低开销的NB-IoT节点群组身份安全认证协议

doi:10.11959/j.issn.1000-436x.2021228

摘要/Abstract

摘要：

针对现有NB-IoT 网络的安全认证协议在大规模接入请求认证时会产生大量信令的问题，提出了一种基于Schnorr聚合签名和中国剩余定理的群组身份安全认证协议。该协议使服务器能够使用固定大小的信令对节点群组进行一次性认证，采用基于中国剩余定理的会话密钥分发机制，使服务器可以用固定大小的数据完成对群组中节点的密钥派发。安全验证和性能分析结果表明，所提协议具有可靠的安全性能，且在传输开销和带宽消耗方面表现优异。

关键词: 群组身份安全认证协议, 中国剩余定理, 聚合签名, 窄带物联网

Abstract:

To address the problem of huge number of signaling requests when large-scale devices request authentication in NB-IoT network， a low-cost group identity security authentication protocol based on Schnorr aggregate signature and Chinese reminder theorem was proposed.The protocol enabled the server to perform one-time authentication of the device group with a size-fixed group authentication request， which effectively reduced the bandwidth consumption of the authentication request.The protocol used a session key distribution mechanism based on the Chinese remaining theorem， allowing the server to complete the distribution of keys for each device in the group by size-fixed message.The results of security verification and the performance analysis show that the proposed protocol has reliable safety and superior performance in terms of transmission load and bandwidth consumption.

Key words: group-based identity security authentication protocol, Chinese remainder theorem, aggregate signature， NB-IoT

中图分类号:

TP393.2

常相茂, 占俊, 王志伟. 低开销的NB-IoT节点群组身份安全认证协议[J]. 通信学报, 2021, 42(12): 152-162.

Xiangmao CHANG, Jun ZHAN, Zhiwei WANG. Low-cost group-based identity security authentication protocol for NB-IoT nodes[J]. Journal on Communications, 2021, 42(12): 152-162.

图/表 12

图1

表1

图2

表2

表3

图3

表4

表5

图4

表6

图5

表7

参考文献 30

[1]	WANG Y P E , LIN X Q , ADHIKARY A ,et al. A primer on 3GPP narrowband Internet of things[J]. IEEE Communications Magazine, 2017,55(3): 117-123.
[2]	ZAYAS A D , MERINO P . The 3GPP NB-IoT system architecture for the Internet of things[C]// Proceedings of 2017 IEEE International Conference on Communications Workshops (ICC Workshops). Piscataway:IEEE Press, 2017: 277-282.
[3]	SHI J , JIN L P , LI J ,et al. A smart parking system based on NB-IoT and third-party payment platform[C]// Proceedings of 2017 17th International Symposium on Communications and Information Technologies (ISCIT). Piscataway:IEEE Press, 2017: 1-5.
[4]	LI Y K , CHENG X , CAO Y ,et al. Smart choice for the smart grid:narrowband Internet of things (NB-IoT)[J]. IEEE Internet of Things Journal, 2018,5(3): 1505-1515.
[5]	ZHANG H B , LI J P , WEN B ,et al. Connecting intelligent things in smart hospitals using NB-IoT[J]. IEEE Internet of Things Journal, 2018,5(3): 1550-1560.
[6]	CHEN Y W , WANG J T , CHI K H ,et al. Group-based authentication and key agreement[J]. Wireless Personal Communications, 2012,62(4): 965-979.
[7]	ZHANG Y Y , CHEN J , LI H ,et al. Group-based authentication and key agreement for machine-type communication[J]. International Journal of Grid and Utility Computing, 2014,5(2): 87.
[8]	LAI C Z , LI H , LI X Q ,et al. A novel group access authentication and key agreement protocol for machine-type communication[J]. Transactions on Emerging Telecommunications Technologies, 2015,26(3): 414-431.
[9]	LAI C Z , LI H , LU R X ,et al. SE-AKA:a secure and efficient group authentication and key agreement protocol for LTE networks[J]. Computer Networks, 2013,57(17): 3492-3510.
[10]	JIANG R , LAI C Z , LUO J ,et al. EAP-based group authentication and key agreement protocol for machine-type communications[J]. International Journal of Distributed Sensor Networks, 2013,9(11): 304601.
[11]	LAI C Z , LI H , LU R X ,et al. LGTH:a lightweight group authentication protocol for machine-type communication in LTE networks[C]// Proceedings of 2013 IEEE Global Communications Conference (GLOBECOM). Piscataway:IEEE Press, 2013: 832-837.
[12]	CAO J , MA M D , LI H . GBAAM:group-based access authentication for MTC in LTE networks[J]. Security and Communication Networks, 2015,8(17): 3282-3299.
[13]	LI J G , WEN M , ZHANG T . Group-based authentication and key agreement with dynamic policy updating for MTC in LTE-A networks[J]. IEEE Internet of Things Journal, 2016,3(3): 408-417.
[14]	LAI C Z , LI H , LU R X ,et al. SEGR:a secure and efficient group roaming scheme for machine to machine communications between 3GPP and WiMAX networks[C]// Proceedings of 2014 IEEE International Conference on Communications (ICC). Piscataway:IEEE Press, 2014: 1011-1016.
[15]	LAI C Z , LU R X , ZHENG D ,et al. GLARM:group-based lightweight authentication scheme for resource-constrained machine to machine communications[J]. Computer Networks, 2016,99: 66-81.
[16]	REN X P , CAO J , MA M D ,et al. A novel PUF-based group authentication and data transmission scheme for NB-IoT in 3GPP 5G networks[J]. IEEE Internet of Things Journal, 2021,PP(99): 1.
[17]	CAO J , YU P , MA M D ,et al. Fast authentication and data transfer scheme for massive NB-IoT devices in 3GPP 5G network[J]. IEEE Internet of Things Journal, 2019,6(2): 1561-1575.
[18]	ZHANG Y H , REN F Y , WU A ,et al. Certificateless multi-party authenticated encryption for NB-IoT terminals in 5G networks[J]. IEEE Access, 2019,7: 114721-114730.
[19]	YU P , CAO J , MA M D ,et al. Quantum-resistance authentication and data transmission scheme for NB-IoT in 3GPP 5G networks[C]// Proceedings of 2019 IEEE Wireless Communications and Networking Conference (WCNC). Piscataway:IEEE Press, 2019: 1-7.
[20]	CAO J , YU P , XIANG X Y ,et al. Anti-quantum fast authentication and data transmission scheme for massive devices in 5G NB-IoT system[J]. IEEE Internet of Things Journal, 2019,6(6): 9794-9805.
[21]	MAXWELL G , POELSTRA A , SEURIN Y ,et al. Simple Schnorr multi-signatures with applications to Bitcoin[J]. Designs,Codes and Cryptography, 2019,87(9): 2139-2164.
[22]	NI J B , LIN X D , SHEN X S . Efficient and secure service-oriented authentication supporting network slicing for 5G-enabled IoT[J]. IEEE Journal on Selected Areas in Communications, 2018,36(3): 644-657.
[23]	VIJAYAKUMAR P , BOSE S D , KANNAN A . Chinese remainder Theorem based centralised group key management for secure multicast communication[J]. IET Information Security, 2014,8(3): 179-187.
[24]	MAURYA A K , SASTRY V N . User authentication scheme for wireless sensor networks and Internet of things using Chinese remainder theorem[C]// Communications in Computer and Information Science. Singapore:Springer Singapore, 2017: 79-94.
[25]	ZHANG J , CUI J , ZHONG H ,et al. PA-CRT:Chinese remainder theorem based conditional privacy-preserving authentication scheme in vehicular ad-hoc networks[J]. IEEE Transactions on Dependable and Secure Computing, 2021,18(2): 722-735.
[26]	KUNG Y H , HSIAO H C . GroupIt:lightweight group key management for dynamic IoT environments[J]. IEEE Internet of Things Journal, 2018,5(6): 5155-5165.
[27]	KOBLITZ N , MENEZES A , VANSTONE S . The state of elliptic curve cryptography[J]. Designs,Codes and Cryptography, 2000,19(2/3): 173-193.
[28]	SCHNORR C P , . Efficient identification and signatures for smart cards[C]// Conference on the Theory and Application of Cryptology. Berlin:Springer, 1989: 239-252.
[29]	POINTCHEVAL D , STERN J . Security arguments for digital signatures and blind signatures[J]. Journal of Cryptology, 2000,13(3): 361-396.
[30]	SCHNORR C P . Efficient signature generation by smart cards[J]. Journal of Cryptology, 1991,4(3): 161-174.

符号	定义
UE_i	群组中第i个用户节点
ID_i，GID	UE_i、群组的身份标识
p ，q	大素数
E （F_p）	在有限域F_p 上的椭圆曲线
G	E （F_p）上的q阶点
x_i，x_c	UE_i、服务器的私钥
P_i，P，P_c	UE_i、群组和服务器的公钥
g_k	群组的组密钥
L	群组的公共参数
s_i，s，s_c	UE_i、群组和服务器的签名
T_u，T_c	群组和服务器的当前时间戳
hash（）	防碰撞单项哈希函数
\|\|	字符串连接操作
SK_i	UE_i 和服务器的会话密钥

符号	定义
m	节点群组的数量
n	NB-IoT节点的数量
t_h	执行一次哈希运算的时间
t_m	执行一次点乘运算的时间
t_p	执行一次双线性配对的运算时间

协议	传输开销
GAKA	（7+2b）n
DGBAKA	（7+2b）n
MTCAKA	（7+2b）n
SEAKA	（7+2b）n
EGAKA	（7+2b）n
GBAAM	（a+2+2b）n+（a+2）m
GRAKA	（a+3+2b）n+4m
LGTH	（2a+2+2b）n+4m
FADTS	2an+（2a+2）m
本文所提协议	2an+（2a+2）m

参数	带宽消耗/bit
ID/GID/E-RAB（ID）/TEID/LBI	128
Hash	64
随机数	128
PDU	128
GTK/GEK/CK/IK	128
TFT/QOS	80
AMF	48
LAI/POS	40
基于ECDH的签名	320
ECHD密钥	192
时间戳	17

协议	带宽消耗/bit
GAKA	2 048n+1 008m
DGBAKA	2 048n+1 264m
MTCAKA	2 784n+432m
SEAKA	2 928n+856m
EGAKA	3 328n+1 344m
GBAAM	2 722n+2 146m
GRAKA	2 385n+1580m
FADTS	2 099n+977m
本文所提协议	894n+1 114m