CN113765658A - Authentication and key agreement protocol method for Internet of things equipment in distributed cloud computing architecture - Google Patents

Abstract

The invention discloses an authentication and key agreement protocol method for equipment of the Internet of things in a distributed cloud computing architecture. The method comprises a registration stage, a login stage and an authentication and key agreement stage; the authentication and key agreement phase includes: first handshake process: user U_iTo cloud server S through its internet of things device_mSending a login message, S_mAfter receiving the login message, calculating the authentication condition of the user, and sending the authentication condition and the login message to the control server CS; second handshake process: CS receives from S_mAfter the message, verify U_iAnd S_mIf the two are legal, they are respectively U_iAnd S_mGenerating its own identity verification condition and sending to S_m(ii) a Third hand of shakeThe process is as follows: s_mSelects an authentication condition associated with itself to authenticate the CS and sends another authentication condition to the U_iThe internet of things device of (1); the fourth handshake process: u shape_iThe Internet of things equipment verifies the validity of the CS according to the authentication condition, and if the CS passes the verification, the U passes_i、S_mFinally negotiating with CS to obtain a shared secret key SK h (N)_m||N_CS||N_i)。

Description

Authentication and key agreement protocol method for Internet of things equipment in distributed cloud computing architecture

Technical Field

The invention relates to the technical field of information security, in particular to a high-efficiency authentication and key agreement protocol design method used among a plurality of internet of things devices in a distributed cloud computing architecture.

Background

In recent years, internet of things (IoT) devices, such as sensor devices, RFID tags, actuators, and smart terminals, are increasingly used in daily life to provide people with convenient lives. In the construction process of the smart city, the main functions of the Internet of things equipment are interconnected and intercommunicated in a heterogeneous wireless environment, and the equipment can continuously monitor and analyze various application data from the city so as to realize the real-time automation of the smart decision process of the smart city. However, as is well known, the internet of things device resources are limited, and the amount of data in a smart city is huge, which generally grows exponentially with the data and devices, so that a standard platform is required to centrally process a large amount of heterogeneous data and devices. To handle such a large database repository generated by various internet of things devices, cloud computing is an effective solution. Currently, cloud providers offer various types of cloud services, such as software as a service cloud (SaaS) (e.g., IBM lotus live), platform as a service (PaaS) (e.g., Google appeengine), and infrastructure as a service (IaaS) (e.g., amazon web services).

However, with the widespread use of internet of things and cloud computing in smart cities, various security and privacy challenges may be encountered, the most basic of which is mutual authentication between various application devices, such as participating users, internet of things devices, distributed servers, data control centers, and the like. In fig. 1, we simply present a scenario: assuming that a cloud computing service provider has already built a distributed private cloud environment covering the whole smart city, in the operation process of the smart city, a plurality of internet of things devices need to upload application data generated in real time to the private cloud service closest to the internet of things devices, and each distributed private cloud service is subjected to primary computing and then converges data to a cloud service center, namely a data control center, so that real-time communication perception among the devices is realized through high-speed computing and intelligent scheduling of the cloud service center, and high-quality service is provided. Three main entities are mainly involved in this scenario: the system comprises a cloud computing provider, namely a data control center, a single distributed private cloud server and equipment terminals which are connected with each support in a network. In the process, the distributed private cloud server generally stores the privacy information from the internet of things equipment, and only a legal user can access the sensitive information, so that mutual authentication between two entities needs to be realized. Similarly, mutual authentication between the distributed private server and the data control center is required. In addition, after mutual authentication is implemented between the devices, since mutual communication data is mostly transmitted through the open internet, in order to ensure the confidentiality of the data, it is also necessary to generate a shared key for sealing the next communication traffic after the mutual authentication is implemented by the three entities.

Recently, many authentication protocols integrated with the internet of things and distributed cloud computing have been proposed for secure access control of large-scale internet of things networks. In 2018, Amin et al (document 1 "r.amin, n.kumar, g.p.biswas, r.iqbal, and v.chang, a light weight authentication protocol for IoT-enabled devices in distributed Cloud Computing environment, Future Generation Computer Systems, vol.78, pp.01") proposed an authentication protocol for internet of things devices in a distributed Cloud Computing environment, indicating a number of security vulnerabilities in two authentication protocols proposed by Xue et al and Chuang et al, respectively. However, Kang et al (document 2: Kang B, Han Y, Qian K, et al, analysis and Improvement on an Authentication Protocol for IoT-Enabled Devices in Distributed Cloud Computing Environment [ J ]. physical schemes in Engineering,2020, (2):1-6) found that the Amin et al Protocol was susceptible to forgery attacks and improved the Protocol. However, through a large amount of research on authentication protocols, the inventors further found that an offline password guessing attack on the protocol of Kang et al is performed, that is, a malicious user can easily obtain a master key of a master control server, and the master key is a key parameter of the entire system, which may cause all information of the entire system to be leaked.

In addition, as the protocols are designed for communication among internet of things devices, as is well known, the devices are developed based on an embedded mode, generally, computing resources and storage resources are limited, and in the actual use process, the real-time requirement of communication is high, the data operation efficiency is high, and if a mainstream encryption algorithm is adopted, the requirements are difficult to meet. Therefore, designing these protocols also requires considering the computational complexity of the protocol implementation while ensuring the confidentiality of the communication.

Disclosure of Invention

In order to meet mutual authentication and encryption communication among application equipment under a distributed cloud architecture based on the Internet of things in a smart city, the invention provides a high-efficiency authentication and key agreement protocol design method for the Internet of things equipment in the distributed cloud computing architecture.

The invention provides an authentication and key agreement protocol method of Internet of things equipment in a distributed cloud computing architecture, which comprises a registration stage, a login stage and an authentication and key agreement stage, wherein the authentication and key agreement stage comprises the following steps:

first handshake process: user U_iTo cloud server S through its internet of things device_mSending a login message, cloud Server S_mReceiving user U_iAfter the login message, calculating the authentication condition of the user, and comparing the authentication condition of the user with the authentication condition of the user U_iThe login message is sent to the control server CS;

second handshake process: the control server CS receives the data from the cloud server S_mAfter the message, the user U is authenticated_iAnd cloud server S_mIf the two are legal, the two are respectively the user U_iAnd cloud server S_mGenerating its own authentication conditions, and sending the generated two authentication conditions to the cloud serviceDevice S_m；

Third handshake process: cloud server S_mSelects an authentication condition related to itself from the two received authentication conditions to authenticate the control server CS, and sends the other authentication condition to the user U_iThe internet of things device of (1);

the fourth handshake process: user U_iThe Internet of things equipment verifies the validity of the control server CS according to the received identity verification condition, and if the control server CS passes the verification, the user U_iCloud server S_mFinally negotiating with the control server CS to obtain a shared secret key SK h (N)_m||N_CS||N_i) (ii) a Wherein N is_mIndicating that the first handshake process is performed by the cloud server S_mA 128-bit random number, N, is generated_CSRepresenting a 128-bit random number, N, generated by the control server CS during the second handshake_iRepresenting a user U_iOn-login cloud server S_mA random number of at least 128 bits generated;

in the four-way handshake process, only the user U needs to be used_iCloud server S_mAnd the control server CS fails to authenticate, the session ends.

Further, in the first handshake process, the cloud server S_mReceiving user U_iAfter the login message, the method further comprises:

cloud server S_mExamination conditions TS_m-TS_i<Whether delta T is established or not, if yes, the cloud server S_mCalculating the identity verification condition of the user, specifically comprising: cloud server S_mGenerating a 128-bit random number N_mAnd calculate

K_i＝h(N_m||BS_m||PID_i||G_i||TS_m)；

Correspondingly, the cloud server S_mThe authentication condition of the user U and the user U_iThe sending of the login message to the control server CS specifically includes: cloud server S_mWill be provided with<J_i,K_i,PSID_m,G_i,F_i,Z_i,PID_i,TS_i,TS_m>Sending to the control server CS;

wherein the content of the first and second substances,<G_i,F_i,Z_i,PID_i,TS_i>representing a user U_iThe log-in message of (a) is,<J_i,K_i,PSID_m,TS_m>representing cloud Server S_mAuthentication condition of (TS)_mRepresenting cloud Server S_mCurrent time stamp of, TS_iRepresenting a user U_iThe current time stamp of the Internet of things equipment, delta T represents a set time threshold value, BS_mRepresenting cloud Server S_mSymmetric key with control server CS, PID_iRepresenting a user U_iPseudo-identity of, PSID_mRepresenting cloud Server S_mPseudo-identity of, B_m、J_i、K_i、G_i、F_iAnd Z_iAll represent intermediate operation results, h (-) represents a hash function, and | | represents splicing operation.

Further, in the second handshake process, the control server CS receives the information from the cloud server S_mAfter the message, further comprising: control Server CS checks Condition TS_CS-TS_m<Whether the delta T is established or not, if yes, verifying the user U_iAnd cloud server S_mThe validity of (2);

correspondingly, the authentication user U_iAnd cloud server S_mIf the two are legal, the two are respectively the user U_iAnd cloud server S_mGenerating the authentication conditions of the cloud server S and sending the generated two authentication conditions to the cloud server S_mThe method specifically comprises the following steps:

step A1: control server CS computation

D_i＝h(PID_i||x)

Step A2: control server CS checking condition

If yes, the control server CS verifies the user U_iLegality;

step A3: control server CS computation

BS_m＝h(PSID_m||SID_m||y)

Step A4: control server CS checking condition

If yes, the control server CS verifies the cloud server S_mLegality;

step A5: the control server CS generates a 128-bit random number N_CSAnd calculate

SK_CS＝h(N_i||N_m||N_CS)

Step A6: through the common channel<P_CS,Q_CS,R_CS,V_CS>Sending to cloud server S_m；

Wherein, TS_CSRepresenting the current timestamp of the control server CS, x representing a timestamp known only to the control server CS for authenticating the user U_iSecret key, ID of_iRepresenting a user U_iTrue identity of, SID_mRepresenting cloud Server S_mTrue identity of SK_CSRepresenting a shared secret generated by the CS side of the control server, R_CSAnd V_CSIndicating that the control server CS is a cloud server S_mGenerated authentication condition, P_CSAnd Q_CSIndicating that control server CS is user U_iGenerated authentication conditions, D_iRepresenting a symmetric key between the internet of things device and the control server CS,

and

respectively representing means for authenticating a user U_iAnd cloud server S_mThe legitimacy of and the parameters of the integrity of the data transmission,

representing an exclusive or operation.

Further, the third handshake process specifically includes:

first, the cloud server S_mComputing

W_m＝h(BS_m||N_m)

Then, the cloud server S_mExamination conditions

Whether it is, if it is, the cloud server S_mThe authentication control server CS passes and will pass<P_CS,Q_CS>Sent to user U_iThe internet of things device of (1);

wherein SK_mRepresenting cloud Server S_mEnd-generated shared secret, W_mThe result of the intermediate operation is represented,

a parameter representing the authenticity of the identity used to verify the control server CS;

further, the fourth handshake process specifically includes:

first, user U_iInternet of things equipment computing

L_i＝h(N_i||D_i||F_i)

SK_i＝h(N_m||N_CS||N_i)

Then, the user U_iInternet of things equipment inspection condition

If true, user U_iConfirm that the control server CS is authentic;

wherein L is_iRepresenting the result of an intermediate operation, SK_iRepresenting a user U_iThe shared secret key generated by the device side of the internet of things,

respectively, representing parameters for verifying the authenticity of the identity of the control server CS.

Further, the registration stage is divided into a cloud server registration stage and a user registration stage; wherein: the cloud server registration stage specifically includes:

cloud server S_mWill register the message<SID_m,d>Sending to the control server CS; wherein SID_mRepresenting cloud Server S_mD is a random number;

the control server CS receives the information from the cloud server S_mAfter the registration message, calculate the PSID_m＝h(SID_m||d)，BS_m＝h(PSID_m||SID_mY) and will be transmitted via a secure channel<BS_m>Send back cloud server S_m(ii) a Wherein, PSID_mRepresenting cloud Server S_mY denotes a pseudo identity known only to the control server CS for authenticating the cloud server S_mOf the secret key, BS_mRepresenting cloud Server S_mA symmetric key with the control server CS, h (-) represents a hash function;

cloud server S_mSecret parameters<BS_m,d>And storing the data in the memory.

Further, the user registration stage specifically includes:

user U_iSelecting the desired real identity ID_iAnd a password P_iEntering the Internet of things equipment;

internet of things equipment collection user U_iBiological characteristics of (B)_iAnd generates a random number b to calculate the PID_i＝h(ID_i||b)，

And

wherein, PID_iRepresenting a user U_iPseudo-identity of, A_iAnd Ω_iAll of which represent the results of the intermediate operations,

representing an exclusive or operation;

internet of things equipment registers message<ID_i,PID_i,A_i>Sending the data to a control server CS through a secure channel;

the control server CS verifies the ID after receiving the registration message from the Internet of things equipment_iIs true of, if ID_iIs illegal, the control server CS will reject the user U_iRegistering; otherwise, the control server CS calculates C_i＝h(PID_i||A_i)，D_i＝h(PID_i| x) and

wherein x denotes a user U known only to the control server CS for authentication_iSecret key of D_iRepresenting a symmetric key between the Internet of things device and the control server CS, C_iAnd E_iAll represent intermediate operation results;

control server CS sends data<C_i,E_i,h(·)>Write in the smart card and deliver it to the user U by dedicated communication_i；

User U_iAfter the smart card is obtained, the smart card is inserted into the Internet of things equipment, and the ID is input into the Internet of things equipment again_iAnd P_iSo as to write omega into the smart card through the equipment of the Internet of things_iRecording information by smart card<C_i,Ω_i,E_i,h(·)>。

Further, the login stage specifically includes:

when the user U_iWant to slave cloud server S_mObtaining information, user U_iSmart cardInsert an internet of things device and provide

P_i ^*And

wherein the content of the first and second substances,

P_i ^*and

respectively represent users U_iThe identity, password and biometric features of the actual input;

internet of things equipment computing

And

examination conditions

If yes, the user U_iIs true, otherwise, the user U is rejected_iLogging in;

if the user U_iIs true, the Internet of things equipment generates a random number N with at least 128 bits_iAnd calculate

PID_i＝h(ID_i||b)

G_i＝h(PID_i||SID_m||N_i||TS_i||D_i)

Wherein, TS_iIs the current timestamp, SID, of the Internet of things device_mIs a cloud server S_mTrue identity of G_i、F_iAnd Z_iAll represent intermediate operation results;

the Internet of things equipment is connected with the Internet of things equipment through a public channel<G_i,F_i,Z_i,PID_i,TS_i>Transmitting to a cloud Server S_m。

Further, still include: the password changing stage specifically includes:

user U_iInserting the smart card into the Internet of things device and then providing

P_i ^*And

wherein the content of the first and second substances,

P_i ^*and

respectively represent users U_iThe identity, password and biometric features of the actual input;

internet of things equipment computing

And

examination conditions

Whether the current time is established or not, if so, prompting the user U_iInputting new password P_i ^newAnd generates a random number

Otherwise, rejecting user U_iPassword change of (2);

then, the Internet of things equipment calculates

Internet of things equipment records original values in smart card<C_i,Ω_i,E_i>Is replaced by

Further, still include: the identity change stage specifically includes: user U_iRe-registering to the control server CS over a secure channel.

The invention has the beneficial effects that:

1. the scheme of the invention is lightweight protocol authentication, and is more suitable for terminal equipment of the Internet of things with limited calculation and storage. In consideration of the characteristics that the computing resources and the storage capacity of the Internet of things terminal accessed to the cloud server are limited and the real-time requirement is high in the construction process of the smart city, the implementation efficiency is fully improved and the requirement of the environment is met only by using exclusive-or operation and Hash operation in the design process of the scheme of the invention;

2. the scheme fully considers the confidentiality of communication. On one hand, the method adopts a login mode of anonymous identity to fully protect the identity information of the user; on the other hand, in the user login authentication process, a shared key is also negotiated for encrypting subsequent communication data and resisting a man-in-the-middle to acquire communication information;

3. resisting off-line password guessing attack. The scheme of the invention fully considers the identity authentication among the three participating bodies during the design so as to resist the attack of off-line password guessing after a malicious attacker impersonates the identity attack. For example, during the cloud server registration phase, by calculating the PSID_m＝h(SID_mD) and BS_m＝h(PSID_m||SID_mY), ensure cloud server's identity SID_mIs bound to the private key y of the control server, so that a malicious attacker, if taking an impersonation identity attack, has to obtain the private key y of the control server, which is not possible. Moreover, since d is randomly generated by the cloud server, the cost of an attacker for performing offline password guessing attack can be greatly increased.

Drawings

Fig. 1 is a schematic diagram of a distributed cloud architecture based on the internet of things in a smart city according to an embodiment of the present invention;

fig. 2 is a flowchart of an authentication and key agreement protocol method for an internet of things device in a distributed cloud computing architecture according to an embodiment of the present invention;

fig. 3 is a flowchart of the first three stages of an authentication and key agreement protocol method for an internet of things device in a distributed cloud computing architecture according to an embodiment of the present invention;

fig. 4 is a part of HLPSL emulation codes of an authentication and key agreement protocol method for an internet of things device in a distributed cloud computing architecture according to an embodiment of the present invention;

fig. 5 is a code description of a CS role of a control server in SPDL according to an embodiment of the present invention;

fig. 6 is a simulation result of the AVISPA tool under four back-end analyses provided by the embodiment of the present invention;

fig. 7 shows simulation results of the Scyther tool provided in the embodiment of the present invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly described below with reference to the accompanying drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

In order to meet mutual authentication and encryption communication among application equipment under a distributed cloud architecture based on the Internet of things in a smart city, the invention designs a security authentication and key agreement scheme using a smart card based on lightweight dynamic anonymous identity, and the scheme is proved to be efficient and safe. The current scenario involves 3 main entities: control server CS and cloud server S_mAnd each internet of things device supporting internet of things; wherein the Internet of things equipment belongs to a user U_i。

The authentication and key agreement protocol method for the internet of things equipment in the distributed cloud computing architecture provided by the embodiment of the invention is divided into 5 stages: (1) the method comprises the following steps of (1) registering, (2) logging in, (3) authenticating and carrying out key agreement, (4) password changing and (5) identity updating. Wherein, the stage (3) is the core of the method of the invention. It should be noted that, in the last two stages, whether to add or delete can be selected according to the needs of the application scenario.

As an implementable manner, as shown in fig. 2, the authentication and key agreement phase in the embodiment of the present invention includes the following steps:

first handshake process: user U_iTo cloud server S through its internet of things device_mSending a login message, cloud Server S_mReceiving user U_iAfter the login message, calculating the authentication condition of the user, and comparing the authentication condition of the user with the authentication condition of the user U_iThe login message is sent to the control server CS;

in particular, cloud server S_mReceiving user U_iAfter the login message, the method further comprises: cloud server S_mExamination conditions TS_m-TS_i<Whether delta T is established or not, if yes, the cloud server S_mCalculating the identity verification condition of the user, specifically comprising: cloud server S_mGenerating a 128-bit random number N_mAnd calculate

K_i＝h(N_m||BS_m||PID_i||G_i||TS_m)；

Correspondingly, the cloud server S_mThe authentication condition of the user U and the user U_iThe sending of the login message to the control server CS specifically includes: cloud server S_mWill be provided with<J_i,K_i,PSID_m,G_i,F_i,Z_i,PID_i,TS_i,TS_m>Sending to the control server CS;

wherein the content of the first and second substances,<G_i,F_i,Z_i,PID_i,TS_i>representing a user U_iThe log-in message of (a) is,<J_i,K_i,PSID_m,TS_m>representing cloud Server S_mAuthentication condition of (TS)_mRepresenting cloud Server S_mCurrent time stamp of, TS_iRepresenting a user U_iThe current time stamp of the Internet of things equipment, delta T represents a set time threshold value, BS_mRepresenting cloud Server S_mSymmetric key with control server CS, PID_iRepresenting a user U_iThe identity of the pseudo-identity of (c),PSID_mrepresenting cloud Server S_mPseudo-identity of, B_m、J_i、K_i、G_i、F_iAnd Z_iAll represent intermediate operation results, h (-) represents a hash function, and | | represents splicing operation.

Second handshake process: the control server CS receives the data from the cloud server S_mAfter the message, the user U is authenticated_iAnd cloud server S_mIf the two are legal, the two are respectively the user U_iAnd cloud server S_mGenerating the authentication conditions of the cloud server S and sending the generated two authentication conditions to the cloud server S_m；

Specifically, in the second handshake process, the control server CS receives a request from the cloud server S_mAfter the message, further comprising: control Server CS checks Condition TS_CS-TS_m<Whether the delta T is established or not, if yes, verifying the user U_iAnd cloud server S_mThe validity of (2);

correspondingly, the authentication user U_iAnd cloud server S_mIf the two are legal, the two are respectively the user U_iAnd cloud server S_mGenerating the authentication conditions of the cloud server S and sending the generated two authentication conditions to the cloud server S_mThe method specifically comprises the following steps:

step A1: control server CS gets the message<J_i,K_i,PSID_m,G_i,F_i,Z_i,O_i,PID_i,TS_i,TS_m>Thereafter, the control server CS calculates

D_i＝h(PID_i||x)

Step A2: control server CS checking condition

If yes, the control server CS verifies the user U_iLegality; otherwise, the control server CS terminates the session;

step A3: user U_iAfter the validity is verified, the control server CS calculates

BS_m＝h(PSID_m||SID_m||y)

Step A4: control server CS checking condition

If yes, the control server CS verifies the cloud server S_mLegality; if the cloud server S is not established, the control server CS considers the cloud server S_mIllegally, terminating the session;

step A5: cloud server S_mAfter the validity is verified, the control server CS generates a 128-bit random number N_CSAnd calculate

SK_CS＝h(N_i||N_m||N_CS)

Step A6: through the common channel<P_CS,Q_CS,R_CS,V_CS> send to cloud Server S_m；

Wherein, TS_CSRepresenting the current timestamp of the control server CS, x representing a timestamp known only to the control server CS for authenticating the user U_iSecret key, ID of_iRepresenting a user U_iTrue identity of, SID_mRepresenting cloud Server S_mTrue identity of SK_CSRepresenting a shared secret generated by the CS side of the control server, R_CSAnd V_CSIndicating that the control server CS is a cloud server S_mGenerated authentication condition, P_CSAnd Q_CSIndicating that control server CS is user U_iGenerated authentication conditions, D_iRepresenting a symmetric key between the internet of things device and the control server CS,

and

respectively representing means for authenticating a user U_iAnd cloud server S_mThe legitimacy of and the parameters of the integrity of the data transmission,

representing an exclusive or operation.

Third handshake process: cloud server S_mSelects an authentication condition related to itself from the two received authentication conditions to authenticate the control server CS, and sends the other authentication condition to the user U_iThe internet of things device of (1);

specifically, first, the cloud server S_mReceiving messages from a control server CS<P_CS,Q_CS,R_CS,V_CSAfter that, cloud server S_mComputing

W_m＝h(BS_m||N_m)

Then, the cloud server S_mExamination conditions

Whether it is, if it is, the cloud server S_mThe authentication control server CS passes and will pass<P_CS,Q_CSTo user U_iThe internet of things device of (1);

wherein SK_mRepresenting cloud Server S_mEnd-generated shared secret, W_mThe result of the intermediate operation is represented,

a parameter representing the authenticity of the identity used to verify the control server CS;

the fourth handshake process: user U_iThe Internet of things equipment verifies the validity of the control server CS according to the received identity verification condition, and if the control server CS passes the verification, the user U_iCloud server S_mFinally negotiating with the control server CS to obtain a shared secret key SK h (N)_m||N_CS||N_i) (ii) a Wherein N is_mIndicating that the first handshake process is performed by the cloud server S_mA 128-bit random number, N, is generated_CSRepresenting a 128-bit random number, N, generated by the control server CS during the second handshake_iRepresenting a user U_iOn-login cloud server S_mAnd then generating a random number of at least 128 bits.

Specifically, firstUser U_iIOT (Internet of things) equipment slave cloud server S_mReceiving a message<P_CS,Q_CS>Thereafter, the user U_iInternet of things equipment computing

L_i＝h(N_i||D_i||F_i)

SK_i＝h(N_m||N_CS||N_i)

Then, the user U_iInternet of things equipment inspection condition

If true, user U_iConfirm that the control server CS is authentic;

finally, the user U_iCloud server S_mNegotiating with the 3 participants of the control server CS to obtain a shared key SK-h (N)_m||N_CS||N_i)。

Wherein L is_iRepresenting the result of an intermediate operation, SK_iRepresenting a user U_iShared secret key, Q generated by equipment end of Internet of things^* _CSRespectively, representing parameters for verifying the authenticity of the identity of the control server CS.

It should be noted that, in the four-way handshake process, only the user U needs to be present_iCloud server S_mAnd the control server CS fails to authenticate, the session ends.

As can be seen from the above embodiments, ultimately, the entire authentication path (U)_i→S_m→CS→S_m→U_i) Is established. At the same time, the negotiation results in a shared key SK, which is used to encrypt the user U_iAnd cloud servicesDevice S_mTo the subsequent communication traffic therebetween.

Before entering the authentication and key agreement stage, registration and login are required to be performed, and as an implementable mode, the registration stage in the embodiment of the invention is divided into a cloud server registration stage and a user registration stage;

in the registration phase, the control server CS randomly generates two high-entropy numbers x and y in advance, where x is used as a key known only to CS for authenticating all users U_iY is used as a key known only to CS for authenticating all cloud servers S_mThe key of (2). Then, any cloud server S_mAnd user U_iMay be registered with the CS.

The cloud server registration stage specifically comprises the following steps:

cloud server S_mWill register the message<SID_m,d>Sending to the control server CS; wherein SID_mRepresenting cloud Server S_mD is a random number;

the control server CS receives the information from the cloud server S_mOf a registration message<SID_m,d>Then, calculate PSID_m＝h(SID_m||d)，BS_m＝h(PSID_m||SID_mY) and will be transmitted via a secure channel<BS_m>Send back cloud server S_m(ii) a Wherein, PSID_mRepresenting cloud Server S_mY denotes a pseudo identity known only to the control server CS for authenticating the cloud server S_mOf the secret key, BS_mRepresenting cloud Server S_mA symmetric key with the control server CS, h (-) represents a hash function;

cloud server S_mSecret parameters<BS_m,d>And storing the data in the memory.

The user registration stage specifically includes:

when the user U_iWhen wishing to register with the control server CS, the user U_iSelecting the desired real identity ID_iAnd a password P_iEntering its internet of things device (e.g., card reader);

internet of things equipmentCollect user U_iBiological characteristics of (B)_iAnd generates a random number b to calculate the PID_i＝h(ID_i||b)，

And

wherein, PID_iRepresenting a user U_iPseudo-identity of, A_iAnd Ω_iAll of which represent the results of the intermediate operations,

representing an exclusive or operation;

internet of things equipment registers message<ID_i,PID_i,A_i>Sending the data to a control server CS through a secure channel;

the control server CS verifies the ID after receiving the registration message from the Internet of things equipment_iIs true of, if ID_iIs illegal, the control server CS will reject the user U_iRegistering; otherwise, the control server CS calculates C_i＝h(PID_i||A_i)，D_i＝h(PID_i| x) and

wherein x denotes a user U known only to the control server CS for authentication_iSecret key of D_iRepresenting a symmetric key between the Internet of things device and the control server CS, C_iAnd E_iAll represent intermediate operation results;

control server CS sends data<C_i,E_i,h(·)>Write in the smart card and deliver it to the user U by dedicated communication_i；

User U_iAfter the smart card is obtained, the smart card is inserted into the Internet of things equipment, and the ID is input into the Internet of things equipment again_iAnd P_iSo as to write omega into the smart card through the equipment of the Internet of things_iRecording information by smart card<C_i,Ω_i,E_i,h(·)>

It should be noted that the "secure channel" in the registration phase may be internet key exchange protocol version 2 or secure socket layer protocol (SSL).

As an implementable manner, the login stage in the embodiment of the present invention specifically includes:

when the user U_iWant to slave cloud server S_mObtaining information, user U_iInserting a smart card into an internet of things device, and providing

P_i ^*And

wherein the content of the first and second substances,

P_i ^*and

respectively represent users U_iThe identity, password and biometric features of the actual input;

internet of things equipment computing

And

examination conditions

If yes, the user U_iIs true, otherwise, the user U is rejected_iLogging in;

if the user U_iIs true, the Internet of things equipment generates a random number N with at least 128 bits_iAnd calculate

PID_i＝h(ID_i||b)

G_i＝h(PID_i||SID_m||N_i||TS_i||D_i)

Wherein, TS_iIs the current timestamp, SID, of the Internet of things device_mIs a cloud server S_mTrue identity of G_i、F_iAnd Z_iAll represent intermediate operation results;

then, the Internet of things equipment passes through the public channel<G_i,F_i,Z_i,PID_i,TS_i>Transmitting to a cloud Server S_m。

The detailed implementation of the first three stages so far is shown in fig. 3.

As a practical implementation, the password change phase in the embodiment of the present invention (every time the user U is used for changing the password)_iThis phase is invoked when it is desired to update his/her password without communicating with the control server CS), including in particular:

user U_iInserting the smart card into the Internet of things device and then providing

P_i ^*And

wherein the content of the first and second substances,

P_i ^*and

respectively represent users U_iThe identity, password and biometric features of the actual input;

internet of things equipment computing

And

examination conditions

Whether the current time is established or not, if so, prompting the user U_iInputting new password P_i ^newAnd generates a random number

Otherwise, rejecting user U_iPassword change of (2);

then, the Internet of things equipment calculates

Finally, the Internet of things equipment records the original record value in the smart card<C_i,Ω_i,E_i>Is replaced by

As can be seen from this embodiment, user U_iIt is very convenient and fast to update the password locally using the smart card.

A legal user U_iUpdate his identity ID_iIt is very practical, such as the identity has expired. But since the control server CS needs to verify the user's ID_iAs an implementable manner, the identity change stage in the embodiment of the present invention specifically includes: user U_iRe-registering to the control server CS over a secure channel.

To verify the security and other performance of the protocol method of the present invention, the following was analyzed mainly from the following three aspects: (1) using password related knowledge and utilizing a heuristic method to analyze how the scheme resists the impersonation identity attack; (2) the implementation process of the scheme is simulated by utilizing two security protocol analysis tools, namely Scyther and AVISPA, and the scheme can resist the mainstream attack process; (3) a brief description of the performance comparison of the protocol of the present invention with other protocols is presented.

1. Security analysis

In this subsection, knowledge of cryptography is mainly utilized to analyze U in detail in the scheme of the present invention_i、S_mAnd the CS to protect against the most common spoofed identity attacks.

(1) In the cloud server registration phase, S_mMutual authentication with CS, S_mNegotiating with the CS to generate a value BS_m＝h(PSID_m||SID_mY), the value can be regarded as S_mAnd CSIs called a key because of the value BS_mCan only be formed by S_mAnd CS calculation. Thus, S_mAnd the CS can pass the symmetric key BS in the authentication phase_mMutual authentication, such as Kerberos protocol authentication, is implemented. In addition, SID due to identity_mAnd pseudo identity PSID_mAre bound to the secret number y of the control server CS, so CS will be paired with S_mThe two identities of (1) are authenticated. Thus, our protocol can implement S during the authentication phase_mAnd mutual authentication between the CS.

For convenience of description, the present invention is labeled with the following symbols:

in the authentication phase:

(2)U_iand mutual authentication between the CS

To avoid recording U on the control server CS_iCS distributes the smart card to U during the registration phase_i. The smart card records the value in the protocol of the invention<C_i,E_i,h(·)＞。

First, the ID is known as unique_i，B_iAnd P_iU of (1)_iCan calculate PID_i＝h(ID_iB) and

c for logging in Internet of things equipment and recording in smart card_iThe value is mainly used for verifying U_i. Therefore, it is labeled with the following notation:

in the user login stage:

the above symbols represent: by means of key parameter values C recorded in the smart card_iAnd the Internet of things equipment can verify the U_i. On the other hand, the user obviously trusts own Internet of things equipment.

Secondly, when U is turned_iLogin toWhile the equipment is in operation, the equipment is accounting

And PID_i＝h(ID_i| b). Value E recorded in a smart card_iCan be regarded as intermediate data in the authentication process between the internet of things device and the CS. On the one hand, only U_iUsing B_iAnd P_iWhen the equipment logs in the Internet of things equipment, the equipment can use the Ei data to calculate

On the other hand, only x and PID are known_iCan CS calculate D_i＝h(PID_i| x), then using data E_iComputing

Therefore, the internet of things device and the CS can realize mutual authentication by means of the smart card in the user login stage. Therefore, it is labeled with the following notation:

in the user login stage:

thirdly, when U is turned_iWhen logging in the Internet of things equipment, the value E of the Internet of things equipment can be used_iCalculating D_i. Then, the value D_iCan be used as a symmetric key of the Internet of things equipment and the CS, because only the Internet of things equipment and the CS can calculate the value D_i. Therefore, the internet of things device and the CS can pass the symmetric key D in the authentication stage_iMutual authentication is achieved. Therefore, it is labeled with the following notation:

in the authentication phase:

from the symbol (2), the symbol (3) and the symbol (4), we can derive the following symbol (5):

in the authentication phase:

the above notation means: with the help of a smart card, the identity is ID_iU of (1)_iMutual authentication with the CS may be achieved during an authentication phase.

In addition, upon receiving U_iAfter registering the message, the CS should verify the U_iIdentity ID of_iThe authenticity of. When the identity ID_iWhen the CS is confirmed to be legal, the CS executes the subsequent operation and sends the subsequent operation to the U_iThe smart card is transferred. Then, when U is_iWhen logging in to a device supporting a network, the device calculates PID by a hash function_i＝h(ID_iB), which indicates a pseudo-identity PID_iWith true identity ID_iBinding, value b is received by omega in the smart card_iAnd (4) protecting the record. Thus, U_iIs identified by_iBy U_iPseudo-identification PID of_iIndirect control, the pseudo-identity and operation D_i＝h(PID_i| x) the secret number x of the control server CS. Therefore, the following notation is used:

in the authentication phase:

(3)U_iand S_mMutual authentication between:

as with the analysis of section (2) above, this section may be marked with the following symbols

In the authentication phase:

due to the value of N_iAnd SID_mIs formed by a symmetric key D_iEncrypted and transmitted, wherein

And

at the authentication stageSection (2):

because of the value N_mIs formed by a symmetric key BS_mEncrypted and transmitted, wherein

In the authentication phase:

due to value of

From a secret value N_iAnd D_iEncryption and transmission, wherein

In the authentication phase:

due to value of

By secret values BS_mAnd N_mEncryption and transmission, wherein

Therefore, the following notation can be used to infer:

in the authentication phase:

as shown by symbol (11), the protocol of the present invention implements U through the intermediary of CS_iAnd S_mMutual authentication between them. In addition, the three parties share the same session key SK ═ h (N)_m||N_CS||N_i). Due to the fact thatTherefore, the protocol of the invention can be asserted to be capable of effectively resisting the impersonation identity attack.

2. Simulation analysis using Scyther and AVISPA

In this subsection, capabilities of attackers are defined and security analysis of the protocol of the present invention is discussed. Based on the countermeasure model, the security protocol analysis tools of AVISPA (automatic verification of the infinite state system) and Scyther are used to prove that the protocol can defend against the existing various attacks.

2.1 confrontation model

And (4) giving a threat attack model by referring to a Dolev-Yao adversary threat model.

The detailed description of the Dolev-Yao adversary threat model is as follows:

(1) an attacker can eavesdrop and intercept all messages passing through the network;

(2) an attacker can store and send intercepted or self-built messages;

(3) an attacker can participate in the operation of the protocol as a legal subject;

(4) power analysis or side channel attacks may help an attacker extract secret information stored in a user's smart card.

2.2 simulation of the protocol of the invention Using a Security protocol analysis tool

2.2.1 Emulation code Specification

The first step in using the simulation tool is to describe the target protocol in a formal language. This section introduces AVISPA tool form language HLPSL (high level protocol specification language) and Scyther tool form language SPDL (Security protocol description language) to emulate the protocol of the present invention.

(1) HLPSL simulation code of the protocol of the invention: the HLPSL emulation code of the protocol of the present invention involves 5 roles: 'role user' simulating real user U_i(ii) a 'role server' simulation cloud server S_m(ii) a The role control server simulates a control server CS; "character session" represents the role of the four-way interactive handshake; "role environment" represents the high-level corner with intruders; "character object" represents the purpose of the simulation. The following description of the HLPSL is a brief introduction of only the user roles, environment roles, and security objectives, as illustrated in the figure4, respectively.

In fig. 4(a), the user role process describes the parameters, initial states and transitions to be used initially. "convert" means to accept the information and send the response information. "channel (dy)" indicates that the attack mode is a Dolev-Yao attack model, and an attacker can control the network of the protocol. For example, an attacker can intercept, steal, modify, replay information transmitted on a channel in a protocol, and even impersonate a legitimate role in the protocol to perform an operation and launch an attack.

FIG. 4(b) illustrates the persona environment and security goals. The high-level role process includes a hybrid role process of global constants and one or more sessions. Wherein an intruder may impersonate a legitimate user to run certain role processes. Still other sentences describe the knowledge known to the intruder in the initial state, typically including the name of the agent, all keys shared by other agents, and all known functions. For HLPSL modeling of security objectives, we only give confidentiality objectives for HLPSL that support both confidentiality and authentication, one of the two objectives. For privacy, the target instance indicates which values are in the declared role are private. If the secret value cannot be realized, the secret value is obtained by the intruder, and the protocol can be attacked successfully. For identity verification, the main purpose is to verify identity masquerading attacks, and in the security analysis in the previous section, how the protocol resists the common attacks is specifically demonstrated.

(2) SPDL emulation code of the protocol of the present invention: similar to HLPSL, the SPDL emulation code of the inventive protocol includes 3 roles: role U simulates real user U_i(ii) a Role S simulation cloud server S_m(ii) a The "role CS" emulates the server control CS. The SPDL code is introduced here by way of example in the role of control server CS, as shown in fig. 5. Having defined the variables required by the session protocol, the complete implementation of the protocol of the invention is represented by the set of events occurring in the CS. The "send" and "recv" events indicate that the CS sends and receives messages, respectively. One of the advantages of the Scyther tool is that it can flexibly describe target properties, whether for the confidentiality of variables or for the authentication of one subject to another. The Scyther tool can analyze and verify security attributes of interest to the user. TargetThe description of the attributes is done through a "close" event, which can be used to describe the role's authentication and the confidentiality of variables.

2.2.2 simulation results

This section shows the simulation results of the protocol of the present invention using two formal analysis tools. AVISPA (version 2006/02/13) and Scyther (v1.1.3) are built in the virtual machines of the ubuntu operating system. Figure 6 shows the results of all four back-end analysis tools provided by AVISPA to simulate the proposed protocols of all entities. The test results of the OFMC, CL-AtSe and SATMC modules indicate that the protocol of the invention is SAFE (SUMMARY SAFE), which means that it can reach the intended safety target; TA4SP verifies that the model represents INCONCLUSIVE because the current TA4SP module does not support one-way hash functions, and the current version can provide a result of No ATTACK TRACE. When the protocol was simulated using the Scyther tool, the Dolev-Yao attack model was also used, and the minimum number of execution rounds in the analysis parameters was set to 3. The results of the simulation of the Scyther tool are shown in FIG. 7. Fig. 7 (a) shows the attack path of the Scyther tool under the Dolev-Yao model for formal analysis of our protocol. The reachability analysis report of our protocol message is shown in fig. 7 (b). The test result shows that the protocol of the invention has no attack threat under the model. Thus, it can be asserted that the inventive protocol can resist various common attacks, such as internal attacks, replay attacks, session key disclosure attacks, and the like.

3. Performance comparison

In the following, the protocol of the invention is specifically compared with the other two protocols (document 1 and document 2, respectively) in terms of resistance to security functions and computational performance. Table 2 lists 9 general security requirements of the strong authentication protocol of the internet of things device and the cloud server. The results in table 2 show that the inventive protocol has the advantages of user auditability, simple and secure password modification, resistance to offline password guessing attacks, resistance to impersonation attacks, and biometric protection.

In addition, table 3 shows the number of hash functions and XOR operations that take in each phase of the protocol of the present invention and other related protocols. As can be seen from the total count of the last row, the number of times the hash function and XOR are used by the protocol of the present invention is minimal. Therefore, it is more suitable for environments where application resources are limited and data intensive, such as internet of things devices in smart cities.

TABLE 2 comparison of Security function of New protocol with related protocol

TABLE 3 comparison of operation of the New scheme with other related schemes

H, hash function; x is exclusive OR operation

Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (10)

1. An authentication and key agreement protocol method for internet of things equipment in a distributed cloud computing architecture comprises a registration stage, a login stage and an authentication and key agreement stage, and is characterized in that the authentication and key agreement stage comprises the following steps:

first handshake process: user U_iTo cloud server S through its internet of things device_mSending a login message, cloud Server S_mReceiving user U_iAfter the login message, calculating the authentication condition of the user, and comparing the authentication condition of the user with the authentication condition of the user U_iThe login message is sent to the control server CS;

second handshake process: control server CS receives a message from a cloud server S_mAfter the message, the user U is authenticated_iAnd cloud server S_mIf the two are legal, the two are respectively the user U_iAnd cloud server S_mGenerating the authentication conditions of the cloud server S and sending the generated two authentication conditions to the cloud server S_m；

Third handshake process: cloud server S_mSelects an authentication condition related to itself from the two received authentication conditions to authenticate the control server CS, and sends the other authentication condition to the user U_iThe internet of things device of (1);

the fourth handshake process: user U_iThe Internet of things equipment verifies the validity of the control server CS according to the received identity verification condition, and if the control server CS passes the verification, the user U_iCloud server S_mFinally negotiating with the control server CS to obtain a shared secret key SK h (N)_m||N_CS||N_i) (ii) a Wherein N is_mIndicating that the first handshake process is performed by the cloud server S_mA 128-bit random number, N, is generated_CSRepresenting a 128-bit random number, N, generated by the control server CS during the second handshake_iRepresenting a user U_iOn-login cloud server S_mA random number of at least 128 bits generated;

in the four-way handshake process, only the user U needs to be used_iCloud server S_mAnd the control server CS fails to authenticate, the session ends.

2. The method according to claim 1, wherein in the first handshake process, the cloud server S is used for authentication and key agreement protocol of the internet of things device in the distributed cloud computing architecture_mReceiving user U_iAfter the login message, the method further comprises:

cloud server S_mExamination conditions TS_m-TS_i<Whether delta T is established or not, if yes, the cloud server S_mComputing its own identity verificationThe conditions specifically include: cloud server S_mGenerating a 128-bit random number N_mAnd calculate

K_i＝h(N_m||BS_m||PID_i||G_i||TS_m)；

Correspondingly, the cloud server S_mThe authentication condition of the user U and the user U_iThe sending of the login message to the control server CS specifically includes: cloud server S_mWill be provided with<J_i,K_i,PSID_m,G_i,F_i,Z_i,PID_i,TS_i,TS_mSending to the control server CS;

wherein the content of the first and second substances,<G_i,F_i,Z_i,PID_i,TS_i>representing a user U_iThe log-in message of (a) is,<J_i,K_i,PSID_m,TS_m>representing cloud Server S_mAuthentication condition of (TS)_mRepresenting cloud Server S_mCurrent time stamp of, TS_iRepresenting a user U_iThe current time stamp of the Internet of things equipment, delta T represents a set time threshold value, BS_mRepresenting cloud Server S_mSymmetric key with control server CS, PID_iRepresenting a user U_iPseudo-identity of, PSID_mRepresenting cloud Server S_mPseudo-identity of, B_m、J_i、K_i、G_i、F_iAnd Z_iAll represent intermediate operation results, h (-) represents a hash function, and | | represents splicing operation.

3. The method according to claim 2, wherein in the second handshake process, the control server CS receives a request from the cloud server S_mAfter the message, further comprising: control Server CS checks Condition TS_CS-TS_m<Whether the delta T is established or not, if yes, verifying the user U_iHarmonious cloud clothesServer S_mThe validity of (2);

correspondingly, the authentication user U_iAnd cloud server S_mIf the two are legal, the two are respectively the user U_iAnd cloud server S_mGenerating the authentication conditions of the cloud server S and sending the generated two authentication conditions to the cloud server S_mThe method specifically comprises the following steps:

step A1: control server CS computation

D_i＝h(PID_i||x)

Step A2: control server CS checking condition

If yes, the control server CS verifies the user U_iLegality;

step A3: control server CS computation

BS_m＝h(PSID_m||SID_m||y)

Step A4: control server CS checking condition

If yes, the control server CSVerifying cloud server S_mLegality;

step A5: the control server CS generates a 128-bit random number N_CSAnd calculate

SK_CS＝h(N_i||N_m||N_CS)

Step A6: through the common channel<P_CS,Q_CS,R_CS,V_CS>Sending to cloud server S_m；

Wherein, TS_CSRepresenting the current timestamp of the control server CS, x representing a timestamp known only to the control server CS for authenticating the user U_iSecret key, ID of_iRepresenting a user U_iTrue identity of, SID_mRepresenting cloud Server S_mTrue identity of SK_CSRepresenting a shared secret generated by the CS side of the control server, R_CSAnd V_CSIndicating that the control server CS is a cloud server S_mGenerated authentication condition, P_CSAnd Q_CSIndicating that control server CS is user U_iGenerated authentication conditions, D_iRepresenting a symmetric key between the internet of things device and the control server CS,

and

respectively representing means for authenticating a user U_iAnd cloud server S_mThe legitimacy of and the parameters of the integrity of the data transmission,

representing an exclusive or operation.

4. The method according to claim 3, wherein the third handshake process specifically includes:

first, the cloud server S_mComputing

W_m＝h(BS_m||N_m)

Then, the cloud server S_mExamination conditions

Whether it is, if it is, the cloud server S_mVerifies the control server CS passes and passes [ < P >_CS,Q_CS>Sent to user U_iThe internet of things device of (1);

wherein SK_mRepresenting cloud Server S_mEnd-generated shared secret, W_mThe result of the intermediate operation is represented,

representing a parameter for verifying the authenticity of the identity of the control server CS.

5. The method according to claim 4, wherein the fourth handshake process specifically includes:

first, user U_iInternet of things equipment computing

L_i＝h(N_i||D_i||F_i)

SK_i＝h(N_m||N_CS||N_i)

Then, the user U_iInternet of things equipment inspection condition

If true, user U_iConfirm that the control server CS is authentic;

wherein L is_iRepresenting the result of an intermediate operation, SK_iRepresenting a user U_iThe shared secret key generated by the device side of the internet of things,

respectively, representing parameters for verifying the authenticity of the identity of the control server CS.

6. The method according to claim 1, wherein the registration phase is divided into a cloud server registration phase and a user registration phase; wherein: the cloud server registration stage specifically includes:

cloud clothesServer S_mWill register message < SID_m,d>Sending to the control server CS; wherein SID_mRepresenting cloud Server S_mD is a random number;

the control server CS receives the information from the cloud server S_mAfter the registration message, calculate the PSID_m＝h(SID_m||d)，BS_m＝h(PSID_m||SID_mY) and passes through the secure channel to the BS_m>Send back cloud server S_m(ii) a Wherein, PSID_mRepresenting cloud Server S_mY denotes a pseudo identity known only to the control server CS for authenticating the cloud server S_mOf the secret key, BS_mRepresenting cloud Server S_mA symmetric key with the control server CS, h (-) represents a hash function;

cloud server S_mSecret parameters<BS_m,d>And storing the data in the memory.

7. The method according to claim 6, wherein the user registration stage specifically includes:

user U_iSelecting the desired real identity ID_iAnd a password P_iEntering the Internet of things equipment;

internet of things equipment collection user U_iBiological characteristics of (B)_iAnd generates a random number b to calculate the PID_i＝h(ID_i||b)，

And

wherein, PID_iRepresenting a user U_iPseudo-identity of, A_iAnd Ω_iAll of which represent the results of the intermediate operations,

means for indicating differentOr operation;

internet of things equipment registers message (ID)_i,PID_i,A_i>Sending the data to a control server CS through a secure channel;

the control server CS verifies the ID after receiving the registration message from the Internet of things equipment_iIs true of, if ID_iIs illegal, the control server CS will reject the user U_iRegistering; otherwise, the control server CS calculates C_i＝h(PID_i||A_i)，D_i＝h(PID_i| x) and

wherein x denotes a user U known only to the control server CS for authentication_iSecret key of D_iRepresenting a symmetric key between the Internet of things device and the control server CS, C_iAnd E_iAll represent intermediate operation results;

control server CS sends data<C_i,E_i,h(·)>Write in the smart card and deliver it to the user U by dedicated communication_i；

User U_iAfter the smart card is obtained, the smart card is inserted into the Internet of things equipment, and the ID is input into the Internet of things equipment again_iAnd P_iSo as to write omega into the smart card through the equipment of the Internet of things_iRecording information by smart card<C_i,Ω_i,E_i,h(·)>。

8. The method according to claim 7, wherein the login phase specifically includes:

when the user U_iWant to slave cloud server S_mObtaining information, user U_iInserting a smart card into an internet of things device, and providing

P_i ^*And

wherein the content of the first and second substances,

P_i ^*and

respectively represent users U_iThe identity, password and biometric features of the actual input;

internet of things equipment computing

And

examination conditions

If yes, the user U_iIs true, otherwise, the user U is rejected_iLogging in;

if the user U_iIs true, the Internet of things equipment generates a random number N with at least 128 bits_iAnd calculate

PID_i＝h(ID_i||b)

G_i＝h(PID_i||SID_m||N_i||TS_i||D_i)

Wherein, TS_iIs the current timestamp, SID, of the Internet of things device_mIs a cloud server S_mTrue identity of G_i、F_iAnd Z_iAll represent intermediate operation results;

the Internet of things equipment is connected with the Internet of things equipment through a public channel<G_i,F_i,Z_i,PID_i,TS_i>Transmitting to a cloud Server S_m。

9. The method for authentication and key agreement protocol of internet of things equipment in distributed cloud computing architecture according to claim 1, further comprising: the password changing stage specifically includes:

user U_iInserting the smart card into the Internet of things device and then providing

P_i ^*And

wherein the content of the first and second substances,

P_i ^*and

respectively represent users U_iThe identity, password and biometric features of the actual input;

internet of things equipment computing

And

examination conditions

Whether the current time is established or not, if so, prompting the user U_iInputting new password P_i ^newAnd generates a random number

Otherwise, rejecting user U_iPassword change of (2);

then, the Internet of things equipment calculates

Internet of things equipment records original values in smart card<C_i,Ω_i,E_i>Is replaced by

10. The method of claim 8, wherein the method further comprises: the identity change stage specifically includes:

user U_iRe-registering to the control server CS over a secure channel.

Images