| Environmental automatic monitoring system uses sensing technology to build an automatic monitoring network for the ecological environment integrating land,sea,space and ground.It automatically collects various ecological information such as air,surface water,drinking water and pollution sources,and regularly monitors the ecological quality of the region based on the collected data and provides data support for environmental management.The current connection parameter standards between monitoring instruments and data analysis application refer to the "Data Transmission Standards for Online Monitoring Systems of Pollutant "(HJ 212-2017).There are still deficiencies in authenticity,integrity,and confidentiality,and there are security risks of tampering,eavesdropping,replaying,and other attacks on monitoring data during public transmission.In this thesis,the research of D2 D authentication schemes is designed for the scenarios of fixed-point monitoring and mobile monitoring under automatic environmental monitoring,the details are as follows:Firstly,the thesis researches fixed-point monitoring and finds that the authentication scheme proposed by Guo et al.is vulnerable to gateway compromise attacks,desynchronization attacks,and mobile device loss attacks,and the scheme does not provide perfect forward secrecy and untraceability.After that,this thesis proposes a scheme for fixed-point environmental monitoring in the field of automatic environmental monitoring.The scheme uses physical unclonable functions,fuzzy extraction functions,and ECDH algorithm to provide privacy protection,perfect forward secrecy,and resist gateway compromise attacks.It also gives a formal security proof based on the random oracle model.In terms of performance,the proposed scheme requires two message communications.Under the preset experiment,the total communication cost is 2752 bits,and the computation cost is 46.77 ms.Compared with other schemes,it shows that the proposed scheme provides more security under the acceptable computation and communication cost.Secondly,the thesis proposes a handover authentication scheme for the scene where the sensor will float with the water in automatic water quality monitoring.This scheme only needs to be authenticated once at the beginning,and the subsequent crossdomain adopts handover authentication protocol,which can improve authentication efficiency.In this part,the physical unclonable function and ECDH algorithm are used to provide anonymity and perfect forward secrecy,and a formal security proof are given.In terms of performance,the proposed scheme requires four message communications.Under the preset experiment,the total communication cost is 8704 bits,and the computation cost is 8.365 ms.Compared with other schemes,it shows that the proposed scheme provides more security features when the gateway is not fully trusted and has good communication and computation cost.Based on the problem that the monitoring sub-station and the monitoring substation do not belong to the same jurisdiction in the scene where the sensor will float with the water,a blockchain-based authentication scheme is proposed.The scheme is assisted by the blockchain to participate in the authentication.The edge negotiation scheme is adopted in the initial authentication,and the handover authentication scheme is adopted in the cross-domain,which improves the authentication efficiency in the cross-domain.The scheme applies physical unclonable function,blockchain and ECDH algorithm to provide privacy protection and perfect forward secrecy and gives formal security proof to prove the security of the proposed scheme.In terms of performance,the proposed scheme requires two message communications.Under the preset experiment,the total communication cost is 3520 bits,and the computation cost is8.345 ms.Compared with other schemes,it shows that the proposed scheme provides more security features when the gateway is not fully trusted and has good communication and computation cost. |