CN115189895B - Identity authentication method and system suitable for wireless sensor network low-power consumption sensor - Google Patents
Identity authentication method and system suitable for wireless sensor network low-power consumption sensor Download PDFInfo
- Publication number
- CN115189895B CN115189895B CN202210978019.8A CN202210978019A CN115189895B CN 115189895 B CN115189895 B CN 115189895B CN 202210978019 A CN202210978019 A CN 202210978019A CN 115189895 B CN115189895 B CN 115189895B
- Authority
- CN
- China
- Prior art keywords
- sensor
- hardware fingerprint
- stimu
- pos
- puf hardware
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 39
- 238000013507 mapping Methods 0.000 claims abstract description 33
- 230000005284 excitation Effects 0.000 claims abstract description 31
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 30
- 238000000605 extraction Methods 0.000 claims abstract description 9
- 238000004891 communication Methods 0.000 claims description 4
- 238000004590 computer program Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 238000012986 modification Methods 0.000 description 6
- 230000004048 modification Effects 0.000 description 6
- 230000006870 function Effects 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 238000012545 processing Methods 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 4
- 238000004519 manufacturing process Methods 0.000 description 3
- 238000012544 monitoring process Methods 0.000 description 3
- 230000006978 adaptation Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000013478 data encryption standard Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
- H04L9/3278—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response using physically unclonable functions [PUF]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses an identity authentication method and system suitable for a wireless sensor network low-power consumption sensor, wherein the sensor calculates a region position Tpos according to region position coding data Pos, invokes a PUF hardware fingerprint extraction algorithm according to the region position Tpos and excitation data Stimu, and selects a field in a PUF hardware fingerprint corresponding to the region position Tpos as a PUF hardware fingerprint key K. And the sensor obtains APOS according to the PUF hardware fingerprint key K, the encryption area position coding data and the excitation data Pos Stimu, and sends the ID APOS to the sink node. And the sink node takes out a PUF hardware fingerprint selection field corresponding to the equipment number ID as a PUF hardware fingerprint key K ' according to the mapping table, and decrypts the APOS to obtain Pos ' || Stimu '. If the Pos '|| Stimu' and pos|| Stimu result is consistent, the sensor passes the authentication. The invention can prevent the illegal sensing equipment from continuously sending data, prevent the illegal sink node from accessing the network and prevent all the sensor data from being acquired at one time.
Description
Technical Field
The invention relates to an identity authentication method and system suitable for a wireless sensor network low-power consumption sensor, and belongs to the technical field of network security.
Background
Compared with the traditional network, the wireless sensor network (Wireless Sensor Networks, WSNs) has a unique organization structure and control mode. Due to the application environment characteristics, cost control and other reasons, the sensor nodes generally have strict limits on the weight and the volume, so that most sensor nodes in a network have very limited energy and resources, cannot perform complex calculation and are unrealistic to replace batteries.
Thus, each node has a limited sensing and communication radius. In order to obtain accurate information of the monitoring area, a large number of sensor nodes are often required to be deployed in the whole monitoring area. In addition, some nodes may be out of service for power consumption or failure reasons, and new sensor nodes may be added to the network according to traffic demand. And WSNs are mission-type networks that are data-centric, and users are not concerned about monitoring data collected by a particular sensor node, but only about the value of an observation index in the monitored area. Because WSNs can realize the digitization of physical environment, deployed sensor nodes can collect corresponding data by carrying different types of sensor modules to realize different functional requirements, and different application scenes have different safety requirements on the sensor nodes, and the corresponding sensor nodes are required to be deployed according to specific application scenes, so that the sensor nodes more efficiently meet the actual environment.
Most sensor nodes in the existing scene are deployed in an unattended environment, and real-time data collected by the nodes are often transmitted to a gateway node through a wireless channel. Due to the openness of the wireless channel, malicious users may very easily intercept, modify and even delete transmitted information on an unsafe common channel. Meanwhile, real-time data collected by the sensor nodes are very sensitive, and personal privacy of users and even national security are often related. Therefore, the authorized access of the nodes and the secure transmission of the collected data are always important subjects worthy of intensive research, and the security requirements and targets of three aspects of data confidentiality, integrity and validity need to be met.
Disclosure of Invention
The purpose is as follows: in order to overcome the defects in the prior art, the invention provides an identity authentication method and system suitable for a wireless sensor network low-power consumption sensor.
The technical scheme is as follows: in order to solve the technical problems, the invention adopts the following technical scheme:
In a first aspect, an identity authentication method applicable to a low-power sensor of a wireless sensor network is performed by the sensor, and includes:
Step 1.1: the sensor selects a field from the PUF hardware fingerprint, and sends the device number ID of the sensor and the corresponding field of the PUF hardware fingerprint to the sink node.
Step 1.2: the sensor receives the region position coding data Pos and the excitation data Stimu sent by the sink node, calculates the region position Tpos by adopting the mapping relation between the region position coding data Pos and the region position Tpos, calls a PUF hardware fingerprint extraction algorithm according to the region position Tpos and the excitation data Stimu, and selects a field in the PUF hardware fingerprint corresponding to the region position Tpos as a PUF hardware fingerprint key K. The mapping relation between the region position coding data Pos and the region position Tpos refers to the corresponding relation between the physical unit serial number corresponding to the field and the physical unit in the PUF hardware fingerprint; a field refers to an identifier corresponding to a physical unit in a PUF hardware fingerprint.
Step 1.3: the sensor calls a lightweight encryption algorithm, and according to a PUF hardware fingerprint key K, encryption area position coding data and excitation data Pos Stimu are obtained to obtain APOS, and the ID APOS is sent to the sink node. The i indicates a join operation.
Alternatively, the method further comprises: the PUF hardware fingerprint key K is used as a random key in communication.
Alternatively, the PUF hardware fingerprint is composed of 192 PUFs, which are stored in specific locations in the sensor FLASH area, and each sensor needs to store 216 bytes of PUF hardware fingerprint data.
As an alternative, 16 positions are randomly selected from the specific positions in the sensor FLASH area as PUF hardware fingerprint selection fields, which are 64 bits long.
Alternatively, the field length of the sensor device number ID is 32 bits.
In a second aspect, an identity authentication method applicable to a low-power consumption sensor of a wireless sensor network is executed by a sink node, and includes:
step 2.1: the sink node receives the device number ID of the sensor and the corresponding field of the PUF hardware fingerprint of the sensor, constructs a mapping table of the device number ID and the corresponding field of the PUF hardware fingerprint of the sensor, and stores the mapping table.
Step 2.2: the sink node transmits the area location encoding data Pos and the excitation data Stimu to the sensor.
Step 2.3: the sink node receives the ID I APOS sent by the sensor, takes out a PUF hardware fingerprint corresponding field corresponding to the equipment number ID as a PUF hardware fingerprint key K ' according to the mapping table, calls a lightweight decryption algorithm, and decrypts the APOS to obtain Pos ' I Stimu '.
Step 2.4: judging whether the Pos 'Stimu' and the Pos Stimu are consistent, and if so, passing the authentication by the sensor.
Alternatively, the method further comprises: if Pos 'Stimu' and Pos Stimu are not consistent, then a secondary authentication is performed without disconnection.
Alternatively, the PUF hardware fingerprint is composed of 192 PUFs, which are stored in specific locations in the sensor FLASH area, and each sensor needs to store 216 bytes of PUF hardware fingerprint data.
Alternatively, the field length of the sensor device number ID is 32 bits.
In a third aspect, an identity authentication system suitable for a low power consumption sensor of a wireless sensor network includes: sensor, sink node.
The sensor is used for sending the device number ID of the sensor and the corresponding field of the PUF hardware fingerprint. Receiving the region position coding data Pos and the excitation data Stimu, calculating the region position Tpos by adopting the mapping relation between the region position coding data Pos and the region position Tpos, calling a PUF hardware fingerprint extraction algorithm according to the region position Tpos and the excitation data Stimu, and selecting a field in the PUF hardware fingerprint corresponding to the region position Tpos as a PUF hardware fingerprint key K. And calling a lightweight encryption algorithm, obtaining APOS by encrypting the region position coding data and the excitation data Pos Stimu according to the PUF hardware fingerprint key K, and sending ID APOS. The i indicates a join operation.
The sink node is used for receiving the device number ID of the sensor and the corresponding field of the PUF hardware fingerprint, constructing a mapping table of the device number ID and the corresponding field of the PUF hardware fingerprint, and storing the mapping table. The region position encoded data Pos and excitation data Stimu are transmitted. And receiving the ID APOS, taking out a PUF hardware fingerprint selection field corresponding to the device number ID as a PUF hardware fingerprint key K ' according to the mapping table, calling a lightweight decryption algorithm, and decrypting the APOS to obtain Pos ' Stimu '. Judging whether the Pos 'Stimu' and the Pos Stimu are consistent, and if so, passing the authentication by the sensor.
Alternatively, the sink node further includes:
if Pos 'Stimu' and Pos Stimu are not consistent, then a secondary authentication is performed without disconnection.
The beneficial effects are that: according to the identity authentication method and the system suitable for the wireless sensor network low-power consumption sensor, provided by the invention, the random characteristics of the device chip in the production and manufacturing process are used as the PUF hardware fingerprint, so that the authentication requirement of the sink node in the wireless sensor network on the sensing device is met, the continuous data transmission of illegal sensing devices is blocked, the access of illegal sink nodes to the network is prevented, and the acquisition of all sensor data at one time is prevented.
Drawings
Fig. 1 is a flowchart of an identity authentication method according to a first embodiment of the present invention.
Fig. 2 is a flowchart of an identity authentication method according to a second embodiment of the present invention.
Fig. 3 is a flowchart of an authentication method according to a third embodiment of the present invention.
Detailed Description
The invention will be further described with reference to specific examples.
As shown in fig. 1, a first embodiment of an identity authentication method suitable for a low-power sensor of a wireless sensor network includes:
step 1: the sensor selects a field from the PUF hardware fingerprint, sends a device number ID and a field corresponding to the PUF hardware fingerprint to the sink node, and the sink node constructs a mapping table of the device number ID and the field corresponding to the PUF hardware fingerprint according to the device number ID and the field corresponding to the PUF hardware fingerprint, and stores the mapping table in the local of the sink node.
The field selection from the PUF hardware fingerprint refers to randomly selecting identifiers corresponding to a plurality of physical units from the physical units of the PUF hardware fingerprint as corresponding fields, wherein the identifiers correspond to the device number IDs of the sensors one by one, a mapping table of the device number IDs of the sensors and the corresponding fields of the PUF hardware fingerprint of the sensors is constructed, and the mapping table is stored in a sink node for use.
Step 2: the sink node transmits the area location encoded data Pos and excitation data Stimu to the sensor.
The area position-coded data Pos represents the sequence number of the physical unit to which the field corresponds. The serial number of the physical unit and the excitation data Stimu are sent to the sensor corresponding to the device number ID. Since the transmission content has no substantial content, there is no substantial effect after the attacker acquires the transmission content.
Step 3: the sensor calculates the region position Tpos according to the region position coding data Pos and by adopting the mapping relation between the region position coding data Pos and the region position Tpos, and invokes a PUF hardware fingerprint extraction algorithm according to the region position Tpos and the excitation data Stimu to select a field in the PUF hardware fingerprint corresponding to the region position Tpos as a PUF hardware fingerprint key K.
The region position Tpos refers to the physical element sequence number corresponding to the physical element in the PUF hardware fingerprint. The PUF hardware fingerprint extraction algorithm is activated by the sink node excitation data Stimu, and a field of a physical unit in the PUF hardware fingerprint corresponding to the physical unit serial number is used as a PUF hardware fingerprint key K.
Step 4: the sensor calls a lightweight encryption algorithm, and according to a PUF hardware fingerprint key K, encryption area position coding data and excitation data Pos Stimu are obtained to obtain APOS, and the ID APOS is sent to the sink node. The i indicates a join operation. The lightweight Encryption algorithm is an abbreviation of Encryption algorithm in the lightweight Encryption algorithm, common algorithms include AES (Advanced Encryption Standard), DESL (Data Encryption STANDARD LIGHTWEIGHT Extension) and TEA micro Encryption algorithm, and the Encryption algorithm with high multi-finger operation efficiency and low hardware cost.
Step 5: and the sink node takes out a PUF hardware fingerprint selection field corresponding to the equipment number ID as a PUF hardware fingerprint key K ' according to the mapping table, calls a lightweight decryption algorithm, and decrypts the APOS to obtain Pos ' || Stimu '.
Step 6: if the results of the Pos '|| Stimu' and the pos|| Stimu are consistent, the sensor passes the authentication; otherwise, the sensor is subjected to secondary authentication without disconnection.
Further, the method further comprises the following steps: the sensor uses the PUF hardware fingerprint key K as a random key in communication.
Further, the PUF hardware fingerprint is composed of 192 PUFs, and is stored in a specific location in the FLASH area of the sensor, and each sensor needs to store 216 bytes of PUF hardware fingerprint data. PUF means the inherent and unique identifier of the physical unit of the FLASH area, and PUF hardware fingerprint is a characteristic binary code consisting of 192 physical units inherent and unique identifiers.
The PUF hardware fingerprint is used as unique information of the sensor, so that different session keys for different sensors and sink nodes can be conveniently realized, and even if an attacker listens to the whole network, real data cannot be decrypted. Meanwhile, the illegal sink node can be prevented from accessing the network to obtain the real data of the sensor.
Further, 16 positions are randomly selected from specific positions in the sensor FLASH region to be used as PUF hardware fingerprint selection fields, and the PUF hardware fingerprint selection fields are 64 bits in length.
Further, a signal acquisition and processing program, a lightweight encryption algorithm, a sensor function code and a device number ID are also stored in the sensor FLASH area.
Further, the field length of the sensor device number ID is 32 bits.
Furthermore, the sensor adopts STM32 series chips, the processing capacity of the sensor is matched with the wireless sensor network structure, and the sensor has good software implementation characteristics by combining with PUF hardware fingerprints.
The sink node and the sensor adopt random PUF hardware fingerprint selection fields to ensure freshness and independence of exchanged messages. The sink node and the sensor have a synchronous detection mechanism, and even if an attacker replays a previous message, the message cannot pass authentication. Thus, the present invention is resistant to replay attacks.
The sensor only stores information such as equipment numbers, PUF hardware fingerprints and the like, does not store a shared secret key, and an attacker cannot obtain the data with read protection, so that messages cannot be forged and identity authentication of the sink node is passed. Therefore, the invention can resist node capture attacks.
The key information in the public channel is transmitted through encryption, and even if an attacker obtains the information in the key information, the attacker cannot forge the information and pass the identity authentication of the sink node. Therefore, the invention can resist node counterfeit attack.
As shown in fig. 2, a second embodiment of an identity authentication method applicable to a low-power sensor of a wireless sensor network, which is executed by the sensor, includes:
Step 1.1: the device number ID of the sensor and PUF hardware fingerprint selection field are sent.
Step 1.2: receiving the region position coding data Pos and the excitation data Stimu, calculating the region position Tpos by adopting the mapping relation between the region position coding data Pos and the region position Tpos, calling a PUF hardware fingerprint extraction algorithm according to the region position Tpos and the excitation data Stimu, and selecting a field in the PUF hardware fingerprint corresponding to the region position Tpos as a PUF hardware fingerprint key K.
Step 1.3: and calling a lightweight encryption algorithm, obtaining APOS by encrypting the region position coding data and the excitation data Pos Stimu according to the PUF hardware fingerprint key K, and sending ID APOS. The i indicates a join operation.
As shown in fig. 3, a third embodiment of an identity authentication method applicable to a low-power sensor of a wireless sensor network is performed by a sink node, and includes:
step 2.1: and receiving the device number ID and the PUF hardware fingerprint selection field of the sensor, constructing a mapping table of the device number ID and the PUF hardware fingerprint selection field, and storing the mapping table.
Step 2.2: the region position encoded data Pos and excitation data Stimu are transmitted.
Step 2.3: and receiving the ID APOS, taking out a PUF hardware fingerprint selection field corresponding to the device number ID as a PUF hardware fingerprint key K ' according to the mapping table, calling a lightweight decryption algorithm, and decrypting the APOS to obtain Pos ' Stimu '.
Step 2.4: judging whether the Pos 'Stimu' and the Pos Stimu are consistent, and if so, passing the authentication by the sensor.
Further, the method further comprises the following steps: if the two authentication processes are inconsistent, the two authentication processes are performed without disconnection.
A fourth embodiment is an identity authentication system applicable to a low-power sensor of a wireless sensor network, including: sensor, sink node.
The sensor is used for sending the device number ID of the sensor and the PUF hardware fingerprint selection field. Receiving the region position coding data Pos and the excitation data Stimu, calculating the region position Tpos by adopting the mapping relation between the region position coding data Pos and the region position Tpos, calling a PUF hardware fingerprint extraction algorithm according to the region position Tpos and the excitation data Stimu, and selecting a field in the PUF hardware fingerprint corresponding to the region position Tpos as a PUF hardware fingerprint key K. And calling a lightweight encryption algorithm, obtaining APOS by encrypting the region position coding data and the excitation data Pos Stimu according to the PUF hardware fingerprint key K, and sending ID APOS. The i indicates a join operation.
The sink node is used for receiving the device number ID of the sensor and the PUF hardware fingerprint selection field, constructing a mapping table of the device number ID and the PUF hardware fingerprint selection field and storing the mapping table. The region position encoded data Pos and excitation data Stimu are transmitted. And receiving the ID APOS, taking out a PUF hardware fingerprint selection field corresponding to the device number ID as a PUF hardware fingerprint key K ' according to the mapping table, calling a lightweight decryption algorithm, and decrypting the APOS to obtain Pos ' Stimu '. Judging whether the Pos 'Stimu' and the Pos Stimu are consistent, and if so, passing the authentication by the sensor.
Further, the sink node further includes:
If the two authentication processes are inconsistent, the two authentication processes are performed without disconnection.
The foregoing is only a preferred embodiment of the invention, it being noted that: it will be apparent to those skilled in the art that various modifications and adaptations can be made without departing from the principles of the present invention, and such modifications and adaptations are intended to be comprehended within the scope of the invention.
It will be appreciated by those skilled in the art that embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein. The scheme in the embodiment of the invention can be realized by adopting various computer languages, such as object-oriented programming language Java, an transliteration script language JavaScript and the like.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present invention without departing from the spirit or scope of the invention. Thus, it is intended that the present invention also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.
Claims (10)
1. An identity authentication method suitable for a wireless sensor network low-power consumption sensor is executed by the sensor and is characterized in that: comprising the following steps:
step 1.1: the sensor selects a field from the PUF hardware fingerprint, and sends the device number ID of the sensor and the corresponding field of the PUF hardware fingerprint to the sink node;
Step 1.2: the sensor receives the region position coding data Pos and the excitation data Stimu sent by the sink node, calculates the region position Tpos by adopting the mapping relation between the region position coding data Pos and the region position, calls a PUF hardware fingerprint extraction algorithm according to the region position Tpos and the excitation data Stimu, and selects a corresponding field in the PUF hardware fingerprint corresponding to the region position Tpos as a PUF hardware fingerprint key K; the mapping relation between the region position coding data Pos and the region position Tpos refers to the corresponding relation between the physical unit serial number corresponding to the field and the physical unit in the PUF hardware fingerprint; the field refers to an identifier corresponding to a physical unit in the PUF hardware fingerprint;
Step 1.3: the sensor calls a lightweight encryption algorithm, and according to a PUF hardware fingerprint key K, encryption area position coding data and excitation data Pos Stimu are obtained to obtain APOS, and the ID APOS is sent to the sink node; the i indicates a join operation.
2. The identity authentication method suitable for the wireless sensor network low-power consumption sensor according to claim 1, wherein the identity authentication method comprises the following steps: further comprises: the PUF hardware fingerprint key K is used as a random key in communication.
3. The identity authentication method suitable for the wireless sensor network low-power consumption sensor according to claim 1, wherein the identity authentication method comprises the following steps: PUF hardware fingerprints consist of 192 PUFs, which are stored in specific locations in the FLASH area of sensors, each sensor needs to store 216 bytes of PUF hardware fingerprint data.
4. The identity authentication method suitable for the wireless sensor network low-power consumption sensor according to claim 1, wherein the identity authentication method comprises the following steps: 16 positions are randomly selected from specific positions of a sensor FLASH area to be used as a PUF hardware fingerprint selection field, and the length of the PUF hardware fingerprint selection field is 64 bits.
5. The identity authentication method suitable for the wireless sensor network low-power consumption sensor according to claim 1, wherein the identity authentication method comprises the following steps: the field length of the sensor device number ID is 32 bits.
6. The identity authentication method suitable for the wireless sensor network low-power consumption sensor is executed by the sink node and is characterized in that: comprising the following steps:
Step 2.1: the sink node receives a device number ID and a PUF hardware fingerprint corresponding field of the sensor sent by the sensor, constructs a mapping table of the device number ID and the PUF hardware fingerprint corresponding field, and stores the mapping table;
Step 2.2: the sink node transmits the area location encoding data Pos and the excitation data Stimu to the sensor;
Step 2.3: the sink node receives the ID I APOS sent by the sensor, takes out a PUF hardware fingerprint corresponding field corresponding to the equipment number ID as a PUF hardware fingerprint key K ' according to the mapping table, calls a lightweight decryption algorithm, and decrypts the APOS to obtain Pos ' I Stimu ';
step 2.4: judging whether the Pos 'Stimu' and the Pos Stimu are consistent, and if so, passing the authentication by the sensor.
7. The identity authentication method applicable to the wireless sensor network low-power consumption sensor according to claim 6, wherein the identity authentication method is characterized in that: further comprises: if Pos 'Stimu' and Pos Stimu are not consistent, then a secondary authentication is performed without disconnection.
8. The identity authentication method applicable to the wireless sensor network low-power consumption sensor according to claim 6, wherein the identity authentication method is characterized in that: PUF hardware fingerprints consist of 192 PUFs, the field length of the sensor device number ID being 32 bits.
9. An identity authentication system suitable for a wireless sensor network low-power consumption sensor is characterized in that: comprising the following steps: a sensor, a sink node;
The sensor is used for sending a device number ID and a PUF hardware fingerprint corresponding field of the sensor; receiving region position coding data Pos and excitation data Stimu, calculating a region position Tpos by adopting a mapping relation between the region position coding data Pos and the region position Tpos, calling a PUF hardware fingerprint extraction algorithm according to the region position Tpos and the excitation data Stimu, and selecting a field in the PUF hardware fingerprint corresponding to the region position Tpos as a PUF hardware fingerprint key K; invoking a lightweight encryption algorithm, obtaining APOS according to the PUF hardware fingerprint key K, encrypting the region position coding data and the excitation data Pos Stimu, and sending ID APOS; the expression of the linkage operation;
The sink node is used for receiving the equipment number ID and the corresponding field of the PUF hardware fingerprint of the sensor, constructing a mapping table of the equipment number ID and the corresponding field of the PUF hardware fingerprint, and storing the mapping table; transmitting the region position-coding data Pos and excitation data Stimu; receiving an ID (APOS), taking out a PUF hardware fingerprint selection field corresponding to the device number ID as a PUF hardware fingerprint key K ' according to a mapping table, calling a lightweight decryption algorithm, and decrypting the APOS to obtain Pos ' | Stimu '; judging whether the Pos 'Stimu' and the Pos Stimu are consistent, and if so, passing the authentication by the sensor.
10. The identity authentication system applicable to the wireless sensor network low-power consumption sensor according to claim 9, wherein: the sink node further comprises:
if Pos 'Stimu' and Pos Stimu are not consistent, then a secondary authentication is performed without disconnection.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210978019.8A CN115189895B (en) | 2022-08-16 | 2022-08-16 | Identity authentication method and system suitable for wireless sensor network low-power consumption sensor |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210978019.8A CN115189895B (en) | 2022-08-16 | 2022-08-16 | Identity authentication method and system suitable for wireless sensor network low-power consumption sensor |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115189895A CN115189895A (en) | 2022-10-14 |
| CN115189895B true CN115189895B (en) | 2024-05-17 |
Family
ID=83523350
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210978019.8A Active CN115189895B (en) | 2022-08-16 | 2022-08-16 | Identity authentication method and system suitable for wireless sensor network low-power consumption sensor |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115189895B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8848905B1 (en) * | 2010-07-28 | 2014-09-30 | Sandia Corporation | Deterrence of device counterfeiting, cloning, and subversion by substitution using hardware fingerprinting |
| CN111950446A (en) * | 2020-08-11 | 2020-11-17 | 深圳市汇顶科技股份有限公司 | Fingerprint identification method and device and terminal equipment |
| CN112272094A (en) * | 2020-10-23 | 2021-01-26 | 国网江苏省电力有限公司信息通信分公司 | Internet of things equipment identity authentication method, system and storage medium based on PUF (physical unclonable function) and CPK (compact public key) algorithm |
| EP3780489A1 (en) * | 2019-08-16 | 2021-02-17 | PUFsecurity Corporation | Memory device providing data security |
| CN113055882A (en) * | 2021-03-15 | 2021-06-29 | 深圳市赛为智能股份有限公司 | Efficient authentication method and device for unmanned aerial vehicle network, computer equipment and storage medium |
| CN114422145A (en) * | 2022-01-21 | 2022-04-29 | 上海交通大学 | Internet of things end-to-end dynamic identity authentication method based on PUF and Hash |
| CN114567423A (en) * | 2022-01-17 | 2022-05-31 | 北京航空航天大学杭州创新研究院 | Authentication and key agreement method, sensor and convergence device |
-
2022
- 2022-08-16 CN CN202210978019.8A patent/CN115189895B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8848905B1 (en) * | 2010-07-28 | 2014-09-30 | Sandia Corporation | Deterrence of device counterfeiting, cloning, and subversion by substitution using hardware fingerprinting |
| EP3780489A1 (en) * | 2019-08-16 | 2021-02-17 | PUFsecurity Corporation | Memory device providing data security |
| CN111950446A (en) * | 2020-08-11 | 2020-11-17 | 深圳市汇顶科技股份有限公司 | Fingerprint identification method and device and terminal equipment |
| CN112272094A (en) * | 2020-10-23 | 2021-01-26 | 国网江苏省电力有限公司信息通信分公司 | Internet of things equipment identity authentication method, system and storage medium based on PUF (physical unclonable function) and CPK (compact public key) algorithm |
| CN113055882A (en) * | 2021-03-15 | 2021-06-29 | 深圳市赛为智能股份有限公司 | Efficient authentication method and device for unmanned aerial vehicle network, computer equipment and storage medium |
| CN114567423A (en) * | 2022-01-17 | 2022-05-31 | 北京航空航天大学杭州创新研究院 | Authentication and key agreement method, sensor and convergence device |
| CN114422145A (en) * | 2022-01-21 | 2022-04-29 | 上海交通大学 | Internet of things end-to-end dynamic identity authentication method based on PUF and Hash |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115189895A (en) | 2022-10-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Hou et al. | A survey on internet of things security from data perspectives | |
| Rana et al. | Lightweight cryptography in IoT networks: A survey | |
| Lei et al. | A lightweight authentication protocol for UAV networks based on security and computational resource optimization | |
| CN109903433B (en) | Access control system and access control method based on face recognition | |
| Vaidya et al. | Two‐factor mutual authentication with key agreement in wireless sensor networks | |
| CN102036231B (en) | Network architecture security system for Internet of Things and security method thereof | |
| CN103457722B (en) | Bidirectional identity authentication and data safety transmission providing body area network safety method based on Shamir threshold | |
| CN102882847A (en) | Secure digital (SD)-password-card-based Internet of things healthcare service system and secure communication method thereof | |
| Das et al. | UCFL: User categorization using fuzzy logic towards PUF based two-phase authentication of fog assisted IoT devices | |
| CN110677234B (en) | Privacy protection method and system based on homomorphic encryption blockchain | |
| CN106603561A (en) | Block level encryption method in cloud storage and multi-granularity deduplication method | |
| CN107172030B (en) | High-privacy and anti-tracing communication method | |
| Tanveer et al. | ARAP-SG: Anonymous and reliable authentication protocol for smart grids | |
| Butt et al. | Cogent and energy efficient authentication protocol for wsn in iot | |
| Sivasangari et al. | Security and privacy in wireless body sensor networks using lightweight cryptography scheme | |
| Mousavi et al. | Security of Internet of Things using RC4 and ECC algorithms (case study: smart irrigation systems) | |
| Chen et al. | Enhanced authentication protocol for the Internet of Things environment | |
| Peng et al. | Privacy protection based on key-changed mutual authentication protocol in internet of things | |
| Rana et al. | Current lightweight cryptography protocols in smart city IoT networks: a survey | |
| Asassfeh et al. | Anonymous authentication protocols for iot based-healthcare systems: a survey | |
| CN105162592B (en) | A kind of method and system of certification wearable device | |
| Hameed et al. | A zero watermarking scheme for data integrity in wireless sensor networks | |
| Li et al. | An improved two-factor user authentication protocol for wireless sensor networks using elliptic curve cryptography | |
| CN115189895B (en) | Identity authentication method and system suitable for wireless sensor network low-power consumption sensor | |
| CN103200563A (en) | Subliminal channel hiding communication method based on authentication code |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |