Research On Authenticated Key Agreement Protocol For Industrial Internet Of Things

With the explosion of the fourth industrial revolution in the world,the technology of Industrial Internet of Things(IIo T)has been widely used in the field of industrial manufacturing,promoting the gradual realization of intelligent transformation and development of traditional manufacturing.At the same time,the security threats faced by IIo T systems in the field of information security are becoming more and more serious,and how to ensure the communication security of IIo T systems has become a research hotspot in IIo T security.Authentication key agreement protocol is an important means to ensure the security of communication in the public channel.It can realize the identity authentication and key agreement of the communicating parties and meet the "one-time one key" data encryption requirement.Due to the needs of industrial automation production and the high availability of industrial systems,the IIo T system needs to access a large number of different types of terminal devices and multiple registration centers,and those terminal devices are usually limited in resources,which are unable to perform high-intensity complex calculations,and belong to different registration centers.The authentication key agreement protocol with the same registration center and the authentication key agreement protocol with multiple registration centers are two important types of authentication key agreement protocols,which are respectively applicable to scenarios where IIo T devices are registered in the same registration center and different registration centers.Those existing authentication key agreement protocols have their security or performance defects,and the security and performance overhead of those proposed protocols are not tested and verified in the application environment.In this thesis,we design and implement the corresponding authentication key agreement protocol for the same registration center and multiple registration center scenarios of the IIo T.The main work and innovations of this thesis are summarized as follows:(1)For the same registration center scenario of IIo T,aiming at those problems of existing protocols that cannot guarantee data integrity during their execution,the existence of registry center resource exhaustion,the predictable pseudo-random number sequence,and the privacy leakage during the registration phase,a secure enhanced anonymous mutual authentication key agreement protocol based on Elliptic Curve Cryptography(SEMA-E2C)has been proposed in this thesis.The SEMA-E2 C protocol has a complete data integrity verification mechanism and a dynamic device management scheme,which guarantees the data integrity during the execution of the protocol and solves the problem of the exhaustion of resources in the registry center.In the SEMA-E2 C protocol,in order to enhance the unpredictability of pseudo-random number sequences,quantum random numbers are used to update the local random number generator seed;in order to prevent the disclosure of privacy and ensure the security of each phase of the protocol,a pseudo negotiation method based on Elliptic Curve Cryptography is proposed;in order to realize the identity authentication of both parties,an optimistic authentication method based on a security mask and a temporary session key is proposed;in order to negotiate a temporary session key quickly,a combined hash method based on Elliptic Curve Cryptography of temporary information,security mask and identity information is proposed.The security analysis,simulation verification,and performance evaluation of the SEMA-E2 C protocol are carried out.Those results show that the security of the SEMA-E2 C protocol is stronger than that of existing protocols,computation cost(12.393 ms)and communication cost(2016 bits)are better than those of existing protocols.(2)For the multi-registration center scenario of IIo T,aiming at those problems of existing protocols that cannot guarantee the communication security between the registration center,and fail to realize the problem of multi-party authentication between the device and the registration center,a multi-registry anonymous authentication key agreement protocol based on Extended Chebyshev Polynomials(MR2A-ECP)is proposed by this thesis.The MR2A-ECP protocol proposes a token negotiation method to realize the negotiated and secure issuance of long-term identity tokens,and realizes identity authentication between the terminal device and the registration center through long-term identity tokens.Besides,combined with quantum key distribution technology,the MR2A-ECP protocol realizes the security of communication between registration centers and proposes a combined hash method based on identity agent identification,temporary information,and quantum key to quickly calculate temporary session keys,and a dual verification method based on the identity proxy identification,temporary session key and quantum key is proposed,which realizes the identity authentication of both sides of the terminal device and the consistency verification of temporary session key.The security analysis,simulation verification,and performance evaluation of the MR2A-ECP protocol are carried out.Those results show that the security,computation cost(3.759 ms),and communication cost(4800 bits)of the MR2A-ECP protocol are superior to existing protocols.(3)Based on the proposed SEMA-E2 C protocol and MR2A-ECP protocol,this thesis implements an IIo T secure communication system.The system is suitable for identity authentication and key negotiation between general IIo T devices,and able to guarantee the confidentiality of communication and data integrity of both parties in a conversation,and has low-performance overhead.