Research On Authentication Scheme For Cloud Server In Internet Of Things

With the rapid development of Internet of Things technology,the security and privacy of confidential data has always been the focus of research.Nowadays,due to the deep integration of the Internet of Things and cloud computing technology,a large amount of data collected by the front-end sensor device nodes is uploaded and stored in the cloud data server,which facilitates users to read the data generated in the Internet of Things environment.However,due to the openness of the network,data will face many security threats in the process of transmission and storage.If the data is illegally tampered with or accessed by an attacker,it will cause serious losses.As the first line of defense to ensure secure and secret communication of data in public network channels,the identity authentication and key agreement scheme can realize two-way identity authentication and negotiation of session keys between the device nodes participating in the communication.In terms of protecting user data security played a vital role.However,the traditional data security technology only provides the protection of the data transmission state and storage state,but does not provide the protection of the data running state.Therefore,this thesis introduces the Intel SGX confidential computing technology,and completes the calculation process involving key data in the identity authentication scheme in its trusted execution environment Enclave memory,which protects the sensitive data in the authentication negotiation calculation process.This thesis focuses on the identity authentication and key agreement scheme in the cloud server environment of the Internet of Things as the main line of research,combined with Intel SGX confidential computing technology and according to different resource limitation scenarios,research and propose identity authentication schemes based on different security factors and different security mechanisms,and Combined with the researched authentication scheme,the interactive application of data encryption authentication based on SGX technology is realized,and the key of the existing encrypted data is changed from the original storage state to the running state.The main research work and innovations of this thesis are summarized as follows:(1)This thesis proposes a dynamic anonymous three-factor authentication scheme(scheme A)based on extended Chebyshev chaotic map combined with SGX confidential computing technology.The scheme generates the anonymous identity of the user node and the temporary authentication credential data with the gateway control node in real time in each session,and dynamically updates the key authentication credential data at the end of the session,effectively resisting tracking attacks and ensuring forward security.At the same time,combined with the SGX confidential computing technology,a trusted execution environment is configured on the gateway control node and data server node with sufficient computing resources to execute the negotiation process involving key key data.By using BAN logic analysis,random oracle model,and AVISPA simulation tools to conduct formal security analysis,informal security analysis,performance analysis and evaluation,and NS-3network simulation experiments for scheme A,The results show that the scheme has better security and availability based on less resource overhead.(2)In order to further optimize the performance overhead,based on the previous work,this thesis proposes a lightweight identity authentication scheme(scheme B)based on SGX confidential computing technology,which realizes the synchronous update of key authentication credentials in stages.This scheme can satisfy forward security,verify the data integrity of session key negotiation,and resist tracking attacks.In this scheme,only the gateway control device node is configured with the Intel SGX confidential computing environment to seal the system master key data,and the computing steps involving the master key are executed in the trusted execution environment Enclave,which effectively resists internal privileges User attack.Through formal security analysis,informal security analysis,security performance analysis and comparison based on BAN logic,random oracle model and AVISPA simulation tool,and network simulation experiments based on NS-3,The resulting resource consumption is very small based on the more comprehensive security features of this lightweight scheme.(3)Design and implement a data encryption and authentication interactive application DEAIA-SGX based on Intel SGX confidential computing technology based on the proposed scheme B,which provides identity authentication and session keys for user nodes,gateway control nodes and data server nodes.The ability of negotiation ensures the security of data in the transmission state during the session.At the same time,the application proposes a hybrid encryption method for the transmission data in the Enclave trusted execution environment using the user’s personal identification information and the storage key data based on SGX sealing.The method transforms the original key from the storage state to the running state,and improves the data security of the storage.Through the detailed design,experimental analysis,safety evaluation of the application,it is proved that the application has theoretical significance and practical significance.