CN113872759A - 一种智能电网的轻量级身份认证方法 - Google Patents
一种智能电网的轻量级身份认证方法 Download PDFInfo
- Publication number
- CN113872759A CN113872759A CN202111146955.4A CN202111146955A CN113872759A CN 113872759 A CN113872759 A CN 113872759A CN 202111146955 A CN202111146955 A CN 202111146955A CN 113872759 A CN113872759 A CN 113872759A
- Authority
- CN
- China
- Prior art keywords
- smi
- gateway
- power supplier
- identity
- intelligent electric
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
- H04L63/0421—Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/3033—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters details relating to pseudo-prime or prime number generation, e.g. primality test
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/42—Anonymization, e.g. involving pseudonyms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/72—Signcrypting, i.e. digital signing and encrypting simultaneously
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Algebra (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Mathematical Physics (AREA)
- Pure & Applied Mathematics (AREA)
- Computer Hardware Design (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
本发明涉及智能电网隐私保护的技术领域,申请一种智能电网的轻量级身份认证方法,使用椭圆曲线加密算法,并采用单向哈希散列函数和二进制运算此类轻量级的加密原语。首先由电力供应商初始化系统参数;其次电力供应商对辅助验证器,网关和智能电表进行注册,分配相关安全参数;最后网关和智能电表相互认证,生成会话密钥进行通信。本方法引入一个辅助验证器,不依赖电力供应商参与网关和智能电表的认证,具备抵抗密钥泄露伪装攻击的能力,构建智能电表的伪身份和认证令牌来确保智能电表的强匿名性和不可伪造性,并且使用轻量级的加密原语,提升安全性的同时降低了计算耗时和通信量。
Description
技术领域
本发明属于智能电网隐私保护的技术领域,具体涉及一种智能电网的身份认证隐私保护方法。
背景技术
传统的电力系统因其自身的局限性,已不足以应对新兴工业生产以及社会和经济发展的挑战。智能电网作为下一代电力系统,将传感、计算和通信等先进技术嵌入电网中,以提供可行、高效、可持续、具有经济效益和安全的电力供应,可以显著提高现有电网的效率。
尽管智能电网有许多优点,但是对家庭能源消耗的准确和细粒度测量存在隐私泄露的问题。攻击者可能会在数据传输过程中拦截用户的用电数据,入侵电力供应商的数据库。
为了保证智能电网的安全通信,研究人员近年来陆续提出了适用于智能电网通信的身份认证方法,但是现有的认证方法鲜有考虑抵抗密钥泄露伪装攻击这一安全要求,未能在效率和安全性之间实现所需的权衡。
针对智能电网中存在隐私泄露和现有身份认证方法安全性不足和效率低的问题,本文基于椭圆曲线加密算法,提出一个智能电网的轻量级身份认证方法。
发明内容
本发明的目的是提出一种智能电网的轻量级身份认证方法,具备抵抗密钥泄露伪装攻击的能力,确保了智能电表的强匿名性和不可伪造性,提升安全性的同时降低了计算耗时和通信量。
本发明所述的一种智能电网的轻量级身份认证方法,所述方法包括:
Ⅰ、电力供应商初始化参数;
Ⅱ、辅助验证器、网关和智能电表注册;
Ⅲ、网关和智能电表相互认证;
所述步骤Ⅰ电力供应商初始化参数,包括以下步骤:
电力供应商生成大素数p,q,基于有限域Fp选择一条椭圆曲线E,并选择点P为椭圆曲线E上阶为q的基点;
电力供应商选择一个随机数
作为电力供应商的私钥,计算pkPS=skPS·P作为电力供应商的公钥;
电力供应商选取四个单向哈希散列函数H1(·),H2(·),H3(·),H4(·);
电力供应商定义一种对称加密算法Enc(k),使得Dec(k)(Enc(k)(message))=message,其中Dec(k)是对称解密,k是密钥,message为需要被加密的参数,使用密钥k对message进行加/解密;
