Research On Mutual Authentication And Key Agreement Protocols In The Internet Of Things

In recent years,the application of the Internet of Things(IoTs)in areas such as smart medical care,intelligent transportation,smart grid,and smart environment has developed rapidly.With the sharp increase in the number of Io Ts devices on the market and the increasing expansion of Io Ts applications in various fields,the Io Ts is also facing threats from various attack methods,such as eavesdropping attack,tampering attack,and impersonation attack.Therefore,the data security and access control of the Io Ts have become the core problems to be solved.Traditional network systems usually only need to meet the basic security requirements of data confidentiality,integrity,and availability.However,the characteristics of the Io Ts are different from traditional network systems.These differences are mainly reflected in:First,because the terminal nodes of the Io Ts are often computing resource-constrained devices,the traditional security solutions based on asymmetric cryptography are not suitable for direct deployment in Io Ts applications due to their huge computing overhead.Second,because the consideration of cost,efficiency and other factors in various Io T application scenarios,each network architecture has its own characteristics.Therefore,in addition to the basic security requirements of traditional networks,the security solution of the Io Ts must be designed to meet additional security requirements such as authentication,lightweight,and key distribution management.It is generally believed that the use of authentication and key agreement protocols is one of the effective solutions to meet the security requirements of the Io Ts.Although many researchers have proposed various authentication and key agreement protocols to solve the data security problems in the Io Ts,these proposed protocols generally have the disadvantages of over-reliance on the computing resources of Io T devices,weakening security indicators,and low computing efficiency.Therefore,according to the characteristics of the network model of the Io Ts,the limited resources of the Io Ts device,and the differences in adversary attacks,with the help of modern cryptography theories and methods,designing authentication and key agreement protocols with appropriate computing overhead,low resource consumption,high execution efficiency,and meeting security requirements is the main research goal of this paper.In addition,the designed protocols should also consider the balance between security,light weight,computing load,and efficiency.This paper focuses on data security issues in the Io Ts,and proposes three different authentication and key agreement protocols for three different types of network abstraction models.The research work is mainly divided into three parts:(1)Centralized adaptive intra-domain and inter-domain authentication and key agreement protocol.The characteristics of network model targeted by this protocol are: sensor nodes in the perception layer are stationary or moving slowly,resources are strictly limited,and data is transmitted wirelessly;intermediate nodes in the transmission layer are only responsible for forwarding data;one or more server nodes are deployed at the aggregation layer(for example,the wireless body area network).This paper designs a centralized authentication and key agreement protocol,that is,the server node stores the authentication parameters of all sensor nodes in the area under its jurisdiction,and each sensor node can only perform anonymous mutual authentication with the server node storing its authentication parameters.In order to solve the cross-server authentication problem,this protocol also implements adaptive ”intra-domain” and ”inter-domain” authentication function.In addition,this protocol has the advantages of light weight and adaptive switching.Moreover,It uses only lightweight tools such as bit operations,pseudo-random numbers,and one-way hash functions in cryptography to complete the authentication while guaranteeing forward secrecy that was previously difficult to guarantee.This paper uses the Real-Or-Random(ROR)model and the automatic security verification tool Pro Verif(PV)to prove that the proposed protocol is secure.Compared with related works,this protocol has lower security risks,and reduces the computational cost.(2)Decentralized and eliminate load bottlenecks authentication and key agreement protocol.The characteristics of network model targeted by this protocol are: high-speed movement of nodes in the perception layer and data is transmitted wirelessly;intermediate nodes in the transmission layer are fixed and have certain computing and storage resources;a trusted center server node is deployed at the aggregation layer(for example,the Internet of Vehicles).In order to avoid the bottleneck caused by centralized authentication on trusted center server node,this paper designs a decentralized and eliminate load bottlenecks authentication and key agreement protocol.In this protocol,the authentication parameters of the perception layer nodes will be dispersed from the trusted center server node to the intermediate nodes as needed,and the computing load of the authentication and key agreement protocol will be moved from the trusted center server node to the intermediate nodes as much as possible.The trusted center server node and the intermediate node cooperate to complete the authentication of the nodes in the perception layer and negotiate the session key.This protocol also uses only lightweight tools in cryptography,has low latency,and can resist various attacks.This paper uses the ROR model and PV to prove that the proposed protocol is secure.Compared with related works,this protocol has lower computational cost and less security risks.(3)Distributed and computationally efficient authentication and dynamic group key agreement protocol.The characteristics of network model targeted by this protocol are: the status of each node in the group is equal,and there is no hierarchical relationship or subordinate relationship between each node;the communication between each node is in an open and unreliable network environment.In order to solve the problem of access control in this network model,based on elliptic curve cryptography,this paper proposes a computationally efficient and scalable distributed authentication and dynamic group key agreement protocol.In this protocol,each group member sends a timestamp and some parameters to its right neighbor,and then it authenticates the left neighbor based on the parameters received from the left neighbor.This eliminates the computational complexity of traditional authentication and group key agreement protocols that require group members to perform mutual authentication with all other group members.In addition,this protocol solves the scalability problem.For any member to join or leave the group,only a small computing and communication overhead is required.Furthermore,this protocol has an internal attacker detection mechanism.If the group key agreement fails multiple times,the protocol can filter out malicious members from the group members and remove them from the group.This paper gives a mathematical proof of the security and correctness of the proposed protocol.Compared with related works,this protocol has higher computational efficiency and lower communication cost.