CN112073379A - Lightweight Internet of things security key negotiation method based on edge calculation - Google Patents

Lightweight Internet of things security key negotiation method based on edge calculation Download PDF

Info

Publication number
CN112073379A
CN112073379A CN202010806877.5A CN202010806877A CN112073379A CN 112073379 A CN112073379 A CN 112073379A CN 202010806877 A CN202010806877 A CN 202010806877A CN 112073379 A CN112073379 A CN 112073379A
Authority
CN
China
Prior art keywords
edge gateway
authentication
equipment
edge
terminal equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010806877.5A
Other languages
Chinese (zh)
Other versions
CN112073379B (en
Inventor
陈冰冰
刘强
周俊
夏伟栋
邹明翰
邵苏杰
辛辰
许洪华
李易
王徐延
吴冠儒
沙莉
张庆航
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Posts and Telecommunications
Nanjing Power Supply Co of State Grid Jiangsu Electric Power Co Ltd
Original Assignee
Beijing University of Posts and Telecommunications
Nanjing Power Supply Co of State Grid Jiangsu Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Posts and Telecommunications, Nanjing Power Supply Co of State Grid Jiangsu Electric Power Co Ltd filed Critical Beijing University of Posts and Telecommunications
Priority to CN202010806877.5A priority Critical patent/CN112073379B/en
Publication of CN112073379A publication Critical patent/CN112073379A/en
Application granted granted Critical
Publication of CN112073379B publication Critical patent/CN112073379B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

A lightweight Internet of things security key negotiation method based on edge calculation comprises the following steps: step 1, a cloud server performs bidirectional authentication on an edge gateway, authorizes the edge gateway, and the edge gateway obtains authentication key negotiation authority for terminal equipment; step 2, the edge gateway is responsible for the safety certification and management of the Internet of things equipment in the edge gateway local area network; step 3, the terminal equipment and the edge gateway perform bidirectional authentication and key agreement, the terminal equipment and the edge gateway construct a safety channel to perform encryption protection on subsequent transmission data, and the subsequent transmission data are transmitted to the edge gateway in a unified manner; step 4, the edge gateway performs preliminary processing on the data transmitted by the terminal equipment; and 5, in the subsequent process, the cloud server and the edge gateway server transmit and process the equipment data together. The invention realizes the lightweight and safe Internet of things authentication key agreement and ensures the security of Internet of things network data transmission.

Description

Lightweight Internet of things security key negotiation method based on edge calculation
Technical Field
The invention belongs to the technical field of internet security, and particularly relates to a lightweight internet of things security key negotiation method based on edge calculation.
Background
The Internet of Things (IoT-Internet of Things) technology has been integrated into aspects of life with the rapid development of information technology. The intelligent network formed by the internet of things and interconnecting people, things and things greatly promotes the intelligent development in various fields. But the simultaneous access of a large number of devices and the exchange of a large amount of information also introduces new security challenges. Due to the fact that the number of devices is large and the device resources are limited in the environment of the internet of things, the traditional security protocol is too complex, and the cost of resources such as calculation, storage and communication is large, so that the requirements cannot be met. Moreover, a centralized authentication key agreement mechanism taking cloud as a center brings huge burden to a server at present, and even network congestion is caused to influence the authentication and key agreement process of equipment. Therefore, how to design a safer and lighter authentication key agreement technology to ensure confidentiality and integrity of information exchange in the environment of the internet of things is an urgent need.
In order to solve the development situation of the prior art, the existing papers and patents are searched, compared and analyzed, and the following technical information with high relevance to the invention is screened out:
the technical scheme 1: a patent of "a method and a system for performing security management on internet of things equipment", with a patent number of CN108881304A, provides a method and a system for performing security management on internet of things equipment, and the method includes: the Internet of things safety management platform is registered in a recognized third-party safety mechanism platform, and the third-party safety mechanism platform signs an Internet of things safety management platform certificate after passing the authentication of the Internet of things safety management platform; the method comprises the steps that the Internet of things equipment is registered on an Internet of things safety management platform, and after the Internet of things safety management platform passes authentication of an Internet of things equipment user identity identification card, an Internet of things equipment user identity identification card certificate is signed to the user identity identification card; when the service data is transmitted between the service platform of the internet of things and the equipment of the internet of things, the safety management platform of the internet of things and the user identity identification card perform identity authentication, and after the authentication is passed, a service data transmission encryption working key is negotiated, so that the safety of data transmission of both parties is ensured. The invention can effectively protect the Internet of things equipment from illegal management and control and improve the overall anti-attack capability of the Internet of things system.
Technical scheme 1 adopts an thing networking platform management authentication mode based on identification card, its characterized in that: the management platform of the internet of things needs to be registered in a third-party security organization, then the equipment of the internet of things registers in the management platform of the internet of things, and after the authentication of the identity identification card passes, a corresponding identity certificate is issued. The method can well protect the data transmission of the Internet of things equipment, so that the Internet of things equipment is not illegally controlled. However, such a management method is too centralized to satisfy the management of a large amount of devices. Meanwhile, registration, issuance and authentication are complicated, the equipment overhead is high, and the safety requirement of equipment with effective partial resources cannot be met.
The technical scheme 2 is as follows: an internet of things sensing node authentication method based on an edge gateway is disclosed in patent No. CN110995432A, and relates to an internet of things sensing node authentication method based on an edge gateway. The method mainly comprises the following steps: the sensing node firstly reads the NodeID and the authentication Key Key stored in the self equipment, and randomly generates a random number Nonce 1; if the authentication is the first authentication, randomly generating a Counter value at the same time, otherwise reading the locally stored Counter value; the sensing node calculates the node authentication credential and then sends an access request message to the edge gateway. The invention has the advantages that the invention provides an authentication implementation mode conforming to the idea of edge computing of decentralized and distributed type, the computing capacity of the system of the Internet of things is sunk to the edge gateway from the cloud end, and after the first authentication access, the edge gateway can independently complete the access authentication of the sensing node, so that the edge computing capacity of the Internet of things is enhanced, the computing pressure of the access authentication of the IoT cloud platform is greatly reduced, and the normal operation of the subordinate edge network can be ensured even if the edge gateway and the cloud end lose network connection.
Technical scheme 2 adopts a node authentication method based on an edge computing gateway, which is characterized in that: in the node authentication method based on the edge computing gateway, the edge gateway is responsible for sensing the access authentication of the node, the whole authentication method is based on the Counter value increasing sequence and fuses random numbers to equivalently practice the bidirectional authentication of the challenge/response idea, and the authentication is simple and light. Meanwhile, the computing power of the Internet of things system is sunk to the edge gateway from the cloud, so that the edge computing power of the Internet of things is enhanced, and the pressure of a cloud platform is reduced to some extent. However, in the authentication process, the edge gateway needs to query the IoT cloud platform for h (key) to which the node id of the device node is related. Therefore, when the number of the nodes is large and the number of the node authentication requests is large, the load of the cloud platform is still large, and effective decentralization is not realized. In addition, although the authentication protocol is lightweight, the most important security is low, and it is very vulnerable.
Disclosure of Invention
In order to solve the defects in the prior art, the invention aims to provide a dynamic password authentication key agreement method based on identity identification, and provides an authentication key agreement mechanism based on edge computing and 'cloud-edge-end' cooperation, and the authentication and key agreement task is put on edge gateway-level equipment, so that the time delay can be greatly reduced, the huge burden of mass equipment on a cloud center can be relieved, and the identity authentication and key agreement can be completed more safely and efficiently.
The invention adopts the following technical scheme. A lightweight Internet of things security key negotiation method based on edge calculation comprises the following steps:
step 1, the cloud server performs bidirectional authentication on an edge gateway, after the authentication is passed, the edge gateway is authorized, the edge gateway obtains authentication key negotiation authority for terminal equipment, meanwhile, identity information of the edge gateway is stored in a cloud database, and an authentication key negotiation task is transferred by the cloud server;
step 2, after the edge gateway obtains the authority through the cloud server authentication, receiving an authentication key negotiation task transferred by a corresponding cloud server, and starting to take charge of the safety authentication and management of the terminal equipment in the edge gateway local area network;
step 3, the terminal equipment accesses the Internet of things, the terminal equipment and the edge gateway perform bidirectional authentication and key agreement, after the authentication key agreement is passed, the terminal equipment and the edge gateway construct a safety channel to perform encryption protection on subsequent transmission data, and perform data transmission to the edge gateway;
step 4, the edge gateway performs primary processing on data transmitted by the terminal equipment, and partial data and the cloud are coordinated and transmitted to a cloud server;
and 5, the cloud server and the edge gateway process the data together, and the authentication key agreement of the terminal equipment is uniformly managed by the edge gateway.
Preferably, step 2 includes registering the new network access terminal device, and the registration process includes:
step 2.1, inputting relevant equipment information and a preset password PW at the terminal equipment, generating a unique equipment identity ID by the equipment registering system equipment end through the equipment information, and generating a random number NiAnd calculate the password
Figure BDA0002629462960000031
Step 2.2, the terminal equipment saves ID, PW and Ci,CiAnd the ID is transmitted to a registration server through a secure channel for checking and storing;
step 2.3, at the edge gateway, the registration server inquires through the equipment identity ID, and if the equipment identity ID is registered, the registered information is returned; if the equipment ID is not registered, the server end stores CiAnd the equipment identity ID and returns registration success information.
Preferably, the device information includes: device area number, device type number, and device number.
Preferably, the performing, by the terminal device and the edge gateway, bidirectional authentication and key agreement in step 3 specifically includes:
step 3.1, the terminal equipment and the edge gateway perform bidirectional authentication;
step 3.2, the terminal equipment and the edge gateway perform key negotiation exchange;
and 3.3, the terminal equipment and the edge gateway perform key negotiation verification.
Preferably, the step 3.1 of performing bidirectional authentication between the terminal device and the edge gateway specifically includes:
step 3.1.1, the equipment end initiates an identity authentication request to the edge gateway to generate a random challenge number CNiAnd a time stamp TiThe equipment identity ID and the random challenge number CNiSending the data to an edge gateway;
step 3.1.2, after receiving the information, the edge gateway judges the timestamp TiWhether the equipment is valid or not is verified according to the equipment identity ID if the equipment is valid, and failure information is sent if the equipment is not registered; if registered, according to the ID of the equipment ID, searching the corresponding CiAnd calculating a response value
Figure BDA0002629462960000041
Generating a random number CNi+1R and CNi+1Sending the data to the terminal equipment;
step 3.1.3, after receiving the information, the terminal equipment calculates
Figure BDA0002629462960000042
Comparison
Figure BDA0002629462960000043
If the authentication request is the same as the authentication request R, returning to the step 3.1.1 to resend the authentication request if the authentication request is different from the authentication request R, and if the authentication request is the same as the authentication request R, successfully authenticating the edge gateway; after the edge gateway is successfully authenticated, the terminal equipment generates a random number Ni+1And calculating to generate a new password
Figure BDA0002629462960000044
Calculating Di+1=H(ID,Ci+1) Calculating
Figure BDA0002629462960000045
Figure BDA0002629462960000046
Computing
Figure BDA0002629462960000047
Computing
Figure BDA0002629462960000048
And sending (a, b, ID) to the edge gateway;
step 3.1.4, after the edge gateway receives the information, calculating
Figure BDA0002629462960000049
Computing
Figure BDA00026294629600000410
Figure BDA00026294629600000411
Computing
Figure BDA00026294629600000412
Computing
Figure BDA00026294629600000416
Comparison
Figure BDA00026294629600000413
And Di+1If the two are the same, the authentication fails, if the two are the same, the authentication of the equipment end is successful, the edge gateway updates the information of the registration information database and uses Ci+1Replacement CiFinishing password updating, the edge gateway computing r ═ H (ID, D)i+1) And sending Success and r to the user to provide the secondary authentication of the edge gateway;
step 3.1.5, after the terminal equipment receives r, calculating
Figure BDA00026294629600000414
Comparison
Figure BDA00026294629600000415
If the two-way authentication is the same as r, the key agreement is started, and ak is equal to Di+1As shared authentication material for the subsequent key agreement phase.
Preferably, step 3.2, the terminal device and the edge gateway perform key agreement exchange using the ECDH key exchange algorithm.
Preferably, the step 3.2 of the terminal device and the edge gateway performing key agreement exchange specifically includes:
step 3.2.1, the terminal equipment generates a random number KNiGenerating a random integer naCalculating the keying material KMi=naG, G is an elliptic curve base point, and KN is sent to an edge gatewayiAnd KMi
Step 3.2.2, the edge gateway generates a random number KNrGenerating a random integer nbCalculating the keying material KMr=nbG, after receiving the key material data of the equipment end, sending KM to the terminal equipmentrAnd KNr
Preferably, step 3.3, the key agreement verification between the terminal device and the edge gateway specifically includes:
step 3.3.1, the terminal device and the edge gateway calculate the shared secret key K ═ Ki=na·KMr=kr=nb·KMiCalculating a temporary session key
Figure BDA0002629462960000051
Step 3.3.2, the terminal device calculates the verification material
Figure BDA0002629462960000052
And sends the ID and the ID to the edge gateway for verification;
step 3.3.3, edge gateway computation
Figure BDA0002629462960000053
Comparison
Figure BDA0002629462960000054
And HiIf the two are the same, the verification fails and the negotiation is carried out again; if the two are the same, the verification is passed, and a random number N is generatedidCalculating
Figure BDA0002629462960000055
Will NidAnd HrSending the information to the terminal equipment, and enabling the edge gateway to enter a safe communication stage;
step 3.3.4, terminal device calculates
Figure BDA0002629462960000056
Comparison
Figure BDA0002629462960000057
And HrIf the two are the same, the verification fails and the negotiation is carried out again; if the two types of the data are the same, the verification is passed, and the security communication stage is carried out after the verification is passed.
Compared with the prior art, the invention adopts a dynamic password authentication key agreement method based on the identity identification, provides a cloud-edge-end cooperative authentication key agreement mechanism based on edge computing, and puts down authentication and key agreement tasks on edge gateway-level equipment, so that the mechanism can greatly reduce time delay, relieve the huge burden of mass equipment on a cloud center, and complete identity authentication and key agreement more safely and efficiently. The method and the mechanism provided by the invention can effectively reduce the expenditure on equipment storage and computing resources, further improve the efficiency on the basis of ensuring the safety, and can meet the application requirements in the environment of the Internet of things.
The invention provides a dynamic password identity authentication protocol based on identity identification and a key agreement protocol taking an ECDH algorithm as a core, which can meet the communication safety requirements of resource-limited equipment with different types and provide communication safety guarantee. Meanwhile, the management problem caused by the large number of equipment in the environment of the Internet of things is solved, the pressure of the cloud center server can be relieved, the efficiency of authentication key agreement is improved, the time delay is reduced, and the safety is enhanced.
Drawings
Fig. 1 is a cloud-edge-end cooperative authentication key agreement mechanism architecture based on an edge gateway;
fig. 2 is a device registration flow diagram;
FIG. 3 is a dynamic password mutual authentication model based on identification;
fig. 4 is a key agreement protocol model.
Detailed Description
The present application is further described below with reference to the accompanying drawings. The following examples are only for illustrating the technical solutions of the present invention more clearly, and the protection scope of the present application is not limited thereby.
As shown in fig. 1, the edge gateway-based cloud-edge-end collaborative authentication key agreement mechanism mainly includes three parts, namely, an internet of things device end, an edge gateway, and a cloud center. In this architecture, the edge gateway assumes the role of a bridge in the internet of things network. By designing the edge gateway, the equipment can be better managed, and the identity authentication and key agreement tasks of the cloud are put down to the edge gateway, so that the problems of information congestion, service congestion and time delay under high concurrency can be greatly relieved. In the whole framework, the edge gateway is directly connected with each Internet of things device downwards, and identity authentication and key agreement service, subsequent data security protection and data processing can be carried out on the devices in the region. And after each terminal device of the internet of things passes through the authentication key negotiation of the edge gateway, data is collected or corresponding service is provided, and meanwhile, the data is safely transmitted to the edge gateway. The edge gateway is accessed upwards into the core network and can cooperate with the cloud center. The cloud center authenticates the edge gateway equipment, authorizes and transfers an authentication key negotiation task of the terminal equipment to the edge gateway after authentication, processes data uploaded by the edge gateway, and completes authentication key negotiation and corresponding data processing of the equipment through the cloud-edge cooperative mode.
Each packet edge gateway server manages the corresponding internet of things equipment, and the edge gateway is accessed into the core network to cooperate with the cloud center. The cloud center manages corresponding edge gateway equipment, and therefore an edge gateway authentication mechanism is achieved based on a cloud-edge-end integrated mode.
Therefore, the invention provides a lightweight Internet of things security key negotiation method based on edge calculation, which comprises the following steps:
step 1, the cloud server performs bidirectional authentication on the edge gateway, after the authentication is passed, the edge gateway is authorized, the edge gateway obtains authentication key negotiation authority for the terminal equipment, meanwhile, identity information of the edge gateway is stored in a cloud database, and then an authentication key negotiation task is transferred by the cloud server.
And 2, after the edge gateway obtains the authority through the cloud server authentication, the edge gateway receives corresponding cloud server tasks and starts to be responsible for the safety authentication and management of the terminal equipment in the edge gateway local area network, such as but not limited to the management of registration, data acquisition, transmission and processing of the terminal equipment of the internet of things.
And 3, the terminal equipment accesses the Internet of things, the terminal equipment and the edge gateway perform bidirectional authentication and key agreement, after the authentication key agreement is passed, the terminal equipment and the edge gateway construct a safety channel to perform encryption protection on subsequent transmission data, and the subsequent transmission data are uniformly transmitted to the edge gateway.
And 4, the edge gateway performs preliminary processing on data transmitted by the terminal device, such as but not limited to simple preprocessing and cleaning on the transmitted data, and transmits part of important data, such as but not limited to data acquired by a terminal sensor, possibly user privacy protection data and the like, to the cloud server in a cooperative manner, such as but not limited to cooperative processing of the cloud and the edge gateway on the processed data, and cooperatively completing tasks and the like.
Step 5, in the subsequent process, the cloud server and the edge gateway server process data together, and perform cloud-side cooperative processing to realize intelligent services, such as but not limited to, environment monitoring, intelligent camera shooting and the like according to specific scenes and deployment, and authentication key agreement of the terminal device is uniformly managed by the edge gateway.
By the method, massive Internet of things equipment can be efficiently managed, the edge gateway provides corresponding authentication key agreement, the safety of the equipment and data is guaranteed, in addition, cloud-edge cooperation can jointly process the data, intelligent service is provided, the interconnection of everything is really realized, and the development of the Internet of things is promoted.
The protocol designed by the invention mainly comprises a registration process and an authentication process, wherein the registration process is responsible for identity identification and information registration of each new network access device, and the authentication process is mutual identity authentication between the device and the edge gateway. Therefore, step 2 includes the registration of the new network-accessing terminal device, as shown in fig. 2, the registration process includes:
step 2.1, inputting relevant equipment information such as equipment area number, equipment type number and equipment number and a preset password PW at a terminal equipment, generating a unique equipment identity ID by a registration system equipment end running on the terminal equipment through the equipment information, and generating a random number NiAnd calculate the password
Figure BDA0002629462960000071
Figure BDA0002629462960000072
Step 2.2, the terminal equipment saves ID, PW and Ci,CiThe ID is transmitted to a registration server for checking and storing through a secure channel, and the registration server is generally arranged at an edge gateway and is convenient for responding to information inquiry of the gateway;
step 2.3, at the edge gateway, the registration server inquires through the equipment identity ID, and if the equipment identity ID is registered, the registered information is returned; if the equipment ID is not registered, the server end stores CiAnd the equipment identity ID and returns registration success information.
The step 3 of performing bidirectional authentication and key agreement between the terminal device and the edge gateway specifically includes:
step 3.1, the terminal equipment and the edge gateway perform bidirectional authentication;
step 3.2, the terminal equipment and the edge gateway perform key negotiation exchange;
and 3.3, the terminal equipment and the edge gateway perform key negotiation verification.
The authentication process is realized based on the identity identification and by taking an improved one-time password authentication technology as a core. The whole authentication process of the protocol is operated based on the hash function and provides bidirectional identity authentication, so that the occupation of equipment resources and communication is less, and the protocol is safer and more efficient. As shown in fig. 3, the step 3.1 of performing bidirectional authentication between the terminal device and the edge gateway specifically includes:
step 3.1.1, the equipment end initiates an identity authentication request to the edge gateway to generate a random challenge number CNiAnd a time stamp TiThe equipment identity ID and the random challenge number CNiSending the data to an edge gateway;
step 3.1.2, after receiving the information, the edge gateway judges the timestamp TiWhether the equipment is valid or not is verified according to the equipment identity ID if the equipment is valid, and failure information is sent if the equipment is not registered; if registered, according to the ID of the equipment ID, searching the corresponding CiAnd calculating a response value
Figure BDA0002629462960000081
Generating a random number CNi+1R and CNi+1Sending the data to the terminal equipment;
step 3.1.3, after receiving the information, the terminal equipment calculates
Figure BDA0002629462960000082
Comparison
Figure BDA0002629462960000083
If the authentication request is the same as the authentication request R, returning to the step 3.1.1 to resend the authentication request if the authentication request is different from the authentication request R, and if the authentication request is the same as the authentication request R, successfully authenticating the edge gateway; after the edge gateway is successfully authenticated, the terminal equipment generates a random number Ni+1And calculating to generate a new password
Figure BDA0002629462960000084
Calculating Di+1=H(ID,Ci+1) Calculating
Figure BDA0002629462960000085
Figure BDA0002629462960000086
Computing
Figure BDA0002629462960000087
Computing
Figure BDA0002629462960000088
And sending (a, b, ID) to the edge gateway;
step 3.1.4, after the edge gateway receives the information, calculating
Figure BDA0002629462960000089
Computing
Figure BDA00026294629600000810
Figure BDA00026294629600000811
Computing
Figure BDA00026294629600000812
Computing
Figure BDA00026294629600000813
Comparison
Figure BDA00026294629600000814
And Di+1If the two are the same, the authentication fails, if the two are the same, the authentication of the equipment end is successful, the edge gateway updates the information of the registration information database and uses Ci+1Replacement CiFinishing password updating, the edge gateway computing r ═ H (ID, D)i+1) And sending Success and r to the user to provide the secondary authentication of the edge gateway;
step 3.1.5, after the terminal equipment receives r, calculating
Figure BDA0002629462960000091
Comparison
Figure BDA0002629462960000092
If the two-way authentication is the same as r, the key agreement is started, and ak is equal to Di+1As shared authentication material for the subsequent key agreement phase.
The whole key agreement protocol realizes the verification of the identity of both parties based on the authentication protocol, and then realizes the exchange of the key through the ECDH protocol, thereby generating the temporary session key. For the whole key agreement protocol, the core mainly consists of two stages of agreement exchange and agreement verification.
The key negotiation and exchange process is mainly realized based on an ECDH key exchange algorithm, namely a DH and an ECC are combined to form the ECDH algorithm to complete the key material exchange of the two parties on a public channel and generate a shared key. ECDH is more efficient than DH.
And a protocol verification stage, namely, the shared authentication material generated in the identity authentication stage and the shared key material generated in the key agreement exchange stage are combined to authenticate the whole authentication agreement, so that the reliability of the whole key agreement data exchange is ensured, and man-in-the-middle attack can be effectively prevented. As shown in fig. 4, step 3.2 of the terminal device and the edge gateway performing key agreement exchange specifically includes:
step 3.2.1, the terminal equipment generates a random number KNiGenerating a random integer naCalculating the keying material KMi=naG, G is an elliptic curve base point, and KN is sent to an edge gatewayiAnd KMi
Step 3.2.2, the edge gateway generates a random number KNrGenerating a random integer nbCalculating the keying material KMrAfter receiving the key material data of the device end, the KM is sent to the terminal devicerAnd KNr
Step 3.3, the key agreement verification of the terminal device and the edge gateway specifically includes:
step 3.3.1, the terminal device and the edge gateway calculate the shared secret key K ═ Ki=a·KMr=kr=b·KMiCalculating a temporary session key
Figure BDA0002629462960000093
Step 3.3.2, the terminal device calculates the verification material
Figure BDA0002629462960000094
And sends the ID and the ID to the edge gateway for verification;
step 3.3.3, edge gateway computation
Figure BDA0002629462960000095
Comparison
Figure BDA0002629462960000096
And HiIf the two are the same, the verification fails and the negotiation is carried out again; if the two are the same, the verification is passed, and a random number N is generatedidCalculating
Figure BDA0002629462960000097
Will NidAnd HrSending the information to the terminal equipment, and enabling the edge gateway to enter a safe communication stage;
step 3.3.4, terminal device calculates
Figure BDA0002629462960000101
Comparison
Figure BDA0002629462960000102
And HrIf the two are the same, the verification fails and the negotiation is carried out again; if the two types of the data are the same, the verification is passed, and the security communication stage is carried out after the verification is passed.
The beneficial effects of the invention at least comprise: 1. the cloud-edge-end cooperative authentication key agreement mechanism based on the edge gateway considers the huge pressure of massive Internet of things equipment on a cloud center, the problem of equipment management, the safety of authentication and key agreement, task delay, resource occupation and the like. The authentication key agreement mechanism can better perform efficient management and control on the Internet of things equipment and provide a safe and efficient authentication key agreement task.
2. In the protocol design, on the basis of ensuring the protocol security and providing the bidirectional identity authentication and key agreement function, the invention has smaller occupation cost for computing and storing resources and is lighter and more efficient compared with the related protocol.
3. The protocol designed by the invention does not need certificates and other management organizations, and the application is more convenient. Compared with the related protocol, the method also has higher safety, excellent performance and low computing resource cost.
To more clearly describe the technical solution and the advantages of the present invention, an application example of the present invention is described below.
The method mainly tests two stages of identity authentication and key agreement. The system is started at the edge gateway server side first, and then the device client side is started. The device side initiates connection to the edge server side and starts identity authentication.
In the first stage, the client sends the ID and the challenge random number, in the second stage, the server calculates the Ahash and the random challenge book, and the client compares and verifies the received server information. And in the third stage, the client side sends the dynamically updated password related materials a and b to the server side, and the server side obtains a new password through calculation and simultaneously carries out verification. And in the last stage, both sides verify the rhash and complete the bidirectional identity authentication.
And the key negotiation module is started after the identity authentication module passes, so that key negotiation between the equipment end and the edge gateway is realized. The key agreement mainly comprises two stages, wherein the first stage is to realize the exchange of key materials based on an ECDH algorithm, and the second stage is mainly to verify the agreement and then complete the whole key agreement process. And entering a key agreement module after the identity authentication is passed.
And after the identity authentication is passed, the key agreement is started, and the key agreement is completed in two stages. In the first stage, both parties generate random numbers randnum and key materials (random large integers), then both parties exchange data, in the first stage, each party calculates a Session ID (a key obtained by an ECDH algorithm), in the second stage, both parties calculate a hash value and verify the hash value, and the whole key negotiation module completes negotiation work.
The system can realize the identity authentication and key agreement function between the equipment end and the edge gateway server end according to the protocol designed by the invention. The two parties successfully obtain the session key for subsequent secure communication through authentication key negotiation, thereby providing guarantee for the security of data transmission of the equipment.
Protocol applicationThe use effect is good, and compared with other protocols, the use effect is lighter and safer. The whole authentication and key agreement task has higher efficiency and performance, and can be well suitable for equipment with resource limitation in the environment of the Internet of things. The performance is shown in table 1 below. Wherein, TPM: calculating the time, T, of an elliptic curve scalar multiplicationPA: calculating the time, T, of an elliptic curve scalar addition operationHP: calculating the time, T, of a hash function mapping to pointsH: calculating the time, T, of a one-way hash functionI: calculating the time of one-time modular inverse operation; t isSE: time to symmetric encryption and decryption (AES) is calculated once.
TABLE 1 protocol Performance comparison
Figure BDA0002629462960000111
In summary, compared with other protocol algorithms, the lightweight security key agreement protocol based on the internet of things has better comprehensive performance, is suitable for device information transmission in the scene facing the internet of things, and can better provide communication security guarantee for resource-limited devices.
The present applicant has described and illustrated embodiments of the present invention in detail with reference to the accompanying drawings, but it should be understood by those skilled in the art that the above embodiments are merely preferred embodiments of the present invention, and the detailed description is only for the purpose of helping the reader to better understand the spirit of the present invention, and not for limiting the scope of the present invention, and on the contrary, any improvement or modification made based on the spirit of the present invention should fall within the scope of the present invention.

Claims (8)

1. A lightweight Internet of things security key negotiation method based on edge calculation is characterized by comprising the following steps:
step 1, the cloud server performs bidirectional authentication on an edge gateway, after the authentication is passed, the edge gateway is authorized, the edge gateway obtains authentication key negotiation authority for terminal equipment, meanwhile, identity information of the edge gateway is stored in a cloud database, and an authentication key negotiation task is transferred by the cloud server;
step 2, after the edge gateway obtains the authority through the cloud server authentication, receiving an authentication key negotiation task transferred by a corresponding cloud server, and starting to take charge of the safety authentication and management of the terminal equipment in the edge gateway local area network;
step 3, the terminal equipment accesses the Internet of things, the terminal equipment and the edge gateway perform bidirectional authentication and key agreement, after the authentication key agreement is passed, the terminal equipment and the edge gateway construct a safety channel to perform encryption protection on subsequent transmission data, and perform data transmission to the edge gateway;
step 4, the edge gateway performs primary processing on data transmitted by the terminal equipment, and partial data and the cloud are coordinated and transmitted to a cloud server;
and 5, the cloud server and the edge gateway process the data together, and the authentication key agreement of the terminal equipment is uniformly managed by the edge gateway.
2. The lightweight internet of things security key agreement method based on edge computing according to claim 1, characterized in that:
step 2, registering the new network access terminal equipment, wherein the registering process comprises the following steps:
step 2.1, inputting relevant equipment information and a preset password PW at the terminal equipment, generating a unique equipment identity ID by the equipment registering system equipment end through the equipment information, and generating a random number NiAnd calculate the password
Figure FDA0002629462950000011
Step 2.2, the terminal equipment saves ID, PW and Ci,CiAnd the ID is transmitted to a registration server through a secure channel for checking and storing;
step 2.3, at the edge gateway, the registration server inquires through the equipment identity ID, and if the equipment identity ID is registered, the registered information is returned; if the equipment identity markThe ID is not registered, the server side stores CiAnd the equipment identity ID and returns registration success information.
3. The lightweight internet of things security key agreement method based on edge computing according to claim 2, characterized in that:
the device information includes: device area number, device type number, and device number.
4. The lightweight internet of things security key agreement method based on edge computing according to any one of claims 1 to 3, characterized in that:
the step 3 of performing bidirectional authentication and key agreement between the terminal device and the edge gateway specifically includes:
step 3.1, the terminal equipment and the edge gateway perform bidirectional authentication;
step 3.2, the terminal equipment and the edge gateway perform key negotiation exchange;
and 3.3, the terminal equipment and the edge gateway perform key negotiation verification.
5. The lightweight internet of things security key agreement method based on edge computing according to claim 4, characterized in that:
step 3.1, the bidirectional authentication between the terminal device and the edge gateway specifically comprises the following steps:
step 3.1.1, the equipment end initiates an identity authentication request to the edge gateway to generate a random challenge number CNiAnd a time stamp TiThe equipment identity ID and the random challenge number CNiSending the data to an edge gateway;
step 3.1.2, after receiving the information, the edge gateway judges the timestamp TiWhether the equipment is valid or not is verified according to the equipment identity ID if the equipment is valid, and failure information is sent if the equipment is not registered; if registered, according to the ID of the equipment ID, searching the corresponding CiAnd calculating a response value
Figure FDA0002629462950000021
Generating a random number CNi+1R and CNi+1Sending the data to the terminal equipment;
step 3.1.3, after receiving the information, the terminal equipment calculates
Figure FDA0002629462950000022
Comparison
Figure FDA0002629462950000023
If the authentication request is the same as the authentication request R, returning to the step 3.1.1 to resend the authentication request if the authentication request is different from the authentication request R, and if the authentication request is the same as the authentication request R, successfully authenticating the edge gateway; after the edge gateway is successfully authenticated, the terminal equipment generates a random number Ni+1And calculating to generate a new password
Figure FDA0002629462950000024
Calculating Di+1=H(ID,Ci+1) Calculating
Figure FDA0002629462950000025
Figure FDA0002629462950000026
Computing
Figure FDA0002629462950000027
Computing
Figure FDA0002629462950000028
And sending (a, b, ID) to the edge gateway;
step 3.1.4, after the edge gateway receives the information, calculating
Figure FDA0002629462950000029
Computing
Figure FDA00026294629500000210
Figure FDA00026294629500000211
Computing
Figure FDA00026294629500000212
Computing
Figure FDA00026294629500000213
Comparison
Figure FDA00026294629500000214
And Di+1If the two are the same, the authentication fails, if the two are the same, the authentication of the equipment end is successful, the edge gateway updates the information of the registration information database and uses Ci+1Replacement CiFinishing password updating, the edge gateway computing r ═ H (ID, D)i+1) And sending Success and r to the user to provide the secondary authentication of the edge gateway;
step 3.1.5, after the terminal equipment receives r, calculating
Figure FDA0002629462950000038
Comparison
Figure FDA0002629462950000039
If the two-way authentication is the same as r, the key agreement is started, and ak is equal to Di+1As shared authentication material for the subsequent key agreement phase.
6. The lightweight internet of things security key agreement method based on edge computing according to claim 5, characterized in that:
and 3.2, the terminal equipment and the edge gateway use an ECDH key exchange algorithm to carry out key negotiation exchange.
7. The lightweight internet of things security key agreement method based on edge computing according to claim 5, characterized in that:
step 3.2, the key negotiation exchange between the terminal device and the edge gateway specifically includes:
step 3.2.1, the terminal equipment generates a random number KNiGenerating random integersnaCalculating the keying material KMi=naG, G is an elliptic curve base point, and KN is sent to an edge gatewayiAnd KMi
Step 3.2.2, the edge gateway generates a random number KNrGenerating a random integer nbCalculating the keying material KMr=nbG, after receiving the key material data of the equipment end, sending KM to the terminal equipmentrAnd KNr
8. The lightweight internet of things security key agreement method based on edge computing according to claim 6, characterized in that:
step 3.3, the key agreement verification of the terminal device and the edge gateway specifically includes:
step 3.3.1, the terminal device and the edge gateway calculate the shared secret key K ═ Ki=na·KMr=kr=nb·KMiCalculating a temporary session key
Figure FDA0002629462950000031
Step 3.3.2, the terminal device calculates the verification material
Figure FDA0002629462950000032
And sends the ID and the ID to the edge gateway for verification;
step 3.3.3, edge gateway computation
Figure FDA0002629462950000033
Comparison
Figure FDA0002629462950000034
And HiIf the two are the same, the verification fails and the negotiation is carried out again; if the two are the same, the verification is passed, and a random number N is generatedidCalculating
Figure FDA0002629462950000035
Will NidAnd HrSending the information to the terminal equipment, and enabling the edge gateway to enter a safe communication stage;
step 3.3.4, terminal device calculates
Figure FDA0002629462950000036
Comparison
Figure FDA0002629462950000037
And HrIf the two are the same, the verification fails and the negotiation is carried out again; if the two types of the data are the same, the verification is passed, and the security communication stage is carried out after the verification is passed.
CN202010806877.5A 2020-08-12 2020-08-12 Lightweight Internet of things security key negotiation method based on edge calculation Active CN112073379B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010806877.5A CN112073379B (en) 2020-08-12 2020-08-12 Lightweight Internet of things security key negotiation method based on edge calculation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010806877.5A CN112073379B (en) 2020-08-12 2020-08-12 Lightweight Internet of things security key negotiation method based on edge calculation

Publications (2)

Publication Number Publication Date
CN112073379A true CN112073379A (en) 2020-12-11
CN112073379B CN112073379B (en) 2022-11-11

Family

ID=73661225

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010806877.5A Active CN112073379B (en) 2020-08-12 2020-08-12 Lightweight Internet of things security key negotiation method based on edge calculation

Country Status (1)

Country Link
CN (1) CN112073379B (en)

Cited By (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112468983A (en) * 2020-12-18 2021-03-09 国网河北省电力有限公司电力科学研究院 Low-power-consumption access authentication method for intelligent equipment of power internet of things and auxiliary device thereof
CN112511393A (en) * 2021-02-08 2021-03-16 腾讯科技(深圳)有限公司 Equipment linkage control method and device and storage medium
CN112596914A (en) * 2020-12-29 2021-04-02 贵州大学 IoT-oriented edge node system architecture, working method thereof and computing migration method
CN112702171A (en) * 2020-12-23 2021-04-23 北京航空航天大学 Distributed identity authentication method facing edge gateway
CN112751661A (en) * 2021-01-14 2021-05-04 重庆邮电大学 Industrial field device privacy data protection method based on homomorphic encryption
CN112822274A (en) * 2021-01-08 2021-05-18 苏州蓝赫朋勃智能科技有限公司 Safety verification method and device for household edge computing system
CN113312652A (en) * 2021-06-25 2021-08-27 国网辽宁省电力有限公司电力科学研究院 Cloud edge collaborative power terminal collected data integrity verification system based on improved CAT
CN113507474A (en) * 2021-07-14 2021-10-15 同济大学 User data cloud, side end and terminal collaborative interaction encryption and decryption method
CN113766019A (en) * 2021-09-01 2021-12-07 江苏信臣健康科技股份有限公司 Internet of things system based on combination of cloud and edge calculation
CN113783893A (en) * 2021-09-29 2021-12-10 远景智能国际私人投资有限公司 Data transmission method, device and system
CN113783868A (en) * 2021-09-08 2021-12-10 广西东信数建信息科技有限公司 Method and system for protecting security of gate Internet of things based on commercial password
CN114095256A (en) * 2021-11-23 2022-02-25 广州市诺的电子有限公司 Terminal authentication method, system, equipment and storage medium based on edge calculation
CN114221822A (en) * 2022-01-12 2022-03-22 杭州涂鸦信息技术有限公司 Network distribution method, gateway device and computer readable storage medium
CN114389838A (en) * 2021-12-08 2022-04-22 广东电网有限责任公司 Terminal security access control method for identifying abnormal service from multiple dimensions
CN114398602A (en) * 2022-01-11 2022-04-26 国家计算机网络与信息安全管理中心 Internet of things terminal identity authentication method based on edge calculation
CN114501440A (en) * 2022-01-04 2022-05-13 中国人民武装警察部队工程大学 Authentication key protocol applied to edge of wireless sensor network by block chain
CN114650156A (en) * 2020-12-18 2022-06-21 北京华弘集成电路设计有限责任公司 Real-time data transmission method and system for Internet of things
CN114935630A (en) * 2022-05-17 2022-08-23 河南省保时安电子科技有限公司 Internet of things platform for intelligently analyzing data of industrial gas detector
CN115085943A (en) * 2022-08-18 2022-09-20 南方电网数字电网研究院有限公司 Edge computing method and platform for safe encryption of electric power Internet of things in north and south directions
CN115242388A (en) * 2022-07-26 2022-10-25 郑州轻工业大学 Group key negotiation method based on dynamic attribute authority
CN117221010A (en) * 2023-11-07 2023-12-12 合肥工业大学 Cloud-based vehicle ECU identity authentication method, communication method and system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107919956A (en) * 2018-01-04 2018-04-17 重庆邮电大学 End-to-end method for protecting under a kind of internet of things oriented cloud environment
CN110995432A (en) * 2020-03-05 2020-04-10 杭州字节物联安全技术有限公司 Internet of things sensing node authentication method based on edge gateway

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107919956A (en) * 2018-01-04 2018-04-17 重庆邮电大学 End-to-end method for protecting under a kind of internet of things oriented cloud environment
CN110995432A (en) * 2020-03-05 2020-04-10 杭州字节物联安全技术有限公司 Internet of things sensing node authentication method based on edge gateway

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
鲁阳: "物联网终端可信认证与自动接入技术研究与实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *

Cited By (35)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112468983A (en) * 2020-12-18 2021-03-09 国网河北省电力有限公司电力科学研究院 Low-power-consumption access authentication method for intelligent equipment of power internet of things and auxiliary device thereof
CN114650156B (en) * 2020-12-18 2023-11-14 北京华弘集成电路设计有限责任公司 Real-time data transmission method and system for Internet of things
CN114650156A (en) * 2020-12-18 2022-06-21 北京华弘集成电路设计有限责任公司 Real-time data transmission method and system for Internet of things
CN112468983B (en) * 2020-12-18 2022-05-10 国网河北省电力有限公司电力科学研究院 Low-power-consumption access authentication method for intelligent equipment of power internet of things and auxiliary device thereof
CN112702171B (en) * 2020-12-23 2021-10-15 北京航空航天大学 Distributed identity authentication method facing edge gateway
CN112702171A (en) * 2020-12-23 2021-04-23 北京航空航天大学 Distributed identity authentication method facing edge gateway
CN112596914B (en) * 2020-12-29 2024-03-15 贵州大学 IoT-oriented edge node system architecture, working method thereof and computing migration method
CN112596914A (en) * 2020-12-29 2021-04-02 贵州大学 IoT-oriented edge node system architecture, working method thereof and computing migration method
CN112822274B (en) * 2021-01-08 2022-06-21 苏州蓝赫朋勃智能科技有限公司 Safety verification method and device for household edge computing system
CN112822274A (en) * 2021-01-08 2021-05-18 苏州蓝赫朋勃智能科技有限公司 Safety verification method and device for household edge computing system
CN112751661A (en) * 2021-01-14 2021-05-04 重庆邮电大学 Industrial field device privacy data protection method based on homomorphic encryption
CN112511393A (en) * 2021-02-08 2021-03-16 腾讯科技(深圳)有限公司 Equipment linkage control method and device and storage medium
CN113312652A (en) * 2021-06-25 2021-08-27 国网辽宁省电力有限公司电力科学研究院 Cloud edge collaborative power terminal collected data integrity verification system based on improved CAT
CN113312652B (en) * 2021-06-25 2024-05-03 国网辽宁省电力有限公司电力科学研究院 Cloud edge cooperative power terminal acquisition data integrity verification system based on improved CAT
CN113507474A (en) * 2021-07-14 2021-10-15 同济大学 User data cloud, side end and terminal collaborative interaction encryption and decryption method
CN113766019B (en) * 2021-09-01 2024-04-30 江苏信臣健康科技股份有限公司 Internet of things system based on cloud and edge computing combination
CN113766019A (en) * 2021-09-01 2021-12-07 江苏信臣健康科技股份有限公司 Internet of things system based on combination of cloud and edge calculation
CN113783868B (en) * 2021-09-08 2023-09-01 广西东信数建信息科技有限公司 Method and system for protecting Internet of things safety of gate based on commercial password
CN113783868A (en) * 2021-09-08 2021-12-10 广西东信数建信息科技有限公司 Method and system for protecting security of gate Internet of things based on commercial password
CN113783893A (en) * 2021-09-29 2021-12-10 远景智能国际私人投资有限公司 Data transmission method, device and system
CN114095256A (en) * 2021-11-23 2022-02-25 广州市诺的电子有限公司 Terminal authentication method, system, equipment and storage medium based on edge calculation
CN114095256B (en) * 2021-11-23 2023-09-26 广州市诺的电子有限公司 Terminal authentication method, system, equipment and storage medium based on edge calculation
CN114389838A (en) * 2021-12-08 2022-04-22 广东电网有限责任公司 Terminal security access control method for identifying abnormal service from multiple dimensions
CN114501440B (en) * 2022-01-04 2024-02-09 中国人民武装警察部队工程大学 Authentication key protocol for block chain application at edge of wireless sensor network
CN114501440A (en) * 2022-01-04 2022-05-13 中国人民武装警察部队工程大学 Authentication key protocol applied to edge of wireless sensor network by block chain
CN114398602A (en) * 2022-01-11 2022-04-26 国家计算机网络与信息安全管理中心 Internet of things terminal identity authentication method based on edge calculation
CN114398602B (en) * 2022-01-11 2024-05-10 国家计算机网络与信息安全管理中心 Internet of things terminal identity authentication method based on edge calculation
CN114221822B (en) * 2022-01-12 2023-10-27 杭州涂鸦信息技术有限公司 Distribution network method, gateway device and computer readable storage medium
CN114221822A (en) * 2022-01-12 2022-03-22 杭州涂鸦信息技术有限公司 Network distribution method, gateway device and computer readable storage medium
CN114935630A (en) * 2022-05-17 2022-08-23 河南省保时安电子科技有限公司 Internet of things platform for intelligently analyzing data of industrial gas detector
CN115242388A (en) * 2022-07-26 2022-10-25 郑州轻工业大学 Group key negotiation method based on dynamic attribute authority
CN115085943B (en) * 2022-08-18 2023-01-20 南方电网数字电网研究院有限公司 Edge computing method and platform for safe encryption of electric power Internet of things in north and south directions
CN115085943A (en) * 2022-08-18 2022-09-20 南方电网数字电网研究院有限公司 Edge computing method and platform for safe encryption of electric power Internet of things in north and south directions
CN117221010A (en) * 2023-11-07 2023-12-12 合肥工业大学 Cloud-based vehicle ECU identity authentication method, communication method and system
CN117221010B (en) * 2023-11-07 2024-01-12 合肥工业大学 Cloud-based vehicle ECU identity authentication method, communication method and system

Also Published As

Publication number Publication date
CN112073379B (en) 2022-11-11

Similar Documents

Publication Publication Date Title
CN112073379B (en) Lightweight Internet of things security key negotiation method based on edge calculation
CN113783836B (en) Internet of things data access control method and system based on block chain and IBE algorithm
CN111083131B (en) Lightweight identity authentication method for power Internet of things sensing terminal
CN108737436B (en) Cross-domain server identity authentication method based on trust alliance block chain
CN112953727B (en) Internet of things-oriented equipment anonymous identity authentication method and system
CN109743172A (en) Based on alliance's block chain V2G network cross-domain authentication method, information data processing terminal
CN112039872A (en) Cross-domain anonymous authentication method and system based on block chain
CN110267270B (en) Identity authentication method for sensor terminal access edge gateway in transformer substation
Jia et al. A Blockchain-Assisted Privacy-Aware Authentication scheme for internet of medical things
CN101951603A (en) Access control method and system for wireless local area network
CN113746632B (en) Multi-level identity authentication method for Internet of things system
US20230089134A1 (en) Data communication method and apparatus, computer device, and storage medium
WO2008083628A1 (en) A authentication server and a method,a system,a device for bi-authenticating in a mesh network
CN114867014B (en) Internet of vehicles access control method, system, medium, equipment and terminal
CN112910861A (en) Group authentication and segmented authentication-based authentication method for terminal equipment of power internet of things
CN112954680B (en) Tracing attack resistant lightweight access authentication method and system for wireless sensor network
WO2023236551A1 (en) Decentralized trusted access method for cellular base station
Patel et al. Vehiclechain: Blockchain-based vehicular data transmission scheme for smart city
CN101577620A (en) Authentication method of Ethernet passive optical network (EPON) system
Srikanth et al. An efficient Key Agreement and Authentication Scheme (KAAS) with enhanced security control for IIoT systems
CN113055394A (en) Multi-service double-factor authentication method and system suitable for V2G network
Prakash et al. Authentication protocols and techniques: a survey
CN103781026A (en) Authentication method of general authentication mechanism
CN110430207B (en) Multi-point remote cross-network interaction collaborative authentication method for smart power grid
CN101272297B (en) EAP authentication method of WiMAX network user

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant