CN110611573A - Authentication protocol in intelligent home based on HLC and Hash collision puzzle - Google Patents

Authentication protocol in intelligent home based on HLC and Hash collision puzzle Download PDF

Info

Publication number
CN110611573A
CN110611573A CN201910924638.7A CN201910924638A CN110611573A CN 110611573 A CN110611573 A CN 110611573A CN 201910924638 A CN201910924638 A CN 201910924638A CN 110611573 A CN110611573 A CN 110611573A
Authority
CN
China
Prior art keywords
home gateway
home
puzzle
nonce
seq
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910924638.7A
Other languages
Chinese (zh)
Other versions
CN110611573B (en
Inventor
张磊
黄志刚
孟欣宇
赵奕鸥
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
East China Normal University
Original Assignee
East China Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by East China Normal University filed Critical East China Normal University
Priority to CN201910924638.7A priority Critical patent/CN110611573B/en
Publication of CN110611573A publication Critical patent/CN110611573A/en
Application granted granted Critical
Publication of CN110611573B publication Critical patent/CN110611573B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses an authentication protocol in an intelligent home based on HLC and Hash collision puzzle, which comprises the following steps: system setup, command message initialization, mutual authentication. Aiming at the problem that devices in the intelligent home are possibly tampered and attacked by other malicious devices, the protocol provides an intelligent home authentication protocol, and the protocol constructs a low-computation-cost protocol to resist attackers or malicious home intelligent devices based on home restricted channel communication (HLC) and Hash collision puzzle. The invention meets the characteristics of high efficiency, robustness and the like.

Description

Authentication protocol in intelligent home based on HLC and Hash collision puzzle
Technical Field
The invention belongs to the field of intelligent families and information security, and particularly relates to an authentication protocol in an intelligent family based on HLC and Hash collision puzzle.
Background
The intelligent home is a home combined with an advanced automatic system, and provides precise monitoring and control on building functions for residents. Smart homes can control lighting, temperature, multimedia, doors and windows, and many other functions. Smart homes use home automation technology to provide intelligent feedback and information to homeowners by monitoring many aspects of the home. Due to the superiority of smart homes, the business market for smart homes is also becoming more enormous. With the further promotion of interconnection and intercommunication of household intelligent products, more products are expected to appear in the future, and the stable development of the whole market of the intelligent household is promoted. With the influence of factors such as economic level, internet technology, consumption upgrading and the like, more and more consumers enter the smart home market. The Internet and emerging entrepreneurship companies carry out layout from different angles such as hardware, technology, system solutions and the like, and the intelligent home system is initially displayed.
A Home Area Network (HAN) is an essential component in a smart home. In recent years, home area networks have been extensively studied due to the development of smart cities, auxiliary systems, and other related network connection systems. A typical home area network is mainly composed of home intelligent devices and home gateways. The household intelligent equipment belongs to embedded equipment and has low computing power. The home smart device is a terminal of a smart home and is also a device that finally executes a user command. The home gateway is a precondition for constructing an intelligent home, and the home gateway can realize intelligent connection between networked information equipment inside the home and an intelligent broadband access network. The home gateway can receive different external network signals and then transmit the received signals to the home intelligent device.
The delivery of messages and commands is a very important function in the HAN, which has some security challenges, and how to authenticate commands is an urgent problem to be solved. In addition to authentication, the characteristics of the smart home device need to be considered. Generally, the server and the home gateway have sufficient capability to use a complex secure communication protocol to secure the control commands sent by the user, but the computing power of the home smart device is insufficient.
Disclosure of Invention
The invention aims to provide an authentication protocol in an intelligent home based on HLC and Hash collision puzzle, aiming at the problem that devices in the intelligent home can be tampered and attacked by other malicious devices, wherein the protocol is based on family restricted channel communication (HLC) and Hash collision puzzle, and a low-computation-cost protocol is constructed to resist attackers or malicious home intelligent devices.
The specific technical scheme for realizing the purpose of the invention is as follows:
an authentication protocol in a smart home based on HLC and a hashed collision puzzle, comprising the following entities: user, server, home gateway and family's intelligent device, include the following step:
step 1: system setup
A trusted entity TA generates and distributes system parameters params for the whole system;
step 2: command message initialization
The home gateway generates a command message CM for controlling the home intelligent device;
and step 3: mutual authentication
The home gateway and the home intelligent device mutually authenticate through HLC and Hash collision puzzle.
The step 1 specifically comprises:
in the system setting stage, a trusted entity TA generates a system parameter params and sends the system parameter params to a home gateway and home intelligent equipment in a offline mode; the generated system parameter params is used for mutual authentication between the home gateway and the home intelligent device; the home gateway is trusted and acts as a TA; the method comprises the following specific steps:
selecting ε as the difficulty of the puzzle;
selecting Δ T as an upper bound for message round-trip time;
h (×) is chosen as the hash function and the output of this function is k bits;
selecting m as the number of elements in Nonce, Nonce being a hash collision set;
TA distributes params ═ (epsilon, Δ T, H (, m) to home gateways and home smart devices { SD [)1,SD2,...,SDnN is the number of home smart devices SD.
The step 2 specifically comprises:
when the home gateway receives the message forwarded by the server, the home gateway enters the initialization stage of the command message; in this phase, the home gateway GW performs the following operations to initialize a command message CM for controlling the home smart device and to send this command to a certain home smart device SDa(a ∈ {1,..., n }); the detailed process is as follows:
i) generating one CM ═ IDa||SeqcmI CMD }, where IDaIs SDaIs a unique identification number, SeqcmIs the sequence number, Seq, of each CMcmStarting with 0 and increasing, CMD is actually a specific command to manipulate SD; the message forwarded by the server contains IDaAnd CMD, and whenever the home gateway sends a CM, SeqcmWill be increased by 1;
ii) the home gateway saves a five-tuple tup ═ Seqcm,CMD,Tcm,statecm,IDaTo its own cache, tup serves to authenticate the sender of the puzzle, TcmIs the local timestamp, state when the home gateway sends CMcmRepresents the current state of the CM; in the protocol, statecmThere are five types of states, the initial state being ini;
ini the home gateway has generated a CM, but this CM has not yet been sent out;
com, CM has been sent out by the home gateway, but the home gateway has not received the puzzle relating to this CM;
puz the home gateway has received the puzzle associated with the CM, but the home gateway has not resolved the puzzle, generating evidence;
prof, the home gateway has generated the evidence and sent it out, but the gateway has not received a reply;
ack the home gateway receives the SDaResponse to the evidence.
The step 3 specifically includes:
in the mutual authentication phase, the home gateway and the home receiving the CMIntelligent household device SDa(a ∈ { 1.,. n }) will authenticate each other; first, the home gateway will send CM to SDa(ii) a When SDaAfter receiving CM, SDaA puzzle P is generated, which is used to authenticate the sender of the CM and send P to the home gateway; after the home gateway receives the P, the identity of a sender of the puzzle P is verified, and the P is calculated only after the verification is passed, so that the evidence PRO is obtained; the home gateway will then send the PRO to the SDa;SDaAfter the PRO is received, the validity of the PRO is verified; when the verification passes, SDaWill execute the corresponding command and return an acknowledgement message ACK; specifically, the mutual authentication phase comprises the following steps:
step A: sending a command; the home gateway sends the CM to the SDaAfter receiving the CM, the home gateway modifies the state of the CM into com;
and B: distributing the puzzles; SD after receiving CM sent by home gatewayaA puzzle is sent to the home gateway to authenticate the legality of the home gateway;
1) generating a pseudo-random character string S;
2) obtaining Seq from received message CMcmAnd a CMD;
3) sending a P ═ { S | | | SeqcmI CMD to the home gateway, and saves P, records the current local timestamp Tsd1Preventing external malicious attackers;
the pseudo-random character string S is used for preventing replay attack, so that messages sent each time are inconsistent, and the previous messages cannot be reused to achieve the purpose of disguising; the pseudo-random character string can be generated through the internal state of the system; the states inside the system are chaotic, which means that it is difficult to predict them;
and C: generating evidence; upon receipt of SDaAfter sending P, the home gateway first verifies the legitimacy of P as follows:
1) by Seq among PcmThe home gateway searches a corresponding CM in a cache of the home gateway; the CM contains Seqcm,CMD,statecm,Tcm,IDa(ii) a If the home gateway does not find the corresponding CM, the operation is terminated;
2) checking the status of the CM; if statecmNot equal to com means that the command has been executed or that the message was not sent by the home gateway; therefore, the home gateway does not compute puzzle P;
3) state in CMcmModified to puz;
4) a symbol is introduced into the protocolb is the number of equal bits from the left of the two strings; see the bit string as s ═ {0,1 }; suppose [ s ]]iRepresents the ith bit, [ s ] of the bit string]1Represents the leftmost bit, [ s ]]|s|Represents the rightmost bit; [ s ] of]i...jRepresenting a string of bits from i to j; thus, it is possible to provide
s=[s]1...|s|.. (1)
x and y are two bit strings, and formula (2) shows that when the first bit of x and y is not equal, the number of equal bits is 0 from left; formula (3) shows that when x, y are equal to only the first b bits, they are equal to b from the left;
checking whether the CMD in the CM is equal to the CMD in the P, and if not, not continuing to execute; if the home gateway verifies the legitimacy of P, the home gateway resolves P and generates an evidence PRO as follows; the home gateway will look forBecause the process of searching hash collision has certain randomness, the protocol sets that the home gateway does not search a nonce, but rather a set of nonces, nonces { nonces }1,nonce2,...,noncem}; this greatly reduces the probability of an attacker passing the verification by chance; then, the home gateway sends the evidence PRO ═ { Seq ═cmNonce to SDa(ii) a In addition, the home gateway modifies the state of the CM to prof;
step D: execute and answer (HLC); at this step, SDaThe validity of PRO is verified as follows:
1) when SDaAfter receiving the PRO sent by the home gateway, it records its own local timestamp Tsd 2;
2)SDacheck if (T) is satisfiedsd2-Tsd1) Not more than delta T; if not, SDaWill not continue execution;
3) check each Nonce in the NonceiIf i ∈ { 1.,. m } is different, if the same, SDaWill not continue to execute;
4) taking out the puzzle P stored in the cache; for each noncei,SDaCalculating (P | nonce) using H (#)i) The hash value of (1);
5) for each nonceiIf it is satisfiedThen the CM is considered legal, otherwise the SDaWill not continue to execute;
6)SDaexecuting a command CMD in the CM;
7)SDagenerating an acknowledgement message ACK ═ { ID ═ IDa||DSa||Seqcm},DSaIs represented by SDaThe state of (1); then sending the confirmation message to the home gateway through the HLC; when the home gateway receives the ACK, it finds the CM in its buffer and then modifies the status of the CM to ACK.
The invention constructs a low-computation-cost protocol to resist attackers or malicious home intelligent equipment based on HLC and Hash collision puzzle. The invention meets the characteristics of high efficiency, robustness and the like.
Drawings
FIG. 1 is a flow chart of the present invention.
Detailed Description
The authentication protocol in the intelligent home comprises the following entities: the system comprises a user, a server, a home gateway and a home intelligent device. The method comprises the following steps:
(1) system setup
In the system setting stage, a trusted entity (TA) generates a system parameter params and sends the system parameter params to a home gateway and home intelligent equipment in a offline mode. The generated system parameters are used for mutual authentication between the home gateway and the home intelligent device. We assume that the home gateway is trusted and therefore let the home gateway act as a TA. The method comprises the following specific steps:
choose ε as the difficulty of the puzzle.
Select Δ T as the upper bound for the message round-trip time.
H (×) is chosen as the hash function and the output of this function is k bits.
Select m as the number of elements in Nonce.
TA distributes params ═ e, Δ T, H (, m) to home gateways and { SD over wires1,SD2,...,SDnN is the number of home smart devices.
(2) Command message initialization
The initialization phase of the command message is only entered when the home gateway receives the message forwarded by the server. In this phase, the home gateway GW performs the following operations to initialize a command message CM (for controlling the home smart devices) and to send this command to a certain home smart device SDa(a ∈ { 1., n }). The detailed process is as follows:
step 1. generating a CM ═ IDa||SeqcmI CMD }, where IDaIs SDaThe unique identification number of (a); seqcm(increasing from 0) is the sequence number of each CM; CMD is actually a specific command (say on or off) to manipulate SD. It is to be noted here that the serverThe forwarded message contains an IDaAnd CMD, and whenever the home gateway sends a CM, SeqcmIt will self-increment by 1.
Step 2, the home gateway saves a five-tuple tup ═ { Seqcm,CMD,Tcm,statecm,IDaTo its own cache. tup is used to authenticate the sender of the puzzle. T iscmIs the local timestamp when the home gateway sends the CM. StatecmRepresenting the current state of the CM. In our protocol, statecmThere are five types of states, initialized to ini.
Ini the home gateway generates a CM, but the CM has not yet been sent out.
CM has been sent out by the home gateway. But the home gateway has not received the puzzle associated with this CM.
Puz the home gateway has received the puzzle associated with the CM, but the home gateway has not yet solved the puzzle, generating evidence.
The home gateway generates evidence and sends this out. But the gateway has not received an acknowledgement (ack).
Ack the home gateway receives the SDaAck to the evidence.
(3) Mutual authentication
In the mutual authentication phase, the home gateway and the home smart device SD receiving the CMa(a ∈ { 1.,. n }) are mutually authenticated. First, the home gateway will send CM to SDa. When SDaAfter receiving CM, SDaA puzzle P (which serves to authenticate the sender of the CM) is generated and sent to the home gateway. When the home gateway receives P, he first verifies the identity of the sender of P. Only after the verification is passed, the calculation P is carried out, resulting in the evidence PRO. The home gateway will then send the PRO to the SDa。SDaAfter receiving the PRO, the validity of the PRO is verified. When the verification passes, SDaThe corresponding command is executed and an acknowledgement message ACK is returned.
Specifically, the mutual authentication phase has four steps, namely sending a command; distributing the puzzles; generating evidence;
the various steps are performed and described in detail below in response:
step 1, sending a command; the home gateway sends the CM to the SDaWhen the home gateway receives the CM, it modifies the status of the CM to com.
Step 2, puzzle distribution; SD after receiving CM sent by home gatewayaA puzzle is sent to the home gateway to authenticate the legitimacy of the home gateway as follows.
1. A pseudo-random string S is generated.
2. Obtaining Seq from received message CMcmAnd a CMD.
3. Sending a puzzle P ═ S | | | Seq through HLCcmI CMD to the home gateway, and saves P, records the current local timestamp Tsd1This is to protect against external malicious attackers.
The pseudo-random character string S is used for preventing replay attack, so that messages sent each time are inconsistent, and the previous messages cannot be reused to achieve the purpose of disguising. The pseudo-random string can be chaotic in generating all internal states of the system from internal system states, which means that it is difficult to predict the relevant states.
Step 3, evidence generation, after SD is receivedaAfter sending P, the home gateway first verifies the legitimacy of P as follows:
1. by Seq among PcmAnd the home gateway searches the corresponding CM in the cache of the home gateway. The CM contains Seqcm,CMD,statecm,Tcm,IDa. If the home gateway does not find the corresponding CM, he terminates the operation.
2. The status of the CM is checked. If statecmNot equal to com, which means that this command has already been executed, or that this message is not sent by the home gateway. Thus, the home gateway does not compute the puzzle P.
3. State in CMcmModified to puz.
4. Check if CMD in CM equals CMD in P, and if not, do not continue execution.
If the home gateway verifies the legitimacy of P, the home gateway resolves P and generates the proof PRO as follows. The home gateway will look forBecause there is a certain randomness in the process of finding hash collision, the home gateway set by our protocol needs to find not only a Nonce but also a set of nonces, i.e., nonces ═ Nonce1,nonce2,...,noncem}. This greatly reduces the probability of an attacker accidentally passing the verification. Then, the home gateway sends the evidence PRO ═ SeqcmNonce to SDaAnd is via HLC. In addition, the home gateway modifies the state of the CM to prof. For better expression, an operation symbol is introduced in the protocolb is the number of equal bits of the two strings from the left. The bit string is seen as s ═ {0,1 }. Suppose [ s ]]iRepresents the ith bit, [ s ] of the bit string]1Represents the leftmost bit, [ s ]]|s|Representing the rightmost bit. [ s ] of]i...jRepresenting a string of bits from i to j. Thus s ═ s]1...|s|..
Step 4 execution and answer (HLC). At this step, SDaThe validity of PRO is verified as follows:
1. when SDaAfter receiving the PRO sent by the home gateway, it records its own local timestamp Tsd 2.
2.SDaCheck if (T) is satisfiedsd2-Tsd1) If not, SDaExecution will not continue.
3. Check each Nonce in the NonceiIf i ∈ { 1.,. m } is different, if not, SDaExecution will not continue.
4. The puzzle P stored in the cache is fetched. For each noncei,SDaCalculating (P | nonce) using H (#)i) The hash value of (1).
5. For each nonceiIf it is satisfiedThen the CM is considered legal, otherwise the SDaExecution will not continue.
6.SDaThe command CMD in the CM is executed.
7.SDaGenerating an acknowledgement message ACK ═ { ID ═ IDa||DSa||Seqcm},DSaIs represented by SDaThe state of (1). This acknowledgement message is then sent to the home gateway via the HLC. When the home gateway receives the ACK, he finds the CM in his cache, and then modifies the status of the CM to ACK.

Claims (4)

1. An authentication protocol in a smart home based on HLC and a hashed collision puzzle, comprising the following entities: user, server, home gateway and family's intelligent device, its characterized in that includes the following step:
step 1: system setup
A trusted entity TA generates and distributes system parameters params for the whole system;
step 2: command message initialization
The home gateway generates a command message CM for controlling the home intelligent device;
and step 3: mutual authentication
The home gateway and the home intelligent device mutually authenticate through HLC and Hash collision puzzle.
2. The authentication protocol according to claim 1, wherein the step 1 specifically comprises:
in the system setting stage, a trusted entity TA generates a system parameter params and sends the system parameter params to a home gateway and home intelligent equipment in a offline mode; the generated system parameter params is used for mutual authentication between the home gateway and the home intelligent device; the home gateway is trusted and acts as a TA; the method comprises the following specific steps:
selecting ε as the difficulty of the puzzle;
selecting Δ T as an upper bound for message round-trip time;
h (×) is chosen as the hash function and the output of this function is k bits;
selecting m as the number of elements in Nonce, Nonce being a hash collision set;
TA distributes params ═ (epsilon, Δ T, H (, m) to home gateways and home smart devices { SD [)1,SD2,...,SDnN is the number of home smart devices SD.
3. The authentication protocol according to claim 1, wherein the step 2 specifically comprises:
when the home gateway receives the message forwarded by the server, the home gateway enters the initialization stage of the command message; in this phase, the home gateway GW performs the following operations to initialize a command message CM for controlling the home smart device and to send this command to a certain home smart device SDa(a ∈ {1,..., n }); the detailed process is as follows:
i) generating one CM ═ IDa||SeqcmI CMD }, where IDaIs SDaIs a unique identification number, SeqcmIs the sequence number, Seq, of each CMcmStarting with 0 and increasing, CMD is actually a specific command to manipulate SD; the message forwarded by the server contains IDaAnd CMD, and whenever the home gateway sends a CM, SeqcmWill be increased by 1;
ii) the home gateway saves a five-tuple tup ═ Seqcm,CMD,Tcm,statecm,IDaTo its own cache, tup is used to authenticate the puzzleSender of (1), TcmIs the local timestamp, state when the home gateway sends CMcmRepresents the current state of the CM; in the protocol, statecmThere are five types of states, the initial state being ini;
ini the home gateway has generated a CM, but this CM has not yet been sent out;
com, CM has been sent out by the home gateway, but the home gateway has not received the puzzle relating to this CM;
puz the home gateway has received the puzzle associated with the CM, but the home gateway has not resolved the puzzle, generating evidence;
prof, the home gateway has generated the evidence and sent it out, but the gateway has not received a reply;
ack the home gateway receives the SDaResponse to the evidence.
4. The authentication protocol according to claim 1, wherein the step 3 specifically comprises:
in the mutual authentication phase, the home gateway and the home smart device SD receiving the CMa(a ∈ { 1.,. n }) will authenticate each other; first, the home gateway will send CM to SDa(ii) a When SDaAfter receiving CM, SDaA puzzle P is generated, which is used to authenticate the sender of the CM and send P to the home gateway; after the home gateway receives the P, the identity of a sender of the puzzle P is verified, and the P is calculated only after the verification is passed, so that the evidence PRO is obtained; the home gateway will then send the PRO to the SDa;SDaAfter the PRO is received, the validity of the PRO is verified; when the verification passes, SDaWill execute the corresponding command and return an acknowledgement message ACK; specifically, the mutual authentication phase comprises the following steps:
step A: sending a command; the home gateway sends the CM to the SDaAfter receiving the CM, the home gateway modifies the state of the CM into com;
and B: distributing the puzzles; SD after receiving CM sent by home gatewayaA puzzle is sent to the home gateway to authenticate the legality of the home gateway;
1) generating a pseudo-random character string S;
2) obtaining Seq from received message CMcmAnd a CMD;
3) sending a P ═ { S | | | SeqcmI CMD to the home gateway, and saves P, records the current local timestamp Tsd1Preventing external malicious attackers;
the pseudo-random character string S is used for preventing replay attack, so that messages sent each time are inconsistent, and the previous messages cannot be reused to achieve the purpose of disguising; the pseudo-random character string can be generated through the internal state of the system; the states inside the system are chaotic, which means that it is difficult to predict them;
and C: generating evidence; upon receipt of SDaAfter sending P, the home gateway first verifies the legitimacy of P as follows:
1) by Seq among PcmThe home gateway searches a corresponding CM in a cache of the home gateway; the CM contains Seqcm,CMD,statecm,Tcm,IDa(ii) a If the home gateway does not find the corresponding CM, the operation is terminated;
2) checking the status of the CM; if statecmNot equal to com means that the command has been executed or that the message was not sent by the home gateway; therefore, the home gateway does not compute puzzle P;
3) state in CMcmModified to puz;
4) a symbol is introduced into the protocolb is the number of equal bits from the left of the two strings; see the bit string as s ═ {0,1 }; suppose [ s ]]iRepresents the ith bit, [ s ] of the bit string]1Represents the leftmost bit, [ s ]]|s|Represents the rightmost bit; [ s ] of]i...jRepresenting a string of bits from i to j; thus, it is possible to provide
s=[s]1...|s|.. (1)
x and y are two bit strings, and formula (2) shows that when the first bit of x and y is not equal, the number of equal bits is 0 from left; formula (3) shows that when x, y are equal to only the first b bits, they are equal to b from the left;
checking whether the CMD in the CM is equal to the CMD in the P, and if not, not continuing to execute; if the home gateway verifies the legitimacy of P, the home gateway resolves P and generates an evidence PRO as follows; the home gateway will look forBecause the process of searching hash collision has certain randomness, the protocol sets the home gateway to search a group of nonces instead of a Nonce1,nonce2,...,noncem}; this greatly reduces the probability of an attacker passing the verification by chance; then, the home gateway sends the evidence PRO ═ { Seq ═cmNonce to SDa(ii) a In addition, the home gateway modifies the state of the CM to prof;
step D: execute and answer (HLC); at this step, SDaThe validity of PRO is verified as follows:
1) when SDaAfter receiving the PRO sent by the home gateway, it records its own local timestamp Tsd 2;
2)SDacheck if (T) is satisfiedsd2-Tsd1) Not more than delta T; if not, SDaWill not continue execution;
3) check each Nonce in the NonceiIf i ∈ { 1.,. m } is different, if the same, SDaWill not continue to execute;
4) taking out the puzzle P stored in the cache; for each noncei,SDaCalculating (P | nonce) using H (#)i) The hash value of (1);
5) for each nonceiIf it is satisfiedThen the CM is considered legal, otherwise the SDaWill not continue to execute;
6)SDaexecuting a command CMD in the CM;
7)SDagenerating an acknowledgement message ACK ═ { ID ═ IDa||DSa||Seqcm},DSaIs represented by SDaThe state of (1); then sending the confirmation message to the home gateway through the HLC; when the home gateway receives the ACK, it finds the CM in its buffer and then modifies the status of the CM to ACK.
CN201910924638.7A 2019-09-27 2019-09-27 Authentication communication method in intelligent home based on HLC and Hash collision puzzle Active CN110611573B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910924638.7A CN110611573B (en) 2019-09-27 2019-09-27 Authentication communication method in intelligent home based on HLC and Hash collision puzzle

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910924638.7A CN110611573B (en) 2019-09-27 2019-09-27 Authentication communication method in intelligent home based on HLC and Hash collision puzzle

Publications (2)

Publication Number Publication Date
CN110611573A true CN110611573A (en) 2019-12-24
CN110611573B CN110611573B (en) 2021-10-15

Family

ID=68893596

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910924638.7A Active CN110611573B (en) 2019-09-27 2019-09-27 Authentication communication method in intelligent home based on HLC and Hash collision puzzle

Country Status (1)

Country Link
CN (1) CN110611573B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111222134A (en) * 2019-12-31 2020-06-02 华东师范大学 Authentication protocol in intelligent home based on HLC and Time-Lock puzzle

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1909524A (en) * 2006-08-24 2007-02-07 华为技术有限公司 Automatic configuration method and system for digital household terminal
CN101141422A (en) * 2007-10-26 2008-03-12 中国电信股份有限公司 Method and system to access family gateway and family gateway
CN101820344A (en) * 2010-03-23 2010-09-01 中国电信股份有限公司 AAA server, home network access method and system
CN107534642A (en) * 2015-04-16 2018-01-02 瑞典爱立信有限公司 For the method and apparatus to being established with the calculating problem in communication between clients and servers
CN108155996A (en) * 2018-03-12 2018-06-12 浙江大学 Smart home safe communication method based on family's channel
US10581872B1 (en) * 2016-12-29 2020-03-03 Alarm.Com Incorporated Service authorization for IoT devices operating locally

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1909524A (en) * 2006-08-24 2007-02-07 华为技术有限公司 Automatic configuration method and system for digital household terminal
CN101141422A (en) * 2007-10-26 2008-03-12 中国电信股份有限公司 Method and system to access family gateway and family gateway
CN101820344A (en) * 2010-03-23 2010-09-01 中国电信股份有限公司 AAA server, home network access method and system
CN107534642A (en) * 2015-04-16 2018-01-02 瑞典爱立信有限公司 For the method and apparatus to being established with the calculating problem in communication between clients and servers
US20180131679A1 (en) * 2015-04-16 2018-05-10 Telefonaktiebolaget Lm Ericsson (Publ) Method and Device for Establishing a Computational Puzzle for Use in Communication Between a Client and a Server
US10581872B1 (en) * 2016-12-29 2020-03-03 Alarm.Com Incorporated Service authorization for IoT devices operating locally
CN108155996A (en) * 2018-03-12 2018-06-12 浙江大学 Smart home safe communication method based on family's channel

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ISAAC LEE等: ""A Novel Design and Implementation of Dos-Resistant Authentication and Seamless Handoff Scheme for Enterprise WLANs"", 《AUSTRALIAN INFORMATION SECURITY MANAGEMENT》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111222134A (en) * 2019-12-31 2020-06-02 华东师范大学 Authentication protocol in intelligent home based on HLC and Time-Lock puzzle
CN111222134B (en) * 2019-12-31 2023-05-12 华东师范大学 Authentication protocol in intelligent home based on HLC and Time-Lock puzzle

Also Published As

Publication number Publication date
CN110611573B (en) 2021-10-15

Similar Documents

Publication Publication Date Title
Javaid et al. Blockpro: Blockchain based data provenance and integrity for secure iot environments
CN109981689B (en) Cross-domain logic strong isolation and security access control method and device in scene of Internet of things
Schulz et al. Short paper: Lightweight remote attestation using physical functions
CN109257334B (en) Block chain-based data uplink system, method and storage medium
CN109525397B (en) Block chain and method for SDN network flow rule security guarantee
Guo et al. SecFHome: Secure remote authentication in fog-enabled smart home environment
Bilal et al. Security analysis of ultra-lightweight cryptographic protocol for low-cost RFID tags: Gossamer protocol
CN113282898B (en) Lightweight identity authentication method based on physical unclonable function
CN103765809A (en) Implicitly certified public keys
CN110147666B (en) Lightweight NFC identity authentication method in scene of Internet of things and Internet of things communication platform
Kim et al. Trustworthy gateway system providing IoT trust domain of smart home
Seshadri et al. SAKE: Software attestation for key establishment in sensor networks
CN113301022A (en) Internet of things equipment identity security authentication method based on block chain and fog calculation
Huang et al. Key-free authentication protocol against subverted indoor smart devices for smart home
Liao et al. Toward authenticating the master in the modbus protocol
Javaid et al. Defining trust in IoT environments via distributed remote attestation using blockchain
CN110611573B (en) Authentication communication method in intelligent home based on HLC and Hash collision puzzle
CN104717230A (en) Composite dynamic password authentication method and authentication system applicable to plug-and-play terminal
Long et al. Energy-efficient and intrusion-resilient authentication for ubiquitous access to factory floor information
Badar et al. An access control protocol for IoT‐based critical infrastructure in smart grid environment
CN115842657A (en) Internet of things anonymous identity authentication method and device based on block chain
CN111222134B (en) Authentication protocol in intelligent home based on HLC and Time-Lock puzzle
CN112333214B (en) Safe user authentication method and system for Internet of things equipment management
Halgamuge Latency estimation of blockchain-based distributed access control for cyber infrastructure in the iot environment
US11399279B2 (en) Security credentials recovery in Bluetooth mesh network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant