基于区块链的分布式物联网设备身份认证机制研究

doi:10.11959/j.issn.2096-3750.2020.00167

物联网学报 ›› 2020, Vol. 4 ›› Issue (2): 70-77.doi: 10.11959/j.issn.2096-3750.2020.00167

所属专题：区块链

• 专题：区块链赋能物联网 • 上一篇下一篇

基于区块链的分布式物联网设备身份认证机制研究

谭琛,陈美娟(),Amuah Ebenezer Ackah

南京邮电大学通信与信息工程学院，江苏南京 210003

修回日期:2020-05-09 出版日期:2020-06-30 发布日期:2020-06-12
作者简介:谭琛（1995- ），男，江苏徐州人，南京邮电大学硕士生，主要研究方向为区块链技术和物联网等|陈美娟（1971- ），女，陕西咸阳人，博士，南京邮电大学副教授，主要研究方向为异构无线网络资源管理、区块链技术以及SDN/NFV技术等|Amuah Ebenezer Ackah（1987- ），男，加纳人，南京邮电大学博士生，主要研究方向为物联网、区块链以及MIMO等
基金资助:
国家自然科学基金资助项目(61871237);江苏省重点研发计划(BE2019017)

Research on distributed identity authentication mechanism of IoT device based on blockchain

Chen TAN,Meijuan CHEN(),Ebenezer ACKAH Amuah

College of Telecommunications and Information Engineering,Nanjing University of Posts and Telecommunications,Nanjing 210003,China

Revised:2020-05-09 Online:2020-06-30 Published:2020-06-12
Supported by:
The National Natural Science Foundation of China(61871237);The Key R＆D Plan of Jiangsu Province(BE2019017)

摘要/Abstract

摘要：

为了解决物联网集中式平台在设备身份认证过程中兼容性低、抗攻击能力弱等问题，提出了一种基于区块链的分布式物联网设备身份认证架构。将数字身份等信息存入新型区块数据结构中，并根据密码学相关知识提出了分布式物联网设备身份认证机制，设计了设备数字证书颁发和身份认证的详细流程。从各实体间的权力约束、设备隐私性保护、抵御攻击能力等方面对所提机制进行了安全性分析，并对比分析了安全属性、计算开销和存储开销3个方面的性能。结果表明，所提出的身份认证机制可以抵御多种恶意攻击，能够实现高度安全的分布式物联网身份认证，并且在性能方面具有一定优势。

关键词: 区块链, 物联网, 分布式, 身份认证, 密码学

Abstract:

Aiming to solve problems of the low compatibility and weak anti-attack ability of the Internet of things (IoT) centralized platform in the device identity authentication process,a blockchain-based distributed IoT device identity authentication architecture was proposed.The digital identity and related information were stored in the new block data structure,and a distributed IoT device identity authentication mechanism was proposed based on the cryptography related knowledge.At the same time,a device digital certificate issuance process and a detailed process of the identity authentication were designed.The security analysis of the proposed mechanism were carried out from the aspects of power constraints,device privacy protection,and ability to resist attacks among various entities.The performance of three aspects,which were security attributes,computational overhead and storage overhead,were compared and analyzed.The results show that the proposed identity authentication mechanism can resist a variety of malicious attacks,achieve highly secure distributed IoT identity authentication,and has certain advantages in the performance.

Key words: blockchain, Internet of things, distributed, identity authentication, cryptography

中图分类号:

TP309

谭琛,陈美娟,Amuah Ebenezer Ackah. 基于区块链的分布式物联网设备身份认证机制研究[J]. 物联网学报, 2020, 4(2): 70-77.

Chen TAN,Meijuan CHEN,Ebenezer ACKAH Amuah. Research on distributed identity authentication mechanism of IoT device based on blockchain[J]. Chinese Journal on Internet of Things, 2020, 4(2): 70-77.

图/表 8

图1

图2

图3

表1

表2

表3

表4

表5

参考文献 20

[1]	邬贺铨 . 物联网技术与应用的新进展[J]. 物联网学报, 2017,1(1): 1-6.
	WU H Q . Technology and application progress on Internet of things[J]. Chinese Journal on Internet of Things, 2017,1(1): 1-6.
[2]	YAQOOB I , HASHEM I A T , AHMED A ,et al. Internet of things forensics:recent advances,taxonomy,requirements,and open challenges[J]. Future Generation Computer Systems, 2019,92: 265-275.
[3]	FENG T , CHEN W Y , ZHANG D ,et al. One-stop efficient PKI authentication service model based on blockchain[C]// CCF China Blockchain Conference. Springer, 2019: 31-47.
[4]	毕宇 . 基于区块链智能合约的PKI-CA体系设计[J]. 金融科技时代, 2018,275(7): 44-46.
	BI Y . PKI-CA system design based on blockchain smart contract[J]. Financial Technology Time, 2018,275(7): 44-46.
[5]	FAROOQ S M , HUSSAIN S M S , USTUN T S . Elliptic curve digital signature algorithm (ECDSA) certificate based authentication scheme for advanced metering infrastructure[C]// 2019 Innovations in Power and Advanced Computing Technologies (i-PACT). IEEE, 2019,1: 1-6.
[6]	刘巧平, 周斌, 王文涛 . 基于椭圆曲线的信息加密及网络身份认证算法的研究[J]. 自动化与仪器仪表, 2016(8): 159-160.
	LIU Q P , ZHOU B , WANG W T . Research on information encryption and network identity authentication algorithm based on elliptic curve[J]. Automation ＆ Instrumentation, 2016(8): 159-160.
[7]	BEHESHTI-ATASHGAH M , AREF M R , BAYAT M ,et al. ID-based strong designated verifier signature scheme andits applications in Internet of things[C]// 2019 27th Iranian Conference on Electrical Engineering (ICEE). IEEE, 2019: 1486-1491.
[8]	SAHANA S C , BHUYAN B . A provable secure short signature scheme based on bilinear pairing over elliptic curve[J]. IJ Network Security, 2019,21(1): 145-152.
[9]	GUO S Y , HU X , ZHOU Z Q ,et al. Trust access authentication in vehicular network based on blockchain[J]. China Communications, 2019,16(6): 18-30.
[10]	HAN S , XIE M D , YANG B L ,et al. A certificateless verifiable strong designated verifier signature scheme[J]. IEEE Access, 2019,7: 126391-126408.
[11]	ALI M S , VECCHIO M , PINCHEIRA M ,et al. Applications of blockchains in the Internet of things:a comprehensive survey[J]. IEEE Communications Surveys ＆ Tutorials, 2019,21(2): 1676-1717.
[12]	陈美娟, 朱晓荣 . 基于区块链的物联网设备标识研究[J]. 物联网学报, 2018,2(2): 18-26.
	CHEN M J , ZHU X R . Research on IoT device identification based on blockchain[J]. Chinese Journal on Internet of Things, 2018,2(2): 18-26.
[13]	LU Z J , WANG Q , QU G ,et al. A blockchain-based privacy-preserving authentication scheme for VANETs[J]. IEEE Transactions on Very Large Scale Integration (VLSI) Systems, 2019,27(12): 2792-2801.
[14]	GUO S Y , HU X , GUO S ,et al. Blockchain meets edge computing:a distributed and trusted authentication system[J]. IEEE Transactions on Industrial Informatics, 2019,16(3): 1-11.
[15]	YAO Y Y , CHANG X L , MI?I? J ,et al. BLA:blockchain-assisted lightweight anonymous authentication for distributed vehicular fog services[J]. IEEE Internet of Things Journal, 2019,6(2): 3775-3784.
[16]	LU R X , LI X D , LUAN T H ,et al. Pseudonym changing at social spots:an effective strategy for location privacy in VANETs[J]. IEEE Transactions on Vehicular Technology, 2012,61(1): 86-96.
[17]	SHAO J , LIN X D , LU R X ,et al. A threshold anonymous authentication protocol for VANETs[J]. IEEE Transactions on Vehicular Technology, 2016,65(3): 1711-1720.
[18]	AZEES M , VIJAYAKUMAR P , DEBOARH L J . EAAP:efficient anonymous authentication with conditional privacy-preserving scheme for vehicular Ad Hoc networks[J]. IEEE Transactions on Intelligent Transportation Systems, 2017,18(9): 2467-2476.
[19]	JEGADEESAN S , AZEES M , BABU N R ,et al. EP-AW:efficient privacy preserving anonymous mutual authentication scheme for wireless bodyarea networks (WBANs)[J]. IEEE Access, 2020,8: 48576-48586.
[20]	CARO D A , IOVINO V . jPBC:java pairing based cryptography[J]. International Symposium on Computers and Communications, 2011,22(3): 850-855.

对比项	KPSD	IBCCPA	EAAP	EPAW	DA
双向认证	×	√	√	√	√
隐私保护	√	√	√	√	√
可追溯	×	√	√	×	√
抗伪造攻击	√	√	√	√	√
抗权力滥用	×	×	×	×	√
抗重放攻击	×	√	×	√	√

认证方案	验证1次证书和签名	验证n次证书和签名
KPSD	4T_bp+5T_ep1+5T_ep2	(3+n)T_bp+(4+n)T_ep1+5nT_ep2
IBCCPA	3T _bp+2T_ep1+2T_h	(2+n)T_bp+2 nT_ep1+2 nT_h
EAAP	2T_bp+4T_ep1+T_ep2	(1+n)T_bp+4T_ep1+nT_ep2
EPAW	2T _bp+2T_m+T_h	(1+n)T_bp+2 nT_m+nT_h
DA	2T _bp+T_m+T_a+8T_h	(1+n)T_bp+nT_m+nT_a+8nT_h

认证方案	生成1次身份信息	1次完整认证
EAAP	5T _ep1+T_ep2+T_h	2T _bp+9T_ep1+2T_ep2+T_h
EPAW	4T _ep1+T_ep2+T_h	2T _bp+4T_ep1+T_ep2+2T_m+2T_h
DA(B_n)	T_m	2T _bp+2T_m+T_a+8T_h
DA(D_i)	T _m+T_h	2T _bp+2T_m+T_a+9T_h

存储信息	设备D_i的存储开销
C_i	100 bit
Sei	32 bit
tuplei	228 bit
共计	360 bit

存储信息	节点B_n的存储开销
Cn	100 bit
hi 1	32 bit
Sen	32 bit
tuplen	228 bit
共计	392 bit

基于区块链的分布式物联网设备身份认证机制研究

Research on distributed identity authentication mechanism of IoT device based on blockchain

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 8

参考文献 20

相关文章 15

Metrics

推荐阅读 0

[1]	吴靖, 李晟, 张景, 辛明, 陶若文, 周舟, 潘力佳, 施毅. 面向物联网的新型柔性传感器[J]. 物联网学报, 2023, 7(2): 1-14.
[2]	梁峻阁, 宋怡然, 孙杨帆, 计樱莹, 潘力佳, 施毅. 基于可穿戴与可植入技术的人体健康物联网研究进展[J]. 物联网学报, 2023, 7(2): 26-34.
[3]	耿光磊, 高博, 熊轲, 樊平毅, 陆杨, 王煜炜. 联邦学习赋能6G网络综述[J]. 物联网学报, 2023, 7(2): 50-66.
[4]	卫浓钰, 江子龙, 陈芳炯. 基于位置信息和能量均衡的声电协同网络AODV[J]. 物联网学报, 2023, 7(1): 27-36.
[5]	申滨, 李银波, 梁枭伟. 基于增强加权质心定位的认知物联网用户频谱接入控制[J]. 物联网学报, 2023, 7(1): 93-108.
[6]	袁培燕, 邵赛珂, 魏然, 张俊娜, 赵晓焱. 基于时延和能耗约束的感知数据协作卸载策略研究[J]. 物联网学报, 2023, 7(1): 109-117.
[7]	蒋伟进, 周文颖, 李恩, 罗田甜, 杨莹. 基于区块链技术的云制造服务架构及共识算法研究[J]. 物联网学报, 2023, 7(1): 159-173.
[8]	王一竹, 张周, 马丕明, 任保全. 基于可靠多播通信的分布式无线信道最优接入方法研究[J]. 物联网学报, 2022, 6(4): 14-26.
[9]	汪静, 何乐生, 李忠红, 李路迟, 杨航. 物联网轻量级认证加密算法ASCON的软硬件协同设计[J]. 物联网学报, 2022, 6(4): 139-148.
[10]	蒋伟进, 罗田甜, 杨莹, 李恩, 周文颖. 物联网环境下基于区块链技术的私有数据访问控制模型[J]. 物联网学报, 2022, 6(4): 169-182.
[11]	邢方圆, 贺诗波, 孙铭阳, 陈积明. 基于“云-管-边-端”物联网架构的碳排放监测[J]. 物联网学报, 2022, 6(4): 53-64.
[12]	沈传年. 区块链跨链技术研究综述[J]. 物联网学报, 2022, 6(4): 183-196.
[13]	张在琛, 尤肖虎, 党建, 吴亮, 朱秉诚, 陈绩, 汪磊. 无线光通信与物联网[J]. 物联网学报, 2022, 6(3): 1-13.
[14]	黄诺, 刘伟杰, 龚晨. 面向工业物联网的拍赫兹通信[J]. 物联网学报, 2022, 6(3): 37-46.
[15]	孙君, 赵尚维康. 工业物联网中基于Sarsa算法的节能计算卸载方案[J]. 物联网学报, 2022, 6(3): 82-90.