电力供应商在与辅助验证器、网关和智能电表的通信通道中公布参数{p,q,E,P,pkPS,H1(.),H2(.),H3(.),H4(.),Enc(k)};
所述步骤Ⅱ辅助验证器、网关和智能电表注册,包括以下步骤:
辅助验证器首先选取自己的身份标识符IDAV并发送给电力供应商;
电力供应商选择随机数
返回给辅助验证器;
辅助验证器选择随机数
计算RAV=(skGW||rAV)并将{rAV,RAV}发送给电力供应商完成注册;
网关选择自己的身份标识符IDGW发送给电力供应商;
电力供应商计算RGW=H1(skGW||IDGW)·P,选择随机数
计算
生成网关签名
选择随机数
计算B1=H1(IDAV||skPS),
B3=H1(B1||rPS),
为第i个智能电表SMi选定身份标识符IDSMi,将参数{skGW,sGW,B2,B3,B4,B5,IDSMi}发送给网关;
网关将skGW作为私钥,计算pkGW=skGW·P作为公钥,存储参数{B2,B3,B4,B5,IDSMi,skGW,rGW,pkGW}完成注册;
网关选择随机数
利用私钥skGW对称加密SMi的真实身份标识符,生成SMi的伪身份
将PIDSMi发送给电力供应商;
电力供应商生成SMi的签名sSMi=H1(IDSMi||sGW)skPS,随后将参数{sSMi,IDSMi,PIDSMi,pkPS,IDGW}发送给SMi;
SMi选择随机数
计算skSMi=rSMisSMi,pkSMi=rSMi·pkPS分别作为私钥和公钥,最后存储参数{IDSMi,IDGW,skSMi,pkSMi,PIDSMi}完成注册;
所述步骤Ⅲ网关和智能电表相互认证,包括以下步骤:
辅助验证器将身份标识符IDAV发送给网关;
网关计算
RAV=(skGW||rAV),
计算H1(B1||rPS)是否等于B3,如果相等,则辅助验证器身份验证成功;
网关选择一个随机数
计算QGW=qGW·pkGW,将消息MSG1={QGW}发送给SMi;
SMi选择一个随机数
计算QSMi=qSMi·pkSMi,kGS=skSMiqSMi·QGW,生成智能电表的认证令牌VSMi=H2(kGS),将消息MSG2={PIDSMi,QSMi,VSMi}发送给网关;
网关利用私钥skGW对SMi的伪身份PIDSMi进行对称解密,即
得到SMi的真实身份标识符IDSMi,计算k'GS=QSMi·qGWskGWH1(IDSMi||sGW),计算H2(k'GS)是否等于智能电表的认证令牌VSMi,如果相等,则SMi身份验证成功,生成会话密钥SKGS=H3(IDSMi||IDGW||QSMi||QGW||k'GS);
网关选择一个随机数
利用私钥skGW为SMi生成一个新的伪身份
计算
生成网关的认证令牌
将消息MSG3={XP,VGW}发送给SMi;
SMi生成会话密钥SKSG=H3(IDSMi||IDGW||QSMi||QGW||kGS),计算
计算
否等于网关的认证令牌VGW,如果相等,则网关身份验证成功;
网关和SMi存储相同的会话密钥SKGS(=SKSG)用于它们之间的进一步通信。
以下为本方法的正确性证明:
为了证明GW生成的会话密钥SKGS=H3(IDSMi||IDGW||QSMi||QGW||k'GS)与SMi生成的会话密钥SKSG=H3(IDSMi||IDGW||QSMi||QGW||kGS)相等,需要证明kGS与k'GS相等。
与最接近的现有智能电网身份认证方法相比,本发明具有以下优异效果:
本发明提供的智能电网身份认证方法,加入一个辅助验证器,不依赖电力供应商参与网关和智能电表的认证,具备抵抗密钥泄露伪装攻击的能力,对智能电表的身份进行对称加密,确保了智能电表的强匿名性,同时使用轻量级的加密原语,使其提升安全性的同时降低了计算耗时和通信量。
附图说明
为了让读者更清晰地了解本专利实施方案,下面将对本专利具体实施方式中的附图作简单介绍:
图1是本发明的一种智能电网的轻量级身份认证方法示意图。
具体实施方式
下面结合附图对本发明进行详细描述,本部分的描述仅是示范性和解释性,不应对本发明的保护范围有任何的限制作用。此外,本领域技术人员根据本文件的描述,可以对本文件中实施例中以及不同实施例中的特征进行相应组合。
图1是本发明的一种智能电网的轻量级身份认证方法示意图,具体包括以下:
Ⅰ、电力供应商初始化参数;
Ⅱ、辅助验证器、网关和智能电表注册;
Ⅲ、网关和智能电表相互认证;
所述步骤Ⅰ电力供应商初始化参数,包括以下步骤:
电力供应商生成大素数p,q,基于有限域Fp选择一条椭圆曲线E,并选择点P为椭圆曲线E上阶为q的基点;
电力供应商选择一个随机数
作为电力供应商的私钥,计算pkPS=skPS·P作为电力供应商的公钥;
电力供应商选取四个单向哈希散列函数H1(·),H2(·),H3(·),H4(·);
电力供应商定义一种对称加密算法Enc(k),使得Dec(k)(Enc(k)(message))=message,其中Dec(k)是对称解密,k是密钥,message为需要被加密的参数,使用密钥k对message进行加/解密;
电力供应商在与辅助验证器、网关和智能电表的通信通道中公布参数{p,q,E,P,pkPS,H1(.),H2(.),H3(.),H4(.),Enc(k)};
所述步骤Ⅱ辅助验证器、网关和智能电表注册,包括以下步骤:
辅助验证器首先选取自己的身份标识符IDAV并发送给电力供应商;
电力供应商选择随机数
返回给辅助验证器;
辅助验证器选择随机数
计算RAV=(skGW||rAV)并将{rAV,RAV}发送给电力供应商完成注册;
网关选择自己的身份标识符IDGW发送给电力供应商;
电力供应商计算RGW=H1(skGW||IDGW)·P,选择随机数
计算
生成网关签名
选择随机数
计算B1=H1(IDAV||skPS),
B3=H1(B1||rPS),
为第i个智能电表SMi选定身份标识符IDSMi,将参数{skGW,sGW,B2,B3,B4,B5,IDSMi}发送给网关;
网关将skGW作为私钥,计算pkGW=skGW·P作为公钥,存储参数{B2,B3,B4,B5,IDSMi,skGW,rGW,pkGW}完成注册;
网关选择随机数
利用私钥skGW对称加密SMi的真实身份标识符,生成SMi的伪身份
将PIDSMi发送给电力供应商;
电力供应商生成SMi的签名sSMi=H1(IDSMi||sGW)skPS,随后将参数{sSMi,IDSMi,PIDSMi,pkPS,IDGW}发送给SMi;
SMi选择随机数
计算skSMi=rSMisSMi,pkSMi=rSMi·pkPS分别作为私钥和公钥,最后存储参数{IDSMi,IDGW,skSMi,pkSMi,PIDSMi}完成注册;
所述步骤Ⅲ网关和智能电表相互认证,包括以下步骤:
辅助验证器将身份标识符IDAV发送给网关;
网关计算
RAV=(skGW||rAV),
计算H1(B1||rPS)是否等于B3,如果相等,则辅助验证器身份验证成功;
网关选择一个随机数
计算QGW=qGW·pkGW,将消息MSG1={QGW}发送给SMi;
SMi选择一个随机数
计算QSMi=qSMi·pkSMi,kGS=skSMiqSMi·QGW,生成智能电表的认证令牌VSMi=H2(kGS),将消息MSG2={PIDSMi,QSMi,VSMi}发送给网关;
网关利用私钥skGW对SMi的伪身份PIDSMi进行对称解密,即(IDSMi||rPID)=DecskGW(PIDSMi),得到SMi的真实身份标识符IDSMi,计算k'GS=QSMi·qGWskGWH1(IDSMi||sGW),计算H2(k'GS)是否等于智能电表的认证令牌VSMi,如果相等,则SMi身份验证成功,生成会话密钥SKGS=H3(IDSMi||IDGW||QSMi||QGW||k'GS);
网关选择一个随机数
利用私钥skGW为SMi生成一个新的伪身份
计算
生成网关的认证令牌
将消息MSG3={XP,VGW}发送给SMi;
SMi生成会话密钥SKSG=H3(IDSMi||IDGW||QSMi||QGW||kGS),计算
计算
否等于网关的认证令牌VGW,如果相等,则网关身份验证成功;
网关和SMi存储相同的会话密钥SKGS(=SKSG)用于它们之间的进一步通信。
本发明所设计的一种智能电网的轻量级身份认证方法,使用椭圆曲线加密算法,采用单向哈希散列函数和二进制运算此类轻量级的加密原语。由电力供应商初始化系统参数,选择一个椭圆曲线并生成公私钥;辅助验证器和网关使用身份标识符请求注册,电力供应商为辅助验证器和网关分配相关安全参数,同时为智能电表指定身份标识符并分配相关安全参数完成智能电表的注册;辅助验证器发起认证请求,网关对辅助验证器进行认证后,与智能电表生成认证令牌相互验证身份,验证通过后随即生成会话密钥进行通信。
与最接近的现有智能电网身份认证方法相比,本发明具有以下优异效果:
本发明提供的智能电网身份认证方法,加入一个辅助验证器,不依赖电力供应商参与网关和智能电表的认证,具备抵抗密钥泄露伪装攻击的能力,对智能电表的身份进行对称加密,确保了智能电表的强匿名性,同时使用轻量级的加密原语,使其提升安全性的同时降低了计算耗时和通信量。
本领域技术人员在考虑说明书及实践这里公开的发明后,将容易想到本发明的其它实施方案。本申请旨在涵盖本发明的任何变型、用途或者适应性变化,这些变型、用途或者适应性变化遵循本发明的一般性原理并包括本申请未公开的本技术领域中的公知常识或惯用技术手段。说明书和实施例仅被视为示例性的,本发明的真正范围和精神由权利要求指出。
应当理解的是,本发明并不局限于上面已经描述并在附图中示出的精确结构,并且可以在不脱离其范围进行各种修改和改变。本发明的范围仅由所附的权利要求来限制。
Claims (1)
1.一种智能电网的轻量级通信认证方法,其特征在于,包括以下步骤:
Ⅰ、电力供应商初始化参数;
Ⅱ、辅助验证器、网关和智能电表注册;
Ⅲ、网关和智能电表相互认证;
所述步骤Ⅰ电力供应商初始化参数,包括以下步骤:
电力供应商生成大素数p,q,基于有限域Fp选择一条椭圆曲线E,并选择点P为椭圆曲线E上阶为q的基点;
电力供应商选择一个随机数
作为电力供应商的私钥,计算pkPS=skPS·P作为电力供应商的公钥;
电力供应商选取四个单向哈希散列函数H1(·),H2(·),H3(·),H4(·);
电力供应商定义一种对称加密算法Enc(k),使得Dec(k)(Enc(k)(message))=message,其中Dec(k)是对称解密,k是密钥,message为需要被加密的参数,使用密钥k对message进行加/解密;
电力供应商在与辅助验证器、网关和智能电表的通信通道中公布参数{p,q,E,P,pkPS,H1(.),H2(.),H3(.),H4(.),Enc(k)};
所述步骤Ⅱ辅助验证器、网关和智能电表注册,包括以下步骤:
辅助验证器首先选取自己的身份标识符IDAV并发送给电力供应商;
电力供应商选择随机数
返回给辅助验证器;
辅助验证器选择随机数
计算RAV=(skGW||rAV)并将{rAV,RAV}发送给电力供应商完成注册;
网关选择自己的身份标识符IDGW发送给电力供应商;
电力供应商计算RGW=H1(skGW||IDGW)·P,选择随机数
计算
生成网关签名
选择随机数
计算B1=H1(IDAV||skPS),
B3=H1(B1||rPS),
为第i个智能电表SMi选定身份标识符IDSMi,将参数{skGW,sGW,B2,B3,B4,B5,IDSMi}发送给网关;
网关将skGW作为私钥,计算pkGW=skGW·P作为公钥,存储参数{B2,B3,B4,B5,IDSMi,skGW,rGW,pkGW}完成注册;
网关选择随机数
利用私钥skGW对称加密SMi的真实身份标识符,生成SMi的伪身份
将PIDSMi发送给电力供应商;
电力供应商生成SMi的签名sSMi=H1(IDSMi||sGW)skPS,随后将参数{sSMi,IDSMi,PIDSMi,pkPS,IDGW}发送给SMi;
SMi选择随机数
计算skSMi=rSMisSMi,pkSMi=rSMi·pkPS分别作为私钥和公钥,最后存储参数{IDSMi,IDGW,skSMi,pkSMi,PIDSMi}完成注册;
所述步骤Ⅲ网关和智能电表相互认证,包括以下步骤:
辅助验证器将身份标识符IDAV发送给网关;
网关计算
RAV=(skGW||rAV),
计算H1(B1||rPS)是否等于B3,如果相等,则辅助验证器身份验证成功;
网关选择一个随机数
计算QGW=qGW·pkGW,将消息MSG1={QGW}发送给SMi;
SMi选择一个随机数
计算QSMi=qSMi·pkSMi,kGS=skSMiqSMi·QGW,生成智能电表的认证令牌VSMi=H2(kGS),将消息MSG2={PIDSMi,QSMi,VSMi}发送给网关;
网关利用私钥skGW对SMi的伪身份PIDSMi进行对称解密,即
得到SMi的真实身份标识符IDSMi,计算k'GS=QSMi·qGWskGWH1(IDSMi||sGW),计算H2(k'GS)是否等于智能电表的认证令牌VSMi,如果相等,则SMi身份验证成功,生成会话密钥SKGS=H3(IDSMi||IDGW||QSMi||QGW||k'GS);
网关选择一个随机数
利用私钥skGW为SMi生成一个新的伪身份
计算
生成网关的认证令牌
将消息MSG3={XP,VGW}发送给SMi;
SMi生成会话密钥SKSG=H3(IDSMi||IDGW||QSMi||QGW||kGS),计算
计算
否等于网关的认证令牌VGW,如果相等,则网关身份验证成功;
网关和SMi存储相同的会话密钥SKGS(=SKSG)用于它们之间的进一步通信。
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111146955.4A CN113872759B (zh) | 2021-09-29 | 2021-09-29 | 一种智能电网的轻量级身份认证方法 |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111146955.4A CN113872759B (zh) | 2021-09-29 | 2021-09-29 | 一种智能电网的轻量级身份认证方法 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113872759A true CN113872759A (zh) | 2021-12-31 |
| CN113872759B CN113872759B (zh) | 2023-06-06 |
Family
ID=78992310
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111146955.4A Active CN113872759B (zh) | 2021-09-29 | 2021-09-29 | 一种智能电网的轻量级身份认证方法 |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113872759B (zh) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114915970A (zh) * | 2022-04-02 | 2022-08-16 | 北京航空航天大学 | 基于puf的轻量级智能表批量认证方法及网关 |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009143713A1 (zh) * | 2008-05-28 | 2009-12-03 | 北京易恒信认证科技有限公司 | 双因子组合公钥生成和认证方法 |
| CN109167778A (zh) * | 2018-08-28 | 2019-01-08 | 南京邮电大学 | 物联网中终端设备无身份通用认证方法 |
| CN109474610A (zh) * | 2018-12-07 | 2019-03-15 | 西南石油大学 | 基于智能电网的匿名可认证的密钥交换方法 |
| WO2020035009A1 (zh) * | 2018-08-15 | 2020-02-20 | 飞天诚信科技股份有限公司 | 认证系统及其工作方法 |
| CN111131148A (zh) * | 2019-11-11 | 2020-05-08 | 重庆邮电大学 | 一种面向智能电网的可保护隐私数据聚合方法及系统 |
| WO2020133655A1 (zh) * | 2018-12-26 | 2020-07-02 | 中国科学院沈阳自动化研究所 | 边缘计算场景下支持异构终端匿名接入的轻量级认证方法 |
| US20200280559A1 (en) * | 2017-09-27 | 2020-09-03 | Huawei Technologies Co., Ltd. | Security enhanced technique of authentication protocol based on trusted execution environment |
| CN111769937A (zh) * | 2020-06-24 | 2020-10-13 | 四川大学 | 面向智能电网高级测量体系的两方认证密钥协商协议 |
| CN113132097A (zh) * | 2021-03-07 | 2021-07-16 | 西安电子科技大学 | 适合物联网的轻量级无证书跨域认证方法、系统及应用 |
-
2021
- 2021-09-29 CN CN202111146955.4A patent/CN113872759B/zh active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009143713A1 (zh) * | 2008-05-28 | 2009-12-03 | 北京易恒信认证科技有限公司 | 双因子组合公钥生成和认证方法 |
| US20200280559A1 (en) * | 2017-09-27 | 2020-09-03 | Huawei Technologies Co., Ltd. | Security enhanced technique of authentication protocol based on trusted execution environment |
| WO2020035009A1 (zh) * | 2018-08-15 | 2020-02-20 | 飞天诚信科技股份有限公司 | 认证系统及其工作方法 |
| CN109167778A (zh) * | 2018-08-28 | 2019-01-08 | 南京邮电大学 | 物联网中终端设备无身份通用认证方法 |
| CN109474610A (zh) * | 2018-12-07 | 2019-03-15 | 西南石油大学 | 基于智能电网的匿名可认证的密钥交换方法 |
| WO2020133655A1 (zh) * | 2018-12-26 | 2020-07-02 | 中国科学院沈阳自动化研究所 | 边缘计算场景下支持异构终端匿名接入的轻量级认证方法 |
| CN111131148A (zh) * | 2019-11-11 | 2020-05-08 | 重庆邮电大学 | 一种面向智能电网的可保护隐私数据聚合方法及系统 |
| CN111769937A (zh) * | 2020-06-24 | 2020-10-13 | 四川大学 | 面向智能电网高级测量体系的两方认证密钥协商协议 |
| CN113132097A (zh) * | 2021-03-07 | 2021-07-16 | 西安电子科技大学 | 适合物联网的轻量级无证书跨域认证方法、系统及应用 |
Non-Patent Citations (2)
| Title |
|---|
| PROSANTA GOPE、等: "Lightweight and Privacy-Friendly Spatial Data Aggregation for Secure Power Supply and Demand Management in Smart Grids", 《IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY》, vol. 14, no. 6, XP011709018, DOI: 10.1109/TIFS.2018.2881730 * |
| 白浩浩;: "面向智能电网AMI的轻量级密钥协商方法", 广东通信技术, no. 02 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114915970A (zh) * | 2022-04-02 | 2022-08-16 | 北京航空航天大学 | 基于puf的轻量级智能表批量认证方法及网关 |
| CN114915970B (zh) * | 2022-04-02 | 2023-09-08 | 北京航空航天大学 | 基于puf的轻量级智能表批量认证方法及网关 |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113872759B (zh) | 2023-06-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Wazid et al. | AKM-IoV: Authenticated key management protocol in fog computing-based Internet of vehicles deployment | |
| Irshad et al. | A provably secure and efficient authenticated key agreement scheme for energy internet-based vehicle-to-grid technology framework | |
| Wazid et al. | Secure three-factor user authentication scheme for renewable-energy-based smart grid environment | |
| Garg et al. | An efficient blockchain-based hierarchical authentication mechanism for energy trading in V2G environment | |
| CN109474610B (zh) | 基于智能电网的匿名可认证的密钥交换方法 | |
| CN111147472B (zh) | 一种边缘计算场景下的智能电表轻量级认证方法及系统 | |
| CN101902476B (zh) | 移动p2p用户身份认证方法 | |
| CN111682938B (zh) | 面向中心化移动定位系统的三方可认证密钥协商方法 | |
| Zou et al. | Reportcoin: A novel blockchain-based incentive anonymous reporting system | |
| CN108270572B (zh) | 一种基于位置和口令的密钥交换协议 | |
| CN101977380A (zh) | 一种无线Mesh网络认证方法 | |
| Liang et al. | Physically secure and conditional-privacy authenticated key agreement for VANETs | |
| Gao et al. | An Improved Online/Offline Identity-Based Signature Scheme for WSNs. | |
| CN116388995A (zh) | 一种基于puf的轻量级智能电网认证方法 | |
| Ayub et al. | Secure consumer-centric demand response management in resilient smart grid as industry 5.0 application with blockchain-based authentication | |
| Teng et al. | A High-efficiency Discrete Logarithm-based Multi-proxy Blind Signature Scheme via Elliptic Curve and Bilinear Mapping. | |
| Ahmed et al. | Signcryption based authenticated and key exchange protocol for EI-based V2G environment | |
| Saxena et al. | Lightweight privacy-preserving authentication scheme for V2G networks in the smart grid | |
| Chaudhry et al. | Correctness of an authentication scheme for managing demand response in smart grid | |
| CN115473623A (zh) | 一种智能电网中多维用户数据安全聚合的方法 | |
| Itoo et al. | A robust ECC-based authentication framework for energy internet (EI)-based vehicle to grid communication system | |
| Parameswarath et al. | A privacy-preserving authenticated key exchange protocol for V2G communications using SSI | |
| CN113872759B (zh) | 一种智能电网的轻量级身份认证方法 | |
| Shamshad et al. | A provably secure and lightweight access control protocol for EI-based vehicle to grid environment | |
| Zhao et al. | An anonymous payment system to protect the privacy of electric vehicles |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |