 通信学报, 2022, 43(2): 118-130. |
[7] | 张晓茜, 徐勇军. 面向零功耗物联网的反向散射通信综述[J]. 通信学报, 2022, 43(11): 199-212. |
[8] | 梁晓艳, 杜瑞忠. IoT下CapBAC规则语义表示及其时间间隔粗糙性分析[J]. 通信学报, 2021, 42(9): 43-53. |
[9] | 杨毅宇, 周威, 赵尚儒, 刘聪, 张宇辉, 王鹤, 王文杰, 张玉清. 物联网安全研究综述:威胁、检测与防御[J]. 通信学报, 2021, 42(8): 188-205. |
[10] | 王化群, 刘哲, 何德彪, 李继国. 公有云中身份基多源IoT终端数据PDP方案[J]. 通信学报, 2021, 42(7): 52-60. |
[11] | 范平志, 李里, 陈欢, 程高峰, 杨林杰, 汤小波. 面向大规模物联网的随机接入:现状、挑战与机遇[J]. 通信学报, 2021, 42(4): 1-21. |
[12] | 田辉, 伍浩, 田洋, 任建阳, 崔亚娟, 艾文宝, 袁健华. 工业物联网中大规模受损边缘计算网络修复机制[J]. 通信学报, 2021, 42(4): 89-99. |
[13] | 朱政宇, 徐金雷, 孙钢灿, 王宁, 郝万明. 基于IRS辅助的SWIPT物联网系统安全波束成形设计[J]. 通信学报, 2021, 42(4): 185-193. |
[14] | 郝万明, 谢金坤, 孙钢灿, 朱政宇, 周一青. 基于无线供能反向散射通信系统安全性的稳健机会约束优化算法设计[J]. 通信学报, 2021, 42(3): 100-110. |
[15] | 李玮, 汪梦林, 谷大武, 李嘉耀, 蔡天培, 徐光伟. 轻量级密码算法TWINE的唯密文故障分析[J]. 通信学报, 2021, 42(3): 135-149. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||
|