摘要
为了研究物联网(IoT)资源受限环境下的身份验证,提出一种分布式轻量级IoT身份验证和授权框架.主要在IoT中利用消息队列遥测传输(MQTT)的概念来进行基于广播的数据传输,采用基于使用控制(UCON)的访问控制进行设备认证,并利用椭圆曲线加密(ECC)的轻量级性质,将其与访问控制机制相结合.实验采用应用自动化验证(AVISPA)和访问控制策略测试(ACPT)工具,形式化与非形式化的分析验证了所提方案的有效性.结果表明该方案可以抵御多种不同攻击,且在计算成本方面也具有优势,未涉及模运算和异或运算,适用于资源受限设备.
To study the authentication in the resource constrained environment of the internet of things(IoT),we propose a distributed lightweight authentication for IoT and authorization framework.The concept of message queue telemetry transmission(MQTT)is adopted to carry out data transmission based on broadcast in IoT,and to use usage control(UCON)-based access control for device authentication.The lightweight nature of elliptic curve encryption(ECC)is used to combine with access control mechanism.In experiments,automated validation of internet security protocols and applications(AVISPA)and access control policy testing(ACPT)tools are used.Formal and informal analyses verify the effectiveness of the proposed scheme,which can resist a variety of different attacks.Moreover,the proposed scheme has secured advantages in calculating cost.It does not involve modular and exclusive or operations,thus is suitable for resource constrained equipment.
作者
徐伟
危蓉
XU Wei;WEI Rong(Department of Information Technology,Hubei University of Police,Wuhan 430034,China;Hubei Collaborative Innovation Center of Digital Forensics and Trusted Application,Wuhan 430034,China)
出处
《厦门大学学报(自然科学版)》
CAS
CSCD
北大核心
2021年第6期1024-1031,共8页
Journal of Xiamen University:Natural Science
基金
湖北省教育厅科研重点项目(D20164202)
中国高校产学研创新基金项目(2019ITA03025)
湖北省教育厅“荆楚卓越人才”协同育人计划项目(鄂教高函[2017]29号57)
湖北警官学院院级科研项目(HJ2020YB07)。
关键词
物联网
身份验证
资源受限
消息队列遥测传输
访问控制
椭圆曲线加密
internet of things
authentication
resource constrained
message queue telemetry transmission
access control
elliptic curve encryption