摘要
针对物联网无线服务系统通信中易遭受数据窃听、恶意行为攻击和用户平台隐私泄露问题,提出了一个基于可信第三方的簇间节点安全链路模型.该模型基于离散对数困难问题和双线性对映射建立节点可信匿名认证及簇形结构地址查询机制,利用杂凑函数和随机数生成的临时身份代替节点的真实身份以实现匿名性,将可信第三方嵌入认证机制以防止匿名认证机构与协调器共谋对用户平台实施Rudolph攻击,同时仅对控制中心授权的可信簇形结构提供查询服务.通过源簇形结构与链路中各节点的证书验证、密钥协商和填充机制实现数据的嵌套加解密及防流量分析服务,保证簇间节点数据传输安全.在此基础上,给出了链路模型的UC安全性证明.理论分析和实验结果表明:该模型在抑制数据窃听、流量分析和保护节点匿名性方面有明显优势.
To overcome the problem that the security capabilities of the communication deteriorate significantly in the presence of eavesdropping,malicious behaviors and privacy disclosure of user platform in wireless service system of IoT,a secure transmission model among clusters is proposed based on the trusted third party.A model for trusted authentication and mechanism for the enquiry of cluster address are constructed based on the condition of discrete logarithm problem and the bilinear mapping.This model generates the temporary identity according to the Hash function and random number to achieve anonymity and only provides enquiry service to the trusted clusters authorized by control center.The suppression of Rudolph attack between user platform and coordinator is taken into consideration by setting the trusted third party in authentication mechanism.In accordance with the key agreement between source cluster and clusters in the link,certificate validation and data filling mechanism,the nested encryption and decryption and flow analysis defense are achieved to guarantee the transmission security among clusters.On this basis,the security proof of data transmission model is presented.The theoretical analysis and experimental results show that the developed model performs well in terms of eavesdropping suppression,flow analysis inhibition and anonymity protection.
作者
周伟伟
郁滨
Zhou Weiwei;Yu Bin(PLA Information Engineering University,Zhenzhou 450001)
出处
《计算机研究与发展》
EI
CSCD
北大核心
2018年第7期1393-1408,共16页
Journal of Computer Research and Development
基金
国家自然科学基金项目(61602513)~~
关键词
物联网
无线服务系统
匿名查询
散列函数
双线性对映射
Internet of things (loT)
wireless service system
anonymous inquiry
Hash function
bilinear mapping