CN113645196A - Internet of things equipment authentication method and system based on block chain and edge assistance - Google Patents
Internet of things equipment authentication method and system based on block chain and edge assistance Download PDFInfo
- Publication number
- CN113645196A CN113645196A CN202110820932.0A CN202110820932A CN113645196A CN 113645196 A CN113645196 A CN 113645196A CN 202110820932 A CN202110820932 A CN 202110820932A CN 113645196 A CN113645196 A CN 113645196A
- Authority
- CN
- China
- Prior art keywords
- user
- equipment
- administrator
- edge
- internet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 238000013507 mapping Methods 0.000 claims abstract description 96
- RTZKZFJDLAIYFH-UHFFFAOYSA-N Diethyl ether Chemical compound CCOCC RTZKZFJDLAIYFH-UHFFFAOYSA-N 0.000 claims description 12
- 239000003999 initiator Substances 0.000 claims description 11
- 230000008569 process Effects 0.000 claims description 9
- 230000001960 triggered effect Effects 0.000 claims description 9
- 238000012544 monitoring process Methods 0.000 claims description 8
- 239000003607 modifier Substances 0.000 claims description 7
- 238000012217 deletion Methods 0.000 claims description 6
- 230000037430 deletion Effects 0.000 claims description 6
- 230000006855 networking Effects 0.000 claims description 6
- 230000006870 function Effects 0.000 description 56
- 238000007726 management method Methods 0.000 description 19
- 238000005516 engineering process Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 239000000654 additive Substances 0.000 description 1
- 230000000996 additive effect Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 230000006854 communication Effects 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000002474 experimental method Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000003252 repetitive effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Abstract
The invention discloses an Internet of things equipment authentication method and system based on a block chain and edge assistance. The system comprises edge nodes, Internet of things equipment, users, administrators and a block chain. The edge node judges whether the mapping between the user, the Internet of things equipment and the edge node exists or not to realize identity authentication; the Internet of things equipment is added into an edge node management equipment list through an intelligent contract; the user can access the device with the authority; the administrator manages the mapping among the Internet of things equipment, the edge nodes and the users, and adds or deletes equipment and user permissions and the like; and the block chain realizes the management work of an administrator on the equipment and the user authority and the access of the user on the equipment through an intelligent contract. According to the invention, the safety certification of the Internet of things equipment based on the block chain and the edge assistance is realized, and the potential safety hazard caused by the certification of a third party center is avoided by utilizing the characteristics of decentralization and the like of the block chain, so that the system implementation cost is reduced while the safety is ensured.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a method and a system for authenticating Internet of things equipment based on a block chain and edge assistance.
Background
In network security, security authentication can also be regarded as the most important line of defense as the first line, and is extremely important for the whole network security environment. The security authentication is necessary to be able to identify the other party without error, and should provide mutual authentication to ensure that the information is only accessed by the correct person. The identity authentication can be divided into authentication between a user and a system and authentication between a system and a system. Currently, the identity authentication between a user and a system is used mostly, and the system only performs one-way identity authentication on the user. In recent years, due to the openness of the internet, how to ensure a legitimate and trusted identity in a communication process becomes an important component of internet security, and a block chain-based security authentication technology becomes a popular technology hotspot.
In the internet of things, things process and exchange data without human intervention, and due to this sufficient autonomy, these entities need to acknowledge and authenticate each other and ensure the integrity of their exchanged data. Unlike endpoint devices, internet of things devices are resource-constrained devices that cannot protect themselves and are easily attacked and destroyed by hackers, and if effective protection measures cannot be provided, they become targets for malicious users and malicious uses. Therefore, identity authentication is imperative for users, equipment and other participating entities in the internet of things. However, the centralized authentication method in the prior art not only has various problems of high cost, single-point failure, hacking attack, privacy evasion and the like, but also causes the internet of things equipment to generate a large amount of data in a short time, and when a large amount of internet of things equipment simultaneously starts to transmit data to the cloud data center through the global internet, serious network congestion occurs, so that high-delay interaction between the internet of things equipment and the cloud data center is unacceptable, and the service quality can be greatly reduced.
Disclosure of Invention
The invention aims to provide a method and a system for authenticating Internet of things equipment based on a block chain and edge assistance, which are high in safety, high in authentication efficiency and decentralized.
The technical solution for realizing the purpose of the invention is as follows:
in a first aspect, the invention provides an internet of things equipment authentication method based on a block chain and edge assistance, which includes the following steps:
1) initializing a system: deploying an intelligent contract, and taking a default intelligent contract deployer as an administrator;
2) user access: a user initiates access through a known device address, and after the access is successful, the device EA, the edge EA, the user EA and the timestamp are hashed by using a hash function to obtain a user unique identifier UID and generate a Token;
3) a management device: the administrator manages the equipment, adds the mapping between the networking equipment and the edge nodes, or deletes the existing Internet of things equipment in the edge node management equipment list;
4) and (3) managing user authority: the administrator manages the user authority, including adding the user authority and deleting the user authority, wherein the adding of the user authority refers to the mapping among an adding user, the Internet of things equipment and the edge node;
5) adding an administrator: the contract deployer acts as an administrator, and can add a new administrator;
6) user authentication: and traversing the mapping between the Internet of things equipment and the edge node and the user authority to judge whether the user has the access authority.
Furthermore, in the process of managing the device, managing the user right and adding the administrator, whether the task initiator performs identity limitation for the administrator is judged through the modifier, and the operation can only be performed by the administrator.
Further, two mappings are set in the intelligent contract: user equipment mapping and edge equipment mapping; the edge device mapping refers to mapping between the internet of things devices and edge nodes, and one edge node is associated with a plurality of internet of things devices; the mapping of the user equipment refers to user authority, and the precondition that the mapping of the user equipment exists is that the internet of things equipment and the edge node in the mapping exist in the mapping of the edge equipment.
Further, the user access specifically includes:
step 11, a user inputs an address of a block chain for accessing the Internet of things equipment, and clicks to initiate access;
step 12, monitoring the generation of event events in the intelligent contract, wherein the events in the intelligent contract comprise equipment absence events, access failure events, equipment addition success events and access success events; if the device is monitored to have no event, the address of the Internet of things device does not exist in the known edge device mapping; if the access failure event is triggered, the fact that the user does not have the right to access the Internet of things equipment is indicated; if the two events are monitored, the access is failed, otherwise, the step 13 is carried out;
step 13, after monitoring an access success event, a user interface feeds back a prompt to establish successful access, and after successful access, equipment EA, edge EA, a user EA and a timestamp are hashed by using a keccak256 hash function to obtain a user unique identifier UID and generate a Token; since the keccak256 hash function is the most efficient function in Ether gas consumption, our method and system employs the keccak256 hash function.
Further, the management device specifically includes:
an administrator uses an added device edge mapping function, wherein the parameter address edge is an edge node address, the address device is an internet of things device address, the internet of things device is added into the edge device mapping by inputting the edge node address and the device address, and the successful addition triggers a successful addition device event; the administrator deletes existing internet-of-things equipment in the edge node management equipment list through the equipment deleting function delDev, judges whether a task initiator is an administrator identity or not through the onlyadmin modifier, namely judges whether the task initiator exists in an administrator array or not, and only can be operated by the administrator.
Further, the managing the user right specifically includes:
an administrator uses an adding user equipment mapping function address user, address device and address edge, wherein the parameter address user is a user address, the address device is an internet of things device address, the address edge is an edge node address, new user permission is added by inputting the user address, the device address and the edge address, whether the internet of things device exists in the edge device mapping is judged during adding, and if yes, a user equipment adding success event is allowed and triggered; and if the added Internet of things equipment address and the edge node equipment address do not exist in the known mapping, triggering the equipment to have no event, and prompting that the addition fails.
Further, the adding administrator specifically includes the following steps:
when an intelligent contract is established, an address for establishing the intelligent contract is used as a first administrator to be added into an administrator array, the administrator inputs a new administrator address by using an addition administrator function addAddAdmin (address newAdmin) to add a new administrator, wherein the parameter address newAdmin is the address of the new administrator; if the adding is successful, triggering an adding success event; when the administrator is deleted, the length of the administrator array is judged, and when the number of the administrator after deletion is less than 2, the administrator cannot delete the administrator array any more.
Further, the user authentication specifically includes:
step 21, mapping in a traversal intelligent contract is carried out on the user address and the internet of things equipment address input by the user, firstly, mapping of edge equipment is traversed, whether the internet of things equipment exists in an edge node is judged, if yes, step 22 is carried out, and if not, an equipment absence event is generated and feedback is given to prompt that the equipment does not exist;
step 22, traversing user equipment mapping, namely traversing user authority, judging whether a user has the authority to access the equipment, if so, performing step 23, and if not, feeding back access failure;
step 23, if the user has the access right, triggering an access success event and prompting that the access is successful, hashing the device EA, the edge EA, the user EA and the timestamp by using a hash function keycak 256(device, edge, msg.sender, block.timestamp), wherein the parameter device is an internet of things device address, the edge is an edge node address, msg _ sender is a message sender, namely the user address, block.timestamp is a block timestamp, obtaining a user unique identifier UID, and generating a token containing the UID unique identifier, msg _ sender, device address and edge node address by a token creation function token credited (UID, msg.sender, device, edge).
In a second aspect, the present invention provides an internet of things equipment authentication system based on a block chain and Edge assistance, which is characterized by including an internet of things equipment IOT, an Edge Node, an administrator ADMIN, a User and a block chain BC, wherein:
IOT equipment IOT: the Internet of things equipment establishes a link with the edge node through the addition mapping of the administrator, and a user accesses the Internet of things equipment through the block link address;
edge Node: after the Internet of things equipment is added into the edge node through mapping, the edge node manages a plurality of Internet of things equipment and verifies the user authority;
administrator ADMIN: the administrator only can manage the authority in the identity requirement, the administrator can add and delete new administrators, add and delete edge nodes, internet of things equipment mapping and user, edge node and internet of things equipment mapping, if the administrator is not operated by the administrator, failure is prompted, if the operation is successful, the corresponding operation is prompted to be successfully executed, the administrator is not lower than one, and if the last administrator is deleted, the administrator reports an error and cannot delete the operation;
user: logging in through a web front-end interface, and after logging in, accessing by inputting an internet of things equipment address and an edge node address which are expected to be accessed, and prompting whether the access is successful or failed;
block chain BC: and a basic environment is provided for system implementation, and the management function of an administrator and the authentication of the user identity are realized by using an intelligent contract.
Compared with the prior art, the invention has the following remarkable advantages: (1) the application of the block chain technology ensures that the system does not need the participation of a third party and does not need public key distribution; (2) by the application of edge node edge computing, the edge node can more fully utilize the characteristics of the Internet of things compared with cloud computing, and the burden of storage, memory and computing load related to the Internet of things equipment in the authentication process and the Ethernet network interface is reduced; (3) the problem that identity authentication depends on a trusted third party is solved, the use cost is reduced, and the limited storage and processing capacity of the Internet of things equipment is expanded by using the edge node.
Drawings
Fig. 1 is a block diagram illustrating an overall structure of an internet of things device authentication system based on a blockchain and edge assistance according to the present invention.
FIG. 2 is a schematic diagram of the system initialization according to the present invention.
Fig. 3 is a schematic view of a user operation flow in the present invention.
FIG. 4 is a diagram illustrating the system administrator management of the present invention.
Fig. 5 is a schematic flow chart of the security authentication method for the internet of things device based on the blockchain and the edge assistance in the present invention.
Detailed Description
The invention provides an Internet of things equipment authentication method based on a block chain and edge assistance, which comprises the following steps:
1) initializing a system: deploying an intelligent contract, and taking a default intelligent contract deployer as an administrator;
2) user access: a user initiates access through a known device address, and after the access is successful, the device EA, the edge EA, the user EA and the timestamp are hashed by using a hash function to obtain a user unique identifier UID and generate a Token;
3) a management device: the administrator manages the equipment, adds the mapping between the networking equipment and the edge nodes, or deletes the existing Internet of things equipment in the edge node management equipment list;
4) and (3) managing user authority: the administrator manages the user authority, including adding the user authority and deleting the user authority, wherein the adding of the user authority refers to the mapping among an adding user, the Internet of things equipment and the edge node;
5) adding an administrator: the contract deployer acts as an administrator, and can add a new administrator;
6) user authentication: and traversing the mapping between the Internet of things equipment and the edge node and the user authority to judge whether the user has the access authority.
Furthermore, in the process of managing the device, managing the user right and adding the administrator, whether the task initiator performs identity limitation for the administrator is judged through the modifier, and the operation can only be performed by the administrator.
Further, two mappings are set in the intelligent contract: user equipment mapping and edge equipment mapping; the edge device mapping refers to mapping between the internet of things devices and edge nodes, and one edge node is associated with a plurality of internet of things devices; the mapping of the user equipment refers to user authority, and the precondition that the mapping of the user equipment exists is that the internet of things equipment and the edge node in the mapping exist in the mapping of the edge equipment.
Further, the user access specifically includes:
step 11, a user inputs an address of a block chain for accessing the Internet of things equipment, and clicks to initiate access;
step 12, monitoring the generation of event events in the intelligent contract, wherein the events in the intelligent contract comprise equipment absence events, access failure events, equipment addition success events and access success events; if the device is monitored to have no event, the address of the Internet of things device does not exist in the known edge device mapping; if the access failure event is triggered, the fact that the user does not have the right to access the Internet of things equipment is indicated; if the two events are monitored, the access is failed, otherwise, the step 13 is carried out;
step 13, after monitoring an access success event, a user interface feeds back a prompt to establish successful access, and after successful access, equipment EA, edge EA, a user EA and a timestamp are hashed by using a keccak256 hash function to obtain a user unique identifier UID and generate a Token; since the keccak256 hash function is the most efficient function in Ether gas consumption, our method and system employs the keccak256 hash function.
Further, the management device specifically includes:
an administrator uses an added device edge mapping function, wherein the parameter address edge is an edge node address, the address device is an internet of things device address, the internet of things device is added into the edge device mapping by inputting the edge node address and the device address, and the successful addition triggers a successful addition device event; the administrator deletes existing internet-of-things equipment in the edge node management equipment list through the equipment deleting function delDev, judges whether a task initiator is an administrator identity or not through the onlyadmin modifier, namely judges whether the task initiator exists in an administrator array or not, and only can be operated by the administrator.
Further, the managing the user right specifically includes:
an administrator uses an adding user equipment mapping function address user, address device and address edge, wherein the parameter address user is a user address, the address device is an internet of things device address, the address edge is an edge node address, new user permission is added by inputting the user address, the device address and the edge address, whether the internet of things device exists in the edge device mapping is judged during adding, and if yes, a user equipment adding success event is allowed and triggered; and if the added Internet of things equipment address and the edge node equipment address do not exist in the known mapping, triggering the equipment to have no event, and prompting that the addition fails.
Further, the adding administrator specifically includes the following steps:
when an intelligent contract is established, an address for establishing the intelligent contract is used as a first administrator to be added into an administrator array, the administrator inputs a new administrator address by using an addition administrator function addAddAdmin (address newAdmin) to add a new administrator, wherein the parameter address newAdmin is the address of the new administrator; if the adding is successful, triggering an adding success event; when the administrator is deleted, the length of the administrator array is judged, and when the number of the administrator after deletion is less than 2, the administrator cannot delete the administrator array any more.
Further, the user authentication specifically includes:
step 21, mapping in a traversal intelligent contract is carried out on the user address and the internet of things equipment address input by the user, firstly, mapping of edge equipment is traversed, whether the internet of things equipment exists in an edge node is judged, if yes, step 22 is carried out, and if not, an equipment absence event is generated and feedback is given to prompt that the equipment does not exist;
step 22, traversing user equipment mapping, namely traversing user authority, judging whether a user has the authority to access the equipment, if so, performing step 23, and if not, feeding back access failure;
step 23, if the user has the access right, triggering an access success event and prompting that the access is successful, hashing the device EA, the edge EA, the user EA and the timestamp by using a hash function keycak 256(device, edge, msg.sender, block.timestamp), wherein the parameter device is an internet of things device address, the edge is an edge node address, msg _ sender is a message sender, namely the user address, block.timestamp is a block timestamp, obtaining a user unique identifier UID, and generating a token containing the UID unique identifier, msg _ sender, device address and edge node address by a token creation function token credited (UID, msg.sender, device, edge).
The invention provides an Internet of things equipment authentication system based on a block chain and Edge assistance, which is characterized by comprising an Internet of things equipment IOT, an Edge Node, an administrator ADMIN, a User and a block chain BC, wherein:
IOT equipment IOT: the Internet of things equipment establishes a link with the edge node through the addition mapping of the administrator, and a user accesses the Internet of things equipment through the block link address;
edge Node: after the Internet of things equipment is added into the edge node through mapping, the edge node manages a plurality of Internet of things equipment and verifies the user authority;
administrator ADMIN: the administrator only can manage the authority in the identity requirement, the administrator can add and delete new administrators, add and delete edge nodes, internet of things equipment mapping and user, edge node and internet of things equipment mapping, if the administrator is not operated by the administrator, failure is prompted, if the operation is successful, the corresponding operation is prompted to be successfully executed, the administrator is not lower than one, and if the last administrator is deleted, the administrator reports an error and cannot delete the operation;
user: logging in through a web front-end interface, and after logging in, accessing by inputting an internet of things equipment address and an edge node address which are expected to be accessed, and prompting whether the access is successful or failed;
block chain BC: and a basic environment is provided for system implementation, and the management function of an administrator and the authentication of the user identity are realized by using an intelligent contract.
The invention is described in further detail below with reference to the figures and specific examples.
Examples
With reference to fig. 1, the system for security authentication of internet of things equipment based on block chaining and Edge assistance in the present invention includes an internet of things equipment IOT, an Edge Node, an administrator ADMIN, a User, and a block chaining BC.
Each piece of Internet of things equipment in the system is mapped to one edge node;
the edge nodes are used for managing access to the Internet of things equipment, and each node can manage a group of Internet of things equipment;
the administrator, is the entity responsible for managing the user access control list and permissions of the internet of things devices. The administrator is the owner or creator of the intelligent contract and other users may be added as administrators. The main task of the administrator is to manage the registration and the logout of the internet of things equipment and the edge nodes in the system. And the administrator grants the authority of the terminal user to access the equipment of the Internet of things through the intelligent contract.
The user is a client that requests access rights from the smart contract to access the particular internet of things device. Once users obtain access rights through smart contracts, they contact designated edge nodes responsible for managing target internet of things devices for authentication and access.
The blockchain uses a single intelligent contract. The smart contract contains a mapping of all registered edge nodes and their associated internet of things devices managed by the edge nodes, and also contains a list of authenticated end users that are mapped to the internet of things devices to which they are allowed to access. All registration, authentication and access control functions are governed in an decentralized manner by intelligent contracts.
TABLE 1 symbolic description
| (symbol) | Means of |
| IOT | Internet of things equipment |
| Edge Node | Edge node |
| ADMIN | Administrator |
| User | User' s |
| BC | Block chain |
| UID | User identifier |
| keccak256 | Hash function |
| Token | Token |
| PKI | Public key infrastructure |
| Device | Device |
| msg_sender | Message sender |
| block.timestamp | Block time stamp |
| EA | Ether house address |
| Event | Intelligent contract events |
With reference to table 1 and fig. 1, the system for authenticating security of internet of things based on blockchain and edge assistance is characterized by including the following:
1) initializing a system: selecting an identity as an administrator or a user to log in the system through a front-end page;
2) and (4) accessing a function: a user initiates access through a known device address, after the access is successful, the device EA, the edge EA, the user EA and the timestamp are hashed by using a keccak256 hash function, and the keccak256 hash function is the most effective function in Ether gas consumption, so that a user unique identifier UID is obtained, and a Token is generated;
3) managing device functions: the administrator can manage the equipment, and map or delete existing Internet of things equipment in the edge node management equipment list between the additive networking equipment and the edge node;
4) and the function of managing user authority: the administrator can manage the user authority, add the user authority, namely add the mapping among the user, the internet of things equipment and the edge node, and delete the authority owned by the user;
5) add administrator functions: the system initially makes a default contract builder as an administrator, and the administrator can add a new administrator;
6) a user authentication function: and traversing the mapping between the Internet of things equipment and the edge node and the user authority to judge whether the user has the access authority.
Furthermore, the management device function, the management user authority function and the administrator adding function judge whether the task initiator is an administrator or not through the modifier onlyadmin, namely whether the task initiator exists in the administrator array or not, the identity is limited, and the operation can be carried out only by the identity of the administrator.
Further the user authentication functionality is implemented in two mappings to the presence in the smart contract: the user equipment and the edge equipment perform traversal. Edge device mapping, i.e. mapping between internet of things devices and edge nodes, wherein one edge node is associated with a plurality of internet of things devices; the premise condition of the user equipment mapping, namely the user permission, is that the internet of things equipment and the edge node in the mapping should exist in the edge equipment mapping.
The system is initialized first, and as shown in fig. 2, a basic environment of the system, users, administrators, edge nodes and internet of things equipment have non-repetitive blockchain addresses by building a blockchain network. Intelligent contracts are deployed on blockchains, with the contract publisher defaulting to the first administrator.
Before a user accesses the system, the administrator needs to enter and manage the user authority and the edge device. As shown in fig. 3, the specific implementation process of the management device function is as follows:
firstly, an administrator logs in a system through an administrator address and selects an administrator identity, and management equipment options are selected in the system and divided into adding and deleting of Internet of things equipment;
secondly, the address of the internet of things equipment and the address of the edge node are sequentially input when the internet of things equipment is selected to be added, and the internet of things equipment and the address of the edge node can be added into the mapping of the intelligent contract by clicking an adding button; the existing mapping relation can be deleted, and if the mapping relation does not exist in the deletion, an error is reported;
and finally, successfully adding an event triggering the successful addition of the edge equipment, and feeding back on an administrator interface, wherein the log information comprises administrator information, equipment information, edge node information and event information for making an addition task.
As shown in fig. 3, the specific implementation process of the administrator for managing the user right is as follows:
firstly, an administrator logs in a system through an administrator address and selects a management user authority option, wherein the management user authority can be divided into user authority addition and user authority deletion;
secondly, if the user authority is added, a user address, an edge node address and an Internet of things equipment address need to be input in sequence, and the existing user authority can be deleted;
and thirdly, when the user authority is added, the execution function traverses whether the edge node address and the Internet of things device address exist in the known edge device mapping. If the event exists, the adding is successful, and if the event does not exist, the device is triggered to have no event;
and finally, successfully adding the user authority, triggering an adding success event, and feeding back a prompt through an administrator interface, wherein the log information comprises administrator address information for initiating an adding task, user information, equipment information, edge node information and event information.
As shown in fig. 3, the administrator function is implemented by the following process:
when an intelligent contract is established, an address for establishing the intelligent contract is added into an administrator array as a first administrator, the administrator can input a new administrator address to add a new administrator by using an addition administrator function addadmin (address newAdmin), wherein the parameter address newAdmin is a new administrator address, and an addition success event is triggered if the addition is successful; when the administrator is deleted, the length of the administrator array is judged, namely, the administrator cannot delete the administrator array when the deletion number is less than 2.
Further, the user access function is implemented by the following steps, as shown in fig. 4:
step one, a user inputs an address for accessing a block chain of the Internet of things equipment, and clicks to initiate access;
step two, monitoring the generation of contract events, and if no event exists in the equipment, indicating that the address of the Internet of things equipment does not exist in the known edge equipment mapping; if the access failure event is triggered, the fact that the user does not have the right to access the Internet of things equipment is indicated;
and step three, monitoring an access establishment success event and feeding back a prompt to the success of access establishment through a user interface.
The implementation of the user access function depends on the user identity authentication function, as shown in fig. 5, the user authentication function is implemented by the following steps:
firstly, mapping in a traversal intelligent contract is carried out on a user address and an Internet of things device address input by a user, firstly, mapping of edge devices is traversed, and whether the Internet of things device exists in a certain edge node is judged. If the equipment does not exist, generating an equipment nonexistence event and feeding back to prompt that the equipment does not exist;
and step two, traversing the mapping of the user equipment, namely traversing the user authority, and judging whether the user has the authority of accessing the equipment. If the access request exists, the third step is carried out, and if the access request does not exist, the feedback access fails;
and step three, triggering an access success event and prompting successful access if the user has the access right, and hashing the equipment EA, the edge EA, the user EA and the timestamp by using a hash function keccak256(device, edge, msg.sender, block.timestamp) by using the keccak256 hash function, wherein the parameter device is an internet of things equipment address, the edge is an edge node address, msg _ sender is a message sender, namely the user address, and block.timestamp is a block timestamp. The key-256 hash function is the most effective function in Ether gas consumption, so as to obtain the user unique identifier UID, and a token which contains the parameter UID unique identifier, msg-sender message sender, device equipment address and edge node address is generated through a token creating function TokenCreated (UID, msg.
To demonstrate the effectiveness of the present invention, the performance analysis is as follows:
the calculation overhead of the invention mainly comprises the calculation overhead of functions used in the six processes of contract deployment during system initialization, user access, management of managers on managers, equipment and user authority, and authentication of user authority by edge nodes. The user authentication is used for traversing mapping between the Internet of things equipment and the edge node and user authority to judge whether the user has access authority; after the user is considered to be successfully accessed in the authentication stage, the device EA, the edge EA, the user EA and the timestamp are hashed by using a keccak256 hash function through the keccak256 hash function, the keccak256 hash function is the most effective function in Ether gas consumption, so that the user unique identifier UID is obtained, and a token containing the UID unique identifier, a message sender, a device address and an edge node address is generated through a token creating function TokenCreated.
Furthermore, the experiment is carried out in the environment of Intel (R) core (TM) i5-6200U CPU @2.30GHz and RAM of 4 GB;
therefore, the invention relates to a safety authentication method and a system of internet of things equipment based on block chain and edge assistance, which utilize the characteristics of the block chain technology in the aspect of safety, and have safety guarantee in several aspects such as confidentiality, integrity, non-repudiation and the like, each message exchange in identity verification is carried out on the chain, UID and timestamp are used in verification messages to prevent replay attack and man-in-the-middle attack, generated events are all tamper-proof, and lists and mapping records of users, internet of things equipment, edge nodes and administrators are stored on the block chain in a decentralized and distributed manner, and the block chain has high robustness and DDoS attack resistance to ensure that the block chain is not influenced by faults, hackers or compromises; in the aspect of system performance, the application of the edge nodes and the block chains is fully combined with the characteristics of the Internet of things equipment, so that the service delivery time and the network congestion are reduced, and the service quality and the user experience are improved.
Claims (9)
1. An Internet of things equipment authentication method based on block chains and edge assistance is characterized by comprising the following steps:
1) initializing a system: deploying an intelligent contract, and taking a default intelligent contract deployer as an administrator;
2) user access: a user initiates access through a known device address, and after the access is successful, the device EA, the edge EA, the user EA and the timestamp are hashed by using a hash function to obtain a user unique identifier UID and generate a Token;
3) a management device: the administrator manages the equipment, adds the mapping between the networking equipment and the edge nodes, or deletes the existing Internet of things equipment in the edge node management equipment list;
4) and (3) managing user authority: the administrator manages the user authority, including adding the user authority and deleting the user authority, wherein the adding of the user authority refers to the mapping among an adding user, the Internet of things equipment and the edge node;
5) adding an administrator: the contract deployer acts as an administrator, and can add a new administrator;
6) user authentication: and traversing the mapping between the Internet of things equipment and the edge node and the user authority to judge whether the user has the access authority.
2. The IOT equipment authentication method based on the blockchain and the edge assistance as claimed in claim 1, wherein in the processes of managing equipment, managing user authority and adding an administrator, whether a task initiator performs identity limitation for the administrator is judged through a modifier, and only the administrator can perform operation.
3. The method for authenticating the equipment of the internet of things based on the blockchain and the edge assistance as claimed in claim 1 or 2, wherein two mappings are set in the intelligent contract: user equipment mapping and edge equipment mapping; the edge device mapping refers to mapping between the internet of things devices and edge nodes, and one edge node is associated with a plurality of internet of things devices; the mapping of the user equipment refers to user authority, and the precondition that the mapping of the user equipment exists is that the internet of things equipment and the edge node in the mapping exist in the mapping of the edge equipment.
4. The method for authenticating the equipment of the internet of things based on the blockchain and the edge assistance according to claim 3, wherein the user access specifically comprises the following steps:
step 11, a user inputs an address of a block chain for accessing the Internet of things equipment, and clicks to initiate access;
step 12, monitoring the generation of event events in the intelligent contract, wherein the events in the intelligent contract comprise equipment absence events, access failure events, equipment addition success events and access success events; if the device is monitored to have no event, the address of the Internet of things device does not exist in the known edge device mapping; if the access failure event is triggered, the fact that the user does not have the right to access the Internet of things equipment is indicated; if the two events are monitored, the access is failed, otherwise, the step 13 is carried out;
step 13, after monitoring an access success event, a user interface feeds back a prompt to establish successful access, and after successful access, equipment EA, edge EA, a user EA and a timestamp are hashed by using a keccak256 hash function to obtain a user unique identifier UID and generate a Token; since the keccak256 hash function is the most efficient function in Ether gas consumption, our method and system employs the keccak256 hash function.
5. The method for authenticating the internet of things equipment based on the blockchain and the edge assistance as claimed in claim 3, wherein the management equipment specifically comprises the following components:
an administrator uses an added device edge mapping function, wherein the parameter address edge is an edge node address, the address device is an internet of things device address, the internet of things device is added into the edge device mapping by inputting the edge node address and the device address, and the successful addition triggers a successful addition device event; the administrator deletes existing internet-of-things equipment in the edge node management equipment list through the equipment deleting function delDev, judges whether a task initiator is an administrator identity or not through the onlyadmin modifier, namely judges whether the task initiator exists in an administrator array or not, and only can be operated by the administrator.
6. The IOT equipment authentication method based on the blockchain and the edge assistance as claimed in claim 3, wherein the management user authority specifically comprises the following steps:
an administrator uses an adding user equipment mapping function address user, address device and address edge, wherein the parameter address user is a user address, the address device is an internet of things device address, the address edge is an edge node address, new user permission is added by inputting the user address, the device address and the edge address, whether the internet of things device exists in the edge device mapping is judged during adding, and if yes, a user equipment adding success event is allowed and triggered; and if the added Internet of things equipment address and the edge node equipment address do not exist in the known mapping, triggering the equipment to have no event, and prompting that the addition fails.
7. The IOT equipment authentication method based on the blockchain and the edge assistance as claimed in claim 3, wherein the addition administrator specifically comprises the following steps:
when an intelligent contract is established, an address for establishing the intelligent contract is used as a first administrator to be added into an administrator array, the administrator inputs a new administrator address by using an addition administrator function addAddAdmin (address newAdmin) to add a new administrator, wherein the parameter address newAdmin is the address of the new administrator; if the adding is successful, triggering an adding success event; when the administrator is deleted, the length of the administrator array is judged, and when the number of the administrator after deletion is less than 2, the administrator cannot delete the administrator array any more.
8. The method for authenticating the equipment of the internet of things based on the blockchain and the edge assistance according to claim 3, wherein the user authentication specifically comprises the following steps:
step 21, mapping in a traversal intelligent contract is carried out on the user address and the internet of things equipment address input by the user, firstly, mapping of edge equipment is traversed, whether the internet of things equipment exists in an edge node is judged, if yes, step 22 is carried out, and if not, an equipment absence event is generated and feedback is given to prompt that the equipment does not exist;
step 22, traversing user equipment mapping, namely traversing user authority, judging whether a user has the authority to access the equipment, if so, performing step 23, and if not, feeding back access failure;
step 23, if the user has the access right, triggering an access success event and prompting that the access is successful, hashing the device EA, the edge EA, the user EA and the timestamp by using a hash function keycak 256(device, edge, msg.sender, block.timestamp), wherein the parameter device is an internet of things device address, the edge is an edge node address, msg _ sender is a message sender, namely the user address, block.timestamp is a block timestamp, obtaining a user unique identifier UID, and generating a token containing the UID unique identifier, msg _ sender, device address and edge node address by a token creation function token credited (UID, msg.sender, device, edge).
9. The utility model provides a thing networking equipment authentication system based on block chain and Edge are supplementary, its characterized in that includes thing networking equipment IOT, Edge Node, administrator ADMIN, User and block chain BC, wherein:
IOT equipment IOT: the Internet of things equipment establishes a link with the edge node through the addition mapping of the administrator, and a user accesses the Internet of things equipment through the block link address;
edge Node: after the Internet of things equipment is added into the edge node through mapping, the edge node manages a plurality of Internet of things equipment and verifies the user authority;
administrator ADMIN: the administrator only can manage the authority in the identity requirement, the administrator can add and delete new administrators, add and delete edge nodes, internet of things equipment mapping and user, edge node and internet of things equipment mapping, if the administrator is not operated by the administrator, failure is prompted, if the operation is successful, the corresponding operation is prompted to be successfully executed, the administrator is not lower than one, and if the last administrator is deleted, the administrator reports an error and cannot delete the operation;
user: logging in through a web front-end interface, and after logging in, accessing by inputting an internet of things equipment address and an edge node address which are expected to be accessed, and prompting whether the access is successful or failed;
block chain BC: and a basic environment is provided for system implementation, and the management function of an administrator and the authentication of the user identity are realized by using an intelligent contract.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110820932.0A CN113645196A (en) | 2021-07-20 | 2021-07-20 | Internet of things equipment authentication method and system based on block chain and edge assistance |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110820932.0A CN113645196A (en) | 2021-07-20 | 2021-07-20 | Internet of things equipment authentication method and system based on block chain and edge assistance |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113645196A true CN113645196A (en) | 2021-11-12 |
Family
ID=78417841
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110820932.0A Pending CN113645196A (en) | 2021-07-20 | 2021-07-20 | Internet of things equipment authentication method and system based on block chain and edge assistance |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113645196A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113849796A (en) * | 2021-11-30 | 2021-12-28 | 南京可信区块链与算法经济研究院有限公司 | Intelligent communication water affair Internet of things remote monitoring control method, system and block chain system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107682331A (en) * | 2017-09-28 | 2018-02-09 | 复旦大学 | Internet of Things identity identifying method based on block chain |
| CN111447073A (en) * | 2020-03-31 | 2020-07-24 | 河北大学 | Identity management and authentication system and method based on block chain and zero-knowledge proof |
| CN111988338A (en) * | 2020-09-07 | 2020-11-24 | 华侨大学 | Permission-controllable Internet of things cloud platform based on block chain and data interaction method |
-
2021
- 2021-07-20 CN CN202110820932.0A patent/CN113645196A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107682331A (en) * | 2017-09-28 | 2018-02-09 | 复旦大学 | Internet of Things identity identifying method based on block chain |
| CN111447073A (en) * | 2020-03-31 | 2020-07-24 | 河北大学 | Identity management and authentication system and method based on block chain and zero-knowledge proof |
| CN111988338A (en) * | 2020-09-07 | 2020-11-24 | 华侨大学 | Permission-controllable Internet of things cloud platform based on block chain and data interaction method |
Non-Patent Citations (1)
| Title |
|---|
| RANDA ALMADHOUN等: "A User Authentication Scheme of IoT Devices using Blockchain-enabled Fog Nodes", 《2018 IEEE/ACS 15TH INTERNATIONAL CONFERENCE ON COMPUTER SYSTEMS AND APPLICATION(AICCSA)》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113849796A (en) * | 2021-11-30 | 2021-12-28 | 南京可信区块链与算法经济研究院有限公司 | Intelligent communication water affair Internet of things remote monitoring control method, system and block chain system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11109229B2 (en) | Security for network computing environment using centralized security system | |
| Pirzada et al. | Kerberos assisted authentication in mobile ad-hoc networks | |
| US9237021B2 (en) | Certificate grant list at network device | |
| CN112422532B (en) | Service communication method, system and device and electronic equipment | |
| CN108173827B (en) | Block chain thinking-based distributed SDN control plane security authentication method | |
| CN101005459B (en) | Radio sensor access control method based on key chain | |
| KR102152360B1 (en) | System and method for providing data reliability based on blockchain for iot services | |
| Falco et al. | Neuromesh: Iot security enabled by a blockchain powered botnet vaccine | |
| CN109344628B (en) | Method for managing trusted nodes in block chain network, nodes and storage medium | |
| CN110856174B (en) | Access authentication system, method, device, computer equipment and storage medium | |
| CN113079215B (en) | Block chain-based wireless security access method for power distribution Internet of things | |
| Pavelić et al. | Internet of things cyber security: Smart door lock system | |
| CN112383557B (en) | Safety access gateway and industrial equipment communication management method | |
| CN112910861A (en) | Group authentication and segmented authentication-based authentication method for terminal equipment of power internet of things | |
| CN113922957B (en) | Virtual cloud wallet system based on privacy protection calculation | |
| CN112436940A (en) | Internet of things equipment trusted boot management method based on zero-knowledge proof | |
| CN111447283A (en) | Method for realizing information security of power distribution station room system | |
| GB2489676A (en) | Overlay network comprising management node controlling access of subordinate nodes | |
| CN110855707A (en) | Internet of things communication pipeline safety control system and method | |
| WO2023236551A1 (en) | Decentralized trusted access method for cellular base station | |
| CN111885604A (en) | Authentication method, device and system based on heaven and earth integrated network | |
| CN115865320A (en) | Block chain-based security service management method and system | |
| CN112437158B (en) | Network security identity authentication method based on power Internet of things | |
| CN108199866B (en) | Social network system with strong privacy protection | |
| CN113645196A (en) | Internet of things equipment authentication method and system based on block chain and edge assistance |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20211112 |
|
| RJ01 | Rejection of invention patent application after publication |