面向物联网的三因子跨域签密访问控制方案

Three-Factor Cross-Domain Signcryption Access Control Scheme for IoT Environment

在5G的海量机器类通信(massive Machine Type Communication,mMTC)物联网环境下,存在跨安全域的公钥加密体制PKI(Public Key Infrastructure)的物联网用户对无证书加密体制CLC(CertificateLess Cryptosystem)的物联网设备跨域安全通信问题.本文基于用户口令、生物特征和用户智能设备等组成的三因子和国密SM2的加密和签名算法,提出三因子跨域签密的访问控制方案(Three-factor Cross-domain Signcryption Access Control scheme for IoT environment,TCSAC-IoT),用于在跨安全域的情况下实现PKI物联网用户对CLC物联网设备跨域安全通信.方案通过三因子跨域签密算法对PKI物联网用户进行认证,对合法的PKI物联网用户建立与CLC物联网设备之间的共享秘钥,避免非法用户对CLC物联网设备资源非法访问,并在真实或随机ROR(Real-Or-Random)模型下证明了该方案在DY(DolevYao)模型和CK(Cantti-Krawczyk)模型下满足语义安全性,同时具有抗伪装攻击、抗重放攻击、抗中间人攻击、抗内部特权攻击和抗盗用或丢失PKI用户智能设备攻击,与类似方案对比分析的结果表明本方案有较低的计算开销和通信开销.

In the massive machine type communication(mMTC)internet of Things environment of 5G,there is the problem of cross-domain secure communication from IoT users with public key infrastructure(PKI)encryption scheme to IoT devices with certificateless cryptosystem(CLC)encryption regime across security domains.In this paper,we propose a three-factor cross-domain signed-encryption access control scheme in the Internet of things(TCSAC-IoT)for PKI users to CLC devices with cross-domain secure communication based on the signcryption algorithm of three-factor and national secret SM2 composed of user passwords,biometrics and user smart device.The scheme authenticates PKI IoT users through a three-factor cross-domain signcryption algorithm,and grants legitimate PKI IoT users a shared secret key with CLC IoT devices to avoid illegal access to CLC IoT device resources by illegal users.It is also demonstrated under the real-or-random(ROR)model that the scheme satisfies semantic security under the Dolev-Yao(DY)model and Cantti-Krawczyk(CK)model,and is also resistant to spoofing attacks,replay attacks,man-in-the-middle attacks,internal privilege attacks and theft or loss of PKI user smart device attacks.The results of the analysis in comparison with similar schemes show that this scheme has low computational overhead and communication overhead.