Research On Lattice-based Direct Anonymous Attestation Protocol In Internet Of Things

Quantum computing is developing rapidly in recent years.Its advantage in parallel computing has attracted global attention.Both hardware and software technologies related to quantum processors are constantly broken through.The emergence of“quantum hegemony”threatens the security of classical cryptosystems such as RSA and ECC,while the Direct Anonymous Attestation(DAA)protocols widely used in the Internet of Things are based on RSA or ECC and cannot achieve post-quantum security.The development of quantum computing has also spawned a series of quantum-resistant cryptographic algorithms represented by lattice-based cryptography.Therefore,several Lattice-based DAA protocols(LDAA)have been proposed by the academic.However,the existing LDAA protocols cannot meet the needs of Io T scenarios in terms of computational efficiency,storage consumption and functions.In order to ensure the post-quantum security of devices in Io T,this thesis optimizes the function and efficiency of the existing LDAA protocols to meet the authentication requirements in different Io T scenarios.The main work and research results are as follows:(1)Aiming at the authentication requirements in Secure Device Onboard(SDO),a Lattice-based Enhanced Privacy ID protocol in SDO(SDO-LEPID)is proposed.The proposed SDO-LEPID protocol improves the existing LDAA protocol,and a signature-based revocation approach is added.By adding the malicious users’signatures to the Signature Revocation List(SRL)and performing a lattice-based zero knowledge proof of SRL,SDO-LEPID can revoke the malicious users’credentials according to their signatures.The experiment results show that SDO-LEPID is superior to the existing LEPID protocol in terms of computational efficiency and storage consumption,as well as provide post-quantum security and flexible revocation approaches for the secure onboard process of Io T devices.(2)For the unique requirement of establishing an efficient pseudonym update and revocation mechanism in Vehicular Ad-hoc Network(VANET),a Lattice-based Direct Anonymous Attestation for VANET(V-LDAA)is proposed.In order to prevent adversaries from tracking vehicles through pseudonyms,vehicles in VANETs need to regularly update their pseudonyms.Since the pseudonyms update and revocation operations require a large amount of computation,and VANET system relies on real-time data,it is difficult to implement a pseudonym mechanism that meets high real-time requirements based on lattice.Therefore,we improve the DAA credential signing protocol and design a lattice-based mechanism for users to generate and update pseudonyms by themselves.Since a TPM(Trusted Platform Module)chip is embedded into each user’s platform,trust can be transmitted from Certificate Authority(CA)to the TPM chips of users through DAA credentials,and the vehicles can control the generation,update and revocation of pseudonyms based on DAA credentials without Pseudonym Provider(PP).Similarly,there is no need for other vehicles to search the revocation lists every time before verifying a signature.After the offending vehicle receives the revocation notice from Revocation Authority(RA),TPM will complete the revocation by itself.Experiment results show that V-LDAA can meet the performance and security requirements in VANET.(3)To solve the cross-domain authentication problem in Io T,a Cross-Domain Lattice-based Direct Anonymous Attestation(CD-LDAA)protocol is proposed.On the basis of LDAA,CD-LDAA protocol draws on the idea of a traditional DAA cross-domain scheme,introduces Trusted Auditor(TA),and designs TA-Join,Issuer _B-Join,and CD-Sign/Verify protocols based on lattice.We complete the CD-LDAA ideal functions and prove the security under the universally composable security framework.