基于国密算法的CoAP安全协议研究与实现

Research and implementation of CoAP security protocol based on domestic cryptographic algorithms

随着接入物联网的小型设备增多,受限应用协议(constrained application protocol, CoAP)的使用频率上升,对CoAP通信安全性的关切也日益突显。为确保客户端与服务器通信的安全性,提出一种基于国产密码算法的创新性CoAP安全方案。在配置阶段,将预共享密钥硬编码到设备中;身份认证及密钥协商阶段采用基于有效负载的加密方法,通过两条握手消息完成双方身份认证,并获取用于数据传输的协商密钥;数据传输阶段采用观察者模式,客户端发送观察资源请求,依赖服务器加密传输资源,实现节能观察。安全方案使用SM4算法对身份认证和数据传输的数据进行加密,利用SM3算法验证消息完整性,有效提升了CoAP的安全防护能力。安全性分析和仿真实验结果展示了其在计算、通信和存储方面的卓越性能,确保了方案能够满足实际应用需求。

With the increasing integration of small devices into the internet of things(IoT),the utilization of the constrained application protocol(CoAP)is on the rise,accentuating concerns about the security of CoAP communication.To ensure secure communication between clients and servers,an innovative CoAP security solution based on domestic cryptographic algorithms was proposed.In the configuration phase,pre-shared keys were hard-coded into devices.A payload-based encryption method was employed in the identity authentication and key negotiation phase,completing mutual authentication with two handshake messages and obtaining negotiated keys for data transmission.In the data transmission phase,an observer pattern was applied,where the client sent an observe resource request,the reliable server encrypt and transmit resources,achieving energy-efficient observation.The SM4 algorithm was used in the security solution to encrypt data in identity authentication and data transmission,and the SM3 algorithm was used to verify the message integrity.Simulation experiment results demonstrate outstanding performance in computation,communication,and storage,ensuring that the solution meets practical application requirements.