CN111147228A - Ethernet IoT entity based lightweight authentication method, system and intelligent terminal - Google Patents

Ethernet IoT entity based lightweight authentication method, system and intelligent terminal Download PDF

Info

Publication number
CN111147228A
CN111147228A CN201911385265.7A CN201911385265A CN111147228A CN 111147228 A CN111147228 A CN 111147228A CN 201911385265 A CN201911385265 A CN 201911385265A CN 111147228 A CN111147228 A CN 111147228A
Authority
CN
China
Prior art keywords
node
key
requester
intelligent
equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911385265.7A
Other languages
Chinese (zh)
Other versions
CN111147228B (en
Inventor
李晖
张秀娟
曹进
罗玙榕
赵兴文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN201911385265.7A priority Critical patent/CN111147228B/en
Publication of CN111147228A publication Critical patent/CN111147228A/en
Application granted granted Critical
Publication of CN111147228B publication Critical patent/CN111147228B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3252Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using DSA or related signature schemes, e.g. elliptic based signatures, ElGamal or Schnorr schemes

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Databases & Information Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Algebra (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Analysis (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Hardware Design (AREA)
  • Power Engineering (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention belongs to the technical field of network security communication, and discloses a light-weight authentication method, a system and an intelligent terminal based on an IoT entity of an Ether house, wherein the IoT entity is based on the IoT entity hierarchical architecture deployment stage of the Ether house; registering the intelligent equipment; sending authentication request information; verifying request information and sending authentication information and response information aiming at the chameleon Hash function; sending an authentication confirmation message; and exchanging information among IoT entities. The method is applied to all scenes of the Internet of things; the time for the block link points to achieve consensus is greatly reduced, and the trouble caused by the limitation of the processing capacity of the intelligent equipment is also solved; the hash value of the key information of the equipment is subjected to full-network backup in the block chain, so that the safety of the identity of the terminal equipment is ensured; mutual authentication between entities of the Internet of things is realized by utilizing the characteristics of the chameleon hash function, the authentication efficiency is improved, and all known attacks can be resisted.

Description

Ethernet IoT entity based lightweight authentication method, system and intelligent terminal
Technical Field
The invention belongs to the technical field of network security communication, and particularly relates to a light-weight authentication method, a light-weight authentication system and an intelligent terminal based on an Ethernet IoT entity.
Background
Currently, the closest prior art: along with the rapid development of the Internet of things, the number of the Internet of things equipment is increased sharply, and from intelligent locks to intelligent vehicles and from intelligent wearable equipment to intelligent homes, the Internet of things relates to all aspects of people's life. People also induce many network attacks by using the internet of things devices to generate, process and exchange a large amount of sensitive private information. Therefore, the terminal authentication and the access control are very important for solving the safety and privacy problems in the Internet of things. However, due to the characteristics of limited resources, heterogeneity and decentralization of device resources, and large scale of internet of things devices, classical authentication and access control schemes such as attribute-based access control (ABAC) and role-based access control (RBAC) have proven to be inflexible, non-scalable, and difficult to upgrade. In order to solve these problems, researchers have proposed various solutions. For example, a lightweight authentication scheme and an internet of things security architecture are designed, and a cryptographic algorithm or a block chain technology is utilized. In particular, the blockchain technology is a hot research direction for solving the architecture problem of the internet of things by virtue of the characteristics of main body peering, decentralization, public transparency, difficulty in tampering and multi-party consensus. The block chain is like a distributed database account book, records all transaction records, and removes the dependence on the authentication of a trusted third party; all nodes in the blockchain network ensure the consistency of stored data through a consensus algorithm, as long as the hash value jointly controlled by honest nodes exceeds any cooperative attack node group, the system is safe, and the stored data is not alterable. The EtherFang light client protocol can run on the Internet of things equipment with low processing capacity and memory and is essential to the environment of the Internet of things with limited resources; in addition, the development trend of the internet of things in the future is that the internet of things equipment is expected to have certain intelligence, certain behaviors can be automatically generated when certain conditions are met, for example, the intelligent water meter can automatically purchase water when no water charge is detected, and the like, and the requirement can be well met by deploying an intelligent contract on an ether house. Due to the characteristics of the block chain technology, the block chain is applied in the Internet of things, so that the centralized network structure becomes decentralized or multicenter, and the expandability of the system can be greatly improved; the identity authority management and the multi-party consensus are beneficial to preventing the access of malicious nodes and ensuring the security of identity sources; the characteristics of information encryption and safe communication are beneficial to guaranteeing the privacy of data.
So far, many architectures for realizing the security and trust management of the internet of things based on the blockchain have been proposed, however, most of the schemes do not fully consider the characteristics of limited resources, strong dispersibility and large scale of the internet of things equipment, the architecture is complex when the authentication of the internet of things is realized by combining the blockchain technology, the authentication process is tedious, and the transaction confirmation is prolonged; an ethernet based IoT entity authentication protocol has not been proposed in detail either.
In summary, the problems of the prior art are as follows: the existing architecture for realizing the security and trust management of the internet of things based on the block chain does not fully consider the limitations of the equipment resources of the internet of things and the characteristics of an application scene, so that the encryption operation with intensive calculation is difficult to realize, the authentication scheme is not expandable and difficult to upgrade, and the POW mechanism is difficult to implement. The system architecture is complex, and the authentication protocol flow is complex, so that the consensus time of the block link points and the request response time delay are too long, and the wide application in the time-delay sensitive internet environment is not facilitated.
The difficulty of solving the technical problems is as follows: the adoption of the block chain technology in the internet of things environment is not simple, and several significant challenges are faced, for example, the IoT entity generally has the problems of low computing power, short battery endurance and the like, and the high resource demand of the POW needs to be solved; the authentication protocol is complex, the consensus confirmation transaction time is long, and a performance bottleneck exists in the time delay sensitive Internet of things; broadcasting transactions into the entire network results in low scalability.
The significance of solving the technical problems is as follows: aiming at the challenges, the system architecture for authenticating the IoT entity of the Internet of things based on the block chain is optimized, the consensus time of the block chain nodes and the transaction confirmation time are further reduced, and the optimized lightweight authentication protocol method is not only suitable for the environment of the Internet of things with limited resources, but also can greatly improve the authentication efficiency while ensuring the mutual authentication among the IoT entities.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a light-weight authentication method, a system and an intelligent terminal based on an EtherFang IoT entity.
The invention is realized in this way, a light authentication method based on Ether Fang IoT entity, the light authentication method based on Ether Fang IoT entity includes the following steps:
the method comprises the steps that firstly, the intelligent device obtains a public key and a private key during registration, stores a chameleon hash function value of key data of the intelligent device in a CN node, and waits for the arrival of the next consensus time to perform whole-network backup;
secondly, when authentication is started, a request message REQ is sent to a CN node, and the CN node verifies the identity by using the characteristics of the chameleon hash function and generates a token identifier passing the verification to send equipment needing to request communication;
third, the device sends a REQ to the CNdAnd ACKdAnd the CN node verifies the identity of the equipment according to the stored chameleon hash function value of the equipment, and returns response information to the equipment after the verification is passed.
Further, the IoT entity layered architecture deployment based on the ethernet IoT entity lightweight authentication method specifically includes:
(1) all intelligent devices and local storage devices in each family form a local private chain LPC, an intelligent contract is deployed on the private chain, and the structure of a block account book is defined by the intelligent contract; each family selects a device with stronger processing capacity and more sufficient memory resources as a node CN of a public block chain, the distributed nodes CN form the public chain, each node CN maintains two key lists KeyList1 and KeyList2, KeyList1 maintains keys of users allowed to access the intelligent home devices, and KeyList2 maintains keys of the intelligent devices;
(2) when each intelligent home node CN participating in the intelligent contract is registered as a block chain user, the block chain returns a pair of public and private keys PK to each userCNAnd SKCN(ii) a Public key PKCNPrivate key SK as the user's address on the blockchainCNAs the only key to operate the account;
(3) CN of service providerserverCN with smart homeclientCN between or in smart homeclientCN with smart homeclientMutually agreeing a contract according to business needs, and participants use respective private keys PKCNCarrying out signature;
(4) the signed smart contract will be deployed in the blockchain.
Further, the intelligent device registration stage based on the etherhouse IoT entity lightweight authentication method specifically includes:
(1) CN node participating in blockchain selects initialization input parameter (m)*,r*) Wherein m is*
Figure BDA0002343432830000031
Chameleon hash function defined as CHY(m, r) ═ mP + rY, where (P, Y) is the public key and (k, x) is the trapdoor key, where Y ═ xP, k ═ m*+r*x;
(2) The node CN generates a signature verification key pair (sk) based on an elliptic curve digital signature algorithmcn,vkcn) And the public parameter PK is ═ { P, vkcnThe private key sk is locally stored and published in a block chaincn
(3) When the intelligent equipment is registered in the local private chain, the intelligent home CN node to which the intelligent equipment belongs distributes a corresponding public key and a private key for the registered equipment, the public key is used as an address of the equipment, and the private key is encrypted and returned to the intelligent equipment; the CN node updates the two maintained key lists KeyList1 and KeyList 2; the host stores a related access strategy list, accessList, in a local database;
(4) the device executes the following steps in calculating the chameleon hash value:
1) the device A generates random numbers x, m, calculates Y as xP, calculates hash r as H (ID) of key data of the device, and calculates CH by using chameleon hash functiondc=CHYdc(M, r), converting the message M to ID CHdcSending the information to a CN node;
2) the CN node receives the message and then sends the CHdcAnd device lifetime time TexpSharing the data into a block chain, and calculating signature information M by using a signature private key of a CN nodesig=sigCN(IDdc||CHdc) Will MsigAnd TexpSending the data to equipment A;
3) device a receives message MsigThereafter, the CN signature is verified, and k is calculated as m + rx, after which the trapdoor key sk is saved as (k, x).
Further, the sending of the authentication request information based on the etherhouse IoT entity lightweight authentication method specifically includes:
(1) the requester selects the random number α and computes a α Y and B β Y, obtaining the local timestamp TcurLet γ be H (A | | | B | | T)cur) Then calculating m-k-rx, where r- α γ;
(2) the requester will request information REQ m a B TcurTo CN where device1 is locateddNodes broadcast information; request → CNd:REQ=m||A||B||Tcur
Further, the light-weight authentication method based on the etherhouse IoT entity verifies the request information and sends the authentication information and the response information for the chameleon hash function specifically includes:
(1)CNdafter receiving the message REQ sent by the requester, executing the following steps:
1) decryption information, a user key list allowing access to the smart home device through KeyList1 in a self-managed range) to check whether the address of the requester is legal, if so, jumping to 2), otherwise, discarding the address;
2) verifying timestamp Tcur(ii) a After legal, jump to3) Otherwise, it is discarded;
3) calculate γ ═ H (a | | | B | | | T)cur) And according to the formula mP + gamma A ═ CHdcVerifying the identity validity of the requester, and jumping to 4) if the verification is successful, or discarding the requester;
4) node CNdGenerating a token (Req' address + h (random)), sending the token to an intelligent device1 which a requester needs to communicate, and broadcasting a message;
Figure BDA0002343432830000051
Figure BDA0002343432830000052
(2) after the intelligent equipment device1 receives the message, the node CN is verifieddIf the token of the signature is legal, the device1 selects its own random number α ', β', calculates a 'α' Y ', B' β 'Y', and obtains the local timestamp TcurrLet γ ' ═ H (a ' | | B ' | | T |)curr) Then m ' ═ k ' -r ' x ' is calculated, where r ' ═ α ' γ ';
according to formula KrdGenerating a session key K between the requester request and the smart device (a + B) < x ' (α ' + β ') (A + B)rdAnd generates response information REQd=m′||A′||B′||TcurrAnd ACKd=H(Krd||REQd) (ii) a Device1 will then REQdAnd ACKdIs sent to the node CNr
Figure BDA0002343432830000053
Figure BDA0002343432830000054
(3) Node CNrAfter receiving the message, executing the following steps:
1) verifying timestamp TcurrIf the code is legal, skipping to 2), otherwise, discarding the code;
2) verifying whether the received token is legal, if so, skipping to 3), and if not, discarding the token;
3) according to the equation m 'P + γ' a ═ CHdChameleon hash value CH of detection device1dVerifying the identity validity of the equipment; if the verification is passed, sending the response information to the requester;
Figure BDA0002343432830000055
Figure BDA0002343432830000056
further, the sending of the authentication confirmation message based on the etherhouse IoT entity lightweight authentication method specifically includes:
(1) after the requester receives the message, the requester locally follows the formula KdrK was calculated for x (α + β) (a '+ B')drAnd calculates ACK of the requesterr=H(KdrREQ) to device 1; request → device: ACKr
(2) The device1 receives the ACK of the requesterrThen, the legality of the certificate is detected, and the certificate passes after the legality; the device1 receives the ACK of the requesterrThen, the validity is detected, and the authentication is passed after the validity.
Further, the inter-IoT entity interaction information based on the ethernet IoT entity lightweight authentication method specifically includes:
(1) device A requests data information of device B, and device A generates T with device key data hash value H (firmware)getdataThe transaction request is sent to the CN: a → CN: m1=Tgetdata
(2) After receiving the request, the CN node retrieves the key list KeyList2 of the intelligent device to check whether the address of the device A is legal; if the key data is legal, the hash value H of the key data of the equipment A is checked; if the request is legal, searching the head of the strategy to inquire whether the request has the access right, and if so, requesting data from the equipment B;
(3) the device B signs the data which needs to be sent to the device A by using the private key of the device B, and sends the signed data and the hashed data to the node CN together: b → CN:
Figure BDA0002343432830000061
(4) CN receives message M2Then, decrypt
Figure BDA0002343432830000062
And hashing the data, verifying the integrity of the data, signing the transaction of the resource if the data is complete, generating a contract record, storing the contract record in a local account book, and returning the data to the device A.
Another object of the present invention is to provide an ethernet IoT entity-based lightweight authentication system implementing the ethernet IoT entity-based lightweight authentication method, including:
the device key data storage module is used for realizing that the intelligent device obtains a public and private key of the intelligent device during registration, storing a chameleon hash function value of the device key data in a CN node, and waiting for the arrival of the next consensus time to perform whole-network backup;
the identity identification generation module is used for sending a request message REQ to a CN node by a requester when authentication is started, verifying the identity of the requester by the CN node by using the characteristics of the chameleon hash function, generating a token identification passing the verification and sending the token identification to equipment needing to request communication of the requester;
an identity authentication module for enabling the device to send its own REQ to the CN and the requesterdAnd ACKdThe CN node verifies the identity of the equipment according to the stored chameleon hash function value of the equipment; and after the verification is passed, the requester returns response information to the equipment.
Further, the light-weight authentication system based on the IoT entity of the Ethernet workshop adopts an Internet of things structure layered by taking families as a unit and consists of a private chain and a public chain formed by CN nodes.
Another object of the present invention is to provide an intelligent terminal applying the ethernet IoT entity based lightweight authentication method.
In summary, the advantages and positive effects of the invention are: the IoT entity lightweight authentication method based on the Ether house greatly reduces the communication overhead of authentication among IoT entities, optimizes consensus delay and high resource requirements caused by a block chain POW mechanism, and realizes quick and safe mutual authentication among the IoT entities.
The method is designed according to the characteristics of the scene of the Internet of things, and the intelligent home is taken as an example for explanation, so that the method can be applied to all scenes of the Internet of things; according to the invention, a large number of intelligent devices of the Internet of things participate in consensus of the block chain nodes by taking a family as a unit, so that the time for the block chain nodes to achieve consensus is greatly reduced, and the trouble caused by the limitation of the processing capacity of the intelligent devices is also solved; the hash value of key information (key configuration or firmware) of the equipment is subjected to full-network backup in a block chain, so that the safety of the identity of the terminal equipment is ensured; the invention can realize mutual authentication between entities of the Internet of things, greatly improve authentication efficiency and resist all known attacks at present.
Drawings
Fig. 1 is a flowchart of a lightweight authentication method based on an ethernet IoT entity according to an embodiment of the present invention.
Fig. 2 is a schematic structural diagram of an ethernet IoT entity-based lightweight authentication system according to an embodiment of the present invention;
in the figure: 1. a device key data storage module; 2. an identity generating module; 3. and an identity authentication module.
Fig. 3 is an overall architecture diagram of an IoT entity lightweight authentication method based on an ethernet bay in a home internet of things according to an embodiment of the present invention.
Fig. 4 is a schematic diagram of information stored by a CN node in an IoT entity lightweight authentication method based on an ethernet in a home internet of things according to an embodiment of the present invention.
Fig. 5 is a registration flowchart of IoT entity key data and chameleon hash function values based on an ethernet arcade in a home internet of things according to an embodiment of the present invention.
Fig. 6 is a flowchart of inter-IoT entity authentication based on an ethernet bay in a home internet of things according to an embodiment of the present invention.
Fig. 7 is a flowchart of interaction of IoT data resources based on an ethernet bay in a home internet according to an embodiment of the present invention.
FIG. 8 is a schematic diagram of the results of the Scyther formalization analysis provided by the embodiments of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Aiming at the problems in the prior art, the invention provides a light-weight authentication method, a system and an intelligent terminal based on an EtherFang IoT entity, and the invention is described in detail below with reference to the accompanying drawings.
As shown in fig. 1, the light-weight authentication method based on the ethernet IoT entity provided in the embodiment of the present invention includes the following steps:
s101: the intelligent equipment obtains a public and private key of the intelligent equipment during registration, stores a chameleon hash function value of key data of the equipment in a CN node, and waits for the arrival of the next consensus time to perform whole-network backup;
s102: when authentication is started, a requester sends a request message REQ to a CN node, and the CN node verifies the identity of the requester by using the characteristics of the chameleon hash function and generates a token identifier passing the verification and sends the token identifier to a device which needs to request communication of the requester;
s103: the device sends its own REQ to the CN and to the requesterdAnd ACKdAnd the CN node verifies the identity of the equipment according to the stored chameleon hash function value of the equipment, and the requester returns response information to the equipment after the verification is passed.
As shown in fig. 2, the light authentication system based on the ethernet IoT entity provided in the embodiment of the present invention includes:
and the device key data storage module 1 is used for realizing that the intelligent device obtains a public and private key of the intelligent device during registration, storing a chameleon hash function value of the device key data in a CN node, and waiting for the arrival of the next consensus time to perform the whole network backup.
The identity identification generation module 2 is used for sending a request message REQ to a CN node by a requester when authentication is started, verifying the identity of the requester by the CN node by using the characteristics of the chameleon hash function, generating a token identification passing the verification and sending the token identification to equipment needing to request communication of the requester;
an identity authentication module 3 for enabling the device to send its own REQ to the CN and to the supplicantdAnd ACKdThe CN node verifies the identity of the equipment according to the stored chameleon hash function value of the equipment; and after the verification is passed, the requester returns response information to the equipment.
The invention adopts a layered Internet of things structure taking a family as a unit, and the structure consists of a private chain and a public chain formed by CN nodes. The technical solution of the present invention is further described below with reference to the accompanying drawings.
Under the existing internet of things network system, the characteristics of a block chain technology and a chameleon hash function are used for realizing the rapid authentication among internet of things IoT entities and ensuring the privacy of users. In order to reduce the time for the block chain to reach the consensus, the invention adopts a layered Internet of things structure taking a family as a unit, and the structure consists of a private chain and a public chain formed by CN nodes. The intelligent device can obtain the own public and private keys during registration, store the chameleon hash function value of the key data of the device in the CN node, and wait for the coming of the next consensus time to perform the backup of the whole network. When the authentication is started, the requester sends a request message REQ to the CN node, and the CN node verifies the identity of the requester by using the characteristics of the chameleon hash function and generates a token identifier passing the verification and sends the token identifier to a device which needs to request communication of the requester. The device sends its own REQ to the CN and to the requesterdAnd ACKdAnd the CN node verifies the identity of the equipment according to the stored chameleon hash function value of the equipment. Then, the requester returns response information to the device after the verification is passed. The method greatly reduces the time for the block link points to achieve consensus, solves the trouble caused by the limitation of the processing capacity of the intelligent equipment, realizes the mutual authentication between the entities of the Internet of things, greatly improves the authentication efficiency, and can resist all known attacks at present.
The technical scheme of the invention defines the meanings of technical terms in the invention: IoT: the Internet of things; CN: a node of a blockchain; PKi: i's public key; SKi: i ofA private key; REQi: i, a request message; ACKi: response message to the i request/query information.
The light weight authentication based on the EtherFang IoT entity provided by the embodiment of the invention comprises the following steps:
the first step, an IoT entity layered architecture deployment stage based on the EtherFang;
secondly, registering the intelligent equipment;
step three, sending authentication request information;
fourthly, verifying the request information aiming at the chameleon Hash function and sending authentication information and response information;
fifthly, sending an authentication confirmation message;
and sixthly, exchanging information among the IoT entities.
In a preferred embodiment of the present invention, the first step specifically comprises:
(1) all intelligent devices and local storage devices in each family form a local private chain LPC (LocalPrivateChain), the private chain is different from a bitcoin block chain, the private chain is controlled by a master, the master can deploy own intelligent contracts on the private chain, and the master defines the structure of a block account book; each family selects a device with stronger processing capacity and more sufficient memory resources as a node CN (ChainNode) of a public block chain, the distributed nodes CN form a public chain (public chain), each node CN needs to maintain two key lists KeyList1 and KeyList2, KeyList1 maintains keys of users who are allowed to access the intelligent home devices, and KeyList2 maintains keys of the intelligent devices;
(2) when each intelligent home node CN participating in the intelligent contract is registered as a block chain user, the block chain returns a pair of public and Private Keys (PK) to each userCNAnd SKCN). Public key PKCNPrivate key SK as the user's address on the blockchainCNAs the only key to operate the account;
(3) CN of service providerserverCN with smart homeclientCN between or in smart homeclientCN with smart homeclientRoot of Chinese thorowaxAccording to the business requirement, a contract is agreed, and the participants use the private keys PK respectivelyCNSigning is carried out to ensure the validity of the contract;
(4) the signed smart contract will be deployed in the blockchain.
In a preferred embodiment of the present invention, the second step specifically comprises:
(1) CN node participating in blockchain selects initialization input parameter (m)*,r*) Wherein m is*
Figure BDA0002343432830000101
Chameleon hash function defined as CHY(m, r) ═ mP + rY, where (P, Y) is the public key and (k, x) is the trapdoor key (private key), where Y ═ xP, k ═ m*+r*x;
(2) The node CN generates a signature verification key pair (sk) based on an Elliptic Curve Digital Signature Algorithm (ECDSA)cn,vkcn) And the public parameter PK is ═ { P, vkcnThe private key sk is locally stored and published in a block chaincn
(3) When the intelligent equipment is registered in the local private chain, the intelligent home CN node to which the intelligent equipment belongs distributes a corresponding public key and a private key for the registered equipment, the public key is used as an address of the equipment, and the private key is encrypted and returned to the intelligent equipment; the CN node updates the two key lists KeyList1 and KeyList2 maintained. The master stores a list of relevant access policies (AccessList) in the local database, the stored relevant information being as follows:
1) address represents the Address of the device;
2) permission represents access authority, and the CN node sets which user of the intelligent device can use the intelligent device and whether the intelligent device can be read or written, and mainly aims at the scene that the same intelligent device is used by a plurality of users; for example, the same intelligent lock can be unlocked by a father and also can be authorized to unlock by others, namely, the lock has the operations of reading and writing, but a child can only unlock the lock and cannot be authorized to others, namely, only the operation of reading is performed;
3) ID represents a hash of device critical data (key configuration or firmware of the device);
4)CHdcand representing the chameleon hash value calculated by the device.
Where ID (hash of device critical data) and CHdcAnd after the next round of consensus time arrives, diffusing through the network and storing in a block chain.
(4) The device executes the following steps when calculating the chameleon hash value:
1) the device a generates a random number x which,
Figure BDA0002343432830000111
calculating Y (x), calculating the Hash r (H) (ID) of the key data of the equipment, and then calculating CH by using a chameleon Hash functiondc=CHYdc(M, r), converting the message M to ID CHdcSending the information to a CN node;
2) the CN node receives the message and then sends the CHdcAnd device lifetime time TexpSharing the data into a block chain, and calculating signature information M by using a signature private key of a CN nodesig=sigCN(IDdc||CHdc) Will MsigAnd TexpSending the data to equipment A;
3) device a receives message MsigThereafter, the CN signature is verified, and k is calculated as m + rx, after which the trapdoor key sk is saved as (k, x).
In a preferred embodiment of the present invention, the third step specifically includes:
(1) the requester selects the random number α and computes a α Y and B β Y, obtaining the local timestamp TcurLet γ be H (A | | | B | | T)cur) Then calculating m-k-rx, where r- α γ;
(2) the requester will request information REQ m a B TcurCN to management requesting devicedNodes broadcast information; request → CNd:REQ=m||A||B||Tcur
In a preferred embodiment of the present invention, the fourth step specifically includes:
(1)CNdafter receiving the message REQ sent by the requester, the following specific steps are executed:
1) decrypting the information, checking whether the address of the requester is legal or not through KeyList1 (a user key list allowing access to the intelligent household equipment) within the self-management range, if so, jumping to 2), and if not, discarding the address;
2) verifying timestamp Tcur(ii) a After legal, jump to 3), otherwise, abandon it;
3) calculate γ ═ H (a | | | B | | | T)cur) And according to the formula mP + gamma A ═ CHdcVerifying the identity validity of the requester, and jumping to 4) if the verification is successful, or discarding the requester;
4) node CNdGenerating a token (Req' address + h (random)), sending the token to an intelligent device1 which a requester needs to communicate, and broadcasting a message;
Figure BDA0002343432830000121
Figure BDA0002343432830000122
(2) after the intelligent equipment device1 receives the message, the node CN is verifieddIf the token of the signature is legal, the device1 selects its own random number α ', β', calculates a 'α' Y ', B' β 'Y', and obtains the local timestamp TcurrLet γ ' ═ H (a ' | | B ' | | T |)curr) Then, m ' ═ k ' -r ' x ' is calculated, where r ' ═ α ' γ '.
According to formula KrdGenerating a session key K between the requester request and the smart device (a + B) < x ' (α ' + β ') (A + B)rdAnd generates response information REQd=m′||A′||B′||TcurrAnd ACKd=H(Krd||REQd) (ii) a Device1 will then REQdAnd ACKdIs sent to the node CNr
Figure BDA0002343432830000123
(3) Node CNrAfter receiving the message, executing the following steps:
1) verifying timestamp TcurrIf the code is legal, skipping to 2), otherwise, discarding the code;
2) verifying whether the received token is legal, if so, skipping to 3), and if not, discarding the token;
3) according to the equation m 'P + γ' a ═ CHdChameleon hash value CH of detection device1dThereby verifying the validity of the identity of the device. If the verification is passed, sending a response message to the requester;
Figure BDA0002343432830000131
in a preferred embodiment of the present invention, the fifth step specifically includes:
(1) after the requester receives the message, the requester locally follows the formula KdrK was calculated for x (α + β) (a '+ B')drAnd calculates ACK of the requesterr=H(KdrREQ) to device 1; request → device 1: ACKr
(2) The device1 receives the ACK of the requesterrThen, the validity is detected, and the authentication is passed after the validity. The device1 receives the ACK of the requesterrThen, the validity is detected, and the authentication is passed after the validity.
In a preferred embodiment of the present invention, the sixth step specifically includes:
(1) assuming that device A requests data information of device B, device A generates T with device critical data hash value H (firmware)getdataThe transaction request is sent to the CN: a → CN: m1=Tgetdata
(2) After receiving the request, the CN node retrieves the key list KeyList2 of the intelligent device to check whether the address of the device A is legal; if the key data is legal, the hash value H (firmware) of the key data of the equipment A is checked; if the request is legal, searching the head of the strategy to inquire whether the request has the access right, and if so, requesting data from the equipment B;
(3) the device B signs the data which needs to be sent to the device A by using the private key of the device B, and sends the signed data and the hashed data to the node CN together: b → CN:
Figure BDA0002343432830000132
(4) CN receives message M2Then, decrypt
Figure BDA0002343432830000133
And hashing the data, verifying the integrity of the data, signing the transaction of the resource if the data is complete, generating a contract record, storing the contract record in a local account book, and returning the data to the device A.
The intelligent household intelligent system is designed according to the characteristics of the scene of the Internet of things, and the intelligent household intelligent system is explained by taking the intelligent household as an example, so that the intelligent household intelligent system can be applied to all scenes of the Internet of things; according to the invention, a large number of intelligent devices of the Internet of things participate in consensus of the block chain nodes by taking a family as a unit, so that the time for the block chain nodes to achieve consensus is greatly reduced, and the trouble caused by the limitation of the processing capacity of the intelligent devices is also solved; the hash value of key information (key configuration or firmware) of the equipment is subjected to full-network backup in a block chain, so that the safety of the identity of the terminal equipment is ensured; the invention can realize mutual authentication between entities of the Internet of things, greatly improve authentication efficiency and resist all known attacks at present.
The technical effects of the present invention will be described in detail with reference to experiments.
1. Formalized analysis
The Scyther is a tool for carrying out security analysis on the protocol, can be used for searching problems caused by a protocol construction mode, supports multi-protocol parallel analysis, and is conveniently used for protocol attack search, role execution and security certification. Scyther provides a set of claims to test many security objectives, such as privacy, several authentications including liveness, weak protocols, protocols and synchronization. In the invention, the Scyther is used for formalized proof of the protocol. The verification results are shown in fig. 8.
2. Performance analysis
2.1 network communication overhead
The complete authentication protocol in the present invention requires 3 message exchanges. The present invention compares the communication overhead in the proposed scheme with the schemes in [1] [2] [3] and [4] according to the size of all interactive messages. The comparison results are shown in table 1. As can be seen from Table 1, the communication cost of the present invention is much better than the schemes in [3] and [4], because the authentication operation has migrated, but is slightly larger than the scheme of [2 ].
Table 1 communication overhead (bytes)
Scheme(s) Number of message exchanges Overhead
The invention 3 32+112+16=160
[1] 2 64+58+52=174
[2] 2 32+48+48=128
[3] 4 168+424+296+32=920
[4] 3 264+132+16+48+48=508
2.2 computational overhead
The calculation overhead mainly considers the calculation overhead of the following operations, which respectively comprise Hash operation, asymmetric encryption (or decryption) operation, digital signature operation and verification operation, pairing operation, modular exponentiation operation and elliptic curve scalar multiplication. The above operations or algorithms were tested on a DELL notebook with a Sumsung S7Edge device with an Intel (R) Core i5-4210U 1.70GHz CPU as the CN and a QuanlcommsBandagogon 8202.1GHz processor as the device, using Eclipse Java IDE. The test results are shown in table 2. Table 3 shows a comparison of the calculated costs of the related schemes. According to Table 3, the performance of the scheme of the present invention is superior to the schemes in [3] and [4], which are similar to but superior to the schemes [1] and [2 ]. With the large increase of networks, the scheme of the invention can synchronously execute one-to-many authentication, and when the number of devices in the internet of things increases, the optimization of the calculation delay is more obvious. This demonstrates that the scheme of the present invention is indeed a lightweight authentication scheme.
Table 2 main encryption operation amount calculation overhead (ms)
TH TE TP TECSV TECS TECM TSKE
IoT device 0.034 12.52 165.39 16.73 11.54 11.49 0.0641
Server 0.0004 0.101 2.539 0.151 0.097 0.096 0.0007
--TH: hashing; t isE: performing modulo operation; t isP: a pairing operation; t isECSV: checking the label; t isECS: signing; t isECM: dot multiplication; t isSKE: symmetric encryption-
TABLE 3 computational overhead (ms) in the Security scheme
IoT device Server
[1] 5TH+1TECSV+6TECM=85.84 15TH+1TECSV+4TECM=0.541
[2] 7TH+5TE+2TECM=85.818 6TH+2TE+4TECM=0.588
[3] 2TH+4TE+4TECM+12TSKE=96.877 2TH+4TE+2TECM+4TSKE=0.599
[4] 6TH+1TE+3TECSV+2TECS=85.994 6TH+2TECSV+3TECS=0.595
The invention 4TH+1TECSV+6TECM=85.806 2TH+1TECS+4TECM=0.482
2.3 storage overhead
In the invention, the storage cost is mainly generated by a CN node, and the CN node stores a block chain account book and a chameleon hash function value of 32 bytes of the Internet of things equipment. Taking a bitcoin as an example, the size of one block header is lenheader80bytes, according to document [5 [ ]]Estimate of (2) average annual ore mining production Sumblock52560 blocks, and the total number of current blocks is Nblock552048. The storage overhead of the CN node is probably S after i yearsCN=lenheader·SumblockI) bytes. On the other hand, the predicted report according to IDC (International Data corporation)2019 shows [6 ]]During the 2018-2025 year, the internet of things equipment has a composite annual growth rate of 28.7%, and the total number of the internet of things equipment reaches 400 hundred million by 2019. The data generated by the internet of things will grow from 4ZB to 4.4ZB since 2020. But one year after using this scheme, the storage overhead generated by the CN node is 0.00154ZB, which is much less than 0.4 ZB. Therefore, the present invention can further reduce the storage overhead.
[1]Q.Jiang,J.Ma,F.Wei,et al.“An untraceable temporal-credential-basedtwo-factor authentication scheme using ECC forwireless sensor networks,”Journal of Network&ComputerApplications,76,2016,pp.37-48.
[2]P.Gope,S.Biplab,“Lightweight and privacy-preserving two-factorauthentication scheme for IoT devices,”IEEE Internet of Things Journal 6.1,2018,pp.580-589.
[3]M.N.Aman,C.C.Kee,and S.Biplab,"Mutual authentication in IoTsystems using physical unclonable functions,"IEEE Internet of Things Journal4.5.2017,pp.1327-1340.
[4]R.Almadhoun,et al."A user authentication scheme of iot devicesusing blockchain-enabled fog nodes,"2018IEEE/ACS 15th InternationalConference on Computer Systems andApplications(AICCSA).IEEE,2018,pp.1-8.
[5]Zhang,Y.H,Deng,R,Bertino E.et al."Robust and universal seamlesshandover authentication in 5G HetNets,"IEEE Transactions on Dependable andSecure Computing(2019).
[6]Carrie M.The Growth in Connected IoT Devices Is Expected toGenerate79.4ZB ofData in 2025,Accordingto aNew IDC Forecast.IDC 2019.
It should be noted that the embodiments of the present invention can be realized by hardware, software, or a combination of software and hardware. The hardware portion may be implemented using dedicated logic; the software portions may be stored in a memory and executed by a suitable instruction execution system, such as a microprocessor or specially designed hardware. Those skilled in the art will appreciate that the apparatus and methods described above may be implemented using computer executable instructions and/or embodied in processor control code, such code being provided on a carrier medium such as a disk, CD-or DVD-ROM, programmable memory such as read only memory (firmware), or a data carrier such as an optical or electronic signal carrier, for example. The apparatus and its modules of the present invention may be implemented by hardware circuits such as very large scale integrated circuits or gate arrays, semiconductors such as logic chips, transistors, or programmable hardware devices such as field programmable gate arrays, programmable logic devices, etc., or by software executed by various types of processors, or by a combination of hardware circuits and software, e.g., firmware.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.

Claims (10)

1. The light authentication method based on the Ethernet IoT entity is characterized by comprising the following steps of:
the method comprises the steps that firstly, the intelligent device obtains a public key and a private key during registration, stores a chameleon hash function value of key data of the intelligent device in a CN node, and waits for the arrival of the next consensus time to perform whole-network backup;
secondly, when authentication is started, a request message REQ is sent to a CN node, and the CN node verifies the identity by using the characteristics of the chameleon hash function and generates a token identifier passing the verification to send equipment needing to request communication;
third, the device sends a REQ to the CNdAnd ACKdAnd the CN node verifies the identity of the equipment according to the stored chameleon hash function value of the equipment, and returns response information to the equipment after the verification is passed.
2. The etherhouse IoT entity lightweight authentication method in accordance with claim 1, wherein the IoT entity layered architecture deployment based on the etherhouse IoT entity lightweight authentication method comprises in particular:
(1) all intelligent devices and local storage devices in each family form a local private chain LPC, an intelligent contract is deployed on the private chain, and the structure of a block account book is defined by the intelligent contract; each family selects a device with stronger processing capacity and more sufficient memory resources as a node CN of a public block chain, the distributed nodes CN form the public chain, each node CN maintains two key lists KeyList1 and KeyList2, KeyList1 maintains keys of users allowed to access the intelligent home devices, and KeyList2 maintains keys of the intelligent devices;
(2) when each intelligent home node CN participating in the intelligent contract is registered as a block chain user, the block chain returns a pair of public and private keys PK to each userCNAnd SKCN(ii) a Public key PKCNPrivate key SK as the user's address on the blockchainCNAs the only key to operate the account;
(3) CN of service providerserverCN with smart homeclientCN between or in smart homeclientCN with smart homeclientMutually agreeing a contract according to business needs, and participants use respective private keys PKCNCarrying out signature;
(4) the signed smart contract will be deployed in the blockchain.
3. The EtherFang IoT entity-based lightweight authentication method as claimed in claim 1, wherein the smart device registration phase based on the EtherFang IoT entity-based lightweight authentication method specifically comprises:
(1) CN node participating in blockchain selects initialization input parameter (m)*,r*) Wherein m is*
Figure FDA0002343432820000021
P is an elliptic curve
Figure FDA0002343432820000022
Point above, chameleon hash function is defined as CHY(m, r) ═ mP + rY, where (P, Y) is the public key and (k, x) is the trapdoor key, where Y ═ xP, k ═ m*+r*x;
(2) The node CN generates a signature verification key pair (sk) based on an elliptic curve digital signature algorithmcn,vkcn) And the public parameter PK is ═ { P, vkcnThe private key sk is locally stored and published in a block chaincn
(3) When the intelligent equipment is registered in the local private chain, the intelligent home CN node to which the intelligent equipment belongs distributes a corresponding public key and a private key for the registered equipment, the public key is used as an address of the equipment, and the private key is encrypted and returned to the intelligent equipment; the CN node updates the two maintained key lists KeyList1 and KeyList 2; the host stores a related Access strategy List in a local database;
(4) the device executes the following steps in calculating the chameleon hash value:
1) the device A generates random numbers x, m, calculates Y as xP, calculates hash r as H (ID) of key data of the device, and calculates CH by using chameleon hash functiondc=CHYdc(M, r), converting the message M to ID CHdcSending the information to a CN node;
2) the CN node receives the message and then sends the CHdcAnd device lifetime time TexpSharing the data into a block chain, and calculating signature information M by using a signature private key of a CN nodesig=sigCN(IDdc||CHdc) Will MsigAnd TexpSending the data to equipment A;
3) device a receives message MsigThereafter, the CN signature is verified, and k is calculated as m + rx, after which the trapdoor key sk is saved as (k, x).
4. The etherhouse IoT entity-based lightweight authentication method of claim 1, wherein sending authentication request information based on the etherhouse IoT entity lightweight authentication method specifically comprises:
(1) requester selectionA random number α, and calculating A- α Y and B- β Y, and obtaining a local time stamp TcurLet γ be H (A | | | B | | T)cur) Then calculating m-k-rx, where r- α γ;
(2) the requester will request information REQ m a B TcurTo CN where device1 is locateddNodes broadcast information; request → CNd:REQ=m||A||B||Tcur
5. The etherhouse-based IoT entity lightweight authentication method of claim 1, wherein verifying the request information and sending the authentication information and the response information for the chameleon hash function specifically comprises:
(1)CNdafter receiving the message REQ sent by the requester, executing the following steps:
1) decryption information, a user key list allowing access to the smart home device through KeyList1 in a self-managed range) to check whether the address of the requester is legal, if so, jumping to 2), otherwise, discarding the address;
2) verifying timestamp Tcur(ii) a After legal, jump to 3), otherwise, abandon it;
3) calculate γ ═ H (a | | | B | | | T)cur) And according to the formula mP + gamma A ═ CHdcVerifying the identity validity of the requester, and jumping to 4) if the verification is successful, or discarding the requester;
4) node CNdToken ═ Hash (Req' address + H (R) is generated1) Send token to the smart device1 that the requester needs to communicate and broadcast the message;
Figure FDA0002343432820000031
Figure FDA0002343432820000032
(2) after the intelligent equipment device1 receives the message, the node CN is verifieddIf the token of the signature is legal, the device1 selects its own random number α ', β ', and calculates a ' α' Y ', B ' β ' Y ', obtaining a local timestamp TcurrLet γ ' ═ H (a ' | | B ' | | T |)curr) Then m ' ═ k ' -r ' x ' is calculated, where r ' ═ α ' γ ';
according to formula KrdGenerating a session key K between the requester request and the smart device (a + B) < x ' (α ' + β ') (A + B)rdAnd generates response information REQd=m′||A′||B′||TcurrAnd ACKd=H(Krd||REQd) (ii) a Device1 will then REQdAnd ACKdSending the request to a node CNr to which the requester belongs;
Figure FDA0002343432820000033
(3) node CNrAfter receiving the message, executing the following steps:
1) verifying timestamp TcurrIf the code is legal, skipping to 2), otherwise, discarding the code;
2) verifying whether the received token is legal, if so, skipping to 3), and if not, discarding the token;
3) according to the equation m 'P + γ' a ═ CHdChameleon hash value CH of detection device1dVerifying the identity validity of the equipment; if the verification is passed, sending the response information to the requester;
Figure FDA0002343432820000034
Figure FDA0002343432820000035
6. the etherhouse IoT entity-based lightweight authentication method of claim 1, wherein sending the authentication acknowledgement message based on the etherhouse IoT entity-based lightweight authentication method specifically comprises:
(1) after the requester receives the message, the requester locally follows the formula KdrK was calculated for x (α + β) (a '+ B')drAnd calculates ACK of the requesterr=H(KdrREQ) to device 1; request → device 1: ACKr
(2) The device1 receives the ACK of the requesterrThen, the legality of the certificate is detected, and the certificate passes after the legality; the device1 receives the ACK of the requesterrThen, the validity is detected, and the authentication is passed after the validity.
7. The etherhouse-based IoT entity lightweight authentication method of claim 1, wherein the inter-IoT entity interaction information based on the etherhouse-based IoT entity lightweight authentication method specifically comprises:
(1) device A requests data information of device B, and device A generates T with device key data hash value H (firmware)getdataThe transaction request is sent to the CN: a → CN: m1=Tgetdata
(2) After receiving the request, the CN node retrieves the key list KeyList2 of the intelligent device to check whether the address of the device A is legal; if the key data is legal, the hash value H of the key data of the equipment A is checked; if the request is legal, searching the head of the strategy to inquire whether the request has the access right, and if so, requesting data from the equipment B;
(3) the device B signs the data which needs to be sent to the device A by using the private key of the device B, and sends the signed data and the hashed data to the node CN together: b → CN:
Figure FDA0002343432820000041
(4) CN receives message M2Then, decrypt
Figure FDA0002343432820000042
And hashing the data, verifying the integrity of the data, signing the transaction of the resource if the data is complete, generating a contract record, storing the contract record in a local account book, and returning the data to the device A.
8. An EtherFang IoT entity based lightweight authentication system for implementing the EtherFang IoT entity based lightweight authentication method of any one of claims 1 to 7, wherein the EtherFang IoT entity based lightweight authentication system comprises:
the device key data storage module is used for realizing that the intelligent device obtains a public and private key of the intelligent device during registration, storing a chameleon hash function value of the device key data in a CN node, and waiting for the arrival of the next consensus time to perform whole-network backup;
the identity identification generation module is used for sending a request message REQ to a CN node by a requester when authentication is started, verifying the identity of the requester by the CN node by using the characteristics of the chameleon hash function, generating a token identification passing the verification and sending the token identification to equipment needing to request communication of the requester;
an identity authentication module for enabling the device to send its own REQ to the CN and the requesterdAnd ACKdThe CN node verifies the identity of the equipment according to the stored chameleon hash function value of the equipment; and after the verification is passed, the requester returns response information to the equipment.
9. The EtherFan IoT entity based lightweight authentication system of claim 8, wherein the EtherFan IoT entity based lightweight authentication system employs an Internet of things structure layered in units of households consisting of private chains and public chains consisting of CN nodes.
10. An intelligent terminal applying the Ethernet IoT entity lightweight authentication method as claimed in any one of claims 1-7.
CN201911385265.7A 2019-12-28 2019-12-28 Ethernet IoT entity based lightweight authentication method, system and intelligent terminal Active CN111147228B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911385265.7A CN111147228B (en) 2019-12-28 2019-12-28 Ethernet IoT entity based lightweight authentication method, system and intelligent terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911385265.7A CN111147228B (en) 2019-12-28 2019-12-28 Ethernet IoT entity based lightweight authentication method, system and intelligent terminal

Publications (2)

Publication Number Publication Date
CN111147228A true CN111147228A (en) 2020-05-12
CN111147228B CN111147228B (en) 2022-04-01

Family

ID=70521504

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911385265.7A Active CN111147228B (en) 2019-12-28 2019-12-28 Ethernet IoT entity based lightweight authentication method, system and intelligent terminal

Country Status (1)

Country Link
CN (1) CN111147228B (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111586069A (en) * 2020-05-15 2020-08-25 广州全宇风信息科技有限公司 Internet of things equipment management and data chaining method based on block chain technology
CN111813795A (en) * 2020-08-28 2020-10-23 支付宝(杭州)信息技术有限公司 Method and apparatus for confirming transactions in a blockchain network
CN112070501A (en) * 2020-11-10 2020-12-11 支付宝(杭州)信息技术有限公司 Block chain transaction initiating and verifying method and system
CN112446046A (en) * 2020-11-23 2021-03-05 海南火链科技有限公司 Data management method and device based on intelligent contract
CN112564918A (en) * 2020-12-03 2021-03-26 深圳大学 Lightweight active cross-layer authentication method in smart grid
CN112954680A (en) * 2021-03-02 2021-06-11 西安电子科技大学 Tracing attack resistant lightweight access authentication method and system for wireless sensor network
CN113301022A (en) * 2021-04-27 2021-08-24 西安理工大学 Internet of things equipment identity security authentication method based on block chain and fog calculation
CN113381975A (en) * 2021-05-10 2021-09-10 西安理工大学 Internet of things security access control method based on block chain and fog node credit
CN113553574A (en) * 2021-07-28 2021-10-26 浙江大学 Internet of things trusted data management method based on block chain technology
CN114584383A (en) * 2022-03-10 2022-06-03 东南大学 Internet of things equipment anonymous identity authentication method based on block chain
CN114866248A (en) * 2022-04-18 2022-08-05 西安交通大学 Distributed credible identity authentication method and system in edge computing environment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170374033A1 (en) * 2016-06-23 2017-12-28 International Business Machines Corporation Authentication via revocable signatures
CN108833081A (en) * 2018-06-22 2018-11-16 中国人民解放军国防科技大学 Block chain-based equipment networking authentication method
CN108830602A (en) * 2018-06-27 2018-11-16 电子科技大学 A kind of license chain construction and management-control method based on chameleon hash function
CN109615525A (en) * 2019-01-18 2019-04-12 北京阿尔山区块链联盟科技有限公司 Multi-signature shares guard method, system and the electronic equipment of account
EP3543887A1 (en) * 2018-03-19 2019-09-25 Deutsche Telekom AG Incentivized delivery network of iot software updates based on trustless proof-of-distribution

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170374033A1 (en) * 2016-06-23 2017-12-28 International Business Machines Corporation Authentication via revocable signatures
EP3543887A1 (en) * 2018-03-19 2019-09-25 Deutsche Telekom AG Incentivized delivery network of iot software updates based on trustless proof-of-distribution
CN108833081A (en) * 2018-06-22 2018-11-16 中国人民解放军国防科技大学 Block chain-based equipment networking authentication method
CN108830602A (en) * 2018-06-27 2018-11-16 电子科技大学 A kind of license chain construction and management-control method based on chameleon hash function
CN109615525A (en) * 2019-01-18 2019-04-12 北京阿尔山区块链联盟科技有限公司 Multi-signature shares guard method, system and the electronic equipment of account

Non-Patent Citations (7)

* Cited by examiner, † Cited by third party
Title
AMJAD ALDWEESH等: "OpBench: A CPU Performance Benchmark for", 《: 2019 IEEE INTERNATIONAL CONFERENCE ON BLOCKCHAIN (BLOCKCHAIN)》 *
KONDAPALLY ASHRITHA等: "Redactable Blockchain using Enhanced Chameleon Hash Functio", 《 2019 5TH INTERNATIONAL CONFERENCE ON ADVANCED COMPUTING & COMMUNICATION SYSTEMS (ICACCS)》 *
刘冬兰等: "基于联盟区块链的V2G网络跨域认证技术研究", 《计算机测量与控制》 *
宋文斌: "基于区块链的物联网身份认证系统", 《万方学位论文》 *
曹迪迪等: "基于智能合约的以太坊可信存证机制", 《计算机应用》 *
李佩丽等: "可更改区块链技术研究", 《密码学报》 *
王华勇等: "基于区块链技术的电力期货", 《电力大数据》 *

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111586069A (en) * 2020-05-15 2020-08-25 广州全宇风信息科技有限公司 Internet of things equipment management and data chaining method based on block chain technology
US11372849B2 (en) 2020-08-28 2022-06-28 Alipay (Hangzhou) Information Technology Co., Ltd. Transaction confirmation methods and apparatuses in blockchain network
CN111813795A (en) * 2020-08-28 2020-10-23 支付宝(杭州)信息技术有限公司 Method and apparatus for confirming transactions in a blockchain network
CN112070501A (en) * 2020-11-10 2020-12-11 支付宝(杭州)信息技术有限公司 Block chain transaction initiating and verifying method and system
CN112070501B (en) * 2020-11-10 2021-03-02 支付宝(杭州)信息技术有限公司 Block chain transaction initiating and verifying method and system
CN112446046A (en) * 2020-11-23 2021-03-05 海南火链科技有限公司 Data management method and device based on intelligent contract
CN112446046B (en) * 2020-11-23 2024-01-26 海南火链科技有限公司 Data management method and device based on intelligent contract
CN112564918A (en) * 2020-12-03 2021-03-26 深圳大学 Lightweight active cross-layer authentication method in smart grid
CN112954680A (en) * 2021-03-02 2021-06-11 西安电子科技大学 Tracing attack resistant lightweight access authentication method and system for wireless sensor network
CN113301022A (en) * 2021-04-27 2021-08-24 西安理工大学 Internet of things equipment identity security authentication method based on block chain and fog calculation
CN113381975A (en) * 2021-05-10 2021-09-10 西安理工大学 Internet of things security access control method based on block chain and fog node credit
CN113553574A (en) * 2021-07-28 2021-10-26 浙江大学 Internet of things trusted data management method based on block chain technology
CN114584383A (en) * 2022-03-10 2022-06-03 东南大学 Internet of things equipment anonymous identity authentication method based on block chain
CN114584383B (en) * 2022-03-10 2024-02-27 东南大学 Block chain-based anonymous identity authentication method for Internet of things equipment
CN114866248A (en) * 2022-04-18 2022-08-05 西安交通大学 Distributed credible identity authentication method and system in edge computing environment

Also Published As

Publication number Publication date
CN111147228B (en) 2022-04-01

Similar Documents

Publication Publication Date Title
CN111147228B (en) Ethernet IoT entity based lightweight authentication method, system and intelligent terminal
Zhang et al. Data security sharing and storage based on a consortium blockchain in a vehicular ad-hoc network
Garg et al. An efficient blockchain-based hierarchical authentication mechanism for energy trading in V2G environment
Chattaraj et al. Block-CLAP: Blockchain-assisted certificateless key agreement protocol for internet of vehicles in smart transportation
Jia et al. A2 chain: a blockchain‐based decentralized authentication scheme for 5G‐enabled IoT
Wang et al. DAG blockchain-based lightweight authentication and authorization scheme for IoT devices
CN112329051A (en) Safe and efficient consensus mechanism implementation method and system
CN113949544A (en) DAG block chain-based lightweight authentication and access authorization method for Internet of things equipment
Srikanth et al. An efficient Key Agreement and Authentication Scheme (KAAS) with enhanced security control for IIoT systems
Guo et al. Accountable attribute-based data-sharing scheme based on blockchain for vehicular ad hoc network
Chen et al. ToAM: a task-oriented authentication model for UAVs based on blockchain
CN114745140A (en) Urban planning field block chain consensus verification method and system based on aggregation encryption
Agilandeeswari et al. A new lightweight conditional privacy preserving authentication and key–agreement protocol in social internet of things for vehicle to smart grid networks
Bansal et al. SHOTS: Scalable secure authentication-attestation protocol using optimal trajectory in UAV swarms
Ayub et al. Secure consumer-centric demand response management in resilient smart grid as industry 5.0 application with blockchain-based authentication
Javed et al. Secure message handling in vehicular energy networks using blockchain and artificially intelligent IPFS
Subramani et al. Blockchain-based physically secure and privacy-aware anonymous authentication scheme for fog-based vanets
Dwivedi et al. Design of blockchain and ECC-based robust and efficient batch authentication protocol for vehicular ad-hoc networks
Cheng et al. Conditional privacy-preserving multi-domain authentication and pseudonym management for 6G-enabled IoV
Djam-Doudou et al. A certificate-based pairwise key establishment protocol for IoT resource-constrained devices
Yao et al. DIDs-assisted secure cross-metaverse authentication scheme for MEC-enabled metaverse
Kumar et al. EIoVChain: towards authentication and secure communication based blockchain for internet of vehicles (IoV)
Zheng et al. [Retracted] An Anonymous Authentication Scheme in VANETs of Smart City Based on Certificateless Group Signature
Chen et al. An attribute-encryption-based cross-chain model in urban internet of vehicles
CN114928835B (en) Dynamic wireless sensor network construction method based on blockchain and key management

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant