摘要
基于身份的加密方案解决了传统公钥加密体制在证书管理方面的不足,使基于身份的加密方案能适应物联网轻量级的环境。针对基于身份加密在物联网环境中的应用存在密钥托管和跨域认证等问题,提出一种分层的基于身份加密(Hierarchical Identity-Based Encryption,HIBE)的物联网环境下多私钥生成机构(Private Key Generator,PKG)联合跨域认证及通信机制HIBE-MPJ(Hierarchical Identity-Based Encryption-Multiple Private Key Generator Joint)。HIBE-MPJ使用不同信任域的PKG作为跨域认证时的信任网关,通过密钥共享解决不同信任域PKG的密钥托管问题,并建立安全的通信密钥协商机制,使得不同系统参数的两个物联网信任域内的用户节点能互相认证,并提高通信时的效率。随后对认证过程给出了正确性分析,并分析了该方案在随机预言模型下的安全性,并加以实验测试分析,实验结果表明,HIBE-MPJ具有安全性及可行性。最后通过理论证明和构建物联网环境进行实验测试,实验结果表明HIBE-MPJ模型的安全性和可行性。
The identity-based encryption solution solves the deficiencies of the traditional public key encryption system in certificate management,so that the identity-based encryption solution can adapt to the lightweight environment of the Internet of Things(IoT).Aiming at the problems of key escrow and cross-domain authentication based on the application of identity encryption in IoT environment,a multiple private key generator(PKG)joint cross-domain authentication and communication mechanism hierarchical identity-based encryption-multiple private key generator joint(HIBE-MPJ)based on hierarchical identity-based encryption(HIBE)is proposed.HIBE-MPJ uses PKGs of different trust domains as the trust gateway for cross-domain authentication,solves the key escrow problem of PKGs of different trust domains through key sharing,and establishes a secure communication key negotiation mechanism to make two of the different system parameters user nodes in the IoT trust domain can authenticate each other and improve the efficiency of communication.Then the correctness analysis of the authentication process is given,and the security of the scheme under the random prediction model is analyzed,and the experimental test analysis is carried out.The experimental results show that HIBE-MPJ is safe and feasible.Finally,through the theoretical proof and the construction of the Internet of Things environment,the experimental test showed that the HIBE-MPJ model is safe and feasible.
作者
季一木
陆毅成
刘尚东
王舒
唐玟
肖小英
何亦拓
王凯瑞
吴海丰
JI Yimu;LU Yicheng;LIU Shangdong;WANG Shu;TANG Wen;XIAO Xiaoying;HE Yituo;WANG Kairui;WU Haifeng(School of Computer Science,Nanjing University of Posts and Telecommunications,Nanjing 210023,China;Jiangsu High Technology Research Key Laboratory for Wireless Sensor Networks,Nanjing University of Posts and Telecommunications,Nanjing 210023,China;Institute of High-Performance Computing and Bigdata,Nanjing University of Posts and Telecommunications,Nanjing 210023,China;Nanjing Center of HPC China,Nanjing University of Posts and Telecommunications,Nanjing 210023,China;Jiangsu HPC and Intelligent Processing Engineer Research Center,Nanjing University of Posts and Telecommunications,Nanjing 210023,China)
出处
《南京邮电大学学报(自然科学版)》
北大核心
2020年第4期1-10,共10页
Journal of Nanjing University of Posts and Telecommunications:Natural Science Edition
基金
国家重点研发计划专项(2017YFB1401300,2017YFB1401302)
江苏省自然科学基金优秀青年基金(BK20170100)
江苏省自然科学基金(BK20170900)
江苏省重点研发计划(BE2017166)
江苏省六大人才高峰项目(JY02)
江苏省教育厅高等学校自然科学研究项目(19KJB520046)
博士后创新人才支持计划(BX20180146)
中国博士后科学基金(2019M661901)
江苏省博士后科研资助计划(2019K024)
CCF-腾讯犀牛鸟基金微众银行专项(CCF-WebankRAGR20190104)
南京邮电大学鼎山人才培养对象项目
南京邮电大学人才启动基金资助项目。
关键词
物联网
公钥加密
基于身份加密
跨域认证
Internet of Things(IoT)
public key encryption
identity-based encryption(IBE)
cross-domain authentication